feat(github actions): add github runners

Signed-off-by: unusualpseudo <[email protected]>

kubernetes/main/apps/devtools/gh-actions-runners/ks.yaml

@@ -0,0 +1,43 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app gha-runner-scale-set
+  namespace: flux-system
+spec:
+  targetNamespace: devtools
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/main/apps/devtools/gh-actions-runners/operator/
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  wait: false
+  interval: 30m
+  timeout: 5m
+
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app gha-runner-scale-set-controller
+  namespace: flux-system
+spec:
+  targetNamespace: devtools
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/main/apps/devtools/gh-actions-runners/runners
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  wait: false
+  interval: 30m
+  timeout: 5m

kubernetes/main/apps/devtools/gh-actions-runners/operator/externalsecret.yaml

@@ -0,0 +1,24 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: actions-runner-controller-auth
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: actions-runner-controller-auth-secret
+    template:
+      engineVersion: v2
+      data:
+        github_app_id: |-
+          {{ .ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID }}
+        github_app_installation_id: |-
+          {{ .ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID }}
+        github_app_private_key: |-
+          {{ .ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY }}
+  dataFrom:
+    - extract:
+        key: actions-runner-controller

kubernetes/main/apps/devtools/gh-actions-runners/operator/helmrelease.yaml

@@ -0,0 +1,28 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: gha-runner-scale-set-controller
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: gha-runner-scale-set-controller
+      version: 0.9.2
+      sourceRef:
+        kind: HelmRepository
+        name: actions-runner-controller
+        namespace: flux-system
+  install:
+    crds: CreateReplace
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    crds: CreateReplace
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    fullnameOverride: gha-runner-scale-set-controller

kubernetes/main/flux/repositories/oci/kustomization.yaml → kubernetes/main/apps/devtools/gh-actions-runners/operator/kustomization.yaml

@@ -2,4 +2,6 @@
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources: []
+resources:
+  - externalsecret.yaml
+  - helmrelease.yaml

kubernetes/main/apps/devtools/gh-actions-runners/runners/helmrelease.yaml

@@ -0,0 +1,45 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: gha-runner-scale-set
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: gha-runner-scale-set
+      version: 0.9.2
+      sourceRef:
+        kind: HelmRepository
+        name: actions-runner-controller
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  dependsOn:
+    - name: gha-runner-scale-set-controller
+      namespace: devtools
+  values:
+    nameOverride: gha-runner-scale-set
+    runnerScaleSetName: gha-runner-scale-set
+    githubConfigSecret: actions-runner-controller-auth-secret
+    githubConfigUrl: https://github.com/unusualpseudo/homelab
+    minRunners: 1
+    maxRunners: 3
+    containerMode:
+      type: dind
+    template:
+      spec:
+        containers:
+          - name: runner
+            image: ghcr.io/onedr0p/actions-runner:2.320.0@sha256:b3f9eb8fc31aada52e9fbccb567973ed70ed1c35d856e44a9a78caeb962dd8a4
+            command: ["/home/runner/run.sh"]
+    controllerServiceAccount:
+      name: gha-runner-scale-set-controller
+      namespace: devtools

kubernetes/main/flux/repositories/git/kustomization.yaml → kubernetes/main/apps/devtools/gh-actions-runners/runners/kustomization.yaml

@@ -2,4 +2,5 @@
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-resources: []
+resources:
+  - ./helmrelease.yaml

kubernetes/main/apps/devtools/kustomization.yaml

@@ -5,3 +5,4 @@ kind: Kustomization
 resources:
   - ./namespace.yaml
   - ./jenkins/ks.yaml
+  - ./gh-actions-runners/ks.yaml

kubernetes/main/flux/repositories/helm/actions-runner-controller.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: actions-runner-controller
+  namespace: flux-system
+spec:
+  type: oci
+  interval: 1h
+  url: oci://ghcr.io/actions/actions-runner-controller-charts

kubernetes/main/flux/repositories/helm/kustomization.yaml

@@ -21,3 +21,4 @@ resources:
   - ./longhorn.yaml
   - ./spark-operator.yaml
   - ./jenkins.yaml
+  - ./actions-runner-controller.yaml

kubernetes/main/flux/repositories/kustomization.yaml

@@ -3,6 +3,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - helm
-  - git
-  - oci
+  - ./helm