diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml deleted file mode 100644 index 5709a741..00000000 --- a/.github/ISSUE_TEMPLATE/config.yml +++ /dev/null @@ -1,17 +0,0 @@ -blank_issues_enabled: false -contact_links: -- name: Feature requests for the gha-runner-scale-set (actions.github.com API group) - about: Feature requests associated with the actions.github.com group should be posted on the GitHub Community Support Forum - url: https://github.com/orgs/community/discussions/categories/actions -- name: Sponsor ARC Maintainers - about: If your business relies on the continued maintainance of actions-runner-controller, please consider sponsoring the project and the maintainers. - url: https://github.com/actions/actions-runner-controller/tree/master/CODEOWNERS -- name: Ideas and Feature Requests - about: Wanna request a feature? Create a discussion and collect :+1:s first. - url: https://github.com/actions/actions-runner-controller/discussions/new?category=ideas -- name: Questions and User Support - about: Need support using ARC? We use Discussions as the place to provide community support. - url: https://github.com/actions/actions-runner-controller/discussions/new?category=questions -- name: Need Paid Support? - about: Consider contracting with any of the actions-runner-controller maintainers and contributors. - url: https://github.com/actions/actions-runner-controller/tree/master/CODEOWNERS diff --git a/.github/ISSUE_TEMPLATE/github_bug_report.yaml b/.github/ISSUE_TEMPLATE/github_bug_report.yaml deleted file mode 100644 index 8422a5d3..00000000 --- a/.github/ISSUE_TEMPLATE/github_bug_report.yaml +++ /dev/null @@ -1,113 +0,0 @@ -name: Bug Report (actions.github.com API group) -description: File a bug report for actions.github.com API group -title: "" -labels: ["bug", "needs triage", "gha-runner-scale-set"] -body: -- type: checkboxes - id: read-troubleshooting-guide - attributes: - label: Checks - description: Please check all the boxes below before submitting - options: - - label: I've already read https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors and I'm sure my issue is not covered in the troubleshooting guide. - required: true - - - label: I am using charts that are officially provided -- type: input - id: controller-version - attributes: - label: Controller Version - description: Refers to semver-like release tags for controller versions. Any release tags prefixed with `gha-runner-scale-set-` are releases associated with this API group - placeholder: ex. 0.6.1 - validations: - required: true -- type: dropdown - id: deployment-method - attributes: - label: Deployment Method - description: Which deployment method did you use to install ARC? - options: - - Helm - - Kustomize - - ArgoCD - - Other - validations: - required: true -- type: checkboxes - id: checks - attributes: - label: Checks - description: Please check all the boxes below before submitting - options: - - label: This isn't a question or user support case (For Q&A and community support, go to [Discussions](https://github.com/actions/actions-runner-controller/discussions)). - required: true - - label: I've read the [Changelog](https://github.com/actions/actions-runner-controller/blob/master/docs/gha-runner-scale-set-controller/README.md#changelog) before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes - required: true -- type: textarea - id: reproduction-steps - attributes: - label: To Reproduce - description: "Steps to reproduce the behavior" - render: markdown - placeholder: | - 1. Go to '...' - 2. Click on '....' - 3. Scroll down to '....' - 4. See error - validations: - required: true -- type: textarea - id: actual-behavior - attributes: - label: Describe the bug - description: Also tell us, what did happen? - placeholder: A clear and concise description of what happened. - validations: - required: true - -- type: textarea - id: expected-behavior - attributes: - label: Describe the expected behavior - description: Also tell us, what did you expect to happen? - placeholder: A clear and concise description of what the expected behavior is. - validations: - required: true - -- type: textarea - id: additional-context - attributes: - label: Additional Context - render: yaml - description: | - Provide `values.yaml` files that are relevant for this issue. PLEASE REDACT ANY INFORMATION THAT SHOULD NOT BE PUBLICALY AVAILABLE, LIKE GITHUB TOKEN FOR EXAMPLE. - placeholder: | - PLEASE REDACT ANY INFORMATION THAT SHOULD NOT BE PUBLICALY AVAILABLE, LIKE GITHUB TOKEN FOR EXAMPLE. - validations: - required: true - -- type: textarea - id: controller-logs - attributes: - label: Controller Logs - description: "NEVER EVER OMIT THIS! Include complete logs from `actions-runner-controller`'s controller-manager pod." - render: shell - placeholder: | - PROVIDE THE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA - - To grab controller logs: - - kubectl logs -n $NAMESPACE deployments/$CONTROLLER_DEPLOYMENT - validations: - required: true -- type: textarea - id: runner-pod-logs - attributes: - label: Runner Pod Logs - description: "Include logs and kubectl describe output from runner pod(s)." - render: shell - placeholder: | - PROVIDE THE WHOLE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA - validations: - required: true - diff --git a/.github/ISSUE_TEMPLATE/summerwind_bug_report.yaml b/.github/ISSUE_TEMPLATE/summerwind_bug_report.yaml deleted file mode 100644 index 48c2e31e..00000000 --- a/.github/ISSUE_TEMPLATE/summerwind_bug_report.yaml +++ /dev/null @@ -1,191 +0,0 @@ -name: Bug Report (actions.summerwind.net API group) -description: File a bug report for actions.summerwind.net API group -title: "" -labels: ["bug", "needs triage", "community"] -body: -- type: checkboxes - id: read-troubleshooting-guide - attributes: - label: Checks - description: Please check all the boxes below before submitting - options: - - label: I've already read https://github.com/actions/actions-runner-controller/blob/master/TROUBLESHOOTING.md and I'm sure my issue is not covered in the troubleshooting guide. - required: true - - label: I'm not using a custom entrypoint in my runner image - required: true -- type: input - id: controller-version - attributes: - label: Controller Version - description: Refer to semver-like release tags for controller versions. Any release tags prefixed with `actions-runner-controller-` are for chart releases - placeholder: ex. 0.18.2 or git commit ID - validations: - required: true -- type: input - id: chart-version - attributes: - label: Helm Chart Version - description: Run `helm list` and see what's shown under CHART VERSION. Any release tags prefixed with `actions-runner-controller-` are for chart releases - placeholder: ex. 0.11.0 -- type: input - id: cert-manager-version - attributes: - label: CertManager Version - description: Run `kubectl get po -o yaml $CERT_MANAGER_POD` and see the image tag, or run `helm list` and see what's shown under APP VERSION for your cert-manager Helm release. - placeholder: ex. 1.8 -- type: dropdown - id: deployment-method - attributes: - label: Deployment Method - description: Which deployment method did you use to install ARC? - options: - - Helm - - Kustomize - - ArgoCD - - Other - validations: - required: true -- type: textarea - id: cert-manager - attributes: - label: cert-manager installation - description: Confirm that you've installed cert-manager correctly by answering a few questions - placeholder: | - - Did you follow https://github.com/actions/actions-runner-controller#installation? If not, describe the installation process so that we can reproduce your environment. - - Are you sure you've installed cert-manager from an official source? - (Note that we won't provide user support for cert-manager itself. Make sure cert-manager is fully working before testing ARC or reporting a bug - validations: - required: true -- type: checkboxes - id: checks - attributes: - label: Checks - description: Please check all the boxes below before submitting - options: - - label: This isn't a question or user support case (For Q&A and community support, go to [Discussions](https://github.com/actions/actions-runner-controller/discussions). It might also be a good idea to contract with any of contributors and maintainers if your business is so critical and therefore you need priority support - required: true - - label: I've read [releasenotes](https://github.com/actions/actions-runner-controller/tree/master/docs/releasenotes) before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes - required: true - - label: My actions-runner-controller version (v0.x.y) does support the feature - required: true - - label: I've already upgraded ARC (including the CRDs, see charts/actions-runner-controller/docs/UPGRADING.md for details) to the latest and it didn't fix the issue - required: true - - label: I've migrated to the workflow job webhook event (if you using webhook driven scaling) - required: true -- type: textarea - id: resource-definitions - attributes: - label: Resource Definitions - description: "Add copy(s) of your resource definition(s) (RunnerDeployment or RunnerSet, and HorizontalRunnerAutoscaler. If RunnerSet, also include the StorageClass being used)" - render: yaml - placeholder: | - apiVersion: actions.summerwind.dev/v1alpha1 - kind: RunnerDeployment - metadata: - name: example - spec: - #snip - --- - apiVersion: actions.summerwind.dev/v1alpha1 - kind: RunnerSet - metadata: - name: example - spec: - #snip - --- - apiVersion: storage.k8s.io/v1 - kind: StorageClass - metadata: - name: example - provisioner: ... - reclaimPolicy: ... - volumeBindingMode: ... - --- - apiVersion: actions.summerwind.dev/v1alpha1 - kind: HorizontalRunnerAutoscaler - metadata: - name: - spec: - #snip - validations: - required: true -- type: textarea - id: reproduction-steps - attributes: - label: To Reproduce - description: "Steps to reproduce the behavior" - render: markdown - placeholder: | - 1. Go to '...' - 2. Click on '....' - 3. Scroll down to '....' - 4. See error - validations: - required: true -- type: textarea - id: actual-behavior - attributes: - label: Describe the bug - description: Also tell us, what did happen? - placeholder: A clear and concise description of what happened. - validations: - required: true -- type: textarea - id: expected-behavior - attributes: - label: Describe the expected behavior - description: Also tell us, what did you expect to happen? - placeholder: A clear and concise description of what the expected behavior is. - validations: - required: true -- type: textarea - id: controller-logs - attributes: - label: Whole Controller Logs - description: "NEVER EVER OMIT THIS! Include logs from `actions-runner-controller`'s controller-manager pod. Don't omit the parts you think irrelevant!" - render: shell - placeholder: | - PROVIDE THE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA - - To grab controller logs: - - # Set NS according to your setup - NS=actions-runner-system - - # Grab the pod name and set it to $POD_NAME - kubectl -n $NS get po - - kubectl -n $NS logs $POD_NAME > arc.log - validations: - required: true -- type: textarea - id: runner-pod-logs - attributes: - label: Whole Runner Pod Logs - description: "Include logs from runner pod(s). Please don't omit the parts you think irrelevant!" - render: shell - placeholder: | - PROVIDE THE WHOLE LOGS VIA A GIST LINK (https://gist.github.com/), NOT DIRECTLY IN THIS TEXT AREA - - To grab the runner pod logs: - - # Set NS according to your setup. It should match your RunnerDeployment's metadata.namespace. - NS=default - - # Grab the name of the problematic runner pod and set it to $POD_NAME - kubectl -n $NS get po - - kubectl -n $NS logs $POD_NAME -c runner > runnerpod_runner.log - kubectl -n $NS logs $POD_NAME -c docker > runnerpod_docker.log - - If any of the containers are getting terminated immediately, try adding `--previous` to the kubectl-logs command to obtain logs emitted before the termination. - validations: - required: true -- type: textarea - id: additional-context - attributes: - label: Additional Context - description: | - Add any other context about the problem here. - - Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. diff --git a/.github/ISSUE_TEMPLATE/summerwind_feature_request.md b/.github/ISSUE_TEMPLATE/summerwind_feature_request.md deleted file mode 100644 index 2e6590e6..00000000 --- a/.github/ISSUE_TEMPLATE/summerwind_feature_request.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -name: Feature request (actions.summerwind.net API group) -about: Suggest an idea for this project -labels: ["enhancement", "needs triage", "community"] -title: '' -assignees: '' ---- - -### What would you like added? - -*A clear and concise description of what you want to happen.* - -Note: Feature requests to integrate vendor specific cloud tools (e.g. `awscli`, `gcloud-sdk`, `azure-cli`) will likely be rejected as the Runner image aims to be vendor agnostic. - -### Why is this needed? - -*A clear and concise description of any alternative solutions or features you've considered.* - -### Additional context - -*Add any other context or screenshots about the feature request here.* diff --git a/.github/RELEASE_NOTE_TEMPLATE.md b/.github/RELEASE_NOTE_TEMPLATE.md deleted file mode 100644 index 4514fb4c..00000000 --- a/.github/RELEASE_NOTE_TEMPLATE.md +++ /dev/null @@ -1,34 +0,0 @@ -# Release Note Template - -This is the template of actions-runner-controller's release notes. - -Whenever a new release is made, I start by manually copy-pasting this template onto the GitHub UI for creating the release. - -I then walk-through all the changes, take sometime to think abount best one-sentence explanations to tell the users about changes, write it all, -and click the publish button. - -If you think you can improve future release notes in any way, please do submit a pull request to change the template below. - -Note that even though it looks like a Go template, I don't use any templating to generate the changelog. -It's just that I'm used to reading and intepreting Go template by myself, not a computer program :) - -**Title**: - -``` -v{{ .Version }}: {{ .TitlesOfImportantChanges }} -``` - -**Body**: - -``` -**CAUTION:** If you're using the Helm chart, beware to review changes to CRDs and do manually upgrade CRDs! Helm installs CRDs only on installing a chart. It doesn't automatically upgrade CRDs. Otherwise you end up with troubles like #427, #467, and #468. Please refer to the [UPGRADING](charts/actions-runner-controller/docs/UPGRADING.md) docs for the latest process. - -This release includes the following changes from contributors. Thank you! - -- @{{ .GitHubUser }} fixed {{ .Feature }} to not break when ... (#{{ .PullRequestNumber }}) -- @{{ .GitHubUser }} enhanced {{ .Feature }} to ... (#{{ .PullRequestNumber }}) -- @{{ .GitHubUser }} added {{ .Feature }} for ... (#{{ .PullRequestNumber }}) -- @{{ .GitHubUser }} fixed {{ .Topic }} in the documentation so that ... (#{{ .PullRequestNumber }}) -- @{{ .GitHubUser }} added {{ .Topic }} to the documentation (#{{ .PullRequestNumber }}) -- @{{ .GitHubUser }} improved the documentation about {{ .Topic }} to also cover ... (#{{ .PullRequestNumber }}) -``` diff --git a/.github/actions/execute-assert-arc-e2e/action.yaml b/.github/actions/execute-assert-arc-e2e/action.yaml deleted file mode 100644 index 872d02d9..00000000 --- a/.github/actions/execute-assert-arc-e2e/action.yaml +++ /dev/null @@ -1,215 +0,0 @@ -name: 'Execute and Assert ARC E2E Test Action' -description: 'Queue E2E test workflow and assert workflow run result to be succeed' - -inputs: - auth-token: - description: 'GitHub access token to queue workflow run' - required: true - repo-owner: - description: "The repository owner name that has the test workflow file, ex: actions" - required: true - repo-name: - description: "The repository name that has the test workflow file, ex: test" - required: true - workflow-file: - description: 'The file name of the workflow yaml, ex: test.yml' - required: true - arc-name: - description: 'The name of the configured gha-runner-scale-set' - required: true - arc-namespace: - description: 'The namespace of the configured gha-runner-scale-set' - required: true - arc-controller-namespace: - description: 'The namespace of the configured gha-runner-scale-set-controller' - required: true - wait-to-finish: - description: 'Wait for the workflow run to finish' - required: true - default: "true" - wait-to-running: - description: 'Wait for the workflow run to start running' - required: true - default: "false" - -runs: - using: "composite" - steps: - - name: Queue test workflow - shell: bash - id: queue_workflow - run: | - queue_time=`date +%FT%TZ` - echo "queue_time=$queue_time" >> $GITHUB_OUTPUT - curl -X POST https://api.github.com/repos/${{inputs.repo-owner}}/${{inputs.repo-name}}/actions/workflows/${{inputs.workflow-file}}/dispatches \ - -H "Accept: application/vnd.github.v3+json" \ - -H "Authorization: token ${{inputs.auth-token}}" \ - -d '{"ref": "main", "inputs": { "arc_name": "${{inputs.arc-name}}" } }' - - - name: Fetch workflow run & job ids - uses: actions/github-script@v7 - id: query_workflow - with: - script: | - // Try to find the workflow run triggered by the previous step using the workflow_dispatch event. - // - Find recently create workflow runs in the test repository - // - For each workflow run, list its workflow job and see if the job's labels contain `inputs.arc-name` - // - Since the inputs.arc-name should be unique per e2e workflow run, once we find the job with the label, we find the workflow that we just triggered. - function sleep(ms) { - return new Promise(resolve => setTimeout(resolve, ms)) - } - const owner = '${{inputs.repo-owner}}' - const repo = '${{inputs.repo-name}}' - const workflow_id = '${{inputs.workflow-file}}' - let workflow_run_id = 0 - let workflow_job_id = 0 - let workflow_run_html_url = "" - let count = 0 - while (count++<12) { - await sleep(10 * 1000); - let listRunResponse = await github.rest.actions.listWorkflowRuns({ - owner: owner, - repo: repo, - workflow_id: workflow_id, - created: '>${{steps.queue_workflow.outputs.queue_time}}' - }) - if (listRunResponse.data.total_count > 0) { - console.log(`Found some new workflow runs for ${workflow_id}`) - for (let i = 0; i 0) { - for (let j = 0; j 0) { - break; - } - } - } - - if (workflow_job_id > 0) { - break; - } - } - if (workflow_job_id == 0) { - core.setFailed(`Can't find workflow run and workflow job triggered to 'runs-on ${{inputs.arc-name}}'`) - } else { - core.setOutput('workflow_run', workflow_run_id); - core.setOutput('workflow_job', workflow_job_id); - core.setOutput('workflow_run_url', workflow_run_html_url); - } - - - name: Generate summary about the triggered workflow run - shell: bash - run: | - cat <<-EOF > $GITHUB_STEP_SUMMARY - | **Triggered workflow run** | - |:--------------------------:| - | ${{steps.query_workflow.outputs.workflow_run_url}} | - EOF - - - name: Wait for workflow to start running - if: inputs.wait-to-running == 'true' && inputs.wait-to-finish == 'false' - uses: actions/github-script@v7 - with: - script: | - function sleep(ms) { - return new Promise(resolve => setTimeout(resolve, ms)) - } - const owner = '${{inputs.repo-owner}}' - const repo = '${{inputs.repo-name}}' - const workflow_run_id = ${{steps.query_workflow.outputs.workflow_run}} - const workflow_job_id = ${{steps.query_workflow.outputs.workflow_job}} - let count = 0 - while (count++<10) { - await sleep(30 * 1000); - let getRunResponse = await github.rest.actions.getWorkflowRun({ - owner: owner, - repo: repo, - run_id: workflow_run_id - }) - console.log(`${getRunResponse.data.html_url}: ${getRunResponse.data.status} (${getRunResponse.data.conclusion})`); - if (getRunResponse.data.status == 'in_progress') { - console.log(`Workflow run is in progress.