# Gitea Actions Runner Bootstrap This module bootstraps a single organization-scoped Gitea Actions runner for `trade-next` on the `sol` cluster. ## Design - Runner scope: organization-level for `trade-next` - Runtime: `docker.io/gitea/act_runner:latest` - Job execution: `docker:27-dind` sidecar with a shared Unix socket - Cluster access for workflows: dedicated `trade-gitops-deployer` service account, exported as the `K3S_KUBECONFIG_B64` org secret - Storage model: small persistent `hostPath` only for runner registration state, ephemeral Docker layer cache - Runner labels: `ubuntu-latest` and `k3s-deploy`, both starting from the standard Gitea runner image so deployment jobs can install the exact `kubectl` version they need ## Operator Flow 1. Prepare the org registration token secret in `gitea-actions`. 2. Apply the kustomize module on `sol`. 3. Create or refresh the deployer kubeconfig and sync it to the `trade-next` org secrets. 4. Push a workflow to `trade-gitops` and let the runner execute deployment jobs. ## Bootstrap Commands From the repository root: ```bash ./bootstrap/gitea-actions/scripts/bootstrap-sol.sh ``` ## Notes - This runner is intentionally pinned to the `sol` node because the target cluster is currently single-node. - The deployer binding is `cluster-admin` for the first bootstrap pass and should be narrowed once the GitOps surface is fully reconstructed. - The runner exposes the labels `ubuntu-latest` and `k3s-deploy`.