apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: gitea-runner
spec:
  serviceName: "gitea-runner-service"
  selector:
    matchLabels:
      app: gitea-runner
  replicas: 1
  template:
    metadata:
      labels:
        app: gitea-runner
    spec:
      containers:
        - name: gitea-runner-dind
          securityContext:
            privileged: true
          image: docker:dind
          env:
            - name: DOCKER_DRIVER
              value: "overlay2"
            - name: DOCKER_TLS_CERTDIR
              value: ""
          volumeMounts:
          - name: docker-socket
            mountPath: "/var/run"
        - name: gitea-runner
          image: gitea/act_runner:nightly
          env:
            # FIXME: use secret
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              value: "MPAEFqYGNTXhkmgJFMyakT58epIpQMfxQ6d20yyb"
            - name: GITEA_INSTANCE_URL
              value: "http://gitea.k8s.example.com:30429/"
            - name: CONFIG_FILE
              value: "/config/config.yaml"
          volumeMounts:
          - name: config
            mountPath: "/config"
            readOnly: true
          - name: runner-data
            mountPath: "/data"
          - name: docker-socket
            mountPath: "/var/run"
          # FIXME: use socat
          startupProbe:
            exec:
              command: ["/bin/sh", "-c", "sleep 10"]
            timeoutSeconds: 12
      volumes:
        - name: config
          configMap:
            name: gitea-runner
            items:
            - key: "config"
              path: "config.yaml"
  volumeClaimTemplates:
  - metadata:
      name: runner-data
    spec:
      accessModes: 
        - "ReadWriteOncePod"
      resources:
        requests:
          storage: 256Mi
  - metadata:
      name: docker-socket
    spec:
      accessModes: 
        - "ReadWriteOncePod"
      resources:
        requests:
          storage: 256Mi