Compare commits

...

9 Commits

Author SHA1 Message Date
dependabot[bot] 8eb60bdaba Bump the actions group across 1 directory with 3 updates
(gha) Validate Helm Charts / Test Chart (push) Has been cancelled
Validate Helm Chart / Lint Chart (push) Has been cancelled
(gha) Validate Helm Charts / Lint Chart (push) Has been cancelled
Bumps the actions group with 3 updates in the / directory: [azure/setup-helm](https://github.com/azure/setup-helm), [docker/login-action](https://github.com/docker/login-action) and [docker/build-push-action](https://github.com/docker/build-push-action).


Updates `azure/setup-helm` from 4.3.1 to 5.0.0
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](https://github.com/azure/setup-helm/compare/1a275c3b69536ee54be43f2070a358922e12c8d4...dda3372f752e03dde6b3237bc9431cdc2f7a02a2)

Updates `docker/login-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...4907a6ddec9925e35a0a9e82d7399ccc52663121)

Updates `docker/build-push-action` from 7.0.0 to 7.1.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/d08e5c354a6adb9ed34480a06d141179aa583294...bcafcacb16a39f128d818304e6c9c0c18556b85f)

---
updated-dependencies:
- dependency-name: azure/setup-helm
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: docker/build-push-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-20 23:32:05 +00:00
Gleb Khaykin e0feb3b711 Fix orphan no-permission ServiceAccount in kubernetes-novolume mode (#4455) 2026-04-20 13:31:23 +02:00
Francesco Renzi 74cfc3855e Prepare 0.14.1 release (#4448)
(gha) Validate Helm Charts / Lint Chart (push) Has been cancelled
Validate Helm Chart / Lint Chart (push) Has been cancelled
(gha) Validate Helm Charts / Test Chart (push) Has been cancelled
2026-04-14 17:03:22 +01:00
Francesco Renzi eb1544f848 Bump actions/scaleset to v0.3.0 (#4447) 2026-04-14 14:08:22 +01:00
Nikola Jokic 79e7b17b56 Fix null field for resource metadata fields in experimental chart (#4419) 2026-04-02 23:44:37 +02:00
github-actions[bot] 39934ce5eb Updates: runner to v2.333.1 (#4427)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-03-31 19:35:28 -05:00
github-actions[bot] 5f4c132f12 Updates: runner to v2.333.0 (#4412)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-03-23 12:46:49 +01:00
Vinayak Gaikwad 0d1e2b3e74 remove redundant ticks around "name" and use plural (#3661) 2026-03-23 12:46:13 +01:00
Nikola Jokic 104bc6b0b0 Fix chart version for publishing (#4415) 2026-03-19 18:13:17 +00:00
21 changed files with 547 additions and 43 deletions
+1 -1
View File
@@ -45,7 +45,7 @@ jobs:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2
with:
version: ${{ env.HELM_VERSION }}
+1 -1
View File
@@ -45,7 +45,7 @@ jobs:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2
with:
version: ${{ env.HELM_VERSION }}
+6 -6
View File
@@ -94,14 +94,14 @@ jobs:
driver-opts: image=moby/buildkit:v0.10.6
- name: Login to GitHub Container Registry
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & push controller image
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f
with:
file: Dockerfile
platforms: linux/amd64,linux/arm64
@@ -148,7 +148,7 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2
with:
version: ${{ env.HELM_VERSION }}
@@ -196,7 +196,7 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2
with:
version: ${{ env.HELM_VERSION }}
@@ -243,7 +243,7 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2
with:
version: ${{ env.HELM_VERSION }}
@@ -292,7 +292,7 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2
with:
version: ${{ env.HELM_VERSION }}
+2 -2
View File
@@ -41,7 +41,7 @@ jobs:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2
with:
version: ${{ env.HELM_VERSION }}
@@ -93,7 +93,7 @@ jobs:
version: latest
- name: Build controller image
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f
if: steps.list-changed.outputs.changed == 'true'
with:
file: Dockerfile
+2 -2
View File
@@ -93,7 +93,7 @@ jobs:
uses: actions/checkout@v6
- name: Login to GitHub Container Registry
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -119,7 +119,7 @@ jobs:
# Unstable builds - run at your own risk
- name: Build and Push
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f
with:
context: .
