public_git
/
actions-runner-controller
mirror of https://github.com/actions-runner-controller/actions-runner-controller.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Pin third party actions (#3981)

This commit is contained in:
Nikola Jokic 2025-04-17 12:19:15 +02:00 committed by GitHub
parent 15990d492d
commit a33d34a036
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
19 changed files with 331 additions and 327 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/actions/setup-arc-e2e/action.yaml vendored
View File

@ -1,9 +1,9 @@
name: 'Setup ARC E2E Test Action' name: "Setup ARC E2E Test Action"
description: 'Build controller image, create kind cluster, load the image, and exchange ARC configure token.' description: "Build controller image, create kind cluster, load the image, and exchange ARC configure token."
inputs: inputs:
app-id: app-id:
description: 'GitHub App Id for exchange access token' description: "GitHub App Id for exchange access token"
required: true required: true
app-pk: app-pk:
description: "GitHub App private key for exchange access token" description: "GitHub App private key for exchange access token"
@ -20,14 +20,14 @@ inputs:
outputs: outputs:
token: token:
description: 'Token to use for configure ARC' description: "Token to use for configure ARC"
value: ${{steps.config-token.outputs.token}} value: ${{steps.config-token.outputs.token}}
runs: runs:
using: "composite" using: "composite"
steps: steps:
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
with: with:
# Pinning v0.9.1 for Buildx and BuildKit v0.10.6 # Pinning v0.9.1 for Buildx and BuildKit v0.10.6
# BuildKit v0.11 which has a bug causing intermittent # BuildKit v0.11 which has a bug causing intermittent
@ -36,7 +36,8 @@ runs:
driver-opts: image=moby/buildkit:v0.10.6 driver-opts: image=moby/buildkit:v0.10.6
- name: Build controller image - name: Build controller image
uses: docker/build-push-action@v5 # https://github.com/docker/build-push-action/releases/tag/v6.15.0
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
with: with:
file: Dockerfile file: Dockerfile
platforms: linux/amd64 platforms: linux/amd64
@ -56,6 +57,7 @@ runs:
- name: Get configure token - name: Get configure token
id: config-token id: config-token
# https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3
with: with:
application_id: ${{ inputs.app-id }} application_id: ${{ inputs.app-id }}

12
.github/actions/setup-docker-environment/action.yaml vendored
View File

@ -24,23 +24,27 @@ runs:
shell: bash shell: bash
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 # https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 # https://github.com/docker/setup-buildx-action/releases/tag/v3.10.0
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
with: with:
version: latest version: latest
- name: Login to DockerHub - name: Login to DockerHub
if: ${{ github.event_name == 'release' || github.event_name == 'push' && github.ref == 'refs/heads/master' && inputs.password != '' }} if: ${{ github.event_name == 'release' || github.event_name == 'push' && github.ref == 'refs/heads/master' && inputs.password != '' }}
uses: docker/login-action@v3 # https://github.com/docker/login-action/releases/tag/v3.4.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with: with:
username: ${{ inputs.username }} username: ${{ inputs.username }}
password: ${{ inputs.password }} password: ${{ inputs.password }}
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
if: ${{ github.event_name == 'release' || github.event_name == 'push' && github.ref == 'refs/heads/master' && inputs.ghcr_password != '' }} if: ${{ github.event_name == 'release' || github.event_name == 'push' && github.ref == 'refs/heads/master' && inputs.ghcr_password != '' }}
uses: docker/login-action@v3 # https://github.com/docker/login-action/releases/tag/v3.4.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ inputs.ghcr_username }} username: ${{ inputs.ghcr_username }}

