From 5ac8a712bab659e23511ee2788b9b907b3e785ed Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Thu, 5 Sep 2024 05:43:09 -0500
Subject: [PATCH] add forgejo ci-runners

---
 .../forgejo/app/externalsecret.yaml           |  22 ++++
 .../ci-runners/forgejo/app/helmrelease.yaml   | 103 ++++++++++++++++++
 .../ci-runners/forgejo/app/kustomization.yaml |   8 ++
 kubernetes/apps/ci-runners/forgejo/ks.yaml    |  19 ++++
 kubernetes/apps/ci-runners/kustomization.yaml |   9 ++
 kubernetes/apps/ci-runners/namespace.yaml     |   5 +
 6 files changed, 166 insertions(+)
 create mode 100644 kubernetes/apps/ci-runners/forgejo/app/externalsecret.yaml
 create mode 100644 kubernetes/apps/ci-runners/forgejo/app/helmrelease.yaml
 create mode 100644 kubernetes/apps/ci-runners/forgejo/app/kustomization.yaml
 create mode 100644 kubernetes/apps/ci-runners/forgejo/ks.yaml
 create mode 100644 kubernetes/apps/ci-runners/kustomization.yaml
 create mode 100644 kubernetes/apps/ci-runners/namespace.yaml

diff --git a/kubernetes/apps/ci-runners/forgejo/app/externalsecret.yaml b/kubernetes/apps/ci-runners/forgejo/app/externalsecret.yaml
new file mode 100644
index 0000000..dec40ab
--- /dev/null
+++ b/kubernetes/apps/ci-runners/forgejo/app/externalsecret.yaml
@@ -0,0 +1,22 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: forgejo-runner-secret
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: forgejo-runner-secret
+    template:
+      engineVersion: v2
+      data:
+        FORGEJO_INSTANCE_URL: "{{ .forgejo_instance_url }}"
+        RUNNER_NAME: "{{ .runner_name }}"
+        RUNNER_TOKEN: "{{ .runner_token }}"
+
+  dataFrom:
+    - extract:
+        key: forgejo-runner
diff --git a/kubernetes/apps/ci-runners/forgejo/app/helmrelease.yaml b/kubernetes/apps/ci-runners/forgejo/app/helmrelease.yaml
new file mode 100644
index 0000000..dabd835
--- /dev/null
+++ b/kubernetes/apps/ci-runners/forgejo/app/helmrelease.yaml
@@ -0,0 +1,103 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app forgejo-runner
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.4.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    controllers:
+      forgejo-runner:
+        replicas: 2
+        initContainers:
+          runner-register:
+            image:
+              repository: code.forgejo.org/forgejo/runner
+              tag: 3.5.1
+            command:
+              - "forgejo-runner"
+              - "register"
+              - "--no-interactive"
+              - "--token"
+              - $(RUNNER_TOKEN)
+              - "--name"
+              - $(RUNNER_NAME)
+              - "--instance"
+              - $(FORGEJO_INSTANCE_URL)
+              - "--labels"
+              - "docker:docker://node:20-bullseye,x86_64:docker://node:20-bullseye,linux:docker://node:20-bullseye,pc:docker://node:20-bullseye,ubuntu-x86_64:docker://node:20-bullseye"
+            env:
+              - name: RUNNER_NAME
+                valueFrom:
+                  secretKeyRef:
+                    name: forgejo-runner-secret
+                    key: RUNNER_NAME
+              - name: RUNNER_TOKEN
+                valueFrom:
+                  secretKeyRef:
+                    name: forgejo-runner-secret
+                    key: RUNNER_TOKEN
+              - name: FORGEJO_INSTANCE_URL
+                valueFrom:
+                  secretKeyRef:
+                    name: forgejo-runner-secret
+                    key: FORGEJO_INSTANCE_URL
+        containers:
+          daemon:
+            image:
+              repository: docker
+              tag: 27.2.0-dind
+            securityContext:
+              privileged: true
+            env:
+              - name: DOCKER_TLS_CERTDIR
+                value: /certs
+          app:
+            image:
+              repository: code.forgejo.org/forgejo/runner
+              tag: 3.5.1
+            command:
+              - "sh"
+              - "-c"
+              - "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon"
+            env:
+              - name: DOCKER_HOST
+                value: tcp://localhost:2376
+              - name: DOCKER_CERT_PATH
+                value: /certs/client
+              - name: DOCKER_TLS_VERIFY
+                value: "1"
+        annotations:
+          reloader.stakater.com/auto: "true"
+    service:
+      app:
+        controller: forgejo-runner
+        ports:
+          http:
+            port: 45315
+    persistence:
+      docker-certs:
+        type: emptyDir
+        globalMounts:
+          - path: /certs
+      runner-data:
+        type: emptyDir
+        globalMounts:
+          - path: /data
diff --git a/kubernetes/apps/ci-runners/forgejo/app/kustomization.yaml b/kubernetes/apps/ci-runners/forgejo/app/kustomization.yaml
new file mode 100644
index 0000000..57ae734
--- /dev/null
+++ b/kubernetes/apps/ci-runners/forgejo/app/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: ci-runners
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
diff --git a/kubernetes/apps/ci-runners/forgejo/ks.yaml b/kubernetes/apps/ci-runners/forgejo/ks.yaml
new file mode 100644
index 0000000..aaa4955
--- /dev/null
+++ b/kubernetes/apps/ci-runners/forgejo/ks.yaml
@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app forgejo
+  namespace: flux-system
+spec:
+  targetNamespace: ci-runners
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  interval: 10m
+  path: "./kubernetes/apps/ci-runners/forgejo/app"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: true
diff --git a/kubernetes/apps/ci-runners/kustomization.yaml b/kubernetes/apps/ci-runners/kustomization.yaml
new file mode 100644
index 0000000..b5bb564
--- /dev/null
+++ b/kubernetes/apps/ci-runners/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  # Pre Flux-Kustomizations
+  - ./namespace.yaml
+  # Flux-Kustomizations
+  - ./forgejo/ks.yaml
diff --git a/kubernetes/apps/ci-runners/namespace.yaml b/kubernetes/apps/ci-runners/namespace.yaml
new file mode 100644
index 0000000..848b12a
--- /dev/null
+++ b/kubernetes/apps/ci-runners/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ci-runners