{{- if .Values.enabled }} {{- $secretName := include "gitea.workername" (dict "global" . "worker" "actions-token") }} --- apiVersion: apps/v1 kind: StatefulSet metadata: labels: {{- include "gitea.labels.actRunner" . | nindent 4 }} {{- with .Values.statefulset.labels }} {{- toYaml . | nindent 4 }} {{- end }} annotations: {{- with .Values.statefulset.annotations }} {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "gitea.fullname" . }}-act-runner namespace: {{ .Values.namespace | default .Release.Namespace }} spec: selector: matchLabels: {{- include "gitea.selectorLabels.actRunner" . | nindent 6 }} template: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/config-act-runner.yaml") . | sha256sum }} labels: {{- include "gitea.labels.actRunner" . | nindent 8 }} {{- with .Values.statefulset.labels }} {{- toYaml . | nindent 8 }} {{- end }} spec: initContainers: - name: init-gitea image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}" command: - sh - -c - | while ! nc -z {{ include "gitea.act_runner.nc" . }}; do sleep 5 done containers: - name: act-runner image: "{{ .Values.statefulset.actRunner.repository }}:{{ .Values.statefulset.actRunner.tag }}" imagePullPolicy: {{ .Values.statefulset.actRunner.pullPolicy }} workingDir: /data env: - name: DOCKER_HOST value: tcp://127.0.0.1:2376 - name: DOCKER_TLS_VERIFY value: "1" - name: DOCKER_CERT_PATH value: /certs/server - name: GITEA_RUNNER_REGISTRATION_TOKEN valueFrom: secretKeyRef: name: "{{ .Values.existingSecret | default $secretName }}" key: "{{ .Values.existingSecretKey | default "token" }}" - name: GITEA_INSTANCE_URL value: {{ include "gitea.act_runner.local_root_url" . }} - name: CONFIG_FILE value: /actrunner/config.yaml resources: {{- toYaml .Values.statefulset.resources | nindent 12 }} volumeMounts: - mountPath: /actrunner/config.yaml name: act-runner-config subPath: config.yaml - mountPath: /certs/server name: docker-certs - mountPath: /data name: data-act-runner {{- with .Values.statefulset.actRunner.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} - name: dind image: "{{ .Values.statefulset.dind.repository }}:{{ .Values.statefulset.dind.tag }}" imagePullPolicy: {{ .Values.statefulset.dind.pullPolicy }} env: - name: DOCKER_HOST value: tcp://127.0.0.1:2376 - name: DOCKER_TLS_VERIFY value: "1" - name: DOCKER_CERT_PATH value: /certs/server {{- if .Values.statefulset.dind.extraEnvs }} {{- toYaml .Values.statefulset.dind.extraEnvs | nindent 12 }} {{- end }} securityContext: privileged: true resources: {{- toYaml .Values.statefulset.resources | nindent 12 }} volumeMounts: - mountPath: /certs/server name: docker-certs {{- with .Values.statefulset.dind.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} {{- range $key, $value := .Values.statefulset.nodeSelector }} nodeSelector: {{ $key }}: {{ $value | quote }} {{- end }} {{- with .Values.statefulset.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.statefulset.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: act-runner-config configMap: name: {{ include "gitea.fullname" . }}-act-runner-config - name: docker-certs emptyDir: {} {{- with .Values.statefulset.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} volumeClaimTemplates: - metadata: name: data-act-runner spec: accessModes: [ "ReadWriteOnce" ] {{- include "gitea.persistence.storageClass" . | nindent 8 }} resources: requests: storage: 1Mi {{- end }}