26
.github/workflows/arc-publish-chart.yaml vendored
View File

@ -7,16 +7,16 @@ on:
branches: branches:
- master - master
paths: paths:
- 'charts/**' - "charts/**"
- '.github/workflows/arc-publish-chart.yaml' - ".github/workflows/arc-publish-chart.yaml"
- '!charts/actions-runner-controller/docs/**' - "!charts/actions-runner-controller/docs/**"
- '!charts/gha-runner-scale-set-controller/**' - "!charts/gha-runner-scale-set-controller/**"
- '!charts/gha-runner-scale-set/**' - "!charts/gha-runner-scale-set/**"
- '!**.md' - "!**.md"
workflow_dispatch: workflow_dispatch:
inputs: inputs:
force: force:
description: 'Force publish even if the chart version is not bumped' description: "Force publish even if the chart version is not bumped"
type: boolean type: boolean
required: true required: true
default: false default: false
@ -45,6 +45,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Set up Helm - name: Set up Helm
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
with: with:
version: ${{ env.HELM_VERSION }} version: ${{ env.HELM_VERSION }}
@ -60,10 +61,11 @@ jobs:
# python is a requirement for the chart-testing action below (supports yamllint among other tests) # python is a requirement for the chart-testing action below (supports yamllint among other tests)
- uses: actions/setup-python@v5 - uses: actions/setup-python@v5
with: with:
python-version: '3.11' python-version: "3.11"
- name: Set up chart-testing - name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.0 # https://github.com/helm/chart-testing-action/releases/tag/v2.7.0
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
- name: Run chart-testing (list-changed) - name: Run chart-testing (list-changed)
id: list-changed id: list-changed
@ -79,7 +81,8 @@ jobs:
- name: Create kind cluster - name: Create kind cluster
if: steps.list-changed.outputs.changed == 'true' if: steps.list-changed.outputs.changed == 'true'
uses: helm/kind-action@v1.4.0 # https://github.com/helm/kind-action/releases/tag/v1.12.0
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3
# We need cert-manager already installed in the cluster because we assume the CRDs exist # We need cert-manager already installed in the cluster because we assume the CRDs exist
- name: Install cert-manager - name: Install cert-manager
@ -145,6 +148,7 @@ jobs:
- name: Get Token - name: Get Token
id: get_workflow_token id: get_workflow_token
# https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3
with: with:
application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }}
@ -152,7 +156,7 @@ jobs:
organization: ${{ env.CHART_TARGET_ORG }} organization: ${{ env.CHART_TARGET_ORG }}
- name: Install chart-releaser - name: Install chart-releaser
uses: helm/chart-releaser-action@v1.4.1 uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f
with: with:
install_only: true install_only: true
install_dir: ${{ github.workspace }}/bin install_dir: ${{ github.workspace }}/bin

7
.github/workflows/arc-publish.yaml vendored
View File

@ -9,10 +9,10 @@ on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
release_tag_name: release_tag_name:
description: 'Tag name of the release to publish' description: "Tag name of the release to publish"
required: true required: true
push_to_registries: push_to_registries:
description: 'Push images to registries' description: "Push images to registries"
required: true required: true
type: boolean type: boolean
default: false default: false
@ -43,7 +43,7 @@ jobs:
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version-file: 'go.mod' go-version-file: "go.mod"
- name: Install tools - name: Install tools
run: | run: |
@ -73,6 +73,7 @@ jobs:
- name: Get Token - name: Get Token
id: get_workflow_token id: get_workflow_token
# https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3
with: with:
application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }}

7
.github/workflows/arc-release-runners.yaml vendored
View File

@ -7,10 +7,10 @@ on:
# are available to the workflow run # are available to the workflow run
push: push:
branches: branches:
- 'master' - "master"
paths: paths:
- 'runner/VERSION' - "runner/VERSION"
- '.github/workflows/arc-release-runners.yaml' - ".github/workflows/arc-release-runners.yaml"
env: env:
# Safeguard to prevent pushing images to registeries after build # Safeguard to prevent pushing images to registeries after build
@ -39,6 +39,7 @@ jobs:
- name: Get Token - name: Get Token
id: get_workflow_token id: get_workflow_token
# https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3
with: with:
application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }}

