From 921f54720060c0e1cb843710240896c250b091f5 Mon Sep 17 00:00:00 2001
From: Yusuke Kuoka <ykuoka@gmail.com>
Date: Sat, 19 Feb 2022 21:18:00 +0900
Subject: [PATCH] fix: Do recreate runner pod on registration token update
 (#1087)

Apparently, we've been missed taking an updated registration token into account when generating the pod template hash which is used to detect if the runner pod needs to be recreated.

This shouldn't have been the end of the world since the runner pod is recreated on the next reconciliation loop anyway, but this change will make the pod recreation happen one reconciliation loop earlier so that you're less likely to get runner pods with outdated refresh tokens.

Ref https://github.com/actions-runner-controller/actions-runner-controller/pull/1085#issuecomment-1027433365
---
 controllers/runner_controller.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/controllers/runner_controller.go b/controllers/runner_controller.go
index 82743b44..ebe06adc 100644
--- a/controllers/runner_controller.go
+++ b/controllers/runner_controller.go
@@ -626,6 +626,11 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 		runner.ObjectMeta.Annotations,
 		runner.Spec,
 		r.GitHubClient.GithubBaseURL,
+		// Token change should trigger replacement.
+		// We need to include this explicitly here because
+		// runner.Spec does not contain the possibly updated token stored in the
+		// runner status yet.
+		runner.Status.Registration.Token,
 	)
 
 	objectMeta := metav1.ObjectMeta{