Test with explicit host labels in registration

Added --labels flag to registration command:
- Explicitly specify host execution during registration
- Should override any container-based execution
- Testing if Docker daemon errors are finally resolved

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

forgejo-runner-helm/Chart.yaml

@@ -0,0 +1,17 @@
+apiVersion: v2
+name: forgejo-runner
+description: A Helm chart for Forgejo runners
+type: application
+version: 0.1.0
+appVersion: "latest"
+keywords:
+  - forgejo
+  - runner
+  - ci
+  - cd
+home: https://forgejo.org/
+sources:
+  - https://codeberg.org/forgejo/runner
+maintainers:
+  - name: forgejo-runner-helm
+icon: https://forgejo.org/images/logo-forgejo.svg

forgejo-runner-helm/README.md

@@ -0,0 +1,39 @@
+# Forgejo Runner Helm Chart
+
+This Helm chart deploys Forgejo runners on a Kubernetes cluster.
+
+## Installation
+
+```bash
+helm install my-forgejo-runner ./forgejo-runner-helm \
+  --set forgejo.url="https://your-forgejo-instance.com" \
+  --set forgejo.token="your-registration-token" \
+  --set replicaCount=3
+```
+
+## Configuration
+
+The following table lists the configurable parameters:
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `replicaCount` | Number of runner replicas | `1` |
+| `forgejo.url` | Forgejo instance URL | `""` (required) |
+| `forgejo.token` | Registration token | `""` (required) |
+| `image.repository` | Container image repository | `code.forgejo.org/forgejo/runner` |
+| `image.tag` | Container image tag | `latest` |
+| `runner.labels` | Labels for the runner | `["ubuntu-latest"]` |
+| `runner.namePrefix` | Name prefix for runners | `"forgejo-runner"` |
+
+## Example
+
+```yaml
+# values.yaml
+replicaCount: 2
+forgejo:
+  url: "https://forgejo.example.com"
+  token: "your-secret-token"
+runner:
+  labels: ["ubuntu-latest", "docker"]
+  namePrefix: "k8s-runner"
+```# Explicit host labels test Sun Jun  8 12:56:43 AM CDT 2025

forgejo-runner-helm/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "forgejo-runner.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "forgejo-runner.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "forgejo-runner.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "forgejo-runner.labels" -}}
+helm.sh/chart: {{ include "forgejo-runner.chart" . }}
+{{ include "forgejo-runner.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "forgejo-runner.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "forgejo-runner.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "forgejo-runner.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "forgejo-runner.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

forgejo-runner-helm/templates/configmap.yaml

@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "forgejo-runner.fullname" . }}-config
+  labels:
+    {{- include "forgejo-runner.labels" . | nindent 4 }}
+data:
+  config.yaml: |
+    # Config for Forgejo runner
+    log:
+      level: info
+    runner:
+      file: .runner
+      capacity: 1
+      timeout: 3h
+      insecure: false
+      fetch_timeout: 5s
+      fetch_interval: 2s
+      labels:
+        - "ubuntu-latest:host"
+        - "ubuntu-22.04:host"
+        - "node:host"
+        - "alpine:host"
+    cache:
+      enabled: true
+      dir: ""
+      host: ""
+      port: 0
+    container:
+      network: "bridge"
+      privileged: false
+      options: ""
+      workdir_parent: "/tmp/actions"
+      force_pull: true
+      valid_volumes: []
+      podman_binary: "podman"
+    host:
+      workdir_parent: "/tmp/actions"

forgejo-runner-helm/templates/deployment.yaml

@@ -0,0 +1,103 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "forgejo-runner.fullname" . }}
+  labels:
+    {{- include "forgejo-runner.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "forgejo-runner.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "forgejo-runner.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "forgejo-runner.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - "/bin/sh"
+            - "-c"
+            - |
+              cd /data
+              
+              # Setup Podman environment for rootless containers
+              export XDG_RUNTIME_DIR="/tmp/runtime-runner"
+              mkdir -p $XDG_RUNTIME_DIR ~/.config/containers ~/.local/share/containers
+              chmod 0700 $XDG_RUNTIME_DIR
+              
+              # Create subuid/subgid for rootless containers
+              echo "1000:100000:65536" > /tmp/subuid
+              echo "1000:100000:65536" > /tmp/subgid
+              export SUBUID_FILE=/tmp/subuid
+              export SUBGID_FILE=/tmp/subgid
+              
+              echo "Testing Podman setup..."
+              podman --version
+              podman info || echo "Podman info failed, continuing..."
+              
+              echo "Registering runner with Forgejo..."
+              /bin/forgejo-runner register \
+                --no-interactive \
+                --instance "$FORGEJO_RUNNER_URL" \
+                --token "$FORGEJO_RUNNER_TOKEN" \
+                --name "$FORGEJO_RUNNER_NAME" \
+                --labels "ubuntu-latest:host,ubuntu-22.04:host,node:host,alpine:host"
+              
+              echo "Starting runner..."
+              exec /bin/forgejo-runner daemon --config /etc/forgejo-runner/config.yaml
+          env:
+            - name: FORGEJO_RUNNER_URL
+              value: {{ required "forgejo.url is required" .Values.forgejo.url | quote }}
+            - name: FORGEJO_RUNNER_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "forgejo-runner.fullname" . }}-secret
+                  key: token
+            - name: FORGEJO_RUNNER_NAME
+              value: {{ .Values.runner.namePrefix }}-$(hostname)
+            - name: FORGEJO_RUNNER_LABELS
+              value: {{ join "," .Values.runner.labels | quote }}
+            - name: CONTAINER_RUNTIME
+              value: "podman"
+          volumeMounts:
+            - name: runner-data
+              mountPath: /data
+            - name: runner-config
+              mountPath: /etc/forgejo-runner
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      volumes:
+        - name: runner-data
+          emptyDir: {}
+        - name: runner-config
+          configMap:
+            name: {{ include "forgejo-runner.fullname" . }}-config
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

forgejo-runner-helm/templates/secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "forgejo-runner.fullname" . }}-secret
+  labels:
+    {{- include "forgejo-runner.labels" . | nindent 4 }}
+type: Opaque
+data:
+  token: {{ required "forgejo.runner_registration_token is required" .Values.forgejo.runner_registration_token | b64enc | quote }}

forgejo-runner-helm/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "forgejo-runner.serviceAccountName" . }}
+  labels:
+    {{- include "forgejo-runner.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

forgejo-runner-helm/values.yaml

@@ -0,0 +1,61 @@
+# Default values for forgejo-runner
+replicaCount: 1
+
+forgejo:
+  # URL of the Forgejo instance
+  url: ""
+  # Runner registration token for registering runners
+  runner_registration_token: ""
+
+image:
+  repository: git.coworkunion.com/evancarroll/forgejo-podman-runner
+  pullPolicy: Always
+  tag: "latest"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext:
+  fsGroup: 1000
+
+securityContext:
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: false
+  runAsNonRoot: true
+  runAsUser: 1000
+  runAsGroup: 1000
+
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+# Runner configuration
+runner:
+  # Labels to assign to the runner
+  labels: ["ubuntu-latest"]
+  # Name prefix for runners
+  namePrefix: "forgejo-runner"