50
.github/workflows/arc-validate-chart.yaml vendored
View File

@ -5,20 +5,20 @@ on:
branches: branches:
- master - master
paths: paths:
- 'charts/**' - "charts/**"
- '.github/workflows/arc-validate-chart.yaml' - ".github/workflows/arc-validate-chart.yaml"
- '!charts/actions-runner-controller/docs/**' - "!charts/actions-runner-controller/docs/**"
- '!**.md' - "!**.md"
- '!charts/gha-runner-scale-set-controller/**' - "!charts/gha-runner-scale-set-controller/**"
- '!charts/gha-runner-scale-set/**' - "!charts/gha-runner-scale-set/**"
push: push:
paths: paths:
- 'charts/**' - "charts/**"
- '.github/workflows/arc-validate-chart.yaml' - ".github/workflows/arc-validate-chart.yaml"
- '!charts/actions-runner-controller/docs/**' - "!charts/actions-runner-controller/docs/**"
- '!**.md' - "!**.md"
- '!charts/gha-runner-scale-set-controller/**' - "!charts/gha-runner-scale-set-controller/**"
- '!charts/gha-runner-scale-set/**' - "!charts/gha-runner-scale-set/**"
workflow_dispatch: workflow_dispatch:
env: env:
KUBE_SCORE_VERSION: 1.10.0 KUBE_SCORE_VERSION: 1.10.0
@ -45,34 +45,19 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Set up Helm - name: Set up Helm
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2 # Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
with: with:
version: ${{ env.HELM_VERSION }} version: ${{ env.HELM_VERSION }}
- name: Set up kube-score
run: |
wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score
chmod 755 kube-score
- name: Kube-score generated manifests
run: helm template --values charts/.ci/values-kube-score.yaml charts/* | ./kube-score score -
--ignore-test pod-networkpolicy
--ignore-test deployment-has-poddisruptionbudget
--ignore-test deployment-has-host-podantiaffinity
--ignore-test container-security-context
--ignore-test pod-probes
--ignore-test container-image-tag
--enable-optional-test container-security-context-privileged
--enable-optional-test container-security-context-readonlyrootfilesystem
# python is a requirement for the chart-testing action below (supports yamllint among other tests) # python is a requirement for the chart-testing action below (supports yamllint among other tests)
- uses: actions/setup-python@v5 - uses: actions/setup-python@v5
with: with:
python-version: '3.11' python-version: "3.11"
- name: Set up chart-testing - name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.0 # https://github.com/helm/chart-testing-action/releases/tag/v2.7.0
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
- name: Run chart-testing (list-changed) - name: Run chart-testing (list-changed)
id: list-changed id: list-changed
@ -87,7 +72,8 @@ jobs:
ct lint --config charts/.ci/ct-config.yaml ct lint --config charts/.ci/ct-config.yaml
- name: Create kind cluster - name: Create kind cluster
uses: helm/kind-action@v1.4.0 # https://github.com/helm/kind-action/releases/tag/v1.12.0
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3
if: steps.list-changed.outputs.changed == 'true' if: steps.list-changed.outputs.changed == 'true'
# We need cert-manager already installed in the cluster because we assume the CRDs exist # We need cert-manager already installed in the cluster because we assume the CRDs exist

26
.github/workflows/arc-validate-runners.yaml vendored
View File

@ -3,11 +3,11 @@ name: Validate ARC Runners
on: on:
pull_request: pull_request:
branches: branches:
- '**' - "**"
paths: paths:
- 'runner/**' - "runner/**"
- 'test/startup/**' - "test/startup/**"
- '!**.md' - "!**.md"
permissions: permissions:
contents: read contents: read
@ -25,21 +25,9 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: shellcheck - name: "Run shellcheck"
uses: reviewdog/action-shellcheck@v1 run: make shellcheck
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
path: "./runner"
pattern: |
*.sh
*.bash
update-status
# Make this consistent with `make shellsheck`
shellcheck_flags: "--shell bash --source-path runner"
exclude: "./.git/*"
check_all_files_with_shebangs: "false"
# Set this to "true" once we addressed all the shellcheck findings
fail_on_error: "false"
test-runner-entrypoint: test-runner-entrypoint:
name: Test entrypoint name: Test entrypoint
runs-on: ubuntu-latest runs-on: ubuntu-latest

