#!/usr/bin/env bash set -euo pipefail ORG="${ORG:-trade-next}" GITEA_URL="${GITEA_URL:-https://gitea.mpabi.pl}" GITEA_TOKEN_FILE="${GITEA_TOKEN_FILE:-/home/user/dev/mcp/tools/tokens/gitea.token}" SOL_HOST="${SOL_HOST:-149.50.96.162}" SOL_USER="${SOL_USER:-user}" SOL_SSH_KEY="${SOL_SSH_KEY:-/home/user/dev/mcp/keys/mpabi/mevnode_mcp}" NAMESPACE="${NAMESPACE:-gitea-actions}" SECRET_NAME="${SECRET_NAME:-act-runner-registration-token}" gitea_token() { cut -d: -f2- "$GITEA_TOKEN_FILE" | head -n1 | tr -d '[:space:]' } ssh_sol() { ssh -i "$SOL_SSH_KEY" -o IdentitiesOnly=yes -o StrictHostKeyChecking=no "$SOL_USER@$SOL_HOST" "$@" } API_TOKEN="$(gitea_token)" if [ -z "$API_TOKEN" ]; then echo "Gitea API token is empty" >&2 exit 1 fi REG_TOKEN="$( curl -fsS \ -X POST \ -H "Authorization: token ${API_TOKEN}" \ "${GITEA_URL}/api/v1/orgs/${ORG}/actions/runners/registration-token" \ | jq -r '.token' )" if [ -z "$REG_TOKEN" ] || [ "$REG_TOKEN" = "null" ]; then echo "Failed to obtain runner registration token" >&2 exit 1 fi ssh_sol "sudo k3s kubectl get ns ${NAMESPACE} >/dev/null 2>&1 || sudo k3s kubectl create ns ${NAMESPACE} >/dev/null" printf '%s' "$REG_TOKEN" | ssh_sol "tmp=\$(mktemp); cat >\"\$tmp\"; sudo k3s kubectl -n ${NAMESPACE} create secret generic ${SECRET_NAME} --from-file=token=\"\$tmp\" --dry-run=client -o yaml | sudo k3s kubectl apply -f - >/dev/null; rm -f \"\$tmp\"" echo "Runner registration secret synced to ${SOL_HOST}:${NAMESPACE}/${SECRET_NAME}"