From bbe548887156973f0f25e8c7459b1052c26bfe72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20Groothuis?= <daniel.groothuis@trimm.nl>
Date: Tue, 28 Oct 2025 18:51:23 +0100
Subject: [PATCH] chore(gitea-runners): Updated values for Dind support

---
 manifests/artemis/gitea-runners/values.yaml | 69 +++++++++------------
 1 file changed, 28 insertions(+), 41 deletions(-)

diff --git a/manifests/artemis/gitea-runners/values.yaml b/manifests/artemis/gitea-runners/values.yaml
index 1d36030..a48e17f 100644
--- a/manifests/artemis/gitea-runners/values.yaml
+++ b/manifests/artemis/gitea-runners/values.yaml
@@ -1,46 +1,31 @@
-# Configure Gitea Actions
-## @section Gitea Actions
-#
-## @param enabled Create an act runner StatefulSet.
-## @param init.image.repository The image used for the init containers
-## @param init.image.tag The image tag used for the init containers
-## @param statefulset.replicas the amount of (replica) runner pods deployed
-## @param statefulset.timezone is the timezone that will be set in the act_runner image
-## @param statefulset.annotations Act runner annotations
-## @param statefulset.labels Act runner labels
-## @param statefulset.resources Act runner resources
-## @param statefulset.nodeSelector NodeSelector for the statefulset
-## @param statefulset.tolerations Tolerations for the statefulset
-## @param statefulset.affinity Affinity for the statefulset
-## @param statefulset.extraVolumes Extra volumes for the statefulset
-## @param statefulset.actRunner.repository The Gitea act runner image
-## @param statefulset.actRunner.tag The Gitea act runner tag
-## @param statefulset.actRunner.pullPolicy The Gitea act runner pullPolicy
-## @param statefulset.actRunner.extraVolumeMounts Allows mounting extra volumes in the act runner container
-## @param statefulset.actRunner.config [default: Too complex. See values.yaml] Act runner custom configuration. See [Act Runner documentation](https://docs.gitea.com/usage/actions/act-runner#configuration) for details.
-## @param statefulset.dind.repository The Docker-in-Docker image
-## @param statefulset.dind.tag The Docker-in-Docker image tag
-## @param statefulset.dind.pullPolicy The Docker-in-Docker pullPolicy
-## @param statefulset.dind.extraVolumeMounts Allows mounting extra volumes in the Docker-in-Docker container
-## @param statefulset.dind.extraEnvs Allows adding custom environment variables, such as `DOCKER_IPTABLES_LEGACY`
-## @param statefulset.persistence.size Size for persistence to store act runner data
-## @param existingSecret Secret that contains the token
-## @param existingSecretKey Secret key
-## @param giteaRootURL URL the act_runner registers and connect with
+# values.yaml (full relevant sections)
 enabled: true
+
 statefulset:
+  # One emptyDir to carry just the docker.sock across containers
   extraVolumes:
     - name: docker-socket
       emptyDir: {}
+
   actRunner:
+    repository: gitea/act_runner
+    tag: 0.2.13
+    pullPolicy: IfNotPresent
     extraEnvs:
       - name: DOCKER_HOST
         value: unix:///var/run/docker.sock
       - name: DOCKER_BUILDKIT
         value: "1"
+      # Make sure TLS vars are not set; these lines ensure they are blank
+      - name: DOCKER_TLS_CERTDIR
+        value: ""
+      - name: DOCKER_TLS_VERIFY
+        value: ""
+    # Mount only the socket path from the shared volume
     extraVolumeMounts:
       - name: docker-socket
-        mountPath: /var/run
+        mountPath: /var/run/docker.sock
+        subPath: docker.sock
     config: |
       log:
         level: info
@@ -56,38 +41,40 @@ statefulset:
         privileged: true
         require_docker: true
         docker_timeout: 300s
+
   dind:
     repository: docker
     tag: 28.3.3-dind
     pullPolicy: IfNotPresent
+    # Disable TLS entirely for in-pod socket use
     extraEnvs:
       - name: DOCKER_TLS_CERTDIR
-        value: ""     # disable TLS
+        value: ""
+      # Uncomment if you hit iptables legacy issues on your nodes
       # - name: DOCKER_IPTABLES_LEGACY
       #   value: "1"
+    # Mount the same socket path; dockerd will create the file at startup
     extraVolumeMounts:
       - name: docker-socket
-        mountPath: /var/run
+        mountPath: /var/run/docker.sock
+        subPath: docker.sock
+    # Ensure dockerd uses the default unix socket only; don't bind TCP
+    # Some Helm charts expose command/args—include them if available:
+    command: ["dockerd"]
+    args:
+      - "--host=unix:///var/run/docker.sock"
+      - "--storage-driver=overlay2"
 
 init:
   image:
     repository: busybox
-    # Overrides the image tag whose default is the chart appVersion.
     tag: "1.37.0"
 
-## Specify an existing token secret
-##
 existingSecret: "gitea-runner-token"
 existingSecretKey: "token"
 
-## Specify the root URL of the Gitea instance
 giteaRootURL: "https://git.dgse.cloud"
 
-## @section Global
-#
-## @param global.imageRegistry global image registry override
-## @param global.storageClass global storage class override
 global:
   imageRegistry: ""
   storageClass: ""
-