29
.github/workflows/gha-publish-chart.yaml vendored
View File

@ -4,27 +4,27 @@ on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
ref: ref:
description: 'The branch, tag or SHA to cut a release from' description: "The branch, tag or SHA to cut a release from"
required: false required: false
type: string type: string
default: '' default: ""
release_tag_name: release_tag_name:
description: 'The name to tag the controller image with' description: "The name to tag the controller image with"
required: true required: true
type: string type: string
default: 'canary' default: "canary"
push_to_registries: push_to_registries:
description: 'Push images to registries' description: "Push images to registries"
required: true required: true
type: boolean type: boolean
default: false default: false
publish_gha_runner_scale_set_controller_chart: publish_gha_runner_scale_set_controller_chart:
description: 'Publish new helm chart for gha-runner-scale-set-controller' description: "Publish new helm chart for gha-runner-scale-set-controller"
required: true required: true
type: boolean type: boolean
default: false default: false
publish_gha_runner_scale_set_chart: publish_gha_runner_scale_set_chart:
description: 'Publish new helm chart for gha-runner-scale-set' description: "Publish new helm chart for gha-runner-scale-set"
required: true required: true
type: boolean type: boolean
default: false default: false
@ -72,10 +72,11 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 # https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
with: with:
# Pinning v0.9.1 for Buildx and BuildKit v0.10.6 # Pinning v0.9.1 for Buildx and BuildKit v0.10.6
# BuildKit v0.11 which has a bug causing intermittent # BuildKit v0.11 which has a bug causing intermittent
@ -84,14 +85,16 @@ jobs:
driver-opts: image=moby/buildkit:v0.10.6 driver-opts: image=moby/buildkit:v0.10.6
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v3 # https://github.com/docker/login-action/releases/tag/v3.4.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & push controller image - name: Build & push controller image
uses: docker/build-push-action@v5 # https://github.com/docker/build-push-action/releases/tag/v6.15.0
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
with: with:
file: Dockerfile file: Dockerfile
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
@ -140,7 +143,7 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up Helm - name: Set up Helm
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2 # Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
with: with:
version: ${{ env.HELM_VERSION }} version: ${{ env.HELM_VERSION }}
@ -188,7 +191,7 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up Helm - name: Set up Helm
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2 # Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
with: with:
version: ${{ env.HELM_VERSION }} version: ${{ env.HELM_VERSION }}