`) - return - } - } - core.setFailed(`The triggered workflow run didn't start properly using ${{inputs.arc-name}}`) - - - name: Wait for workflow to finish successfully - if: inputs.wait-to-finish == 'true' - uses: actions/github-script@v7 - with: - script: | - // Wait 5 minutes and make sure the workflow run we triggered completed with result 'success' - function sleep(ms) { - return new Promise(resolve => setTimeout(resolve, ms)) - } - const owner = '${{inputs.repo-owner}}' - const repo = '${{inputs.repo-name}}' - const workflow_run_id = ${{steps.query_workflow.outputs.workflow_run}} - const workflow_job_id = ${{steps.query_workflow.outputs.workflow_job}} - let count = 0 - while (count++<10) { - await sleep(30 * 1000); - let getRunResponse = await github.rest.actions.getWorkflowRun({ - owner: owner, - repo: repo, - run_id: workflow_run_id - }) - console.log(`${getRunResponse.data.html_url}: ${getRunResponse.data.status} (${getRunResponse.data.conclusion})`); - if (getRunResponse.data.status == 'completed') { - if ( getRunResponse.data.conclusion == 'success') { - console.log(`Workflow run finished properly.`) - return - } else { - core.setFailed(`The triggered workflow run finish with result ${getRunResponse.data.conclusion}`) - return - } - } - } - core.setFailed(`The triggered workflow run didn't finish properly using ${{inputs.arc-name}}`) - - - name: Gather listener logs - shell: bash - if: always() - run: | - LISTENER_POD="$(kubectl get autoscalinglisteners.actions.github.com -n arc-systems -o jsonpath='{.items[*].metadata.name}')" - kubectl logs $LISTENER_POD -n ${{inputs.arc-controller-namespace}} - - - name: Gather coredns logs - shell: bash - if: always() - run: | - kubectl logs deployments/coredns -n kube-system - - - name: cleanup - if: inputs.wait-to-finish == 'true' - shell: bash - run: | - helm uninstall ${{ inputs.arc-name }} --namespace ${{inputs.arc-namespace}} --debug - kubectl wait --timeout=30s --for=delete AutoScalingRunnerSet -n ${{inputs.arc-namespace}} -l app.kubernetes.io/instance=${{ inputs.arc-name }} - - - name: Gather controller logs - shell: bash - if: always() - run: | - kubectl logs deployment/arc-gha-rs-controller -n ${{inputs.arc-controller-namespace}} \ No newline at end of file diff --git a/.github/actions/setup-arc-e2e/action.yaml b/.github/actions/setup-arc-e2e/action.yaml deleted file mode 100644 index dbcd4762..00000000 --- a/.github/actions/setup-arc-e2e/action.yaml +++ /dev/null @@ -1,65 +0,0 @@ -name: "Setup ARC E2E Test Action" -description: "Build controller image, create kind cluster, load the image, and exchange ARC configure token." - -inputs: - app-id: - description: "GitHub App Id for exchange access token" - required: true - app-pk: - description: "GitHub App private key for exchange access token" - required: true - image-name: - description: "Local docker image name for building" - required: true - image-tag: - description: "Tag of ARC Docker image for building" - required: true - target-org: - description: "The test organization for ARC e2e test" - required: true - -outputs: - token: - description: "Token to use for configure ARC" - value: ${{steps.config-token.outputs.token}} - -runs: - using: "composite" - steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 - with: - # Pinning v0.9.1 for Buildx and BuildKit v0.10.6 - # BuildKit v0.11 which has a bug causing intermittent - # failures pushing images to GHCR - version: v0.9.1 - driver-opts: image=moby/buildkit:v0.10.6 - - - name: Build controller image - # https://github.com/docker/build-push-action/releases/tag/v6.18.0 - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 - with: - file: Dockerfile - platforms: linux/amd64 - load: true - build-args: | - DOCKER_IMAGE_NAME=${{inputs.image-name}} - VERSION=${{inputs.image-tag}} - tags: | - ${{inputs.image-name}}:${{inputs.image-tag}} - no-cache: true - - - name: Create minikube cluster and load image - shell: bash - run: | - minikube start - minikube image load ${{inputs.image-name}}:${{inputs.image-tag}} - - - name: Get configure token - id: config-token - # https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0 - uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 - with: - application_id: ${{ inputs.app-id }} - application_private_key: ${{ inputs.app-pk }} - organization: ${{ inputs.target-org}} diff --git a/.github/actions/setup-docker-environment/action.yaml b/.github/actions/setup-docker-environment/action.yaml deleted file mode 100644 index 6053125e..00000000 --- a/.github/actions/setup-docker-environment/action.yaml +++ /dev/null @@ -1,51 +0,0 @@ -name: "Setup Docker" - -inputs: - username: - description: "Username" - required: true - password: - description: "Password" - required: true - ghcr_username: - description: "GHCR username. Usually set from the github.actor variable" - required: true - ghcr_password: - description: "GHCR password. Usually set from the secrets.GITHUB_TOKEN variable" - required: true - -runs: - using: "composite" - steps: - - name: Get Short SHA - id: vars - run: | - echo "sha_short=${GITHUB_SHA::7}" >> $GITHUB_ENV - shell: bash - - - name: Set up QEMU - # https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0 - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 - - - name: Set up Docker Buildx - # https://github.com/docker/setup-buildx-action/releases/tag/v3.10.0 - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 - with: - version: latest - - - name: Login to DockerHub - if: ${{ github.event_name == 'release' || github.event_name == 'push' && github.ref == 'refs/heads/master' && inputs.password != '' }} - # https://github.com/docker/login-action/releases/tag/v3.4.0 - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 - with: - username: ${{ inputs.username }} - password: ${{ inputs.password }} - - - name: Login to GitHub Container Registry - if: ${{ github.event_name == 'release' || github.event_name == 'push' && github.ref == 'refs/heads/master' && inputs.ghcr_password != '' }} - # https://github.com/docker/login-action/releases/tag/v3.4.0 - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 - with: - registry: ghcr.io - username: ${{ inputs.ghcr_username }} - password: ${{ inputs.ghcr_password }} diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index bf19191e..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,23 +0,0 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - -version: 2 -updates: - - package-ecosystem: "gomod" # See documentation for possible values - directory: "/" # Location of package manifests - schedule: - interval: "weekly" - groups: - gomod: - patterns: - - "*" - - package-ecosystem: github-actions - directory: "/" - schedule: - interval: "weekly" - groups: - actions: - patterns: - - "*" diff --git a/.github/workflows/arc-publish-chart.yaml b/.github/workflows/arc-publish-chart.yaml deleted file mode 100644 index 9ea4f5ab..00000000 --- a/.github/workflows/arc-publish-chart.yaml +++ /dev/null @@ -1,212 +0,0 @@ -name: Publish ARC Helm Charts - -# Revert to https://github.com/actions-runner-controller/releases#releases -# for details on why we use this approach -on: - push: - branches: - - master - paths: - - "charts/**" - - ".github/workflows/arc-publish-chart.yaml" - - "!charts/actions-runner-controller/docs/**" - - "!charts/gha-runner-scale-set-controller/**" - - "!charts/gha-runner-scale-set/**" - - "!**.md" - workflow_dispatch: - inputs: - force: - description: "Force publish even if the chart version is not bumped" - type: boolean - required: true - default: false - -env: - KUBE_SCORE_VERSION: 1.10.0 - HELM_VERSION: v3.8.0 - -permissions: - contents: write - -concurrency: - group: ${{ github.workflow }} - cancel-in-progress: true - -jobs: - lint-chart: - name: Lint Chart - runs-on: ubuntu-latest - outputs: - publish-chart: ${{ steps.publish-chart-step.outputs.publish }} - steps: - - name: Checkout - uses: actions/checkout@v5 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 - with: - version: ${{ env.HELM_VERSION }} - - - name: Set up kube-score - run: | - wget https://github.com/zegl/kube-score/releases/download/v${{ env.KUBE_SCORE_VERSION }}/kube-score_${{ env.KUBE_SCORE_VERSION }}_linux_amd64 -O kube-score - chmod 755 kube-score - - - name: Kube-score generated manifests - run: helm template --values charts/.ci/values-kube-score.yaml charts/* | ./kube-score score - --ignore-test pod-networkpolicy --ignore-test deployment-has-poddisruptionbudget --ignore-test deployment-has-host-podantiaffinity --ignore-test container-security-context --ignore-test pod-probes --ignore-test container-image-tag --enable-optional-test container-security-context-privileged --enable-optional-test container-security-context-readonlyrootfilesystem - - # python is a requirement for the chart-testing action below (supports yamllint among other tests) - - uses: actions/setup-python@v6 - with: - python-version: "3.11" - - - name: Set up chart-testing - uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --config charts/.ci/ct-config.yaml) - if [[ -n "$changed" ]]; then - echo "changed=true" >> $GITHUB_OUTPUT - fi - - - name: Run chart-testing (lint) - run: | - ct lint --config charts/.ci/ct-config.yaml - - - name: Create kind cluster - if: steps.list-changed.outputs.changed == 'true' - uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 - - # We need cert-manager already installed in the cluster because we assume the CRDs exist - - name: Install cert-manager - if: steps.list-changed.outputs.changed == 'true' - run: | - helm repo add jetstack https://charts.jetstack.io --force-update - helm install cert-manager jetstack/cert-manager --set installCRDs=true --wait - - - name: Run chart-testing (install) - if: steps.list-changed.outputs.changed == 'true' - run: ct install --config charts/.ci/ct-config.yaml - - # WARNING: This relies on the latest release being at the top of the JSON from GitHub and a clean chart.yaml - - name: Check if Chart Publish is Needed - id: publish-chart-step - run: | - CHART_TEXT=$(curl -fs https://raw.githubusercontent.com/${{ github.repository }}/master/charts/actions-runner-controller/Chart.yaml) - NEW_CHART_VERSION=$(echo "$CHART_TEXT" | grep version: | cut -d ' ' -f 2) - RELEASE_LIST=$(curl -fs https://api.github.com/repos/${{ github.repository }}/releases | jq .