theshire/kubernetes/apps/ci-runners/forgejo/app/externalsecret.yaml

---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: forgejo-runner-secret
spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: forgejo-runner-secret
    template:
      engineVersion: v2
      data:
        FORGEJO_INSTANCE_URL: "{{ .forgejo_instance_url }}"
        RUNNER_NAME: "{{ .runner_name }}"
        RUNNER_TOKEN: "{{ .runner_token }}"

  dataFrom:
    - extract:
        key: forgejo-runner