31
.github/workflows/gha-validate-chart.yaml vendored
View File

@ -5,16 +5,16 @@ on:
branches: branches:
- master - master
paths: paths:
- 'charts/**' - "charts/**"
- '.github/workflows/gha-validate-chart.yaml' - ".github/workflows/gha-validate-chart.yaml"
- '!charts/actions-runner-controller/**' - "!charts/actions-runner-controller/**"
- '!**.md' - "!**.md"
push: push:
paths: paths:
- 'charts/**' - "charts/**"
- '.github/workflows/gha-validate-chart.yaml' - ".github/workflows/gha-validate-chart.yaml"
- '!charts/actions-runner-controller/**' - "!charts/actions-runner-controller/**"
- '!**.md' - "!**.md"
workflow_dispatch: workflow_dispatch:
env: env:
KUBE_SCORE_VERSION: 1.16.1 KUBE_SCORE_VERSION: 1.16.1
@ -41,7 +41,7 @@ jobs:
fetch-depth: 0 fetch-depth: 0
- name: Set up Helm - name: Set up Helm
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2 # Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
with: with:
version: ${{ env.HELM_VERSION }} version: ${{ env.HELM_VERSION }}
@ -49,10 +49,11 @@ jobs:
# python is a requirement for the chart-testing action below (supports yamllint among other tests) # python is a requirement for the chart-testing action below (supports yamllint among other tests)
- uses: actions/setup-python@v5 - uses: actions/setup-python@v5
with: with:
python-version: '3.11' python-version: "3.11"
- name: Set up chart-testing - name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.0 # https://github.com/helm/chart-testing-action/releases/tag/v2.7.0
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
- name: Run chart-testing (list-changed) - name: Run chart-testing (list-changed)
id: list-changed id: list-changed
@ -68,13 +69,14 @@ jobs:
ct lint --config charts/.ci/ct-config-gha.yaml ct lint --config charts/.ci/ct-config-gha.yaml
- name: Set up docker buildx - name: Set up docker buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
if: steps.list-changed.outputs.changed == 'true' if: steps.list-changed.outputs.changed == 'true'
with: with:
version: latest version: latest
- name: Build controller image - name: Build controller image
uses: docker/build-push-action@v5 # https://github.com/docker/build-push-action/releases/tag/v6.15.0
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
if: steps.list-changed.outputs.changed == 'true' if: steps.list-changed.outputs.changed == 'true'
with: with:
file: Dockerfile file: Dockerfile
@ -89,7 +91,8 @@ jobs:
cache-to: type=gha,mode=max cache-to: type=gha,mode=max
- name: Create kind cluster - name: Create kind cluster
uses: helm/kind-action@v1.4.0 # https://github.com/helm/kind-action/releases/tag/v1.12.0
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3
if: steps.list-changed.outputs.changed == 'true' if: steps.list-changed.outputs.changed == 'true'
with: with:
cluster_name: chart-testing cluster_name: chart-testing

61
.github/workflows/global-publish-canary.yaml vendored
View File

@ -7,30 +7,30 @@ on:
branches: branches:
- master - master
paths-ignore: paths-ignore:
- '**.md' - "**.md"
- '.github/actions/**' - ".github/actions/**"
- '.github/ISSUE_TEMPLATE/**' - ".github/ISSUE_TEMPLATE/**"
- '.github/workflows/e2e-test-dispatch-workflow.yaml' - ".github/workflows/e2e-test-dispatch-workflow.yaml"
- '.github/workflows/gha-e2e-tests.yaml' - ".github/workflows/gha-e2e-tests.yaml"
- '.github/workflows/arc-publish.yaml' - ".github/workflows/arc-publish.yaml"
- '.github/workflows/arc-publish-chart.yaml' - ".github/workflows/arc-publish-chart.yaml"
- '.github/workflows/gha-publish-chart.yaml' - ".github/workflows/gha-publish-chart.yaml"
- '.github/workflows/arc-release-runners.yaml' - ".github/workflows/arc-release-runners.yaml"
- '.github/workflows/global-run-codeql.yaml' - ".github/workflows/global-run-codeql.yaml"
- '.github/workflows/global-run-first-interaction.yaml' - ".github/workflows/global-run-first-interaction.yaml"
- '.github/workflows/global-run-stale.yaml' - ".github/workflows/global-run-stale.yaml"
- '.github/workflows/arc-update-runners-scheduled.yaml' - ".github/workflows/arc-update-runners-scheduled.yaml"
- '.github/workflows/validate-arc.yaml' - ".github/workflows/validate-arc.yaml"
- '.github/workflows/arc-validate-chart.yaml' - ".github/workflows/arc-validate-chart.yaml"
- '.github/workflows/gha-validate-chart.yaml' - ".github/workflows/gha-validate-chart.yaml"
- '.github/workflows/arc-validate-runners.yaml' - ".github/workflows/arc-validate-runners.yaml"
- '.github/dependabot.yml' - ".github/dependabot.yml"
- '.github/RELEASE_NOTE_TEMPLATE.md' - ".github/RELEASE_NOTE_TEMPLATE.md"
- 'runner/**' - "runner/**"
- '.gitignore' - ".gitignore"
- 'PROJECT' - "PROJECT"
- 'LICENSE' - "LICENSE"
- 'Makefile' - "Makefile"
# https://docs.github.com/en/rest/overview/permissions-required-for-github-apps # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps
permissions: permissions:
@ -59,6 +59,7 @@ jobs:
- name: Get Token - name: Get Token
id: get_workflow_token id: get_workflow_token
# https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3
with: with:
application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }}
@ -93,7 +94,8 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v3 # https://github.com/docker/login-action/releases/tag/v3.4.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@ -110,16 +112,19 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 # https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 # https://github.com/docker/setup-buildx-action/releases/tag/v3.10.0
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
with: with:
version: latest version: latest
# Unstable builds - run at your own risk # Unstable builds - run at your own risk
- name: Build and Push - name: Build and Push
uses: docker/build-push-action@v5 # https://github.com/docker/build-push-action/releases/tag/v6.15.0
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
with: with:
context: . context: .
file: ./Dockerfile file: ./Dockerfile

