act_runner/k3s-canton.yaml

---
kind: StatefulSet
apiVersion: apps/v1
metadata:
  name: k3s-canton-act-runner
  namespace: gitea
  labels:
    app: act-runner
    k8s.kuboard.cn/name: act-runner
spec:
  replicas: 2
  selector:
    matchLabels:
      app: act-runner
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: act-runner
    spec:
      volumes:
        - name: docker-certs
          emptyDir: {}
        - name: config
          configMap:
            name: action
            items:
              - key: config
                path: config.yaml
            defaultMode: 420
      containers:
        - name: runner
          image: 'docker.martin98.com/library/gitea/act_runner:nightly'
          command:
            - sh
            - '-c'
            - >
              while ! nc -z localhost 2376 </dev/null; do echo 'waiting for
              docker daemon...'; sleep 5; done; /sbin/tini -- run.sh
          env:
            - name: DOCKER_HOST
              value: 'tcp://localhost:2376'
            - name: DOCKER_CERT_PATH
              value: /certs/client
            - name: DOCKER_TLS_VERIFY
              value: '1'
            - name: GITEA_INSTANCE_URL
              value: 'https://git.martin98.com'
            - name: GITEA_RUNNER_REGISTRATION_TOKEN
              valueFrom:
                secretKeyRef:
                  name: runner-secret
                  key: token
            - name: CONFIG_FILE
              value: /config.yaml
            - name: GITEA_RUNNER_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: metadata.name
          resources: {}
          volumeMounts:
            - name: docker-certs
              mountPath: /certs
            - name: runner-data
              mountPath: /data
            - name: config
              readOnly: true
              mountPath: /config.yaml
              subPath: config.yaml
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: IfNotPresent
        - name: daemon
          image: 'docker.martin98.com/library/docker:23.0.6-dind'
          env:
            - name: DOCKER_TLS_CERTDIR
              value: /certs
          resources: {}
          volumeMounts:
            - name: docker-certs
              mountPath: /certs
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: IfNotPresent
          securityContext:
            privileged: true
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      dnsPolicy: ClusterFirst
      securityContext: {}
      schedulerName: default-scheduler
  volumeClaimTemplates:
    - kind: PersistentVolumeClaim
      apiVersion: v1
      metadata:
        name: runner-data
        creationTimestamp: null
      spec:
        accessModes:
          - ReadWriteOnce
        resources:
          requests:
            storage: 50Gi
        volumeMode: Filesystem
      status:
        phase: Pending
  serviceName: act-runner
  podManagementPolicy: OrderedReady
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      partition: 0
  revisionHistoryLimit: 10
  persistentVolumeClaimRetentionPolicy:
    whenDeleted: Retain
    whenScaled: Retain

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: action
  namespace: gitea
data:
  config: |-
    runner:
      # 注册结果的存储位置。
      file: .runner
      # 同时执行的任务数量。
      capacity: 1
      # 运行任务时的额外环境变量。
      envs:
        A_TEST_ENV_NAME_1: a_test_env_value_1
        A_TEST_ENV_NAME_2: a_test_env_value_2
      # 从文件中读取的额外环境变量。
      # 如果为空或文件不存在，则忽略。
      env_file: .env
      # 任务完成的超时时间。
      # 请注意，Gitea 实例也有一个任务超时时间（默认为 3 小时）。
      # 因此，如果 Gitea 实例的超时时间比此时间短，任务可能会被 Gitea 实例停止。
      timeout: 3h
      # 关闭时等待正在运行的任务完成的超时时间。
      # 在此超时时间后仍未完成的任务将被取消。
      shutdown_timeout: 0s
      # 是否跳过验证 Gitea 实例的 TLS 证书。
      insecure: false
      # 从 Gitea 实例获取任务的超时时间。
      fetch_timeout: 5s
      # 从 Gitea 实例获取任务的间隔时间。
      fetch_interval: 2s
      # Runner 的标签用于确定 Runner 可以运行哪些任务以及如何运行它们。
      # 例如："macos-arm64:host" 或 "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
      # 更多 Gitea 提供的镜像可以在 https://gitea.com/gitea/runner-images 找到。
      # 如果注册时为空，则会要求输入标签。
      # 如果执行 `daemon` 时为空，则会使用 `.runner` 文件中的标签。
      labels:
        # 特有镜像(标记环境) CN = 国内 canton = 局域网设备 hk = 香港 global = 墙外设备
        - "cn:docker://docker.martin98.com/gitea/runner-images:ubuntu-latest"
        - "canton:docker://docker.martin98.com/gitea/runner-images:ubuntu-latest"
        # - "hk:docker://docker.gitea.com/runner-images:ubuntu-latest"
        # - "global:docker://docker.gitea.com/runner-images:ubuntu-latest"
        # - "us:docker://docker.gitea.com/runner-images:ubuntu-latest"

---
kind: Secret
apiVersion: v1
metadata:
  name: runner-secret
  namespace: gitea
data:
  token: MUxNR055bVM1enZsb2dOd3VwaVpnWmpscjhFWmVIcXpFblQzdG53TA==
type: Opaque