eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Enable Forgejo Actions (Phase 1) #48

Merged
eblume merged 8 commits from feature/forgejo-actions-p1 into main 2026-01-23 17:00:13 -08:00
Conversation 0 Commits 8 Files changed 15 +112
6 changed files with 112 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit feff296979 - Show all commits

Add Forgejo Actions runner k8s deployment

Prev Next 
- ArgoCD Application for forgejo-runner
- Deployment with Docker socket access for running workflow containers
- Secret template for runner registration token (via op inject)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Erich Blume 2026-01-23 16:09:27 -08:00
commit feff296979

23
argocd/apps/forgejo-runner.yaml Normal file
View file

@ -0,0 +1,23 @@
# Forgejo Actions Runner
# Runs in k8s, polls Forgejo for workflow jobs
#
# Before syncing, create the runner token secret:
# kubectl create namespace forgejo-runner
# op inject -i argocd/manifests/forgejo-runner/secret-token.yaml.tpl | kubectl apply -f -
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: forgejo-runner
namespace: argocd
spec:
project: default
source:
repoURL: ssh://forgejo@indri.tail8d86e.ts.net:2200/eblume/blumeops.git
targetRevision: main
path: argocd/manifests/forgejo-runner
destination:
server: https://kubernetes.default.svc
namespace: forgejo-runner
syncPolicy:
syncOptions:
- CreateNamespace=true

63
argocd/manifests/forgejo-runner/deployment.yaml Normal file
View file

@ -0,0 +1,63 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: forgejo-runner
namespace: forgejo-runner
spec:
replicas: 1
selector:
matchLabels:
app: forgejo-runner
template:
metadata:
labels:
app: forgejo-runner
spec:
serviceAccountName: forgejo-runner
containers:
- name: runner
image: code.forgejo.org/forgejo/runner:3.5.1
env:
- name: FORGEJO_INSTANCE_URL
value: "https://forge.tail8d86e.ts.net"
- name: RUNNER_NAME
value: "k8s-runner-1"
- name: RUNNER_TOKEN
valueFrom:
secretKeyRef:
name: forgejo-runner-token
key: token
command:
- /bin/sh
- -c
- |
# Register runner if not already registered
if [ ! -f /data/.runner ]; then
forgejo-runner register \
--instance "$FORGEJO_INSTANCE_URL" \
--token "$RUNNER_TOKEN" \
--name "$RUNNER_NAME" \
--labels "ubuntu-latest:docker://node:20-bookworm,ubuntu-22.04:docker://ubuntu:22.04" \
--no-interactive
fi
# Start the runner daemon
forgejo-runner daemon
volumeMounts:
- name: runner-data
mountPath: /data
- name: docker-sock
mountPath: /var/run/docker.sock
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "1Gi"
cpu: "1000m"
volumes:
- name: runner-data
emptyDir: {}
- name: docker-sock
hostPath:
path: /var/run/docker.sock
type: Socket

7
argocd/manifests/forgejo-runner/kustomization.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: forgejo-runner
resources:
- namespace.yaml
- serviceaccount.yaml
- deployment.yaml

4
argocd/manifests/forgejo-runner/namespace.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: forgejo-runner

10
argocd/manifests/forgejo-runner/secret-token.yaml.tpl Normal file
View file

@ -0,0 +1,10 @@
# Template for op inject
# Usage: op inject -i secret-token.yaml.tpl | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: forgejo-runner-token
namespace: forgejo-runner
type: Opaque
stringData:
token: "op://blumeops/w3663ffnvkewbftncqxtcpeavy/runner_reg"

5
argocd/manifests/forgejo-runner/serviceaccount.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: forgejo-runner
namespace: forgejo-runner