Activated DinD in forgejo-runner

template/stacks/core/forgejo-runner.yaml

@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: forgejo-runner
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+  destination:
+    server: "https://kubernetes.default.svc"
+  source:
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
+    targetRevision: HEAD
+    path: "stacks/core/forgejo-runner"

template/stacks/core/forgejo-runner/dind-docker.yaml

@@ -0,0 +1,94 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: forgejo-runner
+  name: forgejo-runner
+  namespace: gitea
+spec:
+  # Two replicas means that if one is busy, the other can pick up jobs.
+  replicas: 1
+  selector:
+    matchLabels:
+      app: forgejo-runner
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: forgejo-runner
+    spec:
+      restartPolicy: Always
+      volumes:
+      - name: docker-certs
+        emptyDir: {}
+      - name: runner-data
+        emptyDir: {}
+      # Initialise our configuration file using offline registration
+      # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
+      initContainers:
+        - name: runner-register
+          image: code.forgejo.org/forgejo/runner:6.0.1
+          command: ["forgejo-runner", "register", "--no-interactive", "--token", $(RUNNER_SECRET), "--name", $(RUNNER_NAME), "--instance", $(FORGEJO_INSTANCE_URL), "--labels", "docker:docker://node:20-bookworm,ubuntu-22.04:docker://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/catthehackerubuntu:act-22.04"]
+          env:
+            - name: RUNNER_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: RUNNER_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: forgejo-runner-token
+                  key: token
+            - name: FORGEJO_INSTANCE_URL
+              value: http://forgejo-http.gitea.svc.cluster.local:3000
+          volumeMounts:
+            - name: runner-data
+              mountPath: /data
+      containers:
+      - name: runner
+        image: code.forgejo.org/forgejo/runner:6.0.1
+        command: 
+          - "sh"
+          - "-c"
+          - |
+            while ! nc -z 127.0.0.1 2376 </dev/null; do
+              echo 'waiting for docker daemon...';
+              sleep 5;
+            done
+            forgejo-runner generate-config > config.yml ;
+            sed -i -e "s|privileged: .*|privileged: true|" config.yml
+            sed -i -e "s|network: .*|network: host|" config.yml ;
+            sed -i -e "s|^  envs:$$|  envs:\n    DOCKER_HOST: tcp://127.0.0.1:2376\n    DOCKER_TLS_VERIFY: 1\n    DOCKER_CERT_PATH: /certs/client|" config.yml ;
+            sed -i -e "s|^  options:|  options: -v /certs/client:/certs/client|" config.yml ;
+            sed -i -e "s|  valid_volumes: \[\]$$|  valid_volumes:\n    - /certs/client|" config.yml ;
+            /bin/forgejo-runner --config config.yml daemon
+        securityContext:
+          allowPrivilegeEscalation: true
+          privileged: true
+          readOnlyRootFilesystem: false
+          runAsGroup: 0
+          runAsNonRoot: false
+          runAsUser: 0
+        env:
+        - name: DOCKER_HOST
+          value: tcp://localhost:2376
+        - name: DOCKER_CERT_PATH
+          value: /certs/client
+        - name: DOCKER_TLS_VERIFY
+          value: "1"
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs
+        - name: runner-data
+          mountPath: /data
+      - name: daemon
+        image: docker:27.4.1-dind
+        env:
+        - name: DOCKER_TLS_CERTDIR
+          value: /certs
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: docker-certs
+          mountPath: /certs

template/stacks/ref-implementation/forgejo-runner.yaml

@@ -1,29 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: forgejo-runner
-  namespace: argocd
-  labels:
-    env: dev
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: default
-  syncPolicy:
-    automated:
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-  destination:
-    name: in-cluster
-    namespace: gitea
-  sources:
-    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-runner.git
-      path: forgejo-runner
-      targetRevision: HEAD
-      helm:
-        valueFiles:
-          - $values/stacks/ref-implementation/forgejo-runner/values.yaml
-    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
-      targetRevision: HEAD
-      ref: values

template/stacks/ref-implementation/forgejo-runner/values.yaml

@@ -1,8 +0,0 @@
-replicaCount: 1
-
-image:
-  repository: code.forgejo.org/forgejo/runner
-  pullPolicy: IfNotPresent
-  tag: "6.0.1"
-
-forgejoUrl: http://forgejo-http.gitea.svc.cluster.local:3000