diff --git a/.github/workflows/arc-publish-chart.yaml b/.github/workflows/arc-publish-chart.yaml deleted file mode 100644 index 41e5c5b0..00000000 --- a/.github/workflows/arc-publish-chart.yaml +++ /dev/null @@ -1,212 +0,0 @@ -name: Publish ARC Helm Charts - -# Revert to https://github.com/actions-runner-controller/releases#releases -# for details on why we use this approach -on: - push: - branches: - - master - paths: - - 'charts/**' - - '.github/workflows/arc-publish-chart.yaml' - - '!charts/actions-runner-controller/docs/**' - - '!charts/gha-runner-scale-set-controller/**' - - '!charts/gha-runner-scale-set/**' - - '!**.md' - workflow_dispatch: - inputs: - force: - description: 'Force publish even if the chart version is not bumped' - type: boolean - required: true - default: false - -env: - KUBE_SCORE_VERSION: 1.10.0 - HELM_VERSION: v3.8.0 - -permissions: - contents: write - -concurrency: - group: ${{ github.workflow }} - cancel-in-progress: true - -jobs: - lint-chart: - name: Lint Chart - runs-on: ubuntu-latest - outputs: - publish-chart: ${{ steps.publish-chart-step.outputs.publish }} - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@v3.4 - with: - version: ${{ env.HELM_VERSION }} - - - name: Set up kube-score - run: | - wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score - chmod 755 kube-score - - - name: Kube-score generated manifests - run: helm template --values charts/.ci/values-kube-score.yaml charts/* | ./kube-score score - --ignore-test pod-networkpolicy --ignore-test deployment-has-poddisruptionbudget --ignore-test deployment-has-host-podantiaffinity --ignore-test container-security-context --ignore-test pod-probes --ignore-test container-image-tag --enable-optional-test container-security-context-privileged --enable-optional-test container-security-context-readonlyrootfilesystem - - # python is a requirement for the chart-testing action below (supports yamllint among other tests) - - uses: actions/setup-python@v4 - with: - python-version: '3.11' - - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --config charts/.ci/ct-config.yaml) - if [[ -n "$changed" ]]; then - echo "changed=true" >> $GITHUB_OUTPUT - fi - - - name: Run chart-testing (lint) - run: | - ct lint --config charts/.ci/ct-config.yaml - - - name: Create kind cluster - if: steps.list-changed.outputs.changed == 'true' - uses: helm/kind-action@v1.4.0 - - # We need cert-manager already installed in the cluster because we assume the CRDs exist - - name: Install cert-manager - if: steps.list-changed.outputs.changed == 'true' - run: | - helm repo add jetstack https://charts.jetstack.io --force-update - helm install cert-manager jetstack/cert-manager --set installCRDs=true --wait - - - name: Run chart-testing (install) - if: steps.list-changed.outputs.changed == 'true' - run: ct install --config charts/.ci/ct-config.yaml - - # WARNING: This relies on the latest release being at the top of the JSON from GitHub and a clean chart.yaml - - name: Check if Chart Publish is Needed - id: publish-chart-step - run: | - CHART_TEXT=$(curl -fs https://raw.githubusercontent.com/${{ github.repository }}/master/charts/actions-runner-controller/Chart.yaml) - NEW_CHART_VERSION=$(echo "$CHART_TEXT" | grep version: | cut -d ' ' -f 2) - RELEASE_LIST=$(curl -fs https://api.github.com/repos/${{ github.repository }}/releases | jq .[].tag_name | grep actions-runner-controller | cut -d '"' -f 2 | cut -d '-' -f 4) - LATEST_RELEASED_CHART_VERSION=$(echo $RELEASE_LIST | cut -d ' ' -f 1) - - echo "CHART_VERSION_IN_MASTER=$NEW_CHART_VERSION" >> $GITHUB_ENV - echo "LATEST_CHART_VERSION=$LATEST_RELEASED_CHART_VERSION" >> $GITHUB_ENV - - # Always publish if force is true - if [[ $NEW_CHART_VERSION != $LATEST_RELEASED_CHART_VERSION || "${{ inputs.force }}" == "true" ]]; then - echo "publish=true" >> $GITHUB_OUTPUT - else - echo "publish=false" >> $GITHUB_OUTPUT - fi - - - name: Job summary - run: | - echo "Chart linting has been completed." >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Status:**" >> $GITHUB_STEP_SUMMARY - echo "- chart version in master: ${{ env.CHART_VERSION_IN_MASTER }}" >> $GITHUB_STEP_SUMMARY - echo "- latest chart version: ${{ env.LATEST_CHART_VERSION }}" >> $GITHUB_STEP_SUMMARY - echo "- publish new chart: ${{ steps.publish-chart-step.outputs.publish }}" >> $GITHUB_STEP_SUMMARY - - publish-chart: - if: needs.lint-chart.outputs.publish-chart == 'true' - needs: lint-chart - name: Publish Chart - runs-on: ubuntu-latest - permissions: - contents: write # for helm/chart-releaser-action to push chart release and create a release - env: - CHART_TARGET_ORG: actions-runner-controller - CHART_TARGET_REPO: actions-runner-controller.github.io - CHART_TARGET_BRANCH: master - - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Get Token - id: get_workflow_token - uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db - with: - application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} - application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }} - organization: ${{ env.CHART_TARGET_ORG }} - - - name: Install chart-releaser - uses: helm/chart-releaser-action@v1.4.1 - with: - install_only: true - install_dir: ${{ github.workspace }}/bin - - - name: Package and upload release assets - run: | - cr package \ - ${{ github.workspace }}/charts/actions-runner-controller/ \ - --package-path .cr-release-packages - - cr upload \ - --owner "$(echo ${{ github.repository }} | cut -d '/' -f 1)" \ - --git-repo "$(echo ${{ github.repository }} | cut -d '/' -f 2)" \ - --package-path .cr-release-packages \ - --token ${{ secrets.GITHUB_TOKEN }} - - - name: Generate updated index.yaml - run: | - cr index \ - --owner "$(echo ${{ github.repository }} | cut -d '/' -f 1)" \ - --git-repo "$(echo ${{ github.repository }} | cut -d '/' -f 2)" \ - --index-path ${{ github.workspace }}/index.yaml \ - --token ${{ secrets.GITHUB_TOKEN }} \ - --push \ - --pages-branch 'gh-pages' \ - --pages-index-path 'index.yaml' - - # Chart Release was never intended to publish to a different repo - # this workaround is intended to move the index.yaml to the target repo - # where the github pages are hosted - - name: Checkout target repository - uses: actions/checkout@v3 - with: - repository: ${{ env.CHART_TARGET_ORG }}/${{ env.CHART_TARGET_REPO }} - path: ${{ env.CHART_TARGET_REPO }} - ref: ${{ env.CHART_TARGET_BRANCH }} - token: ${{ steps.get_workflow_token.outputs.token }} - - - name: Copy index.yaml - run: | - cp ${{ github.workspace }}/index.yaml ${{ env.CHART_TARGET_REPO }}/actions-runner-controller/index.yaml - - - name: Commit and push to target repository - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - git add . - git commit -m "Update index.yaml" - git push - working-directory: ${{ github.workspace }}/${{ env.CHART_TARGET_REPO }} - - - name: Job summary - run: | - echo "New helm chart has been published" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Status:**" >> $GITHUB_STEP_SUMMARY - echo "- New [index.yaml](https://github.com/${{ env.CHART_TARGET_ORG }}/${{ env.CHART_TARGET_REPO }}/tree/master/actions-runner-controller) pushed" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/arc-publish.yaml b/.github/workflows/arc-publish.yaml deleted file mode 100644 index 6a83f2a9..00000000 --- a/.github/workflows/arc-publish.yaml +++ /dev/null @@ -1,109 +0,0 @@ -name: Publish ARC Image - -# Revert to https://github.com/actions-runner-controller/releases#releases -# for details on why we use this approach -on: - release: - types: - - published - workflow_dispatch: - inputs: - release_tag_name: - description: 'Tag name of the release to publish' - required: true - push_to_registries: - description: 'Push images to registries' - required: true - type: boolean - default: false - -permissions: - contents: write - packages: write - -env: - TARGET_ORG: actions-runner-controller - TARGET_REPO: actions-runner-controller - -concurrency: - group: ${{ github.workflow }} - cancel-in-progress: true - -jobs: - release-controller: - name: Release - runs-on: ubuntu-latest - # gha-runner-scale-set has its own release workflow. - # We don't want to publish a new actions-runner-controller image - # we release gha-runner-scale-set. - if: ${{ !startsWith(github.event.inputs.release_tag_name, 'gha-runner-scale-set-') }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - - uses: actions/setup-go@v4 - with: - go-version-file: 'go.mod' - - - name: Install tools - run: | - curl -L -O https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.2.0/kubebuilder_2.2.0_linux_amd64.tar.gz - tar zxvf kubebuilder_2.2.0_linux_amd64.tar.gz - sudo mv kubebuilder_2.2.0_linux_amd64 /usr/local/kubebuilder - curl -s https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh | bash - sudo mv kustomize /usr/local/bin - curl -L -O https://github.com/tcnksm/ghr/releases/download/v0.13.0/ghr_v0.13.0_linux_amd64.tar.gz - tar zxvf ghr_v0.13.0_linux_amd64.tar.gz - sudo mv ghr_v0.13.0_linux_amd64/ghr /usr/local/bin - - - name: Set version env variable - run: | - # Define the release tag name based on the event type - if [[ "${{ github.event_name }}" == "release" ]]; then - echo "VERSION=$(cat ${GITHUB_EVENT_PATH} | jq -r '.release.tag_name')" >> $GITHUB_ENV - elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - echo "VERSION=${{ inputs.release_tag_name }}" >> $GITHUB_ENV - fi - - - name: Upload artifacts - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - make github-release - - - name: Get Token - id: get_workflow_token - uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db - with: - application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} - application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }} - organization: ${{ env.TARGET_ORG }} - - - name: Resolve push to registries - run: | - # Define the push to registries based on the event type - if [[ "${{ github.event_name }}" == "release" ]]; then - echo "PUSH_TO_REGISTRIES=true" >> $GITHUB_ENV - elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - echo "PUSH_TO_REGISTRIES=${{ inputs.push_to_registries }}" >> $GITHUB_ENV - fi - - - name: Trigger Build And Push Images To Registries - run: | - # Authenticate - gh auth login --with-token <<< ${{ steps.get_workflow_token.outputs.token }} - - # Trigger the workflow run - jq -n '{"event_type": "arc", "client_payload": {"release_tag_name": "${{ env.VERSION }}", "push_to_registries": "${{ env.PUSH_TO_REGISTRIES }}" }}' \ - | gh api -X POST /repos/actions-runner-controller/releases/dispatches --input - - - - name: Job summary - run: | - echo "The [publish-arc](https://github.com/actions-runner-controller/releases/blob/main/.github/workflows/publish-arc.yaml) workflow has been triggered!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY - echo "- Release tag: ${{ env.VERSION }}" >> $GITHUB_STEP_SUMMARY - echo "- Push to registries: ${{ env.PUSH_TO_REGISTRIES }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Status:**" >> $GITHUB_STEP_SUMMARY - echo "[https://github.com/actions-runner-controller/releases/actions/workflows/publish-arc.yaml](https://github.com/actions-runner-controller/releases/actions/workflows/publish-arc.yaml)" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/arc-release-runners.yaml b/.github/workflows/arc-release-runners.yaml deleted file mode 100644 index 253793ab..00000000 --- a/.github/workflows/arc-release-runners.yaml +++ /dev/null @@ -1,79 +0,0 @@ -name: Release ARC Runner Images - -# Revert to https://github.com/actions-runner-controller/releases#releases -# for details on why we use this approach -on: - # We must do a trigger on a push: instead of a types: closed so GitHub Secrets - # are available to the workflow run - push: - branches: - - 'master' - paths: - - 'runner/VERSION' - - '.github/workflows/arc-release-runners.yaml' - -env: - # Safeguard to prevent pushing images to registeries after build - PUSH_TO_REGISTRIES: true - TARGET_ORG: actions-runner-controller - TARGET_WORKFLOW: release-runners.yaml - DOCKER_VERSION: 24.0.7 - -concurrency: - group: ${{ github.workflow }} - cancel-in-progress: true - -jobs: - build-runners: - name: Trigger Build and Push of Runner Images - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Get runner version - id: versions - run: | - runner_current_version="$(echo -n $(cat runner/VERSION | grep 'RUNNER_VERSION=' | cut -d '=' -f2))" - container_hooks_current_version="$(echo -n $(cat runner/VERSION | grep 'RUNNER_CONTAINER_HOOKS_VERSION=' | cut -d '=' -f2))" - echo runner_version=$runner_current_version >> $GITHUB_OUTPUT - echo container_hooks_version=$container_hooks_current_version >> $GITHUB_OUTPUT - - - name: Get Token - id: get_workflow_token - uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db - with: - application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} - application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }} - organization: ${{ env.TARGET_ORG }} - - - name: Trigger Build And Push Runner Images To Registries - env: - RUNNER_VERSION: ${{ steps.versions.outputs.runner_version }} - CONTAINER_HOOKS_VERSION: ${{ steps.versions.outputs.container_hooks_version }} - run: | - # Authenticate - gh auth login --with-token <<< ${{ steps.get_workflow_token.outputs.token }} - - # Trigger the workflow run - gh workflow run ${{ env.TARGET_WORKFLOW }} -R ${{ env.TARGET_ORG }}/releases \ - -f runner_version=${{ env.RUNNER_VERSION }} \ - -f docker_version=${{ env.DOCKER_VERSION }} \ - -f runner_container_hooks_version=${{ env.CONTAINER_HOOKS_VERSION }} \ - -f sha='${{ github.sha }}' \ - -f push_to_registries=${{ env.PUSH_TO_REGISTRIES }} - - - name: Job summary - env: - RUNNER_VERSION: ${{ steps.versions.outputs.runner_version }} - CONTAINER_HOOKS_VERSION: ${{ steps.versions.outputs.container_hooks_version }} - run: | - echo "The [release-runners.yaml](https://github.com/actions-runner-controller/releases/blob/main/.github/workflows/release-runners.yaml) workflow has been triggered!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY - echo "- runner_version: ${{ env.RUNNER_VERSION }}" >> $GITHUB_STEP_SUMMARY - echo "- docker_version: ${{ env.DOCKER_VERSION }}" >> $GITHUB_STEP_SUMMARY - echo "- runner_container_hooks_version: ${{ env.CONTAINER_HOOKS_VERSION }}" >> $GITHUB_STEP_SUMMARY - echo "- sha: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY - echo "- push_to_registries: ${{ env.PUSH_TO_REGISTRIES }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Status:**" >> $GITHUB_STEP_SUMMARY - echo "[https://github.com/actions-runner-controller/releases/actions/workflows/release-runners.yaml](https://github.com/actions-runner-controller/releases/actions/workflows/release-runners.yaml)" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/arc-update-runners-scheduled.yaml