From 85941b5960a3a0936066bf98ced2d1ed684bdecd Mon Sep 17 00:00:00 2001
From: Erich Blume <blume.erich@gmail.com>
Date: Fri, 23 Jan 2026 18:42:24 -0800
Subject: [PATCH] Fix Dockerfile for Alpine, update deployment to use custom
 image

- Base image is Alpine Linux, not Debian - use apk instead of apt-get
- Switch to root for package install, then back to user 1000
- Add musl-dev for C compilation, docker-cli for container builds
- Update deployment to use registry.tail8d86e.ts.net/blumeops/forgejo-runner:latest

Image built and pushed to zot registry.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 argocd/manifests/forgejo-runner/Dockerfile      | 14 ++++++++++----
 argocd/manifests/forgejo-runner/deployment.yaml |  2 +-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/argocd/manifests/forgejo-runner/Dockerfile b/argocd/manifests/forgejo-runner/Dockerfile
index 28d545d..e511440 100644
--- a/argocd/manifests/forgejo-runner/Dockerfile
+++ b/argocd/manifests/forgejo-runner/Dockerfile
@@ -1,8 +1,11 @@
 FROM code.forgejo.org/forgejo/runner:3.5.1
 
-# The base image is Debian-based
+# Switch to root to install packages
+USER root
+
+# The base image is Alpine Linux
 # Install tools needed for GitHub Actions and builds
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN apk add --no-cache \
     # Required for actions/checkout and other Node-based actions
     nodejs \
     npm \
@@ -14,10 +17,13 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     make \
     gcc \
     g++ \
+    musl-dev \
     # For container builds
     ca-certificates \
-    docker.io \
-    && rm -rf /var/lib/apt/lists/*
+    docker-cli
 
 # Verify tools are available
 RUN node --version && npm --version && docker --version
+
+# Switch back to non-root user
+USER 1000
diff --git a/argocd/manifests/forgejo-runner/deployment.yaml b/argocd/manifests/forgejo-runner/deployment.yaml
index d0939de..0848e4a 100644
--- a/argocd/manifests/forgejo-runner/deployment.yaml
+++ b/argocd/manifests/forgejo-runner/deployment.yaml
@@ -16,7 +16,7 @@ spec:
       serviceAccountName: forgejo-runner
       containers:
         - name: runner
-          image: code.forgejo.org/forgejo/runner:3.5.1
+          image: registry.tail8d86e.ts.net/blumeops/forgejo-runner:latest
           env:
             # Use internal k8s service via Tailscale operator egress
             - name: FORGEJO_INSTANCE_URL