[].tag_name | grep actions-runner-controller | cut -d '"' -f 2 | cut -d '-' -f 4) - LATEST_RELEASED_CHART_VERSION=$(echo $RELEASE_LIST | cut -d ' ' -f 1) - - echo "CHART_VERSION_IN_MASTER=$NEW_CHART_VERSION" >> $GITHUB_ENV - echo "LATEST_CHART_VERSION=$LATEST_RELEASED_CHART_VERSION" >> $GITHUB_ENV - - # Always publish if force is true - if [[ $NEW_CHART_VERSION != $LATEST_RELEASED_CHART_VERSION || "${{ inputs.force }}" == "true" ]]; then - echo "publish=true" >> $GITHUB_OUTPUT - else - echo "publish=false" >> $GITHUB_OUTPUT - fi - - - name: Job summary - run: | - echo "Chart linting has been completed." >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Status:**" >> $GITHUB_STEP_SUMMARY - echo "- chart version in master: ${{ env.CHART_VERSION_IN_MASTER }}" >> $GITHUB_STEP_SUMMARY - echo "- latest chart version: ${{ env.LATEST_CHART_VERSION }}" >> $GITHUB_STEP_SUMMARY - echo "- publish new chart: ${{ steps.publish-chart-step.outputs.publish }}" >> $GITHUB_STEP_SUMMARY - - publish-chart: - if: needs.lint-chart.outputs.publish-chart == 'true' - needs: lint-chart - name: Publish Chart - runs-on: ubuntu-latest - permissions: - contents: write # for helm/chart-releaser-action to push chart release and create a release - env: - CHART_TARGET_ORG: actions-runner-controller - CHART_TARGET_REPO: actions-runner-controller.github.io - CHART_TARGET_BRANCH: master - - steps: - - name: Checkout - uses: actions/checkout@v5 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Get Token - id: get_workflow_token - uses: peter-murray/workflow-application-token-action@d17e3a9a36850ea89f35db16c1067dd2b68ee343 - with: - application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} - application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }} - organization: ${{ env.CHART_TARGET_ORG }} - - - name: Install chart-releaser - uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f - with: - install_only: true - install_dir: ${{ github.workspace }}/bin - - - name: Package and upload release assets - run: | - cr package \ - ${{ github.workspace }}/charts/actions-runner-controller/ \ - --package-path .cr-release-packages - - cr upload \ - --owner "$(echo ${{ github.repository }} | cut -d '/' -f 1)" \ - --git-repo "$(echo ${{ github.repository }} | cut -d '/' -f 2)" \ - --package-path .cr-release-packages \ - --token ${{ secrets.GITHUB_TOKEN }} - - - name: Generate updated index.yaml - run: | - cr index \ - --owner "$(echo ${{ github.repository }} | cut -d '/' -f 1)" \ - --git-repo "$(echo ${{ github.repository }} | cut -d '/' -f 2)" \ - --index-path ${{ github.workspace }}/index.yaml \ - --token ${{ secrets.GITHUB_TOKEN }} \ - --push \ - --pages-branch 'gh-pages' \ - --pages-index-path 'index.yaml' - - # Chart Release was never intended to publish to a different repo - # this workaround is intended to move the index.yaml to the target repo - # where the github pages are hosted - - name: Checkout target repository - uses: actions/checkout@v5 - with: - repository: ${{ env.CHART_TARGET_ORG }}/${{ env.CHART_TARGET_REPO }} - path: ${{ env.CHART_TARGET_REPO }} - ref: ${{ env.CHART_TARGET_BRANCH }} - token: ${{ steps.get_workflow_token.outputs.token }} - - - name: Copy index.yaml - run: | - cp ${{ github.workspace }}/index.yaml ${{ env.CHART_TARGET_REPO }}/actions-runner-controller/index.yaml - - - name: Commit and push to target repository - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - git add . - git commit -m "Update index.yaml" - git push - working-directory: ${{ github.workspace }}/${{ env.CHART_TARGET_REPO }} - - - name: Job summary - run: | - echo "New helm chart has been published" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Status:**" >> $GITHUB_STEP_SUMMARY - echo "- New [index.yaml](https://github.com/${{ env.CHART_TARGET_ORG }}/${{ env.CHART_TARGET_REPO }}/tree/master/actions-runner-controller) pushed" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/arc-publish.yaml b/.github/workflows/arc-publish.yaml deleted file mode 100644 index e30dd48b..00000000 --- a/.github/workflows/arc-publish.yaml +++ /dev/null @@ -1,109 +0,0 @@ -name: Publish ARC Image - -# Revert to https://github.com/actions-runner-controller/releases#releases -# for details on why we use this approach -on: - release: - types: - - published - workflow_dispatch: - inputs: - release_tag_name: - description: "Tag name of the release to publish" - required: true - push_to_registries: - description: "Push images to registries" - required: true - type: boolean - default: false - -permissions: - contents: write - packages: write - -env: - TARGET_ORG: actions-runner-controller - TARGET_REPO: actions-runner-controller - -concurrency: - group: ${{ github.workflow }} - cancel-in-progress: true - -jobs: - release-controller: - name: Release - runs-on: ubuntu-latest - # gha-runner-scale-set has its own release workflow. - # We don't want to publish a new actions-runner-controller image - # we release gha-runner-scale-set. - if: ${{ !startsWith(github.event.inputs.release_tag_name, 'gha-runner-scale-set-') }} - steps: - - name: Checkout - uses: actions/checkout@v5 - - - uses: actions/setup-go@v6 - with: - go-version-file: "go.mod" - - - name: Install tools - run: | - curl -L -O https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.2.0/kubebuilder_2.2.0_linux_amd64.tar.gz - tar zxvf kubebuilder_2.2.0_linux_amd64.tar.gz - sudo mv kubebuilder_2.2.0_linux_amd64 /usr/local/kubebuilder - curl -s https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh | bash - sudo mv kustomize /usr/local/bin - curl -L -O https://github.com/tcnksm/ghr/releases/download/v0.13.0/ghr_v0.13.0_linux_amd64.tar.gz - tar zxvf ghr_v0.13.0_linux_amd64.tar.gz - sudo mv ghr_v0.13.0_linux_amd64/ghr /usr/local/bin - - - name: Set version env variable - run: | - # Define the release tag name based on the event type - if [[ "${{ github.event_name }}" == "release" ]]; then - echo "VERSION=$(cat ${GITHUB_EVENT_PATH} | jq -r '.release.tag_name')" >> $GITHUB_ENV - elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - echo "VERSION=${{ inputs.release_tag_name }}" >> $GITHUB_ENV - fi - - - name: Upload artifacts - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - make github-release - - - name: Get Token - id: get_workflow_token - uses: peter-murray/workflow-application-token-action@d17e3a9a36850ea89f35db16c1067dd2b68ee343 - with: - application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} - application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }} - organization: ${{ env.TARGET_ORG }} - - - name: Resolve push to registries - run: | - # Define the push to registries based on the event type - if [[ "${{ github.event_name }}" == "release" ]]; then - echo "PUSH_TO_REGISTRIES=true" >> $GITHUB_ENV - elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - echo "PUSH_TO_REGISTRIES=${{ inputs.push_to_registries }}" >> $GITHUB_ENV - fi - - - name: Trigger Build And Push Images To Registries - run: | - # Authenticate - gh auth login --with-token <<< ${{ steps.get_workflow_token.outputs.token }} - - # Trigger the workflow run - jq -n '{"event_type": "arc", "client_payload": {"release_tag_name": "${{ env.VERSION }}", "push_to_registries": "${{ env.PUSH_TO_REGISTRIES }}" }}' \ - | gh api -X POST /repos/actions-runner-controller/releases/dispatches --input - - - - name: Job summary - run: | - echo "The [publish-arc](https://github.com/actions-runner-controller/releases/blob/main/.github/workflows/publish-arc.yaml) workflow has been triggered!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY - echo "- Release tag: ${{ env.VERSION }}" >> $GITHUB_STEP_SUMMARY - echo "- Push to registries: ${{ env.PUSH_TO_REGISTRIES }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Status:**" >> $GITHUB_STEP_SUMMARY - echo "[https://github.com/actions-runner-controller/releases/actions/workflows/publish-arc.yaml](https://github.com/actions-runner-controller/releases/actions/workflows/publish-arc.yaml)" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/arc-release-runners.yaml b/.github/workflows/arc-release-runners.yaml deleted file mode 100644 index 25b42c5d..00000000 --- a/.github/workflows/arc-release-runners.yaml +++ /dev/null @@ -1,81 +0,0 @@ -name: Release ARC Runner Images -permissions: - contents: read - -# Revert to https://github.com/actions-runner-controller/releases#releases -# for details on why we use this approach -on: - # We must do a trigger on a push: instead of a types: closed so GitHub Secrets - # are available to the workflow run - push: - branches: - - "master" - paths: - - "runner/VERSION" - - ".github/workflows/arc-release-runners.yaml" - -env: - # Safeguard to prevent pushing images to registeries after build - PUSH_TO_REGISTRIES: true - TARGET_ORG: actions-runner-controller - TARGET_WORKFLOW: release-runners.yaml - DOCKER_VERSION: 28.0.4 - -concurrency: - group: ${{ github.workflow }} - cancel-in-progress: true - -jobs: - build-runners: - name: Trigger Build and Push of Runner Images - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - - name: Get runner version - id: versions - run: | - runner_current_version="$(echo -n $(cat runner/VERSION | grep 'RUNNER_VERSION=' | cut -d '=' -f2))" - container_hooks_current_version="$(echo -n $(cat runner/VERSION | grep 'RUNNER_CONTAINER_HOOKS_VERSION=' | cut -d '=' -f2))" - echo