b/.github/workflows/arc-update-runners-scheduled.yaml deleted file mode 100644 index bce555c4..00000000 --- a/.github/workflows/arc-update-runners-scheduled.yaml +++ /dev/null @@ -1,153 +0,0 @@ -# This workflows polls releases from actions/runner and in case of a new one it -# updates files containing runner version and opens a pull request. -name: Runner Updates Check (Scheduled Job) - -on: - schedule: - # run daily - - cron: "0 9 * * *" - workflow_dispatch: - -jobs: - # check_versions compares our current version and the latest available runner - # version and sets them as outputs. - check_versions: - runs-on: ubuntu-latest - env: - GH_TOKEN: ${{ github.token }} - outputs: - runner_current_version: ${{ steps.runner_versions.outputs.runner_current_version }} - runner_latest_version: ${{ steps.runner_versions.outputs.runner_latest_version }} - container_hooks_current_version: ${{ steps.container_hooks_versions.outputs.container_hooks_current_version }} - container_hooks_latest_version: ${{ steps.container_hooks_versions.outputs.container_hooks_latest_version }} - steps: - - uses: actions/checkout@v3 - - - name: Get runner current and latest versions - id: runner_versions - run: | - CURRENT_VERSION="$(echo -n $(cat runner/VERSION | grep 'RUNNER_VERSION=' | cut -d '=' -f2))" - echo "Current version: $CURRENT_VERSION" - echo runner_current_version=$CURRENT_VERSION >> $GITHUB_OUTPUT - - LATEST_VERSION=$(gh release list --exclude-drafts --exclude-pre-releases --limit 1 -R actions/runner | grep -oP '(?<=v)[0-9.]+' | head -1) - echo "Latest version: $LATEST_VERSION" - echo runner_latest_version=$LATEST_VERSION >> $GITHUB_OUTPUT - - - name: Get container-hooks current and latest versions - id: container_hooks_versions - run: | - CURRENT_VERSION="$(echo -n $(cat runner/VERSION | grep 'RUNNER_CONTAINER_HOOKS_VERSION=' | cut -d '=' -f2))" - echo "Current version: $CURRENT_VERSION" - echo container_hooks_current_version=$CURRENT_VERSION >> $GITHUB_OUTPUT - - LATEST_VERSION=$(gh release list --exclude-drafts --exclude-pre-releases --limit 1 -R actions/runner-container-hooks | grep -oP '(?<=v)[0-9.]+' | head -1) - echo "Latest version: $LATEST_VERSION" - echo container_hooks_latest_version=$LATEST_VERSION >> $GITHUB_OUTPUT - - # check_pr checks if a PR for the same update already exists. It only runs if - # runner latest version != our current version. If no existing PR is found, - # it sets a PR name as output. - check_pr: - runs-on: ubuntu-latest - needs: check_versions - if: needs.check_versions.outputs.runner_current_version != needs.check_versions.outputs.runner_latest_version || needs.check_versions.outputs.container_hooks_current_version != needs.check_versions.outputs.container_hooks_latest_version - outputs: - pr_name: ${{ steps.pr_name.outputs.pr_name }} - env: - GH_TOKEN: ${{ github.token }} - steps: - - name: debug - run: - echo "RUNNER_CURRENT_VERSION=${{ needs.check_versions.outputs.runner_current_version }}" - echo "RUNNER_LATEST_VERSION=${{ needs.check_versions.outputs.runner_latest_version }}" - echo "CONTAINER_HOOKS_CURRENT_VERSION=${{ needs.check_versions.outputs.container_hooks_current_version }}" - echo "CONTAINER_HOOKS_LATEST_VERSION=${{ needs.check_versions.outputs.container_hooks_latest_version }}" - - - uses: actions/checkout@v3 - - - name: PR Name - id: pr_name - env: - RUNNER_CURRENT_VERSION: ${{ needs.check_versions.outputs.runner_current_version }} - RUNNER_LATEST_VERSION: ${{ needs.check_versions.outputs.runner_latest_version }} - CONTAINER_HOOKS_CURRENT_VERSION: ${{ needs.check_versions.outputs.container_hooks_current_version }} - CONTAINER_HOOKS_LATEST_VERSION: ${{ needs.check_versions.outputs.container_hooks_latest_version }} - # Generate a PR name with the following title: - # Updates: runner to v2.304.0 and container-hooks to v0.3.1 - run: | - RUNNER_MESSAGE="runner to v${RUNNER_LATEST_VERSION}" - CONTAINER_HOOKS_MESSAGE="container-hooks to v${CONTAINER_HOOKS_LATEST_VERSION}" - - PR_NAME="Updates:" - if [ "$RUNNER_CURRENT_VERSION" != "$RUNNER_LATEST_VERSION" ] - then - PR_NAME="$PR_NAME $RUNNER_MESSAGE" - fi - if [ "$CONTAINER_HOOKS_CURRENT_VERSION" != "$CONTAINER_HOOKS_LATEST_VERSION" ] - then - PR_NAME="$PR_NAME $CONTAINER_HOOKS_MESSAGE" - fi - - result=$(gh pr list --search "$PR_NAME" --json number --jq ".