kind: PersistentVolumeClaim apiVersion: v1 metadata: name: act-runner-vol spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: standard --- apiVersion: v1 data: token: << runner registration token goes here >> kind: Secret metadata: name: runner-secret type: Opaque --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: act-runner name: act-runner spec: replicas: 1 selector: matchLabels: app: act-runner strategy: {} template: metadata: creationTimestamp: null labels: app: act-runner spec: restartPolicy: Always volumes: - name: runner-data persistentVolumeClaim: claimName: act-runner-vol containers: - name: runner image: gitea/act_runner:nightly-dind-rootless imagePullPolicy: Always # command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; /sbin/tini -- /opt/act/run.sh"] env: - name: DOCKER_HOST value: tcp://localhost:2376 - name: DOCKER_CERT_PATH value: /certs/client - name: DOCKER_TLS_VERIFY value: "1" - name: GITEA_INSTANCE_URL value: http://gitea-http.gitea.svc.cluster.local:3000 - name: GITEA_RUNNER_REGISTRATION_TOKEN valueFrom: secretKeyRef: name: runner-secret key: token securityContext: privileged: true volumeMounts: - name: runner-data mountPath: /data