Migrate Forgejo runner to Kubernetes with DinD (#60)

## Summary - Deploy Forgejo runner to k8s with Docker-in-Docker sidecar - Add job execution image with Node.js and Docker CLI - Retire host-mode runner on indri - All CI jobs now run containerized in k8s ## Components Added - `containers/forgejo-runner/Dockerfile` - Job execution image - `argocd/apps/forgejo-runner.yaml` - ArgoCD Application - `argocd/manifests/forgejo-runner/` - Kubernetes manifests ## Components Removed - `ansible/roles/forgejo_runner/` - No longer needed ## Changes to Existing Files - `.forgejo/workflows/build-container.yaml` - Use `k8s` runner with `DOCKER_HOST` env - `.github/actionlint.yaml` - Only `k8s` label now valid ## Deployment 1. Apply secret: `op inject -i argocd/manifests/forgejo-runner/secret.yaml.tpl | kubectl --context=minikube-indri apply -f -` 2. Sync ArgoCD: `argocd app sync forgejo-runner` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/60
2026-01-25 19:56:17 -08:00 · 2026-01-25 19:56:17 -08:00 · ea42362b6f
commit ea42362b6f
parent 66badfafd1
14 changed files with 181 additions and 156 deletions
--- a/containers/forgejo-runner/Dockerfile
+++ b/containers/forgejo-runner/Dockerfile
@ -0,0 +1,41 @@
+# Forgejo Actions Job Execution Image
+#
+# This image is used as the job execution environment for Forgejo Actions.
+# The host runner daemon creates containers from this image to run workflow steps.
+#
+# Includes: Node.js (for GitHub Actions), Docker CLI, git, and common CI tools.
+#
+# Usage: Configure runner with label like:
+#   docker:docker://registry.ops.eblu.me/blumeops/forgejo-runner:latest
+
+FROM debian:bookworm-slim
+
+ARG TARGETARCH
+
+# Install base dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    curl \
+    git \
+    jq \
+    gnupg \
+    lsb-release \
+    xz-utils \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Node.js 20.x (required for actions/checkout@v4 and other GitHub Actions)
+RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+    && apt-get install -y --no-install-recommends nodejs \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Docker CLI (for container builds - daemon accessed via socket mount)
+RUN install -m 0755 -d /etc/apt/keyrings \
+    && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \
+    && chmod a+r /etc/apt/keyrings/docker.asc \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends docker-ce-cli \
+    && rm -rf /var/lib/apt/lists/*
+
+# Default to bash
+CMD ["/bin/bash"]