apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: act-runner
  namespace: gitea-runner
  labels:
    app: act-runner
spec:
  serviceName: ""
  selector:
    matchLabels:
      app: act-runner
  replicas: 3
  template:
    metadata:
      labels:
        app: act-runner
    spec:
      initContainers:
      - name: sysctl
        image: busybox
        securityContext:
          privileged: true
        command:
          - sh
          - -c
          - echo 28633 > /proc/sys/user/max_user_namespaces
      - name: chown-data
        image: busybox
        securityContext:
          runAsUser: 0
        command:
          - sh
          - -c
          - chown -R 1000:1000 /data
        volumeMounts:
        - name: runner-data
          mountPath: /data
      containers:
      - name: runner
        image: gitea/act_runner:nightly-dind-rootless
        imagePullPolicy: Always
        env:
          - name: CONFIG_FILE
            value: /config/config.yaml
          - name: DOCKER_HOST
            value: unix:///run/user/1000/docker.sock
          - name: GITEA_INSTANCE_URL
            value: https://git.dubyatp.xyz
          - name: GITEA_RUNNER_REGISTRATION_TOKEN
            valueFrom:
              secretKeyRef:
                key: registration-token
                name: gitea-runner-token
        securityContext:
          privileged: true
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - name: runner-config
          mountPath: /config
        - name: runner-data
          mountPath: /data
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      terminationGracePeriodSeconds: 30
      volumes:
        - name: runner-config
          configMap:
            name: runner-config
  volumeClaimTemplates:
  - metadata:
      name: runner-data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: weyma-shared
      resources:
        requests:
          storage: 32Gi