feat: add build logs to stdout forwarding

Add optional feature to forward GitHub Actions build logs to pod stdout
after job completion, enabling capture through Kubernetes logging solutions.

Changes:
- Add logForwarding.enabled config option (default: false)
- Create forward-logs.sh script to output worker logs with delimiters
- Integrate with job-completed hook system
- Update all Dockerfile variants to include script
- Modify Helm templates to pass FORWARD_BUILD_LOGS env var
- Support all container modes (default, dind, kubernetes, kubernetes-novolume)

Resolves #2478

charts/gha-runner-scale-set/templates/_helpers.tpl

@@ -240,6 +240,10 @@ env:
   - name: RUNNER_WAIT_FOR_DOCKER_IN_SECONDS
     value: "120"
     {{- end }}
+    {{- if $.Values.logForwarding.enabled }}
+  - name: FORWARD_BUILD_LOGS
+    value: "true"
+    {{- end }}
     {{- if $setNodeExtraCaCerts }}
   - name: NODE_EXTRA_CA_CERTS
     value: {{ clean (print $tlsConfig.runnerMountPath "/" $tlsConfig.certificateFrom.configMapKeyRef.key) }}
@@ -337,6 +341,10 @@ env:
     {{- end }}
     {{- if $setRequireJobContainer }}
   - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
+    value: "true"
+    {{- end }}
+    {{- if $.Values.logForwarding.enabled }}
+  - name: FORWARD_BUILD_LOGS
     value: "true"
     {{- end }}
     {{- if $setNodeExtraCaCerts }}
@@ -442,6 +450,10 @@ env:
   - name: ACTIONS_RUNNER_IMAGE
     value: "{{- $setRunnerImage -}}"
     {{- end }}
+    {{- if $.Values.logForwarding.enabled }}
+  - name: FORWARD_BUILD_LOGS
+    value: "true"
+    {{- end }}
     {{- if $setNodeExtraCaCerts }}
   - name: NODE_EXTRA_CA_CERTS
     value: {{ clean (print $tlsConfig.runnerMountPath "/" $tlsConfig.certificateFrom.configMapKeyRef.key) }}
@@ -492,7 +504,7 @@ volumeMounts:
   {{- end }}
 
   {{- $mountGitHubServerTLS := 0 }}
-  {{- if or $container.env $setNodeExtraCaCerts $setRunnerUpdateCaCerts }}
+  {{- if or $container.env $setNodeExtraCaCerts $setRunnerUpdateCaCerts $.Values.logForwarding.enabled }}
   env:
     {{- with $container.env }}
       {{- range $i, $env := . }}
@@ -505,6 +517,10 @@ volumeMounts:
     - {{ $env | toYaml | nindent 6 }}
       {{- end }}
     {{- end }}
+    {{- if $.Values.logForwarding.enabled }}
+    - name: FORWARD_BUILD_LOGS
+      value: "true"
+    {{- end }}
     {{- if $setNodeExtraCaCerts }}
     - name: NODE_EXTRA_CA_CERTS
       value: {{ clean (print $tlsConfig.runnerMountPath "/" $tlsConfig.certificateFrom.configMapKeyRef.key) }}

charts/gha-runner-scale-set/values.yaml

@@ -13,6 +13,12 @@ githubConfigSecret:
   # Example:
   # github_token: "ghp_sampleSampleSampleSampleSampleSample"
   github_token: ""
+
+## logForwarding controls whether GitHub Actions build logs are forwarded to stdout
+## When enabled, job execution logs will be output to the pod's stdout after job completion
+## This allows capturing build logs through Kubernetes logging solutions
+logForwarding:
+  enabled: false
 #
 ## (Variation B) When using a GitHub App, the syntax is as follows:
 # githubConfigSecret:

runner/actions-runner-dind-rootless.ubuntu-20.04.dockerfile

@@ -110,7 +110,7 @@ RUN mkdir /run/user/$RUNNER_UID \
 
 # We place the scripts in `/usr/bin` so that users who extend this image can
 # override them with scripts of the same name placed in `/usr/local/bin`.
-COPY entrypoint-dind-rootless.sh startup.sh logger.sh graceful-stop.sh update-status /usr/bin/
+COPY entrypoint-dind-rootless.sh startup.sh logger.sh graceful-stop.sh update-status forward-logs.sh /usr/bin/
 RUN chmod +x /usr/bin/entrypoint-dind-rootless.sh /usr/bin/startup.sh
 
 # Copy the docker shim which propagates the docker MTU to underlying networks

runner/actions-runner-dind-rootless.ubuntu-22.04.dockerfile

@@ -88,7 +88,7 @@ RUN mkdir /run/user/1000 \
 
 # We place the scripts in `/usr/bin` so that users who extend this image can
 # override them with scripts of the same name placed in `/usr/local/bin`.
-COPY entrypoint-dind-rootless.sh startup.sh logger.sh graceful-stop.sh update-status /usr/bin/
+COPY entrypoint-dind-rootless.sh startup.sh logger.sh graceful-stop.sh update-status forward-logs.sh /usr/bin/
 RUN chmod +x /usr/bin/entrypoint-dind-rootless.sh /usr/bin/startup.sh
 