29
.github/workflows/go.yaml vendored
View File

@ -4,16 +4,16 @@ on:
branches: branches:
- master - master
paths: paths:
- '.github/workflows/go.yaml' - ".github/workflows/go.yaml"
- '**.go' - "**.go"
- 'go.mod' - "go.mod"
- 'go.sum' - "go.sum"
pull_request: pull_request:
paths: paths:
- '.github/workflows/go.yaml' - ".github/workflows/go.yaml"
- '**.go' - "**.go"
- 'go.mod' - "go.mod"
- 'go.sum' - "go.sum"
permissions: permissions:
contents: read contents: read
@ -32,7 +32,7 @@ jobs:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version-file: 'go.mod' go-version-file: "go.mod"
cache: false cache: false
- name: fmt - name: fmt
run: go fmt ./... run: go fmt ./...
@ -45,13 +45,14 @@ jobs:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version-file: 'go.mod' go-version-file: "go.mod"
cache: false cache: false
- name: golangci-lint - name: golangci-lint
uses: golangci/golangci-lint-action@v6 # https://github.com/golangci/golangci-lint-action/releases/tag/v6.5.2
uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84
with: with:
only-new-issues: true only-new-issues: true
version: v1.55.2 version: v1.64.8
generate: generate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -59,7 +60,7 @@ jobs:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version-file: 'go.mod' go-version-file: "go.mod"
cache: false cache: false
- name: Generate - name: Generate
run: make generate run: make generate
@ -72,7 +73,7 @@ jobs:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version-file: 'go.mod' go-version-file: "go.mod"
- run: make manifests - run: make manifests
- name: Check diff - name: Check diff
run: git diff --exit-code run: git diff --exit-code

4
.golangci.yaml
View File

@ -1,8 +1,8 @@
run: run:
timeout: 3m timeout: 5m
output: output:
formats: formats:
- format: github-actions - format: colored-line-number
path: stdout path: stdout
linters-settings: linters-settings:
errcheck: errcheck:

4
Makefile
View File

@ -20,7 +20,7 @@ KUBECONTEXT ?= kind-acceptance
CLUSTER ?= acceptance CLUSTER ?= acceptance
CERT_MANAGER_VERSION ?= v1.1.1 CERT_MANAGER_VERSION ?= v1.1.1
KUBE_RBAC_PROXY_VERSION ?= v0.11.0 KUBE_RBAC_PROXY_VERSION ?= v0.11.0
SHELLCHECK_VERSION ?= 0.8.0 SHELLCHECK_VERSION ?= 0.10.0
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion) # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
CRD_OPTIONS ?= "crd:generateEmbeddedObjectMeta=true,allowDangerousTypes=true" CRD_OPTIONS ?= "crd:generateEmbeddedObjectMeta=true,allowDangerousTypes=true"
@ -204,7 +204,7 @@ generate: controller-gen
# Run shellcheck on runner scripts # Run shellcheck on runner scripts
shellcheck: shellcheck-install shellcheck: shellcheck-install
$(TOOLS_PATH)/shellcheck --shell bash --source-path runner runner/*.sh hack/*.sh $(TOOLS_PATH)/shellcheck --shell bash --source-path runner runner/*.sh runner/update-status hack/*.sh
docker-buildx: docker-buildx:
export DOCKER_CLI_EXPERIMENTAL=enabled ;\ export DOCKER_CLI_EXPERIMENTAL=enabled ;\