file: ./Dockerfile
+1 -1
View File
@@ -6,7 +6,7 @@ endif
DOCKER_USER ?= $(shell echo ${DOCKER_IMAGE_NAME} | cut -d / -f1)
VERSION ?= dev
COMMIT_SHA = $(shell git rev-parse HEAD)
RUNNER_VERSION ?= 2.332.0
RUNNER_VERSION ?= 2.333.1
TARGETPLATFORM ?= $(shell arch)
RUNNER_NAME ?= ${DOCKER_USER}/actions-runner
RUNNER_TAG ?= ${VERSION}
@@ -15,13 +15,13 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.14.0
version: "0.14.1"
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.14.0"
appVersion: "0.14.1"
home: https://github.com/actions/actions-runner-controller
@@ -15,13 +15,13 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.14.0
version: 0.14.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.14.0"
appVersion: "0.14.1"
home: https://github.com/actions/actions-runner-controller
@@ -15,13 +15,13 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: "0.14.0"
version: "0.14.1"
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.14.0"
appVersion: "0.14.1"
home: https://github.com/actions/actions-runner-controller
@@ -175,44 +175,68 @@ spec:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.resource.autoscalingListener.metadata }}
{{- $meta := .Values.resource.autoscalingListener.metadata | default dict }}
{{- $lbls := $meta.labels | default dict }}
{{- $anns := $meta.annotations | default dict }}
{{- if or (not (empty $lbls)) (not (empty $anns)) }}
autoscalingListener:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- include "autoscaling-runner-set.spec-resource-metadata" $meta | nindent 4 }}
{{- end }}
{{- with .Values.resource.listenerServiceAccount.metadata }}
{{- $meta := .Values.resource.listenerServiceAccount.metadata | default dict }}
{{- $lbls := $meta.labels | default dict }}
{{- $anns := $meta.annotations | default dict }}
{{- if or (not (empty $lbls)) (not (empty $anns)) }}
listenerServiceAccountMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- include "autoscaling-runner-set.spec-resource-metadata" $meta | nindent 4 }}
{{- end }}
{{- with .Values.resource.listenerRole.metadata }}
{{- $meta := .Values.resource.listenerRole.metadata | default dict }}
{{- $lbls := $meta.labels | default dict }}
{{- $anns := $meta.annotations | default dict }}
{{- if or (not (empty $lbls)) (not (empty $anns)) }}
listenerRoleMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- include "autoscaling-runner-set.spec-resource-metadata" $meta | nindent 4 }}
{{- end }}
{{- with .Values.resource.listenerRoleBinding.metadata }}
{{- $meta := .Values.resource.listenerRoleBinding.metadata | default dict }}
{{- $lbls := $meta.labels | default dict }}
{{- $anns := $meta.annotations | default dict }}
{{- if or (not (empty $lbls)) (not (empty $anns)) }}
listenerRoleBindingMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- include "autoscaling-runner-set.spec-resource-metadata" $meta | nindent 4 }}
{{- end }}
{{- with .Values.resource.listenerConfigSecret.metadata }}
{{- $meta := .Values.resource.listenerConfigSecret.metadata | default dict }}
{{- $lbls := $meta.labels | default dict }}
{{- $anns := $meta.annotations | default dict }}
{{- if or (not (empty $lbls)) (not (empty $anns)) }}
listenerConfigSecretMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- include "autoscaling-runner-set.spec-resource-metadata" $meta | nindent 4 }}
{{- end }}
{{- with .Values.resource.ephemeralRunnerSet.metadata }}
{{- $meta := .Values.resource.ephemeralRunnerSet.metadata | default dict }}
{{- $lbls := $meta.labels | default dict }}
{{- $anns := $meta.annotations | default dict }}
{{- if or (not (empty $lbls)) (not (empty $anns)) }}
ephemeralRunnerSetMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- include "autoscaling-runner-set.spec-resource-metadata" $meta | nindent 4 }}
{{- end }}
{{- with .Values.resource.ephemeralRunner.metadata }}
{{- $meta := .Values.resource.ephemeralRunner.metadata | default dict }}
{{- $lbls := $meta.labels | default dict }}
{{- $anns := $meta.annotations | default dict }}
{{- if or (not (empty $lbls)) (not (empty $anns)) }}
ephemeralRunnerMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- include "autoscaling-runner-set.spec-resource-metadata" $meta | nindent 4 }}
{{- end }}
{{- with .Values.resource.ephemeralRunnerConfigSecret.metadata }}
{{- $meta := .Values.resource.ephemeralRunnerConfigSecret.metadata | default dict }}
{{- $lbls := $meta.labels | default dict }}
{{- $anns := $meta.annotations | default dict }}
{{- if or (not (empty $lbls)) (not (empty $anns)) }}
ephemeralRunnerConfigSecretMetadata:
{{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }}
{{- include "autoscaling-runner-set.spec-resource-metadata" $meta | nindent 4 }}
{{- end }}
template:
@@ -0,0 +1,432 @@
