From 40595d806fa911f73803a5acfac20f878a31a403 Mon Sep 17 00:00:00 2001 From: Nikola Jokic Date: Wed, 18 Mar 2026 14:44:30 +0100 Subject: [PATCH] Add chart-level API to customize internal resources (#4410) --- .../templates/_autoscalingrunnerset.tpl | 14 ++++ .../templates/autoscalingrunnserset.yaml | 40 +++++++++++ ...toscaling_runner_set_annotations_test.yaml | 70 ++++++++++++++++++ .../autoscaling_runner_set_labels_test.yaml | 71 ++++++++++++++++++- .../values.yaml | 49 +++++++++++++ .../templates/_helpers.tpl | 14 ++++ .../templates/autoscalingrunnerset.yaml | 41 +++++++++++ .../tests/template_test.go | 48 +++++++++++++ charts/gha-runner-scale-set/values.yaml | 40 +++++++++++ 9 files changed, 386 insertions(+), 1 deletion(-) diff --git a/charts/gha-runner-scale-set-experimental/templates/_autoscalingrunnerset.tpl b/charts/gha-runner-scale-set-experimental/templates/_autoscalingrunnerset.tpl index c8ec26c5..3a5f3a98 100644 --- a/charts/gha-runner-scale-set-experimental/templates/_autoscalingrunnerset.tpl +++ b/charts/gha-runner-scale-set-experimental/templates/_autoscalingrunnerset.tpl @@ -26,6 +26,20 @@ Reserved annotations are excluded from both levels. {{- end }} {{- end }} +{{/* +Render a ResourceMeta block for AutoscalingRunnerSet spec fields. +*/}} +{{- define "autoscaling-runner-set.spec-resource-metadata" -}} +{{- with .labels }} +labels: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .annotations }} +annotations: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} + {{- define "autoscaling-runner-set.template-service-account" -}} {{- $runner := (.Values.runner | default dict) -}} {{- $runnerMode := (index $runner "mode" | default "") -}} diff --git a/charts/gha-runner-scale-set-experimental/templates/autoscalingrunnserset.yaml b/charts/gha-runner-scale-set-experimental/templates/autoscalingrunnserset.yaml index a97caf4d..3eb031cd 100644 --- a/charts/gha-runner-scale-set-experimental/templates/autoscalingrunnserset.yaml +++ b/charts/gha-runner-scale-set-experimental/templates/autoscalingrunnserset.yaml @@ -163,6 +163,46 @@ spec: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.resource.autoscalingListener.metadata }} + autoscalingListener: + {{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }} + {{- end }} + + {{- with .Values.resource.listenerServiceAccount.metadata }} + listenerServiceAccountMetadata: + {{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }} + {{- end }} + + {{- with .Values.resource.listenerRole.metadata }} + listenerRoleMetadata: + {{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }} + {{- end }} + + {{- with .Values.resource.listenerRoleBinding.metadata }} + listenerRoleBindingMetadata: + {{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }} + {{- end }} + + {{- with .Values.resource.listenerConfigSecret.metadata }} + listenerConfigSecretMetadata: + {{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }} + {{- end }} + + {{- with .Values.resource.ephemeralRunnerSet.metadata }} + ephemeralRunnerSetMetadata: + {{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }} + {{- end }} + + {{- with .Values.resource.ephemeralRunner.metadata }} + ephemeralRunnerMetadata: + {{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }} + {{- end }} + + {{- with .Values.resource.ephemeralRunnerConfigSecret.metadata }} + ephemeralRunnerConfigSecretMetadata: + {{- include "autoscaling-runner-set.spec-resource-metadata" . | nindent 4 }} + {{- end }} + template: {{- $runnerPodLabels := (include "autoscaling-runner-set.runner-pod.labels" .) -}} {{- $runnerPodAnnotations := (include "autoscaling-runner-set.runner-pod.annotations" .) -}} diff --git a/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_annotations_test.yaml b/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_annotations_test.yaml index 9021e6b0..50ed838c 100644 --- a/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_annotations_test.yaml +++ b/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_annotations_test.yaml @@ -77,3 +77,73 @@ tests: value: "user-value" - notExists: path: metadata.annotations["actions.github.com/cleanup-something"] + + - it: should render internal resource metadata annotations in autoscaling runner set spec + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + resource: + autoscalingListener: + metadata: + annotations: + listener: "true" + listenerServiceAccount: + metadata: + annotations: + service-account: "true" + listenerRole: + metadata: + annotations: + role: "true" + listenerRoleBinding: + metadata: + annotations: + role-binding: "true" + listenerConfigSecret: + metadata: + annotations: + config-secret: "true" + ephemeralRunnerSet: + metadata: + annotations: + runner-set: "true" + ephemeralRunner: + metadata: + annotations: + runner: "true" + ephemeralRunnerConfigSecret: + metadata: + annotations: + runner-secret: "true" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.autoscalingListener.annotations.listener + value: "true" + - equal: + path: spec.listenerServiceAccountMetadata.annotations.service-account + value: "true" + - equal: + path: spec.listenerRoleMetadata.annotations.role + value: "true" + - equal: + path: spec.listenerRoleBindingMetadata.annotations.role-binding + value: "true" + - equal: + path: spec.listenerConfigSecretMetadata.annotations.config-secret + value: "true" + - equal: + path: spec.ephemeralRunnerSetMetadata.annotations.runner-set + value: "true" + - equal: + path: spec.ephemeralRunnerMetadata.annotations.runner + value: "true" + - equal: + path: spec.ephemeralRunnerConfigSecretMetadata.annotations.runner-secret + value: "true" + diff --git a/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_labels_test.yaml b/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_labels_test.yaml index af3522b8..eae95364 100644 --- a/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_labels_test.yaml +++ b/charts/gha-runner-scale-set-experimental/tests/autoscaling_runner_set_labels_test.yaml @@ -290,4 +290,73 @@ tests: path: metadata.labels["actions.github.com/global-custom"] - equal: path: metadata.labels["actions.github.com/scale-set-name"] - value: "test-name" \ No newline at end of file + value: "test-name" + + - it: should render internal resource metadata labels in autoscaling runner set spec + set: + scaleset.name: "test" + auth.url: "https://github.com/org" + auth.githubToken: "gh_token12345" + controllerServiceAccount.name: "arc" + controllerServiceAccount.namespace: "arc-system" + resource: + autoscalingListener: + metadata: + labels: + listener: "true" + listenerServiceAccount: + metadata: + labels: + service-account: "true" + listenerRole: + metadata: + labels: + role: "true" + listenerRoleBinding: + metadata: + labels: + role-binding: "true" + listenerConfigSecret: + metadata: + labels: + config-secret: "true" + ephemeralRunnerSet: + metadata: + labels: + runner-set: "true" + ephemeralRunner: + metadata: + labels: + runner: "true" + ephemeralRunnerConfigSecret: + metadata: + labels: + runner-secret: "true" + release: + name: "test-name" + namespace: "test-namespace" + asserts: + - equal: + path: spec.autoscalingListener.labels.listener + value: "true" + - equal: + path: spec.listenerServiceAccountMetadata.labels.service-account + value: "true" + - equal: + path: spec.listenerRoleMetadata.labels.role + value: "true" + - equal: + path: spec.listenerRoleBindingMetadata.labels.role-binding + value: "true" + - equal: + path: spec.listenerConfigSecretMetadata.labels.config-secret + value: "true" + - equal: + path: spec.ephemeralRunnerSetMetadata.labels.runner-set + value: "true" + - equal: + path: spec.ephemeralRunnerMetadata.labels.runner + value: "true" + - equal: + path: spec.ephemeralRunnerConfigSecretMetadata.labels.runner-secret + value: "true" diff --git a/charts/gha-runner-scale-set-experimental/values.yaml b/charts/gha-runner-scale-set-experimental/values.yaml index eced4064..669230e2 100644 --- a/charts/gha-runner-scale-set-experimental/values.yaml +++ b/charts/gha-runner-scale-set-experimental/values.yaml @@ -103,6 +103,55 @@ resource: labels: {} annotations: {} + # Specifies metadata that will be applied to the AutoscalingListener resource + # created by the AutoscalingRunnerSet controller. + autoscalingListener: + metadata: + labels: {} + annotations: {} + + # Specifies metadata that will be applied to the listener ServiceAccount. + listenerServiceAccount: + metadata: + labels: {} + annotations: {} + + # Specifies metadata that will be applied to the listener Role. + listenerRole: + metadata: + labels: {} + annotations: {} + + # Specifies metadata that will be applied to the listener RoleBinding. + listenerRoleBinding: + metadata: + labels: {} + annotations: {} + + # Specifies metadata that will be applied to the listener config Secret. + listenerConfigSecret: + metadata: + labels: {} + annotations: {} + + # Specifies metadata that will be applied to the EphemeralRunnerSet resource. + ephemeralRunnerSet: + metadata: + labels: {} + annotations: {} + + # Specifies metadata that will be applied to the EphemeralRunner resource. + ephemeralRunner: + metadata: + labels: {} + annotations: {} + + # Specifies metadata that will be applied to the EphemeralRunner config Secret. + ephemeralRunnerConfigSecret: + metadata: + labels: {} + annotations: {} + # Specifies metadata that will be applied to the manager Role resource managerRole: metadata: diff --git a/charts/gha-runner-scale-set/templates/_helpers.tpl b/charts/gha-runner-scale-set/templates/_helpers.tpl index 9dfb615f..53b1c2b3 100644 --- a/charts/gha-runner-scale-set/templates/_helpers.tpl +++ b/charts/gha-runner-scale-set/templates/_helpers.tpl @@ -54,6 +54,20 @@ app.kubernetes.io/name: {{ include "gha-runner-scale-set.scale-set-name" . }} app.kubernetes.io/instance: {{ include "gha-runner-scale-set.scale-set-name" . }} {{- end }} +{{/* +Render a ResourceMeta block for AutoscalingRunnerSet spec fields. +*/}} +{{- define "gha-runner-scale-set.resourceMetaSpec" -}} +{{- with .labels }} +labels: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- with .annotations }} +annotations: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} + {{- define "gha-runner-scale-set.githubsecret" -}} {{- if kindIs "string" .Values.githubConfigSecret }} {{- if not (empty .Values.githubConfigSecret) }} diff --git a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml index db6ba9d0..a194e570 100644 --- a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml +++ b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml @@ -1,3 +1,4 @@ +{{- $resourceMeta := default (dict) .Values.resourceMeta }} {{- $hasCustomResourceMeta := (and .Values.resourceMeta .Values.resourceMeta.autoscalingRunnerSet) }} apiVersion: actions.github.com/v1alpha1 kind: AutoscalingRunnerSet @@ -154,6 +155,46 @@ spec: {{- toYaml . | nindent 4 }} {{- end }} + {{- with (index $resourceMeta "autoscalingListener") }} + autoscalingListener: + {{- include "gha-runner-scale-set.resourceMetaSpec" . | nindent 4 }} + {{- end }} + + {{- with (index $resourceMeta "listenerServiceAccount") }} + listenerServiceAccountMetadata: + {{- include "gha-runner-scale-set.resourceMetaSpec" . | nindent 4 }} + {{- end }} + + {{- with (index $resourceMeta "listenerRole") }} + listenerRoleMetadata: + {{- include "gha-runner-scale-set.resourceMetaSpec" . | nindent 4 }} + {{- end }} + + {{- with (index $resourceMeta "listenerRoleBinding") }} + listenerRoleBindingMetadata: + {{- include "gha-runner-scale-set.resourceMetaSpec" . | nindent 4 }} + {{- end }} + + {{- with (index $resourceMeta "listenerConfigSecret") }} + listenerConfigSecretMetadata: + {{- include "gha-runner-scale-set.resourceMetaSpec" . | nindent 4 }} + {{- end }} + + {{- with (index $resourceMeta "ephemeralRunnerSet") }} + ephemeralRunnerSetMetadata: + {{- include "gha-runner-scale-set.resourceMetaSpec" . | nindent 4 }} + {{- end }} + + {{- with (index $resourceMeta "ephemeralRunner") }} + ephemeralRunnerMetadata: + {{- include "gha-runner-scale-set.resourceMetaSpec" . | nindent 4 }} + {{- end }} + + {{- with (index $resourceMeta "ephemeralRunnerConfigSecret") }} + ephemeralRunnerConfigSecretMetadata: + {{- include "gha-runner-scale-set.resourceMetaSpec" . | nindent 4 }} + {{- end }} + template: {{- with .Values.template.metadata }} metadata: diff --git a/charts/gha-runner-scale-set/tests/template_test.go b/charts/gha-runner-scale-set/tests/template_test.go index 7a657475..0e166f05 100644 --- a/charts/gha-runner-scale-set/tests/template_test.go +++ b/charts/gha-runner-scale-set/tests/template_test.go @@ -2386,6 +2386,14 @@ func TestCustomLabels(t *testing.T) { "resourceMeta.kubernetesModeServiceAccount.labels.kmsa-custom": "kmsa-custom-value", "resourceMeta.managerRole.labels.mr-custom": "mr-custom-value", "resourceMeta.managerRoleBinding.labels.mrb-custom": "mrb-custom-value", + "resourceMeta.autoscalingListener.labels.al-custom": "al-custom-value", + "resourceMeta.listenerServiceAccount.labels.lsa-custom": "lsa-custom-value", + "resourceMeta.listenerRole.labels.lr-custom": "lr-custom-value", + "resourceMeta.listenerRoleBinding.labels.lrb-custom": "lrb-custom-value", + "resourceMeta.listenerConfigSecret.labels.lcs-custom": "lcs-custom-value", + "resourceMeta.ephemeralRunnerSet.labels.ers-custom": "ers-custom-value", + "resourceMeta.ephemeralRunner.labels.er-custom": "er-custom-value", + "resourceMeta.ephemeralRunnerConfigSecret.labels.ercs-custom": "ercs-custom-value", }, KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), } @@ -2423,6 +2431,22 @@ func TestCustomLabels(t *testing.T) { assert.Equal(t, wantCustomValue, ars.Labels[targetLabel]) assert.Equal(t, wantReservedValue, ars.Labels[reservedLabel]) assert.Equal(t, "ars-custom-value", ars.Labels["ars-custom"]) + require.NotNil(t, ars.Spec.AutoscalingListenerMetadata) + assert.Equal(t, "al-custom-value", ars.Spec.AutoscalingListenerMetadata.Labels["al-custom"]) + require.NotNil(t, ars.Spec.ListenerServiceAccountMetadata) + assert.Equal(t, "lsa-custom-value", ars.Spec.ListenerServiceAccountMetadata.Labels["lsa-custom"]) + require.NotNil(t, ars.Spec.ListenerRoleMetadata) + assert.Equal(t, "lr-custom-value", ars.Spec.ListenerRoleMetadata.Labels["lr-custom"]) + require.NotNil(t, ars.Spec.ListenerRoleBindingMetadata) + assert.Equal(t, "lrb-custom-value", ars.Spec.ListenerRoleBindingMetadata.Labels["lrb-custom"]) + require.NotNil(t, ars.Spec.ListenerConfigSecretMetadata) + assert.Equal(t, "lcs-custom-value", ars.Spec.ListenerConfigSecretMetadata.Labels["lcs-custom"]) + require.NotNil(t, ars.Spec.EphemeralRunnerSetMetadata) + assert.Equal(t, "ers-custom-value", ars.Spec.EphemeralRunnerSetMetadata.Labels["ers-custom"]) + require.NotNil(t, ars.Spec.EphemeralRunnerMetadata) + assert.Equal(t, "er-custom-value", ars.Spec.EphemeralRunnerMetadata.Labels["er-custom"]) + require.NotNil(t, ars.Spec.EphemeralRunnerConfigSecretMetadata) + assert.Equal(t, "ercs-custom-value", ars.Spec.EphemeralRunnerConfigSecretMetadata.Labels["ercs-custom"]) output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_serviceaccount.yaml"}) var