runner_version=$runner_current_version >> $GITHUB_OUTPUT - echo container_hooks_version=$container_hooks_current_version >> $GITHUB_OUTPUT - - - name: Get Token - id: get_workflow_token - uses: peter-murray/workflow-application-token-action@d17e3a9a36850ea89f35db16c1067dd2b68ee343 - with: - application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} - application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }} - organization: ${{ env.TARGET_ORG }} - - - name: Trigger Build And Push Runner Images To Registries - env: - RUNNER_VERSION: ${{ steps.versions.outputs.runner_version }} - CONTAINER_HOOKS_VERSION: ${{ steps.versions.outputs.container_hooks_version }} - run: | - # Authenticate - gh auth login --with-token <<< ${{ steps.get_workflow_token.outputs.token }} - - # Trigger the workflow run - gh workflow run ${{ env.TARGET_WORKFLOW }} -R ${{ env.TARGET_ORG }}/releases \ - -f runner_version=${{ env.RUNNER_VERSION }} \ - -f docker_version=${{ env.DOCKER_VERSION }} \ - -f runner_container_hooks_version=${{ env.CONTAINER_HOOKS_VERSION }} \ - -f sha='${{ github.sha }}' \ - -f push_to_registries=${{ env.PUSH_TO_REGISTRIES }} - - - name: Job summary - env: - RUNNER_VERSION: ${{ steps.versions.outputs.runner_version }} - CONTAINER_HOOKS_VERSION: ${{ steps.versions.outputs.container_hooks_version }} - run: | - echo "The [release-runners.yaml](https://github.com/actions-runner-controller/releases/blob/main/.github/workflows/release-runners.yaml) workflow has been triggered!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY - echo "- runner_version: ${{ env.RUNNER_VERSION }}" >> $GITHUB_STEP_SUMMARY - echo "- docker_version: ${{ env.DOCKER_VERSION }}" >> $GITHUB_STEP_SUMMARY - echo "- runner_container_hooks_version: ${{ env.CONTAINER_HOOKS_VERSION }}" >> $GITHUB_STEP_SUMMARY - echo "- sha: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY - echo "- push_to_registries: ${{ env.PUSH_TO_REGISTRIES }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Status:**" >> $GITHUB_STEP_SUMMARY - echo "[https://github.com/actions-runner-controller/releases/actions/workflows/release-runners.yaml](https://github.com/actions-runner-controller/releases/actions/workflows/release-runners.yaml)" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/arc-update-runners-scheduled.yaml b/.github/workflows/arc-update-runners-scheduled.yaml deleted file mode 100644 index 502b71fe..00000000 --- a/.github/workflows/arc-update-runners-scheduled.yaml +++ /dev/null @@ -1,158 +0,0 @@ -# This workflows polls releases from actions/runner and in case of a new one it -# updates files containing runner version and opens a pull request. -name: Runner Updates Check (Scheduled Job) -permissions: - pull-requests: write - contents: write - -on: - schedule: - # run daily - - cron: "0 9 * * *" - workflow_dispatch: - -jobs: - # check_versions compares our current version and the latest available runner - # version and sets them as outputs. - check_versions: - runs-on: ubuntu-latest - env: - GH_TOKEN: ${{ github.token }} - outputs: - runner_current_version: ${{ steps.runner_versions.outputs.runner_current_version }} - runner_latest_version: ${{ steps.runner_versions.outputs.runner_latest_version }} - container_hooks_current_version: ${{ steps.container_hooks_versions.outputs.container_hooks_current_version }} - container_hooks_latest_version: ${{ steps.container_hooks_versions.outputs.container_hooks_latest_version }} - steps: - - uses: actions/checkout@v5 - - - name: Get runner current and latest versions - id: runner_versions - run: | - CURRENT_VERSION="$(echo -n $(cat runner/VERSION | grep 'RUNNER_VERSION=' | cut -d '=' -f2))" - echo "Current version: $CURRENT_VERSION" - echo runner_current_version=$CURRENT_VERSION >> $GITHUB_OUTPUT - - LATEST_VERSION=$(gh release list --exclude-drafts --exclude-pre-releases --limit 1 -R actions/runner | grep -oP '(?<=v)[0-9.]+' | head -1) - echo "Latest version: $LATEST_VERSION" - echo runner_latest_version=$LATEST_VERSION >> $GITHUB_OUTPUT - - - name: Get container-hooks current and latest versions - id: container_hooks_versions - run: | - CURRENT_VERSION="$(echo -n $(cat runner/VERSION | grep 'RUNNER_CONTAINER_HOOKS_VERSION=' | cut -d '=' -f2))" - echo "Current version: $CURRENT_VERSION" - echo container_hooks_current_version=$CURRENT_VERSION >> $GITHUB_OUTPUT - - LATEST_VERSION=$(gh release list --exclude-drafts --exclude-pre-releases --limit 1 -R actions/runner-container-hooks | grep -oP '(?<=v)[0-9.]+' | head -1) - echo "Latest version: $LATEST_VERSION" - echo container_hooks_latest_version=$LATEST_VERSION >> $GITHUB_OUTPUT - - # check_pr checks if a PR for the same update already exists. It only runs if - # runner latest version != our current version. If no existing PR is found, - # it sets a PR name as output. - check_pr: - runs-on: ubuntu-latest - permissions: - contents: read - needs: check_versions - if: needs.check_versions.outputs.runner_current_version != needs.check_versions.outputs.runner_latest_version || needs.check_versions.outputs.container_hooks_current_version != needs.check_versions.outputs.container_hooks_latest_version - outputs: - pr_name: ${{ steps.pr_name.outputs.pr_name }} - env: - GH_TOKEN: ${{ github.token }} - steps: - - name: debug - run: - echo "RUNNER_CURRENT_VERSION=${{ needs.check_versions.outputs.runner_current_version }}" - echo "RUNNER_LATEST_VERSION=${{ needs.check_versions.outputs.runner_latest_version }}" - echo "CONTAINER_HOOKS_CURRENT_VERSION=${{ needs.check_versions.outputs.container_hooks_current_version }}" - echo "CONTAINER_HOOKS_LATEST_VERSION=${{ needs.check_versions.outputs.container_hooks_latest_version }}" - - - uses: actions/checkout@v5 - - - name: PR Name - id: pr_name - env: - RUNNER_CURRENT_VERSION: ${{ needs.check_versions.outputs.runner_current_version }} - RUNNER_LATEST_VERSION: ${{ needs.check_versions.outputs.runner_latest_version }} - CONTAINER_HOOKS_CURRENT_VERSION: ${{ needs.check_versions.outputs.container_hooks_current_version }} - CONTAINER_HOOKS_LATEST_VERSION: ${{ needs.check_versions.outputs.container_hooks_latest_version }} - # Generate a PR name with the following title: - # Updates: runner to v2.304.0 and container-hooks to v0.3.1 - run: | - RUNNER_MESSAGE="runner to v${RUNNER_LATEST_VERSION}" - CONTAINER_HOOKS_MESSAGE="container-hooks to v${CONTAINER_HOOKS_LATEST_VERSION}" - - PR_NAME="Updates:" - if [ "$RUNNER_CURRENT_VERSION" != "$RUNNER_LATEST_VERSION" ] - then - PR_NAME="$PR_NAME $RUNNER_MESSAGE" - fi - if [ "$CONTAINER_HOOKS_CURRENT_VERSION" != "$CONTAINER_HOOKS_LATEST_VERSION" ] - then - PR_NAME="$PR_NAME $CONTAINER_HOOKS_MESSAGE" - fi - - result=$(gh pr list --search "$PR_NAME" --json number --jq ".[].number" --limit 1) - if [ -z "$result" ] - then - echo "No existing PRs found, setting output with pr_name=$PR_NAME" - echo pr_name=$PR_NAME >> $GITHUB_OUTPUT - else - echo "Found a PR with title '$PR_NAME' already existing: ${{ github.server_url }}/${{ github.repository }}/pull/$result" - fi - - # update_version updates runner version in the files listed below, commits - # the changes and opens a pull request as `github-actions` bot. - update_version: - runs-on: ubuntu-latest - needs: - - check_versions - - check_pr - if: needs.check_pr.outputs.pr_name - permissions: - pull-requests: write - contents: write - actions: write - env: - GH_TOKEN: ${{ github.token }} - RUNNER_CURRENT_VERSION: ${{ needs.check_versions.outputs.runner_current_version }} - RUNNER_LATEST_VERSION: ${{ needs.check_versions.outputs.runner_latest_version }} - CONTAINER_HOOKS_CURRENT_VERSION: ${{ needs.check_versions.outputs.container_hooks_current_version }} - CONTAINER_HOOKS_LATEST_VERSION: ${{ needs.check_versions.outputs.container_hooks_latest_version }} - PR_NAME: ${{ needs.check_pr.outputs.pr_name }} - - steps: - - uses: actions/checkout@v5 - - - name: New branch - run: git checkout -b update-runner-"$(date +%Y-%m-%d)" - - - name: Update files - run: | - CURRENT_VERSION="${RUNNER_CURRENT_VERSION//./\\.}" - LATEST_VERSION="${RUNNER_LATEST_VERSION//./\\.}" - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/VERSION - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/Makefile - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" Makefile - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" test/e2e/e2e_test.go - - CURRENT_VERSION="${CONTAINER_HOOKS_CURRENT_VERSION//./\\.}" - LATEST_VERSION="${CONTAINER_HOOKS_LATEST_VERSION//./\\.}" - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/VERSION - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/Makefile - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" Makefile - sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" test/e2e/e2e_test.go - - - name: Commit changes - run: | - # from https://github.com/orgs/community/discussions/26560 - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config user.name "github-actions[bot]" - git add . - git commit -m "$PR_NAME" - git push -u origin HEAD - - - name: Create pull request - run: gh pr create -f -l "runners update" diff --git a/.github/workflows/arc-validate-chart.yaml b/.github/workflows/arc-validate-chart.yaml deleted file mode 100644 index ad3acc62..00000000 --- a/.github/workflows/arc-validate-chart.yaml +++ /dev/null @@ -1,86 +0,0 @@ -name: Validate Helm Chart - -on: - pull_request: - branches: - - master - paths: - - "charts/**" - - ".github/workflows/arc-validate-chart.yaml" - - "!charts/actions-runner-controller/docs/**" - - "!**.md" - - "!charts/gha-runner-scale-set-controller/**" - - "!charts/gha-runner-scale-set/**" - push: - paths: - - "charts/**" - - ".github/workflows/arc-validate-chart.yaml" - - "!charts/actions-runner-controller/docs/**" - - "!