public_git
/
actions-runner-controller
mirror of https://github.com/actions-runner-controller/actions-runner-controller.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Pin third party actions (#3981)

This commit is contained in:
Nikola Jokic 2025-04-17 12:19:15 +02:00 committed by GitHub
parent 15990d492d
commit a33d34a036
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
19 changed files with 331 additions and 327 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.github/actions/setup-arc-e2e/action.yaml vendored
View File

@ -1,9 +1,9 @@
name: 'Setup ARC E2E Test Action'
description: 'Build controller image, create kind cluster, load the image, and exchange ARC configure token.'
name: "Setup ARC E2E Test Action"
description: "Build controller image, create kind cluster, load the image, and exchange ARC configure token."
inputs:
app-id:
description: 'GitHub App Id for exchange access token'
description: "GitHub App Id for exchange access token"
required: true
app-pk:
description: "GitHub App private key for exchange access token"
@ -20,14 +20,14 @@ inputs:
outputs:
token:
description: 'Token to use for configure ARC'
description: "Token to use for configure ARC"
value: ${{steps.config-token.outputs.token}}
runs:
using: "composite"
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
with:
# Pinning v0.9.1 for Buildx and BuildKit v0.10.6
# BuildKit v0.11 which has a bug causing intermittent
@ -36,7 +36,8 @@ runs:
driver-opts: image=moby/buildkit:v0.10.6
- name: Build controller image
uses: docker/build-push-action@v5
# https://github.com/docker/build-push-action/releases/tag/v6.15.0
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
with:
file: Dockerfile
platforms: linux/amd64
@ -56,6 +57,7 @@ runs:
- name: Get configure token
id: config-token
# https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3
with:
application_id: ${{ inputs.app-id }}

12
.github/actions/setup-docker-environment/action.yaml vendored
View File

@ -24,23 +24,27 @@ runs:
shell: bash
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# https://github.com/docker/setup-buildx-action/releases/tag/v3.10.0
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
with:
version: latest
- name: Login to DockerHub
if: ${{ github.event_name == 'release' || github.event_name == 'push' && github.ref == 'refs/heads/master' && inputs.password != '' }}
uses: docker/login-action@v3
# https://github.com/docker/login-action/releases/tag/v3.4.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with:
username: ${{ inputs.username }}
password: ${{ inputs.password }}
- name: Login to GitHub Container Registry
if: ${{ github.event_name == 'release' || github.event_name == 'push' && github.ref == 'refs/heads/master' && inputs.ghcr_password != '' }}
uses: docker/login-action@v3
# https://github.com/docker/login-action/releases/tag/v3.4.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with:
registry: ghcr.io
username: ${{ inputs.ghcr_username }}

26
.github/workflows/arc-publish-chart.yaml vendored
View File

@ -7,16 +7,16 @@ on:
branches:
- master
paths:
- 'charts/**'
- '.github/workflows/arc-publish-chart.yaml'
- '!charts/actions-runner-controller/docs/**'
- '!charts/gha-runner-scale-set-controller/**'
- '!charts/gha-runner-scale-set/**'
- '!**.md'
- "charts/**"
- ".github/workflows/arc-publish-chart.yaml"
- "!charts/actions-runner-controller/docs/**"
- "!charts/gha-runner-scale-set-controller/**"
- "!charts/gha-runner-scale-set/**"
- "!**.md"
workflow_dispatch:
inputs:
force:
description: 'Force publish even if the chart version is not bumped'
description: "Force publish even if the chart version is not bumped"
type: boolean
required: true
default: false
@ -45,6 +45,7 @@ jobs:
fetch-depth: 0
- name: Set up Helm
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
with:
version: ${{ env.HELM_VERSION }}
@ -60,10 +61,11 @@ jobs:
# python is a requirement for the chart-testing action below (supports yamllint among other tests)
- uses: actions/setup-python@v5
with:
python-version: '3.11'
python-version: "3.11"
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.0
# https://github.com/helm/chart-testing-action/releases/tag/v2.7.0
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
- name: Run chart-testing (list-changed)
id: list-changed
@ -79,7 +81,8 @@ jobs:
- name: Create kind cluster
if: steps.list-changed.outputs.changed == 'true'
uses: helm/kind-action@v1.4.0
# https://github.com/helm/kind-action/releases/tag/v1.12.0
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3
# We need cert-manager already installed in the cluster because we assume the CRDs exist
- name: Install cert-manager
@ -145,6 +148,7 @@ jobs:
- name: Get Token
id: get_workflow_token
# https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3
with:
application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }}
@ -152,7 +156,7 @@ jobs:
organization: ${{ env.CHART_TARGET_ORG }}
- name: Install chart-releaser
uses: helm/chart-releaser-action@v1.4.1
uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f
with:
install_only: true
install_dir: ${{ github.workspace }}/bin

