yesod-mirror/k8s/configs/templates/dev/ops/forgejo-runner.libsonnet

local kube = import 'k8s/configs/base.libsonnet';
local linuxserver = import 'k8s/configs/templates/core/linuxserver.libsonnet';

local ConfigMapParams = kube.simpleFieldStruct([
  'namespace',
  'name',
]);

local ConfigMap(params) = kube.ConfigMap(params.namespace, params.name) {
  data: {
    'config.yml': |||
      container:
        docker_host: tcp://localhost:2375
        privileged: true
    |||,
  },
};

local Params = kube.simpleFieldStruct([
  'namespace',
  'name',
  'token',
  'dataClaimName',
  'configClaimName',
  'tokenSecretName',
  'tokenSecretKey',
]) {
  labels: {},
  runnerLabels: [],
  lsParams: linuxserver.AppParams {
    name: $.name,
    namespace: $.namespace,
    filePath: std.thisFile,
    templatePath: std.thisFile,
    baseAppName: 'forgejo-runner',
    imageName: 'code.forgejo.org/forgejo/runner:9',
    command: ['/bin/sh', '-c'],
    args: ['sleep 10 && /bin/forgejo-runner register --no-interactive --config /etc/forgejo-runner/config.yml --instance https://forgejo.csbx.dev/ --token $FORGEJO_RUNNER_REGISTRATION_TOKEN; /bin/forgejo-runner daemon --config /etc/forgejo-runner/config.yml'],
    labels+: $.labels,
    isPrivileged: false,
    configMaps: [
      linuxserver.ConfigMap {
        name: 'forgejo-runner-config',
        bindName: $.configClaimName,
        mountPath: '/etc/forgejo-runner',
      },
    ],
    pvcs: [
      linuxserver.Pvc {
        name: 'data',
        mountPath: '/data/runner',
        bindName: $.dataClaimName,
      },
    ],
    env: linuxserver.Env {
      others: [
        {
          name: "FORGEJO_RUNNER_REGISTRATION_TOKEN",
          valueFrom: {
            secretKeyRef: {
              name: $.tokenSecretName,
              key: $.tokenSecretKey,
            }
          }
        },
        kube.NameVal('FORGEJO_INSTANCE_URL', 'https://forgejo.csbx.dev/'),
        kube.NameVal('FORGEJO_RUNNER_NAME', $.name),
        kube.NameVal('FORGEJO_RUNNER_LABELS', std.join(',', $.runnerLabels)),
      ],
    },
    resources: {
      requests: {
        cpu: '100m',
        memory: '256Mi',
      },
      limits: {
        cpu: '1000m',
        memory: '2Gi',
      },
    },
  },
};

local App(params) =
  local baseApp = linuxserver.App(params.lsParams);
  baseApp {
    deployment+: {
      spec+: {
        template+: {
          spec+: {
            containers: [
              c { image: params.lsParams.imageName }
              for c in super.containers
            ] + [
              {
                name: 'dind-sidecar',
                image: 'docker:24.0-dind',
                securityContext: {
                  privileged: true,
                },
                env: [
                  kube.NameVal('DOCKER_TLS_CERTDIR', ''),
                ],
                resources: {
                  requests: {
                    cpu: '250m',
                    memory: '512Mi',
                  },
                  limits: {
                    cpu: '1',
                    memory: '2Gi',
                  },
                },
              },
            ],
          },
        },
      },
    },
  };

{
  Params: Params,
  App(params): App(params),
  ConfigMapParams: ConfigMapParams,
  ConfigMap: ConfigMap,
}