From 84b0c64d2907208fafe39790b40f1eddc4666fc9 Mon Sep 17 00:00:00 2001
From: Piaras Hoban <4415593+phoban01@users.noreply.github.com>
Date: Sun, 12 Dec 2021 07:13:14 +0000
Subject: [PATCH] feat: add `authSecret.enabled` to Helm chart (#937)

When false the chart deployment template will not add GITHUB_*
environment variables to the manager container. In addition, the `volume`
and `volumeMount` for the secret will also be omitted from the
deployment manifest.

Signed-off-by: Piaras Hoban <phoban01@gmail.com>
---
 charts/actions-runner-controller/templates/deployment.yaml | 6 ++++++
 charts/actions-runner-controller/values.yaml               | 1 +
 2 files changed, 7 insertions(+)

diff --git a/charts/actions-runner-controller/templates/deployment.yaml b/charts/actions-runner-controller/templates/deployment.yaml
index 8d22ead6..1197550f 100644
--- a/charts/actions-runner-controller/templates/deployment.yaml
+++ b/charts/actions-runner-controller/templates/deployment.yaml
@@ -65,6 +65,7 @@ spec:
         - name: GITHUB_ENTERPRISE_URL
           value: {{ .Values.githubEnterpriseServerURL }}
         {{- end }}
+        {{- if .Values.authSecret.enabled }}
         - name: GITHUB_TOKEN
           valueFrom:
             secretKeyRef:
@@ -85,6 +86,7 @@ spec:
               optional: true
         - name: GITHUB_APP_PRIVATE_KEY
           value: /etc/actions-runner-controller/github_app_private_key
+        {{- end }}
         {{- range $key, $val := .Values.env }}
         - name: {{ $key }}
           value: {{ $val | quote }}
@@ -106,9 +108,11 @@ spec:
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
         volumeMounts:
+        {{- if .Values.authSecret.enabled }}
         - mountPath: "/etc/actions-runner-controller"
           name: secret
           readOnly: true
+        {{- end }}
         - mountPath: /tmp
           name: tmp
         - mountPath: /tmp/k8s-webhook-server/serving-certs
@@ -136,9 +140,11 @@ spec:
       {{- end }}
       terminationGracePeriodSeconds: 10
       volumes:
+      {{- if .Values.authSecret.enabled }}
       - name: secret
         secret:
           secretName: {{ include "actions-runner-controller.secretName" . }}
+      {{- end }}
       - name: cert
         secret:
           defaultMode: 420
diff --git a/charts/actions-runner-controller/values.yaml b/charts/actions-runner-controller/values.yaml
index 1a09217a..1b790187 100644
--- a/charts/actions-runner-controller/values.yaml
+++ b/charts/actions-runner-controller/values.yaml
@@ -24,6 +24,7 @@ enableLeaderElection: true
 # Only 1 authentication method can be deployed at a time
 # Uncomment the configuration you are applying and fill in the details
 authSecret:
+  enabled: true
   create: false
   name: "controller-manager"
   annotations: {}