diff --git a/README.md b/README.md index 99e539c3..7b7b270d 100644 --- a/README.md +++ b/README.md @@ -604,6 +604,10 @@ spec: operator: "Exists" effect: "NoExecute" tolerationSeconds: 10 + # true (default) = The runner restarts after running jobs, to ensure a clean and reproducible build environment + # false = The runner is persistent across jobs and doesn't automatically restart + # This directly controls the behaviour of `--once` flag provided to the github runner + ephemeral: false # true (default) = A privileged docker sidecar container is included in the runner pod. # false = A docker sidecar container is not included in the runner pod and you can't use docker. # If set to false, there are no privileged container and you cannot use docker. diff --git a/api/v1alpha1/runner_types.go b/api/v1alpha1/runner_types.go index d4c101e7..5cc46cc9 100644 --- a/api/v1alpha1/runner_types.go +++ b/api/v1alpha1/runner_types.go @@ -45,6 +45,9 @@ type RunnerSpec struct { // +optional Group string `json:"group,omitempty"` + // +optional + Ephemeral *bool `json:"ephemeral,omitempty"` + // +optional Containers []corev1.Container `json:"containers,omitempty"` // +optional diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 1015b67b..fd310ae1 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -587,6 +587,11 @@ func (in *RunnerSpec) DeepCopyInto(out *RunnerSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.Ephemeral != nil { + in, out := &in.Ephemeral, &out.Ephemeral + *out = new(bool) + **out = **in + } if in.Containers != nil { in, out := &in.Containers, &out.Containers *out = make([]v1.Container, len(*in)) diff --git a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml index cdb2404b..f33b9170 100644 --- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml +++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml @@ -600,6 +600,8 @@ spec: type: object type: object type: array + ephemeral: + type: boolean ephemeralContainers: items: description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. diff --git a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml index 90054dda..39d279f2 100644 --- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml +++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerreplicasets.yaml @@ -600,6 +600,8 @@ spec: type: object type: object type: array + ephemeral: + type: boolean ephemeralContainers: items: description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. diff --git a/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml b/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml index 722ea56a..5b8f0355 100644 --- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml +++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runners.yaml @@ -565,6 +565,8 @@ spec: type: object type: object type: array + ephemeral: + type: boolean ephemeralContainers: items: description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. diff --git a/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml b/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml index cdb2404b..f33b9170 100644 --- a/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml +++ b/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml @@ -600,6 +600,8 @@ spec: type: object type: object type: array + ephemeral: + type: boolean ephemeralContainers: items: description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. diff --git a/config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml b/config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml index 90054dda..39d279f2 100644 --- a/config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml +++ b/config/crd/bases/actions.summerwind.dev_runnerreplicasets.yaml @@ -600,6 +600,8 @@ spec: type: object type: object type: array + ephemeral: + type: boolean ephemeralContainers: items: description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. diff --git a/config/crd/bases/actions.summerwind.dev_runners.yaml b/config/crd/bases/actions.summerwind.dev_runners.yaml index 722ea56a..5b8f0355 100644 --- a/config/crd/bases/actions.summerwind.dev_runners.yaml +++ b/config/crd/bases/actions.summerwind.dev_runners.yaml @@ -565,6 +565,8 @@ spec: type: object type: object type: array + ephemeral: + type: boolean ephemeralContainers: items: description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. diff --git a/controllers/runner_controller.go b/controllers/runner_controller.go index 83b57c9d..93693b48 100644 --- a/controllers/runner_controller.go +++ b/controllers/runner_controller.go @@ -567,6 +567,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) { privileged bool = true dockerdInRunner bool = runner.Spec.DockerdWithinRunnerContainer != nil && *runner.Spec.DockerdWithinRunnerContainer dockerEnabled bool = runner.Spec.DockerEnabled == nil || *runner.Spec.DockerEnabled + ephemeral bool = runner.Spec.Ephemeral == nil || *runner.Spec.Ephemeral ) runnerImage := runner.Spec.Image @@ -625,6 +626,10 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) { Name: "RUNNER_WORKDIR", Value: workDir, }, + { + Name: "RUNNER_EPHEMERAL", + Value: fmt.Sprintf("%v", ephemeral), + }, } if metav1.HasAnnotation(runner.ObjectMeta, annotationKeyRegistrationOnly) { diff --git a/runner/entrypoint.sh b/runner/entrypoint.sh index 1591f2bb..86b53571 100755 --- a/runner/entrypoint.sh +++ b/runner/entrypoint.sh @@ -97,5 +97,10 @@ for f in runsvc.sh RunnerService.js; do sudo mv {patched,bin}/${f} done +args=() +if [ "${RUNNER_EPHEMERAL}" != "false" ]; then + args+=(--once) +fi + unset RUNNER_NAME RUNNER_REPO RUNNER_TOKEN -exec ./bin/runsvc.sh --once +exec ./bin/runsvc.sh "${args[@]}"