[].number" --limit 1) - if [ -z "$result" ] - then - echo "No existing PRs found, setting output with pr_name=$PR_NAME" - echo pr_name=$PR_NAME >> $GITHUB_OUTPUT - else - echo "Found a PR with title '$PR_NAME' already existing: ${{ github.server_url }}/${{ github.repository }}/pull/$result" - fi - - # update_version updates runner version in the files listed below, commits - # the changes and opens a pull request as `github-actions` bot. - update_version: - runs-on: ubuntu-latest - needs: - - check_versions - - check_pr - if: needs.check_pr.outputs.pr_name - permissions: - pull-requests: write - contents: write - actions: write - env: - GH_TOKEN: ${{ github.token }} - RUNNER_CURRENT_VERSION: ${{ needs.check_versions.outputs.runner_current_version }} - RUNNER_LATEST_VERSION: ${{ needs.check_versions.outputs.runner_latest_version }} - CONTAINER_HOOKS_CURRENT_VERSION: ${{ needs.check_versions.outputs.container_hooks_current_version }} - CONTAINER_HOOKS_LATEST_VERSION: ${{ needs.check_versions.outputs.container_hooks_latest_version }} - PR_NAME: ${{ needs.check_pr.outputs.pr_name }} - - steps: - - uses: actions/checkout@v3 - - - name: New branch - run: git checkout -b update-runner-"$(date +%Y-%m-%d)" - - - name: Update files - run: | - CURRENT_VERSION="${RUNNER_CURRENT_VERSION//./\\.}" - LATEST_VERSION="${RUNNER_LATEST_VERSION//./\\.}" - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/VERSION - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/Makefile - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" Makefile - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" test/e2e/e2e_test.go - - CURRENT_VERSION="${CONTAINER_HOOKS_CURRENT_VERSION//./\\.}" - LATEST_VERSION="${CONTAINER_HOOKS_LATEST_VERSION//./\\.}" - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/VERSION - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/Makefile - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" Makefile - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" test/e2e/e2e_test.go - - - name: Commit changes - run: | - # from https://github.com/orgs/community/discussions/26560 - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config user.name "github-actions[bot]" - git add . - git commit -m "$PR_NAME" - git push -u origin HEAD - - - name: Create pull request - run: gh pr create -f -l "runners update" diff --git a/.github/workflows/arc-validate-chart.yaml b/.github/workflows/arc-validate-chart.yaml deleted file mode 100644 index dc04eab4..00000000 --- a/.github/workflows/arc-validate-chart.yaml +++ /dev/null @@ -1,103 +0,0 @@ -name: Validate Helm Chart - -on: - pull_request: - branches: - - master - paths: - - 'charts/**' - - '.github/workflows/arc-validate-chart.yaml' - - '!charts/actions-runner-controller/docs/**' - - '!**.md' - - '!charts/gha-runner-scale-set-controller/**' - - '!charts/gha-runner-scale-set/**' - push: - paths: - - 'charts/**' - - '.github/workflows/arc-validate-chart.yaml' - - '!charts/actions-runner-controller/docs/**' - - '!**.md' - - '!charts/gha-runner-scale-set-controller/**' - - '!charts/gha-runner-scale-set/**' - workflow_dispatch: -env: - KUBE_SCORE_VERSION: 1.10.0 - HELM_VERSION: v3.8.0 - -permissions: - contents: read - -concurrency: - # This will make sure we only apply the concurrency limits on pull requests - # but not pushes to master branch by making the concurrency group name unique - # for pushes - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - validate-chart: - name: Lint Chart - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set up Helm - # Using https://github.com/Azure/setup-helm/releases/tag/v3.5 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 - with: - version: ${{ env.HELM_VERSION }} - - - name: Set up kube-score - run: | - wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score - chmod 755 kube-score - - - name: Kube-score generated manifests - run: helm template --values charts/.ci/values-kube-score.yaml charts/* | ./kube-score score - - --ignore-test pod-networkpolicy - --ignore-test deployment-has-poddisruptionbudget - --ignore-test deployment-has-host-podantiaffinity - --ignore-test container-security-context - --ignore-test pod-probes - --ignore-test container-image-tag - --enable-optional-test container-security-context-privileged - --enable-optional-test container-security-context-readonlyrootfilesystem - - # python is a requirement for the chart-testing action below (supports yamllint among other tests) - - uses: actions/setup-python@v4 - with: - python-version: '3.11' - - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --config charts/.ci/ct-config.yaml) - if [[ -n "$changed" ]]; then - echo "changed=true" >> $GITHUB_OUTPUT - fi - - - name: Run chart-testing (lint) - run: | - ct lint --config charts/.ci/ct-config.yaml - - - name: Create kind cluster - uses: helm/kind-action@v1.4.0 - if: steps.list-changed.outputs.changed == 'true' - - # We need cert-manager already installed in the cluster because we assume the CRDs exist - - name: Install cert-manager - if: steps.list-changed.outputs.changed == 'true' - run: | - helm repo add jetstack https://charts.jetstack.io --force-update - helm install cert-manager jetstack/cert-manager --set installCRDs=true --wait - - - name: Run chart-testing (install) - if: steps.list-changed.outputs.changed == 'true' - run: | - ct install --config charts/.ci/ct-config.yaml diff --git a/.github/workflows/arc-validate-runners.yaml b/.github/workflows/arc-validate-runners.yaml deleted file mode 100644 index 562320f6..00000000 --- a/.github/workflows/arc-validate-runners.yaml +++ /dev/null @@ -1,52 +0,0 @@ -name: Validate ARC Runners - -on: - pull_request: - branches: - - '**' - paths: - - 'runner/**' - - 'test/startup/**' - - '!**.md' - -permissions: - contents: read - -concurrency: - # This will make sure we only apply the concurrency limits on pull requests - # but not pushes to master branch by making the concurrency group name unique - # for pushes - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - shellcheck: - name: runner / shellcheck - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: shellcheck - uses: reviewdog/action-shellcheck@v1 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - path: "./runner" - pattern: | - *.sh - *.bash - update-status - # Make this consistent with `make shellsheck` - shellcheck_flags: "--shell bash --source-path runner" - exclude: "./.git/*" - check_all_files_with_shebangs: "false" - # Set this to "true" once we addressed all the shellcheck findings - fail_on_error: "false" - test-runner-entrypoint: - name: Test entrypoint - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Run tests - run: | - make acceptance/runner/startup diff --git a/.github/workflows/gha-publish-chart.yaml b/.github/workflows/gha-publish-chart.yaml deleted file mode 100644 index 8d893e02..00000000 --- a/.github/workflows/gha-publish-chart.yaml +++ /dev/null @@ -1,212 +0,0 @@ -name: (gha) Publish Helm Charts - -on: - workflow_dispatch: - inputs: - ref: - description: 'The branch, tag or SHA to cut a release from' - required: false - type: string - default: '' - release_tag_name: - description: 'The name to tag the controller image with' - required: true - type: string - default: 'canary' - push_to_registries: - description: 'Push images to registries' - required: true - type: boolean - default: false - publish_gha_runner_scale_set_controller_chart: - description: 'Publish new helm chart for gha-runner-scale-set-controller' - required: true - type: boolean - default: false - publish_gha_runner_scale_set_chart: - description: 'Publish new helm chart for gha-runner-scale-set' - required: true - type: boolean - default: false - -env: - HELM_VERSION: v3.8.0 - -permissions: - packages: write - -concurrency: - group: ${{ github.workflow }} - cancel-in-progress: true - -jobs: - build-push-image: - name: Build and push controller image - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - # If inputs.ref is empty, it'll resolve to the default branch - ref: ${{ inputs.ref }} - - - name: Check chart versions - # Binary version and chart versions need to match. - # In case of an upgrade, the controller will try to clean up - # resources with older versions that should have been cleaned up - # during the upgrade process - run: ./hack/check-gh-chart-versions.sh ${{ inputs.release_tag_name }} - - - name: Resolve parameters - id: resolve_parameters - run: | - resolvedRef="${{ inputs.ref }}" - if [ -z "$resolvedRef" ] - then - resolvedRef="${{ github.ref }}" - fi - echo "resolved_ref=$resolvedRef" >> $GITHUB_OUTPUT - echo "INFO: Resolving short SHA for $resolvedRef" - echo "short_sha=$(git rev-parse --short $resolvedRef)" >> $GITHUB_OUTPUT - echo "INFO: Normalizing repository name (lowercase)" - echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - with: - # Pinning v0.9.1 for Buildx and BuildKit v0.10.6 - # BuildKit v0.11 which has a bug causing intermittent - # failures pushing images to GHCR - version: v0.9.1 - driver-opts: image=moby/buildkit:v0.10.6 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build & push controller image - uses: docker/build-push-action@v3 - with: - file: Dockerfile - platforms: linux/amd64,linux/arm64 - build-args: VERSION=${{ inputs.release_tag_name }} - push: ${{ inputs.push_to_registries }} - tags: | - ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/gha-runner-scale-set-controller:${{ inputs.release_tag_name }} - ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/gha-runner-scale-set-controller:${{ inputs.release_tag_name }}-${{ steps.resolve_parameters.outputs.short_sha }} - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Job summary - run: | - echo "The [gha-publish-chart.yaml](https://github.com/actions/actions-runner-controller/blob/main/.github/workflows/gha-publish-chart.yaml) workflow run was completed successfully!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY - echo "- Ref: ${{ steps.resolve_parameters.outputs.resolvedRef }}" >> $GITHUB_STEP_SUMMARY - echo "- Short SHA: ${{ steps.resolve_parameters.