serviceAccount corev1.ServiceAccount @@ -2492,6 +2516,14 @@ func TestCustomAnnotations(t *testing.T) { "resourceMeta.kubernetesModeServiceAccount.annotations.kmsa-custom": "kmsa-custom-value", "resourceMeta.managerRole.annotations.mr-custom": "mr-custom-value", "resourceMeta.managerRoleBinding.annotations.mrb-custom": "mrb-custom-value", + "resourceMeta.autoscalingListener.annotations.al-custom": "al-custom-value", + "resourceMeta.listenerServiceAccount.annotations.lsa-custom": "lsa-custom-value", + "resourceMeta.listenerRole.annotations.lr-custom": "lr-custom-value", + "resourceMeta.listenerRoleBinding.annotations.lrb-custom": "lrb-custom-value", + "resourceMeta.listenerConfigSecret.annotations.lcs-custom": "lcs-custom-value", + "resourceMeta.ephemeralRunnerSet.annotations.ers-custom": "ers-custom-value", + "resourceMeta.ephemeralRunner.annotations.er-custom": "er-custom-value", + "resourceMeta.ephemeralRunnerConfigSecret.annotations.ercs-custom": "ercs-custom-value", }, KubectlOptions: k8s.NewKubectlOptions("", "", namespaceName), } @@ -2523,6 +2555,22 @@ func TestCustomAnnotations(t *testing.T) { helm.UnmarshalK8SYaml(t, output, &ars) assert.Equal(t, wantCustomValue, ars.Annotations[targetAnnotations]) assert.Equal(t, "ars-custom-value", ars.Annotations["ars-custom"]) + require.NotNil(t, ars.Spec.AutoscalingListenerMetadata) + assert.Equal(t, "al-custom-value", ars.Spec.AutoscalingListenerMetadata.Annotations["al-custom"]) + require.NotNil(t, ars.Spec.ListenerServiceAccountMetadata) + assert.Equal(t, "lsa-custom-value", ars.Spec.ListenerServiceAccountMetadata.Annotations["lsa-custom"]) + require.NotNil(t, ars.Spec.ListenerRoleMetadata) + assert.Equal(t, "lr-custom-value", ars.Spec.ListenerRoleMetadata.Annotations["lr-custom"]) + require.NotNil(t, ars.Spec.ListenerRoleBindingMetadata) + assert.Equal(t, "lrb-custom-value", ars.Spec.ListenerRoleBindingMetadata.Annotations["lrb-custom"]) + require.NotNil(t, ars.Spec.ListenerConfigSecretMetadata) + assert.Equal(t, "lcs-custom-value", ars.Spec.ListenerConfigSecretMetadata.Annotations["lcs-custom"]) + require.NotNil(t, ars.Spec.EphemeralRunnerSetMetadata) + assert.Equal(t, "ers-custom-value", ars.Spec.EphemeralRunnerSetMetadata.Annotations["ers-custom"]) + require.NotNil(t, ars.Spec.EphemeralRunnerMetadata) + assert.Equal(t, "er-custom-value", ars.Spec.EphemeralRunnerMetadata.Annotations["er-custom"]) + require.NotNil(t, ars.Spec.EphemeralRunnerConfigSecretMetadata) + assert.Equal(t, "ercs-custom-value", ars.Spec.EphemeralRunnerConfigSecretMetadata.Annotations["ercs-custom"]) output = helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/kube_mode_serviceaccount.yaml"}) var serviceAccount corev1.ServiceAccount diff --git a/charts/gha-runner-scale-set/values.yaml b/charts/gha-runner-scale-set/values.yaml index 8a9b64e9..0a78935b 100644 --- a/charts/gha-runner-scale-set/values.yaml +++ b/charts/gha-runner-scale-set/values.yaml @@ -488,3 +488,43 @@ namespaceOverride: "" # key: value # annotations: # key: value +# autoscalingListener: +# labels: +# key: value +# annotations: +# key: value +# listenerServiceAccount: +# labels: +# key: value +# annotations: +# key: value +# listenerRole: +# labels: +# key: value +# annotations: +# key: value +# listenerRoleBinding: +# labels: +# key: value +# annotations: +# key: value +# listenerConfigSecret: +# labels: +# key: value +# annotations: +# key: value +# ephemeralRunnerSet: +# labels: +# key: value +# annotations: +# key: value +# ephemeralRunner: +# labels: +# key: value +# annotations: +# key: value +# ephemeralRunnerConfigSecret: +# labels: +# key: value +# annotations: +# key: value