10
acceptance/pipelines/eks-integration-tests.yaml
View File

@ -10,16 +10,17 @@ env:
jobs: jobs:
assume-role-in-runner-test: assume-role-in-runner-test:
runs-on: ['self-hosted', 'Linux'] runs-on: ["self-hosted", "Linux"]
steps: steps:
- name: Test aws-actions/configure-aws-credentials Action - name: Test aws-actions/configure-aws-credentials Action
uses: aws-actions/configure-aws-credentials@v1 # https://github.com/aws-actions/configure-aws-credentials/releases/tag/v4.1.0
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722
with: with:
aws-region: ${{ env.AWS_REGION }} aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.ASSUME_ROLE_ARN }} role-to-assume: ${{ env.ASSUME_ROLE_ARN }}
role-duration-seconds: 900 role-duration-seconds: 900
assume-role-in-container-test: assume-role-in-container-test:
runs-on: ['self-hosted', 'Linux'] runs-on: ["self-hosted", "Linux"]
container: container:
image: amazon/aws-cli image: amazon/aws-cli
env: env:
@ -29,7 +30,8 @@ jobs:
- /var/run/secrets/eks.amazonaws.com/serviceaccount/token:/var/run/secrets/eks.amazonaws.com/serviceaccount/token - /var/run/secrets/eks.amazonaws.com/serviceaccount/token:/var/run/secrets/eks.amazonaws.com/serviceaccount/token
steps: steps:
- name: Test aws-actions/configure-aws-credentials Action in container - name: Test aws-actions/configure-aws-credentials Action in container
uses: aws-actions/configure-aws-credentials@v1 # https://github.com/aws-actions/configure-aws-credentials/releases/tag/v4.1.0
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722
with: with:
aws-region: ${{ env.AWS_REGION }} aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.ASSUME_ROLE_ARN }} role-to-assume: ${{ env.ASSUME_ROLE_ARN }}

15
acceptance/pipelines/runner-integration-tests.yaml
View File

@ -8,7 +8,7 @@ env:
jobs: jobs:
run-step-in-container-test: run-step-in-container-test:
runs-on: ['self-hosted', 'Linux'] runs-on: ["self-hosted", "Linux"]
container: container:
image: alpine image: alpine
steps: steps:
@ -21,7 +21,7 @@ jobs:
exit 1 exit 1
fi fi
setup-python-test: setup-python-test:
runs-on: ['self-hosted', 'Linux'] runs-on: ["self-hosted", "Linux"]
steps: steps:
- name: Print native Python environment - name: Print native Python environment
run: | run: |
@ -41,11 +41,11 @@ jobs:
echo "Python version detected : $(python --version 2>&1)" echo "Python version detected : $(python --version 2>&1)"
fi fi
setup-node-test: setup-node-test:
runs-on: ['self-hosted', 'Linux'] runs-on: ["self-hosted", "Linux"]
steps: steps:
- uses: actions/setup-node@v2 - uses: actions/setup-node@v2
with: with:
node-version: '12' node-version: "12"
- name: Test actions/setup-node works - name: Test actions/setup-node works
run: | run: |
VERSION=$(node --version | cut -c 2- | cut -d '.' -f1) VERSION=$(node --version | cut -c 2- | cut -d '.' -f1)
@ -57,9 +57,10 @@ jobs:
echo "Node version detected : $(node --version 2>&1)" echo "Node version detected : $(node --version 2>&1)"
fi fi
setup-ruby-test: setup-ruby-test:
runs-on: ['self-hosted', 'Linux'] runs-on: ["self-hosted", "Linux"]
steps: steps:
- uses: ruby/setup-ruby@v1 # https://github.com/ruby/setup-ruby/releases/tag/v1.227.0
- uses: ruby/setup-ruby@1a615958ad9d422dd932dc1d5823942ee002799f
with: with:
ruby-version: 3.0 ruby-version: 3.0
bundler-cache: true bundler-cache: true
@ -74,7 +75,7 @@ jobs:
echo "Ruby version detected : $(ruby --version 2>&1)" echo "Ruby version detected : $(ruby --version 2>&1)"
fi fi
python-shell-test: python-shell-test:
runs-on: ['self-hosted', 'Linux'] runs-on: ["self-hosted", "Linux"]
steps: steps:
- name: Test Python shell works - name: Test Python shell works
run: | run: |