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY - echo "- Release tag: ${{ inputs.release_tag_name }}" >> $GITHUB_STEP_SUMMARY - echo "- Push to registries: ${{ inputs.push_to_registries }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - publish-helm-chart-gha-runner-scale-set-controller: - if: ${{ inputs.publish_gha_runner_scale_set_controller_chart == true }} - needs: build-push-image - name: Publish Helm chart for gha-runner-scale-set-controller - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - # If inputs.ref is empty, it'll resolve to the default branch - ref: ${{ inputs.ref }} - - - name: Resolve parameters - id: resolve_parameters - run: | - resolvedRef="${{ inputs.ref }}" - if [ -z "$resolvedRef" ] - then - resolvedRef="${{ github.ref }}" - fi - echo "INFO: Resolving short SHA for $resolvedRef" - echo "short_sha=$(git rev-parse --short $resolvedRef)" >> $GITHUB_OUTPUT - echo "INFO: Normalizing repository name (lowercase)" - echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - - - name: Set up Helm - # Using https://github.com/Azure/setup-helm/releases/tag/v3.5 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 - with: - version: ${{ env.HELM_VERSION }} - - - name: Publish new helm chart for gha-runner-scale-set-controller - run: | - echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin - GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG=$(cat charts/gha-runner-scale-set-controller/Chart.yaml | grep version: | cut -d " " -f 2) - echo "GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG=${GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG}" >> $GITHUB_ENV - helm package charts/gha-runner-scale-set-controller/ --version="${GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG}" - helm push gha-runner-scale-set-controller-"${GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG}".tgz oci://ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/actions-runner-controller-charts - - - name: Job summary - run: | - echo "New helm chart for gha-runner-scale-set-controller published successfully!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY - echo "- Ref: ${{ steps.resolve_parameters.outputs.resolvedRef }}" >> $GITHUB_STEP_SUMMARY - echo "- Short SHA: ${{ steps.resolve_parameters.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY - echo "- gha-runner-scale-set-controller Chart version: ${{ env.GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG }}" >> $GITHUB_STEP_SUMMARY - - publish-helm-chart-gha-runner-scale-set: - if: ${{ inputs.publish_gha_runner_scale_set_chart == true }} - needs: build-push-image - name: Publish Helm chart for gha-runner-scale-set - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - # If inputs.ref is empty, it'll resolve to the default branch - ref: ${{ inputs.ref }} - - - name: Resolve parameters - id: resolve_parameters - run: | - resolvedRef="${{ inputs.ref }}" - if [ -z "$resolvedRef" ] - then - resolvedRef="${{ github.ref }}" - fi - echo "INFO: Resolving short SHA for $resolvedRef" - echo "short_sha=$(git rev-parse --short $resolvedRef)" >> $GITHUB_OUTPUT - echo "INFO: Normalizing repository name (lowercase)" - echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - - - name: Set up Helm - # Using https://github.com/Azure/setup-helm/releases/tag/v3.5 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 - with: - version: ${{ env.HELM_VERSION }} - - - name: Publish new helm chart for gha-runner-scale-set - run: | - echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin - - GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG=$(cat charts/gha-runner-scale-set/Chart.yaml | grep version: | cut -d " " -f 2) - echo "GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG=${GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG}" >> $GITHUB_ENV - helm package charts/gha-runner-scale-set/ --version="${GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG}" - helm push gha-runner-scale-set-"${GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG}".tgz oci://ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/actions-runner-controller-charts - - - name: Job summary - run: | - echo "New helm chart for gha-runner-scale-set published successfully!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY - echo "- Ref: ${{ steps.resolve_parameters.outputs.resolvedRef }}" >> $GITHUB_STEP_SUMMARY - echo "- Short SHA: ${{ steps.resolve_parameters.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY - echo "- gha-runner-scale-set Chart version: ${{ env.GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG }}" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/gha-validate-chart.yaml b/.github/workflows/gha-validate-chart.yaml deleted file mode 100644 index ab6735ec..00000000 --- a/.github/workflows/gha-validate-chart.yaml +++ /dev/null @@ -1,125 +0,0 @@ -name: (gha) Validate Helm Charts - -on: - pull_request: - branches: - - master - paths: - - 'charts/**' - - '.github/workflows/gha-validate-chart.yaml' - - '!charts/actions-runner-controller/**' - - '!**.md' - push: - paths: - - 'charts/**' - - '.github/workflows/gha-validate-chart.yaml' - - '!charts/actions-runner-controller/**' - - '!**.md' - workflow_dispatch: -env: - KUBE_SCORE_VERSION: 1.16.1 - HELM_VERSION: v3.8.0 - -permissions: - contents: read - -concurrency: - # This will make sure we only apply the concurrency limits on pull requests - # but not pushes to master branch by making the concurrency group name unique - # for pushes - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - validate-chart: - name: Lint Chart - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set up Helm - # Using https://github.com/Azure/setup-helm/releases/tag/v3.5 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 - with: - version: ${{ env.HELM_VERSION }} - - - name: Set up kube-score - run: | - wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score - chmod 755 kube-score - - - name: Kube-score generated manifests - run: helm template --values charts/.ci/values-kube-score.yaml charts/* | ./kube-score score - - --ignore-test pod-networkpolicy - --ignore-test deployment-has-poddisruptionbudget - --ignore-test deployment-has-host-podantiaffinity - --ignore-test container-security-context - --ignore-test pod-probes - --ignore-test container-image-tag - --enable-optional-test container-security-context-privileged - --enable-optional-test container-security-context-readonlyrootfilesystem - - # python is a requirement for the chart-testing action below (supports yamllint among other tests) - - uses: actions/setup-python@v4 - with: - python-version: '3.11' - - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.0 - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - ct version - changed=$(ct list-changed --config charts/.ci/ct-config-gha.yaml) - if [[ -n "$changed" ]]; then - echo "changed=true" >> $GITHUB_OUTPUT - fi - - - name: Run chart-testing (lint) - run: | - ct lint --config charts/.ci/ct-config-gha.yaml - - - name: Set up docker buildx - uses: docker/setup-buildx-action@v2 - if: steps.list-changed.outputs.changed == 'true' - with: - version: latest - - - name: Build controller image - uses: docker/build-push-action@v3 - if: steps.list-changed.outputs.changed == 'true' - with: - file: Dockerfile - platforms: linux/amd64 - load: true - build-args: | - DOCKER_IMAGE_NAME=test-arc - VERSION=dev - tags: | - test-arc:dev - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Create kind cluster - uses: helm/kind-action@v1.4.0 - if: steps.list-changed.outputs.changed == 'true' - with: - cluster_name: chart-testing - - - name: Load image into cluster - if: steps.list-changed.outputs.changed == 'true' - run: | - export DOCKER_IMAGE_NAME=test-arc - export VERSION=dev - export IMG_RESULT=load - make docker-buildx - kind load docker-image test-arc:dev --name chart-testing - - - name: Run chart-testing (install) - if: steps.list-changed.outputs.changed == 'true' - run: | - ct install --config charts/.ci/ct-config-gha.yaml diff --git a/.github/workflows/global-run-first-interaction.yaml b/.github/workflows/global-run-first-interaction.yaml deleted file mode 100644 index ce1139a5..00000000 --- a/.github/workflows/global-run-first-interaction.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: First Interaction - -on: - issues: - types: [opened] - pull_request: - branches: [master] - types: [opened] - -jobs: - check_for_first_interaction: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/first-interaction@main - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - issue-message: | - Hello! Thank you for filing an issue. - - The maintainers will triage your issue shortly. - - In the meantime, please take a look at the [troubleshooting guide](https://github.com/actions/actions-runner-controller/blob/master/TROUBLESHOOTING.md) for bug reports. - - If this is a feature request, please review our [contribution guidelines](https://github.com/actions/actions-runner-controller/blob/master/CONTRIBUTING.md). - pr-message: | - Hello! Thank you for your contribution. - - Please review our [contribution guidelines](https://github.com/actions/actions-runner-controller/blob/master/CONTRIBUTING.md) to understand the project's testing and code conventions. diff --git a/.github/workflows/global-run-stale.yaml b/.github/workflows/global-run-stale.yaml deleted file mode 100644 index a84af45b..00000000 --- a/.github/workflows/global-run-stale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -name: Run Stale Bot -on: - schedule: - - cron: '30 1 * * *' - -permissions: - contents: read - -jobs: - stale: - name: Run Stale - runs-on: ubuntu-latest - permissions: - issues: write # for actions/stale to close stale issues - pull-requests: write # for actions/stale to close stale PRs - steps: - - uses: actions/stale@v6 - with: - stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.' - # turn off stale for both issues and PRs - days-before-stale: -1 - # turn stale back on for issues only - days-before-issue-stale: 30 - days-before-issue-close: 14 - exempt-issue-labels: 'pinned,security,enhancement,refactor,documentation,chore,bug,dependencies,needs-investigation'