suite: "Test AutoscalingRunnerSet ResourceMeta Omission"
templates:
- autoscalingrunnserset.yaml
tests:
- it: should omit all ResourceMeta fields when metadata is empty
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- notExists:
path: spec.autoscalingListener
- notExists:
path: spec.listenerServiceAccountMetadata
- notExists:
path: spec.listenerRoleMetadata
- notExists:
path: spec.listenerRoleBindingMetadata
- notExists:
path: spec.listenerConfigSecretMetadata
- notExists:
path: spec.ephemeralRunnerSetMetadata
- notExists:
path: spec.ephemeralRunnerMetadata
- notExists:
path: spec.ephemeralRunnerConfigSecretMetadata
- it: should render autoscalingListener when labels are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
autoscalingListener:
metadata:
labels:
listener-key: "listener-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.autoscalingListener.labels.listener-key
value: "listener-value"
- notExists:
path: spec.listenerServiceAccountMetadata
- it: should render autoscalingListener when annotations are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
autoscalingListener:
metadata:
annotations:
listener-ann: "ann-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.autoscalingListener.annotations.listener-ann
value: "ann-value"
- notExists:
path: spec.listenerServiceAccountMetadata
- it: should render listenerServiceAccountMetadata when labels are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
listenerServiceAccount:
metadata:
labels:
sa-key: "sa-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.listenerServiceAccountMetadata.labels.sa-key
value: "sa-value"
- notExists:
path: spec.autoscalingListener
- notExists:
path: spec.listenerRoleMetadata
- it: should render listenerServiceAccountMetadata when annotations are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
listenerServiceAccount:
metadata:
annotations:
sa-ann: "ann-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.listenerServiceAccountMetadata.annotations.sa-ann
value: "ann-value"
- notExists:
path: spec.autoscalingListener
- it: should render listenerRoleMetadata when labels are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
listenerRole:
metadata:
labels:
role-key: "role-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.listenerRoleMetadata.labels.role-key
value: "role-value"
- notExists:
path: spec.autoscalingListener
- it: should render listenerRoleMetadata when annotations are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
listenerRole:
metadata:
annotations:
role-ann: "ann-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.listenerRoleMetadata.annotations.role-ann
value: "ann-value"
- it: should render listenerRoleBindingMetadata when labels are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
listenerRoleBinding:
metadata:
labels:
rolebinding-key: "rolebinding-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.listenerRoleBindingMetadata.labels.rolebinding-key
value: "rolebinding-value"
- it: should render listenerRoleBindingMetadata when annotations are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
listenerRoleBinding:
metadata:
annotations:
rolebinding-ann: "ann-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.listenerRoleBindingMetadata.annotations.rolebinding-ann
value: "ann-value"
- it: should render listenerConfigSecretMetadata when labels are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
listenerConfigSecret:
metadata:
labels:
secret-key: "secret-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.listenerConfigSecretMetadata.labels.secret-key
value: "secret-value"
- it: should render listenerConfigSecretMetadata when annotations are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
listenerConfigSecret:
metadata:
annotations:
secret-ann: "ann-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.listenerConfigSecretMetadata.annotations.secret-ann
value: "ann-value"
- it: should render ephemeralRunnerSetMetadata when labels are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
ephemeralRunnerSet:
metadata:
labels:
runner-set-key: "runner-set-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.ephemeralRunnerSetMetadata.labels.runner-set-key
value: "runner-set-value"
- it: should render ephemeralRunnerSetMetadata when annotations are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
ephemeralRunnerSet:
metadata:
annotations:
runner-set-ann: "ann-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.ephemeralRunnerSetMetadata.annotations.runner-set-ann
value: "ann-value"
- it: should render ephemeralRunnerMetadata when labels are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
ephemeralRunner:
metadata:
labels:
runner-key: "runner-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.ephemeralRunnerMetadata.labels.runner-key
value: "runner-value"
- it: should render ephemeralRunnerMetadata when annotations are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
ephemeralRunner:
metadata:
annotations:
runner-ann: "ann-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.ephemeralRunnerMetadata.annotations.runner-ann
value: "ann-value"
- it: should render ephemeralRunnerConfigSecretMetadata when labels are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
ephemeralRunnerConfigSecret:
metadata:
labels:
runner-config-key: "runner-config-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.ephemeralRunnerConfigSecretMetadata.labels.runner-config-key
value: "runner-config-value"
- it: should render ephemeralRunnerConfigSecretMetadata when annotations are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
ephemeralRunnerConfigSecret:
metadata:
annotations:
runner-config-ann: "ann-value"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.ephemeralRunnerConfigSecretMetadata.annotations.runner-config-ann
value: "ann-value"
- it: should render mixed populated and empty ResourceMeta fields correctly
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
autoscalingListener:
metadata:
labels:
listener: "true"
listenerServiceAccount:
metadata:
annotations:
sa-ann: "true"
ephemeralRunner:
metadata:
labels:
runner: "true"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.autoscalingListener.labels.listener
value: "true"
- equal:
path: spec.listenerServiceAccountMetadata.annotations.sa-ann
value: "true"
- equal:
path: spec.ephemeralRunnerMetadata.labels.runner
value: "true"
- notExists:
path: spec.listenerRoleMetadata
- notExists:
path: spec.listenerRoleBindingMetadata
- notExists:
path: spec.listenerConfigSecretMetadata
- notExists:
path: spec.ephemeralRunnerSetMetadata
- notExists:
path: spec.ephemeralRunnerConfigSecretMetadata
- it: should render both labels and annotations when both are populated
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
listenerServiceAccount:
metadata:
labels:
team: "platform"
annotations:
owner: "devops"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.listenerServiceAccountMetadata.labels.team
value: "platform"
- equal:
path: spec.listenerServiceAccountMetadata.annotations.owner
value: "devops"
+2 -2
View File
@@ -15,13 +15,13 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.14.0
version: 0.14.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.14.0"
appVersion: "0.14.1"
home: https://github.com/actions/actions-runner-controller
@@ -1,6 +1,6 @@
{{- $hasCustomResourceMeta := (and .Values.resourceMeta .Values.resourceMeta.noPermissionServiceAccount) }}
{{- $containerMode := .Values.containerMode }}
{{- if and (ne $containerMode.type "kubernetes") (not .Values.template.spec.serviceAccountName) }}
{{- if and (ne $containerMode.type "kubernetes") (ne $containerMode.type "kubernetes-novolume") (not .Values.template.spec.serviceAccountName) }}
apiVersion: v1
kind: ServiceAccount
metadata:
@@ -335,6 +335,46 @@ func TestTemplateRenderedSetServiceAccountToKubeNoVolumeMode(t *testing.T) {
assert.Equal(t, expectedServiceAccountName, ars.Annotations[actionsgithubcom.AnnotationKeyKubernetesModeServiceAccountName])
}
func TestTemplateRenderedNoPermissionServiceAccountNotRenderedInKubernetesModes(t *testing.T) {
t.Parallel()
for _, mode := range []string{"kubernetes", "kubernetes-novolume"} {
t.Run("containerMode "+mode, func(t *testing.T) {
helmChartPath, err := filepath.Abs("../../gha-runner-scale-set")
require.NoError(t, err)
releaseName := "test-runners"
namespaceName := "test-" + strings.ToLower(random.UniqueId())
options := &helm.Options{
Logger: logger.Discard,
SetValues: map[string]string{
"githubConfigUrl": "https://github.com/actions",
"githubConfigSecret.github_token": "gh_token12345",
"controllerServiceAccount.name": "arc",
"controllerServiceAccount.namespace": "arc-system",
"containerMode.type": mode,
},
KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName),
}
_, err = helm.RenderTemplateE(
t,
options,
helmChartPath,
releaseName,
[]string{"templates/no_permission_serviceaccount.yaml"},
)
assert.ErrorContains(
t,
err,
"could not find template templates/no_permission_serviceaccount.yaml in chart",
"no permission service account should not be rendered in "+mode+" mode",
)
})
}
}
func TestTemplateRenderedUserProvideSetServiceAccount(t *testing.T) {
t.Parallel()
+1 -1
View File
@@ -70,7 +70,7 @@ Fields like `volumeClaimTemplates` that originates from `StatefulSet` should als
Pod-related fields like security contexts and volumes are written under `spec.template.spec` like `StatefulSet`.
