# Encrypt as helm/forgejo-runner-registration.sops.yaml, then: # kubectl apply -f <(sops -d helm/forgejo-runner-registration.sops.yaml) # # Generate token (one-time, do not commit plaintext): # kubectl exec -n forgejo deploy/forgejo-gitea -- \ # forgejo actions generate-runner-token --scope coulomb --- apiVersion: v1 kind: Secret metadata: name: forgejo-runner-registration namespace: forgejo type: Opaque stringData: token: REPLACE_WITH_RUNNER_REGISTRATION_TOKEN