**.md" - - "!charts/gha-runner-scale-set-controller/**" - - "!charts/gha-runner-scale-set/**" - workflow_dispatch: -env: - KUBE_SCORE_VERSION: 1.10.0 - HELM_VERSION: v3.8.0 - -permissions: - contents: read - -concurrency: - # This will make sure we only apply the concurrency limits on pull requests - # but not pushes to master branch by making the concurrency group name unique - # for pushes - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - validate-chart: - name: Lint Chart - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v5 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 - with: - version: ${{ env.HELM_VERSION }} - - # python is a requirement for the chart-testing action below (supports yamllint among other tests) - - uses: actions/setup-python@v6 - with: - python-version: "3.11" - - - name: Set up chart-testing - uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --config charts/.ci/ct-config.yaml) - if [[ -n "$changed" ]]; then - echo "changed=true" >> $GITHUB_OUTPUT - fi - - - name: Run chart-testing (lint) - run: | - ct lint --config charts/.ci/ct-config.yaml - - - name: Create kind cluster - uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 - if: steps.list-changed.outputs.changed == 'true' - - # We need cert-manager already installed in the cluster because we assume the CRDs exist - - name: Install cert-manager - if: steps.list-changed.outputs.changed == 'true' - run: | - helm repo add jetstack https://charts.jetstack.io --force-update - helm install cert-manager jetstack/cert-manager --set installCRDs=true --wait - - - name: Run chart-testing (install) - if: steps.list-changed.outputs.changed == 'true' - run: | - ct install --config charts/.ci/ct-config.yaml diff --git a/.github/workflows/arc-validate-runners.yaml b/.github/workflows/arc-validate-runners.yaml deleted file mode 100644 index 6ea70257..00000000 --- a/.github/workflows/arc-validate-runners.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: Validate ARC Runners - -on: - pull_request: - branches: - - "**" - paths: - - "runner/**" - - "test/startup/**" - - "!**.md" - -permissions: - contents: read - -concurrency: - # This will make sure we only apply the concurrency limits on pull requests - # but not pushes to master branch by making the concurrency group name unique - # for pushes - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - shellcheck: - name: runner / shellcheck - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - - name: "Run shellcheck" - run: make shellcheck - - test-runner-entrypoint: - name: Test entrypoint - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v5 - - - name: Run tests - run: | - make acceptance/runner/startup diff --git a/.github/workflows/gha-e2e-tests.yaml b/.github/workflows/gha-e2e-tests.yaml deleted file mode 100644 index bbf14631..00000000 --- a/.github/workflows/gha-e2e-tests.yaml +++ /dev/null @@ -1,993 +0,0 @@ -name: (gha) E2E Tests - -on: - push: - branches: - - master - pull_request: - branches: - - master - workflow_dispatch: - -permissions: - contents: read - -env: - TARGET_ORG: actions-runner-controller - TARGET_REPO: arc_e2e_test_dummy - IMAGE_NAME: "arc-test-image" - IMAGE_VERSION: "0.13.0" - -concurrency: - # This will make sure we only apply the concurrency limits on pull requests - # but not pushes to master branch by making the concurrency group name unique - # for pushes - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - default-setup: - runs-on: ubuntu-latest - timeout-minutes: 20 - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id - env: - WORKFLOW_FILE: "arc-test-workflow.yaml" - steps: - - uses: actions/checkout@v5 - with: - ref: ${{github.head_ref}} - - - uses: ./.github/actions/setup-arc-e2e - id: setup - with: - app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}} - app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}} - image-name: ${{env.IMAGE_NAME}} - image-tag: ${{env.IMAGE_VERSION}} - target-org: ${{env.TARGET_ORG}} - - - name: Install gha-runner-scale-set-controller - id: install_arc_controller - run: | - helm install arc \ - --namespace "arc-systems" \ - --create-namespace \ - --set image.repository=${{ env.IMAGE_NAME }} \ - --set image.tag=${{ env.IMAGE_VERSION }} \ - ./charts/gha-runner-scale-set-controller \ - --debug - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller - kubectl get pod -n arc-systems - kubectl describe deployment arc-gha-rs-controller -n arc-systems - - - name: Install gha-runner-scale-set - id: install_arc - run: | - ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1)) - helm install "$ARC_NAME" \ - --namespace "arc-runners" \ - --create-namespace \ - --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \ - --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \ - ./charts/gha-runner-scale-set \ - --debug - echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME - kubectl get pod -n arc-systems - - sleep 60 - - - name: Test ARC E2E - uses: ./.github/actions/execute-assert-arc-e2e - timeout-minutes: 10 - with: - auth-token: ${{ steps.setup.outputs.token }} - repo-owner: ${{ env.TARGET_ORG }} - repo-name: ${{env.TARGET_REPO}} - workflow-file: ${{env.WORKFLOW_FILE}} - arc-name: ${{steps.install_arc.outputs.ARC_NAME}} - arc-namespace: "arc-runners" - arc-controller-namespace: "arc-systems" - - single-namespace-setup: - runs-on: ubuntu-latest - timeout-minutes: 20 - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id - env: - WORKFLOW_FILE: "arc-test-workflow.yaml" - steps: - - uses: actions/checkout@v5 - with: - ref: ${{github.head_ref}} - - - uses: ./.github/actions/setup-arc-e2e - id: setup - with: - app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}} - app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}} - image-name: ${{env.IMAGE_NAME}} - image-tag: ${{env.IMAGE_VERSION}} - target-org: ${{env.TARGET_ORG}} - - - name: Install gha-runner-scale-set-controller - id: install_arc_controller - run: | - kubectl create namespace arc-runners - helm install arc \ - --namespace "arc-systems" \ - --create-namespace \ - --set image.repository=${{ env.IMAGE_NAME }} \ - --set image.tag=${{ env.IMAGE_VERSION }} \ - --set flags.watchSingleNamespace=arc-runners \ - ./charts/gha-runner-scale-set-controller \ - --debug - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller - kubectl get pod -n arc-systems - kubectl describe deployment arc-gha-rs-controller -n arc-systems - - - name: Install gha-runner-scale-set - id: install_arc - run: | - ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1)) - helm install "$ARC_NAME" \ - --namespace "arc-runners" \ - --create-namespace \ - --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \ - --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \ - ./charts/gha-runner-scale-set \ - --debug - echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME - kubectl get pod -n arc-systems - - sleep 60 - - - name: Test ARC E2E - uses: ./.github/actions/execute-assert-arc-e2e - timeout-minutes: 10 - with: - auth-token: ${{ steps.setup.outputs.token }} - repo-owner: ${{ env.TARGET_ORG }} - repo-name: ${{env.TARGET_REPO}} - workflow-file: ${{env.WORKFLOW_FILE}} - arc-name: ${{steps.install_arc.outputs.ARC_NAME}} - arc-namespace: "arc-runners" - arc-controller-namespace: "arc-systems" - - dind-mode-setup: - runs-on: ubuntu-latest - timeout-minutes: 20 - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id - env: - WORKFLOW_FILE: arc-test-dind-workflow.yaml - steps: - - uses: actions/checkout@v5 - with: - ref: ${{github.head_ref}} - - - uses: ./.github/actions/setup-arc-e2e - id: setup - with: - app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}} - app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}} - image-name: ${{env.IMAGE_NAME}} - image-tag: ${{env.IMAGE_VERSION}} - target-org: ${{env.TARGET_ORG}} - - - name: Install gha-runner-scale-set-controller - id: install_arc_controller - run: | - helm install arc \ - --namespace "arc-systems" \ - --create-namespace \ - --set image.repository=${{ env.IMAGE_NAME }} \ - --set image.tag=${{ env.IMAGE_VERSION }} \ - ./charts/gha-runner-scale-set-controller \ - --debug - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller - kubectl get pod -n arc-systems - kubectl describe deployment arc-gha-rs-controller -n arc-systems - - - name: Install gha-runner-scale-set - id: install_arc - run: | - ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1)) - helm install "$ARC_NAME" \ - --namespace "arc-runners" \ - --create-namespace \ - --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \ - --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \ - --set containerMode.type="dind" \ - ./charts/gha-runner-scale-set \ - --debug - echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME - kubectl get pod -n arc-systems - - sleep 60 - - - name: Test ARC E2E - uses: ./.github/actions/execute-assert-arc-e2e - timeout-minutes: 10 - with: - auth-token: ${{ steps.setup.outputs.token }} - repo-owner: ${{ env.TARGET_ORG }} - repo-name: ${{env.TARGET_REPO}} - workflow-file: ${{env.WORKFLOW_FILE}} - arc-name: ${{steps.install_arc.outputs.ARC_NAME}} - arc-namespace: "arc-runners" - arc-controller-namespace: "arc-systems" - - kubernetes-mode-setup: - runs-on: ubuntu-latest - timeout-minutes: 20 - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id - env: - WORKFLOW_FILE: "arc-test-kubernetes-workflow.yaml" - steps: - - uses: actions/checkout@v5 - with: - ref: ${{github.head_ref}} - - - uses: ./.github/actions/setup-arc-e2e - id: setup - with: - app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}} - app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}} - image-name: ${{env.IMAGE_NAME}} - image-tag: ${{env.IMAGE_VERSION}} - target-org: ${{env.TARGET_ORG}} - - - name: Install gha-runner-scale-set-controller - id: install_arc_controller - run: | - echo "Install openebs/dynamic-localpv-provisioner" - helm repo add openebs https://openebs.github.io/charts - helm repo update - helm install openebs openebs/openebs -n openebs --create-namespace - - helm install arc \ - --namespace "arc-systems" \ - --create-namespace \ - --set image.repository=${{ env.IMAGE_NAME }} \ - --set image.tag=${{ env.IMAGE_VERSION }} \ - ./charts/gha-runner-scale-set-controller \ - --debug - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller - kubectl get pod -n arc-systems - kubectl describe deployment arc-gha-rs-controller -n arc-systems - kubectl wait --timeout=30s --for=condition=ready pod -n openebs -l name=openebs-localpv-provisioner - - - name: Install gha-runner-scale-set - id: install_arc - run: | - ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1)) - helm install "$ARC_NAME" \ - --namespace "arc-runners" \ - --create-namespace \ - --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \ - --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \ - --set containerMode.type="kubernetes" \ - --set containerMode.kubernetesModeWorkVolumeClaim.accessModes={"ReadWriteOnce"} \ - --set containerMode.kubernetesModeWorkVolumeClaim.storageClassName="openebs-hostpath" \ - --set containerMode.kubernetesModeWorkVolumeClaim.resources.requests.storage="1Gi" \ - ./charts/gha-runner-scale-set \ - --debug - echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME - kubectl get pod -n arc-systems - - sleep 60 - - - name: Test ARC E2E - uses: ./.github/actions/execute-assert-arc-e2e - timeout-minutes: 10 - with: - auth-token: ${{ steps.setup.outputs.token }} - repo-owner: ${{ env.TARGET_ORG }} - repo-name: ${{env.TARGET_REPO}} - workflow-file: ${{env.WORKFLOW_FILE}} - arc-name: ${{steps.install_arc.outputs.ARC_NAME}} - arc-namespace: "arc-runners" - arc-controller-namespace: "arc-systems" - - auth-proxy-setup: - runs-on: ubuntu-latest - timeout-minutes: 20 - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id - env: - WORKFLOW_FILE: "arc-test-workflow.yaml" - steps: - - uses: actions/checkout@v5 - with: - ref: ${{github.head_ref}} - - - uses: ./.github/actions/setup-arc-e2e - id: setup - with: - app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}} - app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}} - image-name: ${{env.IMAGE_NAME}} - image-tag: ${{env.IMAGE_VERSION}} - target-org: ${{env.TARGET_ORG}} - - - name: Install gha-runner-scale-set-controller - id: install_arc_controller - run: | - helm install arc \ - --namespace "arc-systems" \ - --create-namespace \ - --set image.repository=${{ env.IMAGE_NAME }} \ - --set image.tag=${{ env.IMAGE_VERSION }} \ - ./charts/gha-runner-scale-set-controller \ - --debug - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller - kubectl get pod -n arc-systems - kubectl describe deployment arc-gha-rs-controller -n arc-systems - - - name: Install gha-runner-scale-set - id: install_arc - run: | - docker run -d \ - --name squid \ - --publish 3128:3128 \ - huangtingluo/squid-proxy:latest - kubectl create namespace arc-runners - kubectl create secret generic proxy-auth \ - --namespace=arc-runners \ - --from-literal=username=github \ - --from-literal=password='actions' - ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1)) - helm install "$ARC_NAME" \ - --namespace "arc-runners" \ - --create-namespace \ - --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \ - --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \ - --set proxy.https.url="http://host.minikube.internal:3128" \ - --set proxy.https.credentialSecretRef="proxy-auth" \ - --set "proxy.noProxy[0]=10.96.0.1:443" \ - ./charts/gha-runner-scale-set \ - --debug - echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME - kubectl get pod -n arc-systems - - sleep 60 - - - name: Test ARC E2E - uses: ./.github/actions/execute-assert-arc-e2e - timeout-minutes: 10 - with: - auth-token: ${{ steps.setup.outputs.token }} - repo-owner: ${{ env.TARGET_ORG }} - repo-name: ${{env.TARGET_REPO}} - workflow-file: ${{env.WORKFLOW_FILE}} - arc-name: ${{steps.install_arc.outputs.ARC_NAME}} - arc-namespace: "arc-runners" - arc-controller-namespace: "arc-systems" - - anonymous-proxy-setup: - runs-on: ubuntu-latest - timeout-minutes: 20 - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id - env: - WORKFLOW_FILE: "arc-test-workflow.yaml" - steps: - - uses: actions/checkout@v5 - with: - ref: ${{github.head_ref}} - - - uses: ./.github/actions/setup-arc-e2e - id: setup - with: - app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}} - app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}} - image-name: ${{env.IMAGE_NAME}} - image-tag: ${{env.IMAGE_VERSION}} - target-org: ${{env.TARGET_ORG}} - - - name: Install gha-runner-scale-set-controller - id: install_arc_controller - run: | - helm install arc \ - --namespace "arc-systems" \ - --create-namespace \ - --set image.repository=${{ env.IMAGE_NAME }} \ - --set image.tag=${{ env.IMAGE_VERSION }} \ - ./charts/gha-runner-scale-set-controller \ - --debug - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller - kubectl get pod -n arc-systems - kubectl describe deployment arc-gha-rs-controller -n arc-systems - - - name: Install gha-runner-scale-set - id: install_arc - run: | - docker run -d \ - --name squid \ - --publish 3128:3128 \ - ubuntu/squid:latest - ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1)) - helm install "$ARC_NAME" \ - --namespace "arc-runners" \ - --create-namespace \ - --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \ - --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \ - --set proxy.https.url="http://host.minikube.internal:3128" \ - --set "proxy.noProxy[0]=10.96.0.1:443" \ - ./charts/gha-runner-scale-set \ - --debug - echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME - kubectl get pod -n arc-systems - - sleep 60 - - - name: Test ARC E2E - uses: ./.github/actions/execute-assert-arc-e2e - timeout-minutes: 10 - with: - auth-token: ${{ steps.setup.outputs.token }} - repo-owner: ${{ env.TARGET_ORG }} - repo-name: ${{env.TARGET_REPO}} - workflow-file: ${{env.WORKFLOW_FILE}} - arc-name: ${{steps.install_arc.outputs.ARC_NAME}} - arc-namespace: "arc-runners" - arc-controller-namespace: "arc-systems" - - self-signed-ca-setup: - runs-on: ubuntu-latest - timeout-minutes: 20 - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id - env: - WORKFLOW_FILE: "arc-test-workflow.yaml" - steps: - - uses: actions/checkout@v5 - with: - ref: ${{github.head_ref}} - - - uses: ./.github/actions/setup-arc-e2e - id: setup - with: - app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}} - app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}} - image-name: ${{env.IMAGE_NAME}} - image-tag: ${{env.IMAGE_VERSION}} - target-org: ${{env.TARGET_ORG}} - - - name: Install gha-runner-scale-set-controller - id: install_arc_controller - run: | - helm install arc \ - --namespace "arc-systems" \ - --create-namespace \ - --set image.repository=${{ env.IMAGE_NAME }} \ - --set image.tag=${{ env.IMAGE_VERSION }} \ - ./charts/gha-runner-scale-set-controller \ - --debug - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller - kubectl get pod -n arc-systems - kubectl describe deployment arc-gha-rs-controller -n arc-systems - - - name: Install gha-runner-scale-set - id: install_arc - run: | - docker run -d \ - --rm \ - --name mitmproxy \ - --publish 8080:8080 \ - -v ${{ github.workspace }}/mitmproxy:/home/mitmproxy/.mitmproxy \ - mitmproxy/mitmproxy:latest \ - mitmdump - count=0 - while true; do - if [ -f "${{ github.workspace }}/mitmproxy/mitmproxy-ca-cert.pem" ]; then - echo "CA cert generated" - cat ${{ github.workspace }}/mitmproxy/mitmproxy-ca-cert.pem - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for mitmproxy generate its CA cert" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - sudo cp ${{ github.workspace }}/mitmproxy/mitmproxy-ca-cert.pem ${{ github.workspace }}/mitmproxy/mitmproxy-ca-cert.crt - sudo chown runner ${{ github.workspace }}/mitmproxy/mitmproxy-ca-cert.crt - kubectl create namespace arc-runners - kubectl -n arc-runners create configmap ca-cert --from-file="${{ github.workspace }}/mitmproxy/mitmproxy-ca-cert.crt" - kubectl -n arc-runners get configmap ca-cert -o yaml - ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1)) - helm install "$ARC_NAME" \ - --namespace "arc-runners" \ - --create-namespace \ - --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \ - --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \ - --set proxy.https.url="http://host.minikube.internal:8080" \ - --set "proxy.noProxy[0]=10.96.0.1:443" \ - --set "githubServerTLS.certificateFrom.configMapKeyRef.name=ca-cert" \ - --set "githubServerTLS.certificateFrom.configMapKeyRef.key=mitmproxy-ca-cert.crt" \ - --set "githubServerTLS.runnerMountPath=/usr/local/share/ca-certificates/" \ - ./charts/gha-runner-scale-set \ - --debug - echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME - kubectl get pod -n arc-systems - - sleep 60 - - - name: Test ARC E2E - uses: ./.github/actions/execute-assert-arc-e2e - timeout-minutes: 10 - with: - auth-token: ${{ steps.setup.outputs.token }} - repo-owner: ${{ env.TARGET_ORG }} - repo-name: ${{env.TARGET_REPO}} - workflow-file: ${{env.WORKFLOW_FILE}} - arc-name: ${{steps.install_arc.outputs.ARC_NAME}} - arc-namespace: "arc-runners" - arc-controller-namespace: "arc-systems" - - update-strategy-tests: - runs-on: ubuntu-latest - timeout-minutes: 20 - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id - env: - WORKFLOW_FILE: "arc-test-sleepy-matrix.yaml" - steps: - - uses: actions/checkout@v5 - with: - ref: ${{github.head_ref}} - - - uses: ./.github/actions/setup-arc-e2e - id: setup - with: - app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}} - app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}} - image-name: ${{env.IMAGE_NAME}} - image-tag: ${{env.IMAGE_VERSION}} - target-org: ${{env.TARGET_ORG}} - - - name: Install gha-runner-scale-set-controller - id: install_arc_controller - run: | - helm install arc \ - --namespace "arc-systems" \ - --create-namespace \ - --set image.repository=${{ env.IMAGE_NAME }} \ - --set image.tag=${{ env.IMAGE_VERSION }} \ - --set flags.updateStrategy="eventual" \ - ./charts/gha-runner-scale-set-controller \ - --debug - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller - kubectl get pod -n arc-systems - kubectl describe deployment arc-gha-rs-controller -n arc-systems - - - name: Install gha-runner-scale-set - id: install_arc - run: | - ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1)) - helm install "$ARC_NAME" \ - --namespace "arc-runners" \ - --create-namespace \ - --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \ - --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \ - ./charts/gha-runner-scale-set \ - --debug - echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME - kubectl get pod -n arc-systems - - sleep 60 - - - name: Trigger long running jobs and wait for runners to pick them up - uses: ./.github/actions/execute-assert-arc-e2e - timeout-minutes: 10 - with: - auth-token: ${{ steps.setup.outputs.token }} - repo-owner: ${{ env.TARGET_ORG }} - repo-name: ${{env.TARGET_REPO}} - workflow-file: ${{env.WORKFLOW_FILE}} - arc-name: ${{steps.install_arc.outputs.ARC_NAME}} - arc-namespace: "arc-runners" - arc-controller-namespace: "arc-systems" - wait-to-running: "true" - wait-to-finish: "false" - - - name: Upgrade the gha-runner-scale-set - shell: bash - run: | - helm upgrade --install "${{ steps.install_arc.outputs.ARC_NAME }}" \ - --namespace "arc-runners" \ - --create-namespace \ - --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{ env.TARGET_REPO }}" \ - --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \ - --set template.spec.containers[0].name="runner" \ - --set template.spec.containers[0].image="ghcr.io/actions/actions-runner:latest" \ - --set template.spec.containers[0].command={"/home/runner/run.sh"} \ - --set template.spec.containers[0].env[0].name="TEST" \ - --set template.spec.containers[0].env[0].value="E2E TESTS" \ - ./charts/gha-runner-scale-set \ - --debug - - - name: Assert that the listener is deleted while jobs are running - shell: bash - run: | - count=0 - while true; do - LISTENER_COUNT="$(kubectl get pods -l actions.github.com/scale-set-name=${{ steps.install_arc.outputs.ARC_NAME }} -n arc-systems --field-selector=status.phase=Running -o=jsonpath='{.items}' | jq 'length')" - RUNNERS_COUNT="$(kubectl get pods -l app.kubernetes.io/component=runner -n arc-runners --field-selector=status.phase=Running -o=jsonpath='{.items}' | jq 'length')" - RESOURCES="$(kubectl get pods -A)" - - if [ "$LISTENER_COUNT" -eq 0 ]; then - echo "Listener has been deleted" - echo "$RESOURCES" - exit 0 - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for listener to be deleted" - echo "$RESOURCES" - exit 1 - fi - - echo "Waiting for listener to be deleted" - echo "Listener count: $LISTENER_COUNT target: 0 | Runners count: $RUNNERS_COUNT target: 3" - - sleep 1 - count=$((count+1)) - done - - - name: Assert that the listener goes back up after the jobs are done - shell: bash - run: | - count=0 - while true; do - LISTENER_COUNT="$(kubectl get pods -l actions.github.com/scale-set-name=${{ steps.install_arc.outputs.ARC_NAME }} -n arc-systems --field-selector=status.phase=Running -o=jsonpath='{.items}' | jq 'length')" - RUNNERS_COUNT="$(kubectl get pods -l app.kubernetes.io/component=runner -n arc-runners --field-selector=status.phase=Running -o=jsonpath='{.items}' | jq 'length')" - RESOURCES="$(kubectl get pods -A)" - - if [ "$LISTENER_COUNT" -eq 1 ]; then - echo "Listener is up!" - echo "$RESOURCES" - exit 0 - fi - if [ "$count" -ge 120 ]; then - echo "Timeout waiting for listener to be recreated" - echo "$RESOURCES" - exit 1 - fi - - echo "Waiting for listener to be recreated" - echo "Listener count: $LISTENER_COUNT target: 1 | Runners count: $RUNNERS_COUNT target: 0" - - sleep 1 - count=$((count+1)) - done - - - name: Gather logs and cleanup - shell: bash - if: always() - run: | - helm uninstall "${{ steps.install_arc.outputs.ARC_NAME }}" --namespace "arc-runners" --debug - kubectl wait --timeout=10s --for=delete AutoScalingRunnerSet -n "${{ steps.install_arc.outputs.ARC_NAME }}" -l app.kubernetes.io/instance="${{ steps.install_arc.outputs.ARC_NAME }}" - kubectl logs deployment/arc-gha-rs-controller -n "arc-systems" - - init-with-min-runners: - runs-on: ubuntu-latest - timeout-minutes: 20 - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.id == github.repository_id - env: - WORKFLOW_FILE: arc-test-workflow.yaml - steps: - - uses: actions/checkout@v5 - with: - ref: ${{ github.head_ref }} - - - uses: ./.github/actions/setup-arc-e2e - id: setup - with: - app-id: ${{secrets.E2E_TESTS_ACCESS_APP_ID}} - app-pk: ${{secrets.E2E_TESTS_ACCESS_PK}} - image-name: ${{env.IMAGE_NAME}} - image-tag: ${{env.IMAGE_VERSION}} - target-org: ${{env.TARGET_ORG}} - - - name: Install gha-runner-scale-set-controller - id: install_arc_controller - run: | - helm install arc \ - --namespace "arc-systems" \ - --create-namespace \ - --set image.repository=${{ env.IMAGE_NAME }} \ - --set image.tag=${{ env.IMAGE_VERSION }} \ - --set flags.updateStrategy="eventual" \ - ./charts/gha-runner-scale-set-controller \ - --debug - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l app.kubernetes.io/name=gha-rs-controller -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for controller pod with label app.kubernetes.io/name=gha-rs-controller" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l app.kubernetes.io/name=gha-rs-controller - kubectl get pod -n arc-systems - kubectl describe deployment arc-gha-rs-controller -n arc-systems - - - name: Install gha-runner-scale-set - id: install_arc - run: | - ARC_NAME=${{github.job}}-$(date +'%M%S')$((($RANDOM + 100) % 100 + 1)) - helm install "$ARC_NAME" \ - --namespace "arc-runners" \ - --create-namespace \ - --set githubConfigUrl="https://github.com/${{ env.TARGET_ORG }}/${{env.TARGET_REPO}}" \ - --set githubConfigSecret.github_token="${{ steps.setup.outputs.token }}" \ - --set minRunners=5 \ - ./charts/gha-runner-scale-set \ - --debug - echo "ARC_NAME=$ARC_NAME" >> $GITHUB_OUTPUT - count=0 - while true; do - POD_NAME=$(kubectl get pods -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME -o name) - if [ -n "$POD_NAME" ]; then - echo "Pod found: $POD_NAME" - break - fi - if [ "$count" -ge 60 ]; then - echo "Timeout waiting for listener pod with label actions.github.com/scale-set-name=$ARC_NAME" - exit 1 - fi - sleep 1 - count=$((count+1)) - done - kubectl wait --timeout=30s --for=condition=ready pod -n arc-systems -l actions.github.com/scale-set-name=$ARC_NAME - kubectl get pod -n arc-systems - - name: Ensure 5 runners are up - run: | - count=0 - while true; do - pod_count=$(kubectl get pods -n arc-runners --no-headers | wc -l) - if [[ "$pod_count" = 5 ]]; then - echo "5 pods are up!" - break - fi - if [[ "$count" -ge 30 ]]; then - echo "Timeout waiting for 5 pods to be created" - exit 1 - fi - sleep 1 - count=$((count+1)) - done diff --git a/.github/workflows/gha-publish-chart.yaml b/.github/workflows/gha-publish-chart.yaml deleted file mode 100644 index fac687eb..00000000 --- a/.github/workflows/gha-publish-chart.yaml +++ /dev/null @@ -1,208 +0,0 @@ -name: (gha) Publish Helm Charts - -on: - workflow_dispatch: - inputs: - ref: - description: "The branch, tag or SHA to cut a release from" - required: false - type: string - default: "" - release_tag_name: - description: "The name to tag the controller image with" - required: true - type: string - default: "canary" - push_to_registries: - description: "Push images to registries" - required: true - type: boolean - default: false - publish_gha_runner_scale_set_controller_chart: - description: "Publish new helm chart for gha-runner-scale-set-controller" - required: true - type: boolean - default: false - publish_gha_runner_scale_set_chart: - description: "Publish new helm chart for gha-runner-scale-set" - required: true - type: boolean - default: false - -env: - HELM_VERSION: v3.8.0 - -permissions: - packages: write - -concurrency: - group: ${{ github.workflow }} - cancel-in-progress: true - -jobs: - build-push-image: - name: Build and push controller image - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v5 - with: - # If inputs.ref is empty, it'll resolve to the default branch - ref: ${{ inputs.ref }} - - - name: Check chart versions - # Binary version and chart versions need to match. - # In case of an upgrade, the controller will try to clean up - # resources with older versions that should have been cleaned up - # during the upgrade process - run: ./hack/check-gh-chart-versions.sh ${{ inputs.release_tag_name }} - - - name: Resolve parameters - id: resolve_parameters - run: | - resolvedRef="${{ inputs.ref }}" - if [ -z "$resolvedRef" ] - then - resolvedRef="${{ github.ref }}" - fi - echo "resolved_ref=$resolvedRef" >> $GITHUB_OUTPUT - echo "INFO: Resolving short SHA for $resolvedRef" - echo "short_sha=$(git rev-parse --short $resolvedRef)" >> $GITHUB_OUTPUT - echo "INFO: Normalizing repository name (lowercase)" - echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - - - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - with: - # Pinning v0.9.1 for Buildx and BuildKit v0.10.6 - # BuildKit v0.11 which has a bug causing intermittent - # failures pushing images to GHCR - version: v0.9.1 - driver-opts: image=moby/buildkit:v0.10.6 - - - name: Login to GitHub Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build & push controller image - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 - with: - file: Dockerfile - platforms: linux/amd64,linux/arm64 - build-args: VERSION=${{ inputs.release_tag_name }} - push: ${{ inputs.push_to_registries }} - tags: | - ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/gha-runner-scale-set-controller:${{ inputs.release_tag_name }} - ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/gha-runner-scale-set-controller:${{ inputs.release_tