diff --git a/acceptance/deploy.sh b/acceptance/deploy.sh index d602dea8..45538ad7 100755 --- a/acceptance/deploy.sh +++ b/acceptance/deploy.sh @@ -25,6 +25,16 @@ else exit 1 fi +if [ -n "${WEBHOOK_GITHUB_TOKEN}" ]; then + kubectl -n actions-runner-system delete secret \ + github-webhook-server || : + kubectl -n actions-runner-system create secret generic \ + github-webhook-server \ + --from-literal=github_token=${WEBHOOK_GITHUB_TOKEN:?WEBHOOK_GITHUB_TOKEN must not be empty} +else + echo 'Skipped deploying secret "github-webhook-server". Set WEBHOOK_GITHUB_TOKEN to deploy.' 1>&2 +fi + tool=${ACCEPTANCE_TEST_DEPLOYMENT_TOOL} if [ "${tool}" == "helm" ]; then diff --git a/charts/actions-runner-controller/README.md b/charts/actions-runner-controller/README.md index 40b76bb9..77bbe38b 100644 --- a/charts/actions-runner-controller/README.md +++ b/charts/actions-runner-controller/README.md @@ -75,9 +75,10 @@ All additional docs are kept in the `docs/` folder, this README is solely for do | `admissionWebHooks.caBundle` | Base64-encoded PEM bundle containing the CA that signed the webhook's serving certificate | | | `githubWebhookServer.logLevel` | Set the log level of the githubWebhookServer container | | | `githubWebhookServer.replicaCount` | Set the number of webhook server pods | 1 | -| `githubWebhookServer.useRunnerGroupsVisibility` | Enable supporting runner groups with custom visibility. This will incur in extra API calls and may blow up your budget | false | +| `githubWebhookServer.useRunnerGroupsVisibility` | Enable supporting runner groups with custom visibility. This will incur in extra API calls and may blow up your budget. Currently, you also need to set `githubWebhookServer.secret.enabled` to enable this feature. | false | | `githubWebhookServer.syncPeriod` | Set the period in which the controller reconciles the resources | 10m | | `githubWebhookServer.enabled` | Deploy the webhook server pod | false | +| `githubWebhookServer.secret.enabled` | Passes the webhook hook secret to the github-webhook-server | false | | `githubWebhookServer.secret.create` | Deploy the webhook hook secret | false | | `githubWebhookServer.secret.name` | Set the name of the webhook hook secret | github-webhook-server | | `githubWebhookServer.secret.github_webhook_secret_token` | Set the webhook secret token value | | diff --git a/charts/actions-runner-controller/templates/_helpers.tpl b/charts/actions-runner-controller/templates/_helpers.tpl index 3bbe94cf..8d54b024 100644 --- a/charts/actions-runner-controller/templates/_helpers.tpl +++ b/charts/actions-runner-controller/templates/_helpers.tpl @@ -68,6 +68,10 @@ Create the name of the service account to use {{- default (include "actions-runner-controller.fullname" .) .Values.authSecret.name -}} {{- end }} +{{- define "actions-runner-controller.githubWebhookServerSecretName" -}} +{{- default (include "actions-runner-controller.fullname" .) .Values.githubWebhookServer.secret.name -}} +{{- end }} + {{- define "actions-runner-controller.leaderElectionRoleName" -}} {{- include "actions-runner-controller.fullname" . }}-leader-election {{- end }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml index 176ee346..3776fb09 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml @@ -69,30 +69,30 @@ spec: - name: GITHUB_UPLOAD_URL value: {{ .Values.githubUploadURL }} {{- end }} - {{- if and .Values.githubWebhookServer.useRunnerGroupsVisibility .Values.authSecret.enabled }} + {{- if and .Values.githubWebhookServer.useRunnerGroupsVisibility .Values.githubWebhookServer.secret.enabled }} - name: GITHUB_TOKEN valueFrom: secretKeyRef: key: github_token - name: {{ include "actions-runner-controller.secretName" . }} + name: {{ include "actions-runner-controller.githubWebhookServerSecretName" . }} optional: true - name: GITHUB_APP_ID valueFrom: secretKeyRef: key: github_app_id - name: {{ include "actions-runner-controller.secretName" . }} + name: {{ include "actions-runner-controller.githubWebhookServerSecretName" . }} optional: true - name: GITHUB_APP_INSTALLATION_ID valueFrom: secretKeyRef: key: github_app_installation_id - name: {{ include "actions-runner-controller.secretName" . }} + name: {{ include "actions-runner-controller.githubWebhookServerSecretName" . }} optional: true - name: GITHUB_APP_PRIVATE_KEY valueFrom: secretKeyRef: key: github_app_private_key - name: {{ include "actions-runner-controller.secretName" . }} + name: {{ include "actions-runner-controller.githubWebhookServerSecretName" . }} optional: true {{- if .Values.authSecret.github_basicauth_username }} - name: GITHUB_BASICAUTH_USERNAME diff --git a/charts/actions-runner-controller/values.yaml b/charts/actions-runner-controller/values.yaml index e39e896a..ebbba393 100644 --- a/charts/actions-runner-controller/values.yaml +++ b/charts/actions-runner-controller/values.yaml @@ -171,6 +171,7 @@ githubWebhookServer: syncPeriod: 10m useRunnerGroupsVisibility: false secret: + enabled: false create: false name: "github-webhook-server" ### GitHub Webhook Configuration