Similarly, container-related fields like resource requests and limits, container image names and tags, security context, and so on are written under `spec.template.spec.containers`. There are two reserved container `name`, `runner` and `docker`. The former is for the container that runs [actions runner](https://github.com/actions/runner) and the latter is for the container that runs a `dockerd`.
Similarly, container-related fields like resource requests and limits, container image names and tags, security context, and so on are written under `spec.template.spec.containers`. There are two reserved container names, `runner` and `docker`. The former is for the container that runs [actions runner](https://github.com/actions/runner) and the latter is for the container that runs a `dockerd`.
For a more complex example, see the below:
@@ -43,6 +43,12 @@ You can follow [this troubleshooting guide](https://docs.github.com/en/actions/h
## Changelog
### 0.14.1
1. Fix null field for resource metadata fields in experimental chart [#4419](https://github.com/actions/actions-runner-controller/pull/4419)
1. Updates: runner to v2.333.1 [#4427](https://github.com/actions/actions-runner-controller/pull/4427)
1. Bump actions/scaleset to [v0.3.0](https://github.com/actions/scaleset/releases/tag/v0.3.0) [#4447](https://github.com/actions/actions-runner-controller/pull/4447)
### 0.14.0
1. Fix ActivityId typo in error strings [#4359](https://github.com/actions/actions-runner-controller/pull/4359)
+1 -1
View File
@@ -6,7 +6,7 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.4.0
github.com/actions/scaleset v0.2.0
github.com/actions/scaleset v0.3.0
github.com/bradleyfalzon/ghinstallation/v2 v2.18.0
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
github.com/evanphx/json-patch v5.9.11+incompatible
+2
View File
@@ -37,6 +37,8 @@ github.com/actions-runner-controller/httpcache v0.2.0 h1:hCNvYuVPJ2xxYBymqBvH0hS
github.com/actions-runner-controller/httpcache v0.2.0/go.mod h1:JLu9/2M/btPz1Zu/vTZ71XzukQHn2YeISPmJoM5exBI=
github.com/actions/scaleset v0.2.0 h1:CKsDtTjOBCwjyT4ikwiMykMttzuKejimWRAvVr8xj9w=
github.com/actions/scaleset v0.2.0/go.mod h1:ncR5vzCCTUSyLgvclAtZ5dRBgF6qwA2nbTfTXmOJp84=
github.com/actions/scaleset v0.3.0 h1:y5/ClYLJXFuGCikzILOOPhaCShAcL6K0mnUtjDKFxVw=
github.com/actions/scaleset v0.3.0/go.mod h1:2L2I6rggFWV+zprDet6y7y7Vkm3HPudaup78eSc79Uo=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/aws/aws-sdk-go-v2 v1.39.2 h1:EJLg8IdbzgeD7xgvZ+I8M1e0fL0ptn/M47lianzth0I=
+1 -1
View File
@@ -6,7 +6,7 @@ DIND_ROOTLESS_RUNNER_NAME ?= ${DOCKER_USER}/actions-runner-dind-rootless
OS_IMAGE ?= ubuntu-22.04
TARGETPLATFORM ?= $(shell arch)
RUNNER_VERSION ?= 2.332.0
RUNNER_VERSION ?= 2.333.1
RUNNER_CONTAINER_HOOKS_VERSION ?= 0.8.1
DOCKER_VERSION ?= 28.0.4
+1 -1
View File
@@ -1,2 +1,2 @@
RUNNER_VERSION=2.332.0
RUNNER_VERSION=2.333.1
RUNNER_CONTAINER_HOOKS_VERSION=0.8.1
+1 -1
View File
@@ -36,7 +36,7 @@ var (
testResultCMNamePrefix = "test-result-"
RunnerVersion = "2.332.0"
RunnerVersion = "2.333.1"
RunnerContainerHooksVersion = "0.8.1"
)