7
.github/workflows/arc-publish.yaml vendored
View File

@ -9,10 +9,10 @@ on:
workflow_dispatch:
inputs:
release_tag_name:
description: 'Tag name of the release to publish'
description: "Tag name of the release to publish"
required: true
push_to_registries:
description: 'Push images to registries'
description: "Push images to registries"
required: true
type: boolean
default: false
@ -43,7 +43,7 @@ jobs:
- uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
go-version-file: "go.mod"
- name: Install tools
run: |
@ -73,6 +73,7 @@ jobs:
- name: Get Token
id: get_workflow_token
# https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3
with:
application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }}

7
.github/workflows/arc-release-runners.yaml vendored
View File

@ -7,10 +7,10 @@ on:
# are available to the workflow run
push:
branches:
- 'master'
- "master"
paths:
- 'runner/VERSION'
- '.github/workflows/arc-release-runners.yaml'
- "runner/VERSION"
- ".github/workflows/arc-release-runners.yaml"
env:
# Safeguard to prevent pushing images to registeries after build
@ -39,6 +39,7 @@ jobs:
- name: Get Token
id: get_workflow_token
# https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3
with:
application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }}

50
.github/workflows/arc-validate-chart.yaml vendored
View File

@ -5,20 +5,20 @@ on:
branches:
- master
paths:
- 'charts/**'
- '.github/workflows/arc-validate-chart.yaml'
- '!charts/actions-runner-controller/docs/**'
- '!**.md'
- '!charts/gha-runner-scale-set-controller/**'
- '!charts/gha-runner-scale-set/**'
- "charts/**"
- ".github/workflows/arc-validate-chart.yaml"
- "!charts/actions-runner-controller/docs/**"
- "!**.md"
- "!charts/gha-runner-scale-set-controller/**"
- "!charts/gha-runner-scale-set/**"
push:
paths:
- 'charts/**'
- '.github/workflows/arc-validate-chart.yaml'
- '!charts/actions-runner-controller/docs/**'
- '!**.md'
- '!charts/gha-runner-scale-set-controller/**'
- '!charts/gha-runner-scale-set/**'
- "charts/**"
- ".github/workflows/arc-validate-chart.yaml"
- "!charts/actions-runner-controller/docs/**"
- "!**.md"
- "!charts/gha-runner-scale-set-controller/**"
- "!charts/gha-runner-scale-set/**"
workflow_dispatch:
env:
KUBE_SCORE_VERSION: 1.10.0
@ -45,34 +45,19 @@ jobs:
fetch-depth: 0
- name: Set up Helm
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
with:
version: ${{ env.HELM_VERSION }}
- name: Set up kube-score
run: |
wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score
chmod 755 kube-score
- name: Kube-score generated manifests
run: helm template --values charts/.ci/values-kube-score.yaml charts/* | ./kube-score score -
--ignore-test pod-networkpolicy
--ignore-test deployment-has-poddisruptionbudget
--ignore-test deployment-has-host-podantiaffinity
--ignore-test container-security-context
--ignore-test pod-probes
--ignore-test container-image-tag
--enable-optional-test container-security-context-privileged
--enable-optional-test container-security-context-readonlyrootfilesystem
# python is a requirement for the chart-testing action below (supports yamllint among other tests)
- uses: actions/setup-python@v5
with:
python-version: '3.11'
python-version: "3.11"
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.0
# https://github.com/helm/chart-testing-action/releases/tag/v2.7.0
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
- name: Run chart-testing (list-changed)
id: list-changed
@ -87,7 +72,8 @@ jobs:
ct lint --config charts/.ci/ct-config.yaml
- name: Create kind cluster
uses: helm/kind-action@v1.4.0
# https://github.com/helm/kind-action/releases/tag/v1.12.0
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3
if: steps.list-changed.outputs.changed == 'true'
# We need cert-manager already installed in the cluster because we assume the CRDs exist

26
.github/workflows/arc-validate-runners.yaml vendored
View File

@ -3,11 +3,11 @@ name: Validate ARC Runners
on:
pull_request:
branches:
- '**'
- "**"
paths:
- 'runner/**'
- 'test/startup/**'
- '!**.md'
- "runner/**"
- "test/startup/**"
- "!**.md"
permissions:
contents: read
@ -25,21 +25,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: shellcheck
uses: reviewdog/action-shellcheck@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
path: "./runner"
pattern: |
*.sh
*.bash
update-status
# Make this consistent with `make shellsheck`
shellcheck_flags: "--shell bash --source-path runner"
exclude: "./.git/*"
check_all_files_with_shebangs: "false"
# Set this to "true" once we addressed all the shellcheck findings
fail_on_error: "false"
- name: "Run shellcheck"
run: make shellcheck
test-runner-entrypoint:
name: Test entrypoint
runs-on: ubuntu-latest

29
.github/workflows/gha-publish-chart.yaml vendored
View File

@ -4,27 +4,27 @@ on:
workflow_dispatch:
inputs:
ref:
description: 'The branch, tag or SHA to cut a release from'
description: "The branch, tag or SHA to cut a release from"
required: false
type: string
default: ''
default: ""
release_tag_name:
description: 'The name to tag the controller image with'
description: "The name to tag the controller image with"
required: true
type: string
default: 'canary'
default: "canary"
push_to_registries:
description: 'Push images to registries'
description: "Push images to registries"
required: true
type: boolean
default: false
publish_gha_runner_scale_set_controller_chart:
description: 'Publish new helm chart for gha-runner-scale-set-controller'
description: "Publish new helm chart for gha-runner-scale-set-controller"
required: true
type: boolean
default: false
publish_gha_runner_scale_set_chart:
description: 'Publish new helm chart for gha-runner-scale-set'
description: "Publish new helm chart for gha-runner-scale-set"
required: true
type: boolean
default: false
@ -72,10 +72,11 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
with:
# Pinning v0.9.1 for Buildx and BuildKit v0.10.6
# BuildKit v0.11 which has a bug causing intermittent
@ -84,14 +85,16 @@ jobs:
driver-opts: image=moby/buildkit:v0.10.6
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
# https://github.com/docker/login-action/releases/tag/v3.4.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & push controller image
uses: docker/build-push-action@v5
# https://github.com/docker/build-push-action/releases/tag/v6.15.0
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
with:
file: Dockerfile
platforms: linux/amd64,linux/arm64
@ -140,7 +143,7 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up Helm
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
with:
version: ${{ env.HELM_VERSION }}
@ -188,7 +191,7 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up Helm
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
with:
version: ${{ env.HELM_VERSION }}

31
.github/workflows/gha-validate-chart.yaml vendored
View File

@ -5,16 +5,16 @@ on:
branches:
- master
paths:
- 'charts/**'
- '.github/workflows/gha-validate-chart.yaml'
- '!charts/actions-runner-controller/**'
- '!**.md'
- "charts/**"
- ".github/workflows/gha-validate-chart.yaml"
- "!charts/actions-runner-controller/**"
- "!**.md"
push:
paths:
- 'charts/**'
- '.github/workflows/gha-validate-chart.yaml'
- '!charts/actions-runner-controller/**'
- '!**.md'
- "charts/**"
- ".github/workflows/gha-validate-chart.yaml"
- "!charts/actions-runner-controller/**"
- "!**.md"
workflow_dispatch:
env:
KUBE_SCORE_VERSION: 1.16.1
@ -41,7 +41,7 @@ jobs:
fetch-depth: 0
- name: Set up Helm
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2
# Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814
with:
version: ${{ env.HELM_VERSION }}
@ -49,10 +49,11 @@ jobs:
# python is a requirement for the chart-testing action below (supports yamllint among other tests)
- uses: actions/setup-python@v5
with:
python-version: '3.11'
python-version: "3.11"
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.6.0
# https://github.com/helm/chart-testing-action/releases/tag/v2.7.0
uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
- name: Run chart-testing (list-changed)
id: list-changed
@ -68,13 +69,14 @@ jobs:
ct lint --config charts/.ci/ct-config-gha.yaml
- name: Set up docker buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
if: steps.list-changed.outputs.changed == 'true'
with:
version: latest
- name: Build controller image
uses: docker/build-push-action@v5
# https://github.com/docker/build-push-action/releases/tag/v6.15.0
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
if: steps.list-changed.outputs.changed == 'true'
with:
file: Dockerfile
@ -89,7 +91,8 @@ jobs:
cache-to: type=gha,mode=max
- name: Create kind cluster
uses: helm/kind-action@v1.4.0
# https://github.com/helm/kind-action/releases/tag/v1.12.0
uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3
if: steps.list-changed.outputs.changed == 'true'
with:
cluster_name: chart-testing

61
.github/workflows/global-publish-canary.yaml vendored
View File

@ -7,30 +7,30 @@ on:
branches:
- master
paths-ignore:
- '**.md'
- '.github/actions/**'
- '.github/ISSUE_TEMPLATE/**'
- '.github/workflows/e2e-test-dispatch-workflow.yaml'
- '.github/workflows/gha-e2e-tests.yaml'
- '.github/workflows/arc-publish.yaml'
- '.github/workflows/arc-publish-chart.yaml'
- '.github/workflows/gha-publish-chart.yaml'
- '.github/workflows/arc-release-runners.yaml'
- '.github/workflows/global-run-codeql.yaml'
- '.github/workflows/global-run-first-interaction.yaml'
- '.github/workflows/global-run-stale.yaml'
- '.github/workflows/arc-update-runners-scheduled.yaml'
- '.github/workflows/validate-arc.yaml'
- '.github/workflows/arc-validate-chart.yaml'
- '.github/workflows/gha-validate-chart.yaml'
- '.github/workflows/arc-validate-runners.yaml'
- '.github/dependabot.yml'
- '.github/RELEASE_NOTE_TEMPLATE.md'
- 'runner/**'
- '.gitignore'
- 'PROJECT'
- 'LICENSE'
- 'Makefile'
- "**.md"
- ".github/actions/**"
- ".github/ISSUE_TEMPLATE/**"
- ".github/workflows/e2e-test-dispatch-workflow.yaml"
- ".github/workflows/gha-e2e-tests.yaml"
- ".github/workflows/arc-publish.yaml"
- ".github/workflows/arc-publish-chart.yaml"
- ".github/workflows/gha-publish-chart.yaml"
- ".github/workflows/arc-release-runners.yaml"
- ".github/workflows/global-run-codeql.yaml"
- ".github/workflows/global-run-first-interaction.yaml"
- ".github/workflows/global-run-stale.yaml"
- ".github/workflows/arc-update-runners-scheduled.yaml"
- ".github/workflows/validate-arc.yaml"
- ".github/workflows/arc-validate-chart.yaml"
- ".github/workflows/gha-validate-chart.yaml"
- ".github/workflows/arc-validate-runners.yaml"
- ".github/dependabot.yml"
- ".github/RELEASE_NOTE_TEMPLATE.md"
- "runner/**"
- ".gitignore"
- "PROJECT"
- "LICENSE"
- "Makefile"
# https://docs.github.com/en/rest/overview/permissions-required-for-github-apps
permissions:
@ -59,6 +59,7 @@ jobs:
- name: Get Token
id: get_workflow_token
# https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0
uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3
with:
application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }}
@ -93,7 +94,8 @@ jobs:
uses: actions/checkout@v4
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
# https://github.com/docker/login-action/releases/tag/v3.4.0
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -110,16 +112,19 @@ jobs:
echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# https://github.com/docker/setup-buildx-action/releases/tag/v3.10.0
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
with:
version: latest
# Unstable builds - run at your own risk
- name: Build and Push
uses: docker/build-push-action@v5
# https://github.com/docker/build-push-action/releases/tag/v6.15.0
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
with:
context: .
file: ./Dockerfile

