{{- if .Values.actRunner.enabled -}} {{- $fullName := include "c-----code.fullname" . -}} {{- $ns := include "c-----code.namespace" . -}} {{- $runner := .Values.actRunner -}} --- apiVersion: apps/v1 kind: Deployment metadata: name: {{ $fullName }}-act-runner namespace: {{ $ns }} labels: app.kubernetes.io/name: {{ $fullName }}-act-runner app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} spec: replicas: {{ $runner.replicaCount }} selector: matchLabels: app.kubernetes.io/name: {{ $fullName }}-act-runner app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ $fullName }}-act-runner app.kubernetes.io/instance: {{ .Release.Name }} spec: serviceAccountName: {{ $fullName }}-act-runner containers: - name: runner image: "{{ .Values.image.registry }}/act-runner:{{ $runner.image.tag }}" imagePullPolicy: {{ $runner.image.pullPolicy | default .Values.image.pullPolicy }} args: - --config - /runner/config.yaml - --replaces-self env: - name: CONFIG_FILE value: /runner/config.yaml {{- if .Values.nats.enabled }} - name: HOOK_POOL_REDIS_LIST_PREFIX value: "{hook}" - name: HOOK_POOL_REDIS_LOG_CHANNEL value: "hook:logs" {{- end }} {{- range $runner.env }} - name: {{ .name }} value: {{ .value | quote }} {{- end }} volumeMounts: - name: runner-config mountPath: /runner readOnly: true - name: docker-socket mountPath: /var/run/docker.sock resources: {{- toYaml $runner.resources | nindent 10 }} volumes: - name: runner-config configMap: name: {{ $fullName }}-act-runner-config - name: docker-socket hostPath: path: /var/run/docker.sock type: Socket {{- with $runner.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with $runner.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with $runner.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} --- apiVersion: v1 kind: ConfigMap metadata: name: {{ $fullName }}-act-runner-config namespace: {{ $ns }} labels: app.kubernetes.io/name: {{ $fullName }}-act-runner app.kubernetes.io/instance: {{ .Release.Name }} data: config.yaml: | # Act Runner Configuration # Generated by Helm values log: level: {{ $runner.logLevel | default "info" }} runner: capacity: {{ $runner.capacity | default 2 }} labels: {{- range $runner.labels }} - {{ . }} {{- end }} cache: {{- if $runner.cache.enabled }} enabled: true dir: {{ $runner.cache.dir | default "/tmp/actions-cache" }} {{- else }} enabled: false {{- end }} docker: host: unix:///var/run/docker.sock --- apiVersion: v1 kind: ServiceAccount metadata: name: {{ $fullName }}-act-runner namespace: {{ $ns }} labels: app.kubernetes.io/name: {{ $fullName }}-act-runner app.kubernetes.io/instance: {{ .Release.Name }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ $fullName }}-act-runner namespace: {{ $ns }} labels: app.kubernetes.io/name: {{ $fullName }}-act-runner app.kubernetes.io/instance: {{ .Release.Name }} rules: - apiGroups: [""] resources: ["pods", "pods/log"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "create", "update", "patch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ $fullName }}-act-runner namespace: {{ $ns }} labels: app.kubernetes.io/name: {{ $fullName }}-act-runner app.kubernetes.io/instance: {{ .Release.Name }} subjects: - kind: ServiceAccount name: {{ $fullName }}-act-runner namespace: {{ $ns }} roleRef: kind: Role name: {{ $fullName }}-act-runner apiGroup: rbac.authorization.k8s.io {{- end }}