ci: deploy forgejo runner with flux cd

apps/forgejo-runner/helmrelease.yaml

@@ -0,0 +1,27 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: forgejo-runner
+  namespace: forgejo
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: forgejo-runner
+      version: "0.4.28"
+      sourceRef:
+        kind: OCIRepository
+        name: forgejo-runner
+        namespace: flux-system
+  values:
+    forgejo:
+      url: "https://git.patanix.de"
+      tokenSecretName: forgejo-runner-token
+    dind:
+      enabled: true
+    # Optional: Runner-Name, Labels, Ressourcen etc.
+    # name: "my-runner"
+    # labels:
+    #   - "docker"
+    #   - "k8s"
+

apps/forgejo-runner/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - runner-secret.yaml
+  - helmrelease.yaml

apps/forgejo-runner/runner-secret.yaml

@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: forgejo-runner-token
+    namespace: forgejo
+type: Opaque
+stringData:
+    token: ENC[AES256_GCM,data:uwGkYaziWJ9pNPR2LuEr7+yWU+b2Jp6YnXPDbV8TEyjC/NegAvcfhQ==,iv:Fou5Z/ZjINmQgFIFCoMeHoDP8O6kAzZs/ZrRdttaVzA=,tag:oaM95SQ/NAq6T9CLIqtsCQ==,type:str]
+sops:
+    lastmodified: "2025-05-26T12:30:10Z"
+    mac: ENC[AES256_GCM,data:KyZi4zu9fUFtyGsxEhS7I2nWEL8eRggczeKyAAstTdfiXSTeyGFFWhu6u5MbtobqYsoSrxc5UbYNJKj8LEIEZtW5cfHgFcebkFu9LSKfgkqTbyJUqivurmXPxYrN/03N/xYvCK5yNA3hLJ1VG9UBTIxduGnfEah4gy079Z5z8H0=,iv:otP6yM2s/DeLZ/kH4I1Vct4cJ2fpl3A2qD0K6MNMSKE=,tag:kA6fKLWKYkbILxfG7q5JUQ==,type:str]
+    pgp:
+        - created_at: "2025-05-26T12:30:10Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAxd/Yh1BfDklAQ/+IxTzk0xWdqnDbi13ymMGmyog2Z+cdfLtDqLN8A/bLPiL
+            EBtU8y2GOGJSWz28fXkTWSgXk7OqW2C8vGQ3EQTat88IDhnU0u+k6qSOb8QlpPD+
+            hR/+EJOw9mlu/BCrja+Qv0uLa9z/jkTispWfZBdnPOzgqwRySk7X2pQcbzwubHLB
+            vRUvkznN5maOA4hBB2vjK8D5C3d8C3C6uwmq14SVRY1RAwGbq1q/OYgdGb8/QurQ
+            Ob5zRVWs35DFoAH4DxCro0pAwgBbTs+sXjFuTNo0aLoxHoMGV0511VC+biZDUWVp
+            qqT6jHbscQqRJqg2NFL5vAWn/mKsL3qTqeVhatHUraS/WNe8vA/brQxRbI8r+Sdh
+            /uGKtvIyKfUSTeNAXotOGiQCHlp98icRNemV1vFNS3Uq6qw4Pd5qomyPODv+3za2
+            Sk0l1gWxwF2MOdbaf8tTJyXrXjN1RQsL9C68DUVdPggqVoD01euIrej6Obo/u9wq
+            qQXD7XtfsP2AjUvEwpXJnxVhn5Az5ZIEzmyyxzGpduojPTCxOPNwWIzS6IJmxd+L
+            tKgSePkFsL32SRM2l1ZSV58bUePkT1QArndyG6+kZnTZCyLz7lCuq/ETIyj6yMpV
+            b3ICKCwssEiAZAwG/+cYDIjUuvKt4wLNCFHAdqeDI38W+zrN4KNe291PnuxZEenU
+            aAEJAhCbe3AToXHZr8YvDbylOyk6egwQ+or7ofWANh3pjoF8Sk1Bo3d6Uch8bYsn
+            Pg1Ft4j9df4Yp5AKlRu3cdmsrm1MTkpsD0hIBqoQDEcsIiaHXFG7fwftPtES80vO
+            NsfThf7f4T/o
+            =4A1/
+            -----END PGP MESSAGE-----
+          fp: F20CF3DE0B4ACDFCAF07A9D76399FB237185E764
+    encrypted_regex: ^(data|stringData)$
+    version: 3.10.2

apps/kustomization.yaml

@@ -4,3 +4,4 @@ resources:
   - home-assistant/
   - kitchenowl/
   - forgejo/
+  - forgejo-runner/

clusters/production/forgejo-runner.yaml

@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: forgejo
+  namespace: flux-system
+spec:
+  interval: 10m
+  path: ../../apps/forgejo-runner
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg

clusters/production/kustomization.yaml

@@ -4,6 +4,7 @@ resources:
   - cert-manager.yaml
   - kitchenowl.yaml
   - forgejo.yaml
+  - forgejo-runner.yaml
   - ocirepository.yaml
   - ../../infrastructure
   - ../../apps

infrastructure/ocirepositories/forgejo-runner.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: OCIRepository
+metadata:
+  name: forgejo-runner
+  namespace: flux-system
+spec:
+  interval: 30m
+  url: oci://codeberg.org/wrenix/helm-charts