 # Copy the docker shim which propagates the docker MTU to underlying networks

runner/actions-runner-dind-rootless.ubuntu-24.04.dockerfile

@@ -88,7 +88,7 @@ RUN mkdir /run/user/1000 \
 
 # We place the scripts in `/usr/bin` so that users who extend this image can
 # override them with scripts of the same name placed in `/usr/local/bin`.
-COPY entrypoint-dind-rootless.sh startup.sh logger.sh graceful-stop.sh update-status /usr/bin/
+COPY entrypoint-dind-rootless.sh startup.sh logger.sh graceful-stop.sh update-status forward-logs.sh /usr/bin/
 RUN chmod +x /usr/bin/entrypoint-dind-rootless.sh /usr/bin/startup.sh
 
 # Copy the docker shim which propagates the docker MTU to underlying networks

runner/actions-runner-dind.ubuntu-20.04.dockerfile

@@ -118,7 +118,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 
 # We place the scripts in `/usr/bin` so that users who extend this image can
 # override them with scripts of the same name placed in `/usr/local/bin`.
-COPY entrypoint-dind.sh startup.sh logger.sh wait.sh graceful-stop.sh update-status /usr/bin/
+COPY entrypoint-dind.sh startup.sh logger.sh wait.sh graceful-stop.sh update-status forward-logs.sh /usr/bin/
 RUN chmod +x /usr/bin/entrypoint-dind.sh /usr/bin/startup.sh
 
 # Copy the docker shim which propagates the docker MTU to underlying networks

runner/actions-runner-dind.ubuntu-22.04.dockerfile

@@ -94,7 +94,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 
 # We place the scripts in `/usr/bin` so that users who extend this image can
 # override them with scripts of the same name placed in `/usr/local/bin`.
-COPY entrypoint-dind.sh startup.sh logger.sh wait.sh graceful-stop.sh update-status /usr/bin/
+COPY entrypoint-dind.sh startup.sh logger.sh wait.sh graceful-stop.sh update-status forward-logs.sh /usr/bin/
 RUN chmod +x /usr/bin/entrypoint-dind.sh /usr/bin/startup.sh
 
 # Copy the docker shim which propagates the docker MTU to underlying networks

runner/actions-runner-dind.ubuntu-24.04.dockerfile

@@ -94,7 +94,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 
 # We place the scripts in `/usr/bin` so that users who extend this image can
 # override them with scripts of the same name placed in `/usr/local/bin`.
-COPY entrypoint-dind.sh startup.sh logger.sh wait.sh graceful-stop.sh update-status /usr/bin/
+COPY entrypoint-dind.sh startup.sh logger.sh wait.sh graceful-stop.sh update-status forward-logs.sh /usr/bin/
 RUN chmod +x /usr/bin/entrypoint-dind.sh /usr/bin/startup.sh
 
 # Copy the docker shim which propagates the docker MTU to underlying networks

runner/actions-runner.ubuntu-20.04.dockerfile

@@ -115,7 +115,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 
 # We place the scripts in `/usr/bin` so that users who extend this image can
 # override them with scripts of the same name placed in `/usr/local/bin`.
-COPY entrypoint.sh startup.sh logger.sh graceful-stop.sh update-status /usr/bin/
+COPY entrypoint.sh startup.sh logger.sh graceful-stop.sh update-status forward-logs.sh /usr/bin/
 
 # Copy the docker shim which propagates the docker MTU to underlying networks
 # to replace the docker binary in the PATH.

runner/actions-runner.ubuntu-22.04.dockerfile

@@ -92,7 +92,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 
 # We place the scripts in `/usr/bin` so that users who extend this image can
 # override them with scripts of the same name placed in `/usr/local/bin`.
-COPY entrypoint.sh startup.sh logger.sh graceful-stop.sh update-status /usr/bin/
+COPY entrypoint.sh startup.sh logger.sh graceful-stop.sh update-status forward-logs.sh /usr/bin/
 
 # Copy the docker shim which propagates the docker MTU to underlying networks
 # to replace the docker binary in the PATH.

runner/actions-runner.ubuntu-24.04.dockerfile

@@ -92,7 +92,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 
 # We place the scripts in `/usr/bin` so that users who extend this image can
 # override them with scripts of the same name placed in `/usr/local/bin`.
-COPY entrypoint.sh startup.sh logger.sh graceful-stop.sh update-status /usr/bin/
+COPY entrypoint.sh startup.sh logger.sh graceful-stop.sh update-status forward-logs.sh /usr/bin/
 
 # Copy the docker shim which propagates the docker MTU to underlying networks
 # to replace the docker binary in the PATH.

runner/forward-logs.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Forward GitHub Actions build logs to stdout
+# This script finds and outputs worker log files that contain job execution logs
+
+if [ "${FORWARD_BUILD_LOGS:-false}" != "true" ]; then
+    exit 0
+fi
+
+RUNNER_HOME=${RUNNER_HOME:-/runner}
+DIAG_DIR="${RUNNER_HOME}/_diag/pages"
+
+if [ ! -d "$DIAG_DIR" ]; then
+    echo "No diagnostic logs directory found at $DIAG_DIR"
+    exit 0
+fi
+
+# Find worker log files (these contain the actual job execution logs)
+WORKER_LOGS=$(find "$DIAG_DIR" -name "Worker_*.log" -type f 2>/dev/null || true)
+
+if [ -z "$WORKER_LOGS" ]; then
+    echo "No worker log files found"
+    exit 0
+fi
+
+echo "=== GITHUB ACTIONS BUILD LOGS START ==="
+for log_file in $WORKER_LOGS; do
+    echo "--- Log from: $(basename "$log_file") ---"
+    cat "$log_file"
+done
+echo "=== GITHUB ACTIONS BUILD LOGS END ==="

runner/hooks/job-completed.d/forward-logs

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -u
+
+exec forward-logs.sh