29
.github/workflows/go.yaml vendored
View File

@ -4,16 +4,16 @@ on:
branches:
- master
paths:
- '.github/workflows/go.yaml'
- '**.go'
- 'go.mod'
- 'go.sum'
- ".github/workflows/go.yaml"
- "**.go"
- "go.mod"
- "go.sum"
pull_request:
paths:
- '.github/workflows/go.yaml'
- '**.go'
- 'go.mod'
- 'go.sum'
- ".github/workflows/go.yaml"
- "**.go"
- "go.mod"
- "go.sum"
permissions:
contents: read
@ -32,7 +32,7 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
go-version-file: "go.mod"
cache: false
- name: fmt
run: go fmt ./...
@ -45,13 +45,14 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
go-version-file: "go.mod"
cache: false
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
# https://github.com/golangci/golangci-lint-action/releases/tag/v6.5.2
uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84
with:
only-new-issues: true
version: v1.55.2
version: v1.64.8
generate:
runs-on: ubuntu-latest
@ -59,7 +60,7 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
go-version-file: "go.mod"
cache: false
- name: Generate
run: make generate
@ -72,7 +73,7 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
go-version-file: "go.mod"
- run: make manifests
- name: Check diff
run: git diff --exit-code

4
.golangci.yaml
View File

@ -1,8 +1,8 @@
run:
timeout: 3m
timeout: 5m
output:
formats:
- format: github-actions
- format: colored-line-number
path: stdout
linters-settings:
errcheck:

4
Makefile
View File

@ -20,7 +20,7 @@ KUBECONTEXT ?= kind-acceptance
CLUSTER ?= acceptance
CERT_MANAGER_VERSION ?= v1.1.1
KUBE_RBAC_PROXY_VERSION ?= v0.11.0
SHELLCHECK_VERSION ?= 0.8.0
SHELLCHECK_VERSION ?= 0.10.0
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
CRD_OPTIONS ?= "crd:generateEmbeddedObjectMeta=true,allowDangerousTypes=true"
@ -204,7 +204,7 @@ generate: controller-gen
# Run shellcheck on runner scripts
shellcheck: shellcheck-install
$(TOOLS_PATH)/shellcheck --shell bash --source-path runner runner/*.sh hack/*.sh
$(TOOLS_PATH)/shellcheck --shell bash --source-path runner runner/*.sh runner/update-status hack/*.sh
docker-buildx:
export DOCKER_CLI_EXPERIMENTAL=enabled ;\

10
acceptance/pipelines/eks-integration-tests.yaml
View File

@ -10,16 +10,17 @@ env:
jobs:
assume-role-in-runner-test:
runs-on: ['self-hosted', 'Linux']
runs-on: ["self-hosted", "Linux"]
steps:
- name: Test aws-actions/configure-aws-credentials Action
uses: aws-actions/configure-aws-credentials@v1
# https://github.com/aws-actions/configure-aws-credentials/releases/tag/v4.1.0
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.ASSUME_ROLE_ARN }}
role-duration-seconds: 900
assume-role-in-container-test:
runs-on: ['self-hosted', 'Linux']
runs-on: ["self-hosted", "Linux"]
container:
image: amazon/aws-cli
env:
@ -29,7 +30,8 @@ jobs:
- /var/run/secrets/eks.amazonaws.com/serviceaccount/token:/var/run/secrets/eks.amazonaws.com/serviceaccount/token
steps:
- name: Test aws-actions/configure-aws-credentials Action in container
uses: aws-actions/configure-aws-credentials@v1
# https://github.com/aws-actions/configure-aws-credentials/releases/tag/v4.1.0
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.ASSUME_ROLE_ARN }}