6
charts/.ci/ct-config-gha.yaml
View File

@ -1,9 +1,11 @@
# This file defines the config for "ct" (chart tester) used by the helm linting GitHub workflow # This file defines the config for "ct" (chart tester) used by the helm linting GitHub workflow
remote: origin
target-branch: master
lint-conf: charts/.ci/lint-config.yaml lint-conf: charts/.ci/lint-config.yaml
chart-repos: chart-repos:
- jetstack=https://charts.jetstack.io - jetstack=https://charts.jetstack.io
check-version-increment: false # Disable checking that the chart version has been bumped check-version-increment: false # Disable checking that the chart version has been bumped
charts: charts:
- charts/gha-runner-scale-set-controller - charts/gha-runner-scale-set-controller
- charts/gha-runner-scale-set - charts/gha-runner-scale-set
skip-clean-up: true skip-clean-up: true

4
charts/.ci/ct-config.yaml
View File

@ -1,7 +1,9 @@
# This file defines the config for "ct" (chart tester) used by the helm linting GitHub workflow # This file defines the config for "ct" (chart tester) used by the helm linting GitHub workflow
remote: origin
target-branch: master
lint-conf: charts/.ci/lint-config.yaml lint-conf: charts/.ci/lint-config.yaml
chart-repos: chart-repos:
- jetstack=https://charts.jetstack.io - jetstack=https://charts.jetstack.io
check-version-increment: false # Disable checking that the chart version has been bumped check-version-increment: false # Disable checking that the chart version has been bumped
charts: charts:
- charts/actions-runner-controller - charts/actions-runner-controller

1
charts/.ci/scripts/local-kube-score.sh
View File

@ -1,6 +1,5 @@
#!/bin/bash #!/bin/bash
for chart in `ls charts`; for chart in `ls charts`;
do do
helm template --values charts/$chart/ci/ci-values.yaml charts/$chart | kube-score score - \ helm template --values charts/$chart/ci/ci-values.yaml charts/$chart | kube-score score - \

6
test/e2e/e2e_test.go
View File

@ -1181,7 +1181,7 @@ func installActionsWorkflow(t *testing.T, testName, runnerLabel, testResultCMNam
steps = append(steps, steps = append(steps,
testing.Step{ testing.Step{
Name: "Set up Docker Buildx", Name: "Set up Docker Buildx",
Uses: "docker/setup-buildx-action@v1", Uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2",
With: setupBuildXActionWith, With: setupBuildXActionWith,
}, },
testing.Step{ testing.Step{
@ -1193,7 +1193,7 @@ func installActionsWorkflow(t *testing.T, testName, runnerLabel, testResultCMNam
Run: "docker run --rm test1", Run: "docker run --rm test1",
}, },
testing.Step{ testing.Step{
Uses: "addnab/docker-run-action@v3", Uses: "addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185",
With: &testing.With{ With: &testing.With{
Image: "test1", Image: "test1",
Run: "hello", Run: "hello",
@ -1234,7 +1234,7 @@ func installActionsWorkflow(t *testing.T, testName, runnerLabel, testResultCMNam
steps = append(steps, steps = append(steps,
testing.Step{ testing.Step{
Uses: "azure/setup-kubectl@v1", Uses: "azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f",
With: &testing.With{ With: &testing.With{
Version: "v1.24.0", Version: "v1.24.0",
}, },