Deploy Forgejo Actions runner to k3s #113

New issue

Closed

opened 2026-05-25 04:24:42 +00:00 by coilysiren · 0 comments

coilysiren commented

2026-05-25 04:24:42 +00:00

Owner

Problem

Forgejo server is running on kai-server k3s (infrastructure/deploy/forgejo.yml, image codeberg.org/forgejo/forgejo:15.0.2-rootless) but no Actions runner is deployed anywhere. Actions on coilysiren Forgejo are effectively dark — any workflow pushed to a Forgejo repo will queue forever.

Scope

Deploy an act_runner instance reachable from the in-cluster Forgejo. Likely shape: hand-rolled manifest in infrastructure/deploy/ (matching the existing forgejo.yml style — no Helm), or the wrenix/forgejo-runner chart if that turns out cleaner.
Decide on executor: DinD sidecar vs rootless vs host docker. DinD is the path every recent community write-up takes.
Registration token lands in SSM under /forgejo/runner-token (or per-runner if multiple), wired through ExternalSecret like the other forgejo secrets.
Update SSM.md with the new param(s).
Pin runner version in the manifest.

References

wrenix chart: https://artifacthub.io/packages/helm/forgejo-runner/forgejo-runner
Janik von Rotz walkthrough (Dec 2025): http://janikvonrotz.ch/2025/12/31/deploy-forgejo-runner-to-kubernetes-cluster/
Cloud Alchemist rootless writeup: https://sbulav.github.io/kubernetes/running-rootless-forgejo-runners-kubernetes-ubuntu/
Upstream tracking issue (native k8s runner — not shipped yet): https://codeberg.org/forgejo/discussions/issues/66

**Problem** Forgejo server is running on kai-server k3s (`infrastructure/deploy/forgejo.yml`, image `codeberg.org/forgejo/forgejo:15.0.2-rootless`) but no Actions runner is deployed anywhere. Actions on coilysiren Forgejo are effectively dark — any workflow pushed to a Forgejo repo will queue forever. **Scope** - Deploy an `act_runner` instance reachable from the in-cluster Forgejo. Likely shape: hand-rolled manifest in `infrastructure/deploy/` (matching the existing forgejo.yml style — no Helm), or the wrenix/forgejo-runner chart if that turns out cleaner. - Decide on executor: DinD sidecar vs rootless vs host docker. DinD is the path every recent community write-up takes. - Registration token lands in SSM under `/forgejo/runner-token` (or per-runner if multiple), wired through ExternalSecret like the other forgejo secrets. - Update `SSM.md` with the new param(s). - Pin runner version in the manifest. **References** - wrenix chart: https://artifacthub.io/packages/helm/forgejo-runner/forgejo-runner - Janik von Rotz walkthrough (Dec 2025): http://janikvonrotz.ch/2025/12/31/deploy-forgejo-runner-to-kubernetes-cluster/ - Cloud Alchemist rootless writeup: https://sbulav.github.io/kubernetes/running-rootless-forgejo-runners-kubernetes-ubuntu/ - Upstream tracking issue (native k8s runner — not shipped yet): https://codeberg.org/forgejo/discussions/issues/66

coilysiren referenced this issue

2026-05-25 04:45:18 +00:00

forgejo-runner: dind sidecar speaks tcp, not unix socket #114

coilysiren referenced this issue from a commit

2026-05-25 05:04:05 +00:00

feat(forgejo): deploy two Forgejo Actions runners with DinD (closes https://forgejo.coilysiren.me/coilysiren/infrastructure/issues/113)

coilysiren closed this issue

2026-05-25 05:04:05 +00:00

coilysiren referenced this issue

2026-05-25 05:08:37 +00:00

Migrate CI lint + TruffleHog from GHA to Forgejo Actions #115

coilysiren referenced this issue