15
acceptance/pipelines/runner-integration-tests.yaml
View File

@ -8,7 +8,7 @@ env:
jobs:
run-step-in-container-test:
runs-on: ['self-hosted', 'Linux']
runs-on: ["self-hosted", "Linux"]
container:
image: alpine
steps:
@ -21,7 +21,7 @@ jobs:
exit 1
fi
setup-python-test:
runs-on: ['self-hosted', 'Linux']
runs-on: ["self-hosted", "Linux"]
steps:
- name: Print native Python environment
run: |
@ -41,11 +41,11 @@ jobs:
echo "Python version detected : $(python --version 2>&1)"
fi
setup-node-test:
runs-on: ['self-hosted', 'Linux']
runs-on: ["self-hosted", "Linux"]
steps:
- uses: actions/setup-node@v2
with:
node-version: '12'
node-version: "12"
- name: Test actions/setup-node works
run: |
VERSION=$(node --version | cut -c 2- | cut -d '.' -f1)
@ -57,9 +57,10 @@ jobs:
echo "Node version detected : $(node --version 2>&1)"
fi
setup-ruby-test:
runs-on: ['self-hosted', 'Linux']
runs-on: ["self-hosted", "Linux"]
steps:
- uses: ruby/setup-ruby@v1
# https://github.com/ruby/setup-ruby/releases/tag/v1.227.0
- uses: ruby/setup-ruby@1a615958ad9d422dd932dc1d5823942ee002799f
with:
ruby-version: 3.0
bundler-cache: true
@ -74,7 +75,7 @@ jobs:
echo "Ruby version detected : $(ruby --version 2>&1)"
fi
python-shell-test:
runs-on: ['self-hosted', 'Linux']
runs-on: ["self-hosted", "Linux"]
steps:
- name: Test Python shell works
run: |

6
charts/.ci/ct-config-gha.yaml
View File

@ -1,9 +1,11 @@
# This file defines the config for "ct" (chart tester) used by the helm linting GitHub workflow
remote: origin
target-branch: master
lint-conf: charts/.ci/lint-config.yaml
chart-repos:
- jetstack=https://charts.jetstack.io
check-version-increment: false # Disable checking that the chart version has been bumped
charts:
- charts/gha-runner-scale-set-controller
- charts/gha-runner-scale-set
- charts/gha-runner-scale-set-controller
- charts/gha-runner-scale-set
skip-clean-up: true

4
charts/.ci/ct-config.yaml
View File

@ -1,7 +1,9 @@
# This file defines the config for "ct" (chart tester) used by the helm linting GitHub workflow
remote: origin
target-branch: master
lint-conf: charts/.ci/lint-config.yaml
chart-repos:
- jetstack=https://charts.jetstack.io
check-version-increment: false # Disable checking that the chart version has been bumped
charts:
- charts/actions-runner-controller
- charts/actions-runner-controller

1
charts/.ci/scripts/local-kube-score.sh
View File

@ -1,6 +1,5 @@
#!/bin/bash
for chart in `ls charts`;
do
helm template --values charts/$chart/ci/ci-values.yaml charts/$chart | kube-score score - \

6
test/e2e/e2e_test.go
View File

@ -1181,7 +1181,7 @@ func installActionsWorkflow(t *testing.T, testName, runnerLabel, testResultCMNam
steps = append(steps,
testing.Step{
Name: "Set up Docker Buildx",
Uses: "docker/setup-buildx-action@v1",
Uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2",
With: setupBuildXActionWith,
},
testing.Step{
@ -1193,7 +1193,7 @@ func installActionsWorkflow(t *testing.T, testName, runnerLabel, testResultCMNam
Run: "docker run --rm test1",
},
testing.Step{
Uses: "addnab/docker-run-action@v3",
Uses: "addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185",
With: &testing.With{
Image: "test1",
Run: "hello",
@ -1234,7 +1234,7 @@ func installActionsWorkflow(t *testing.T, testName, runnerLabel, testResultCMNam
steps = append(steps,
testing.Step{
Uses: "azure/setup-kubectl@v1",
Uses: "azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f",
With: &testing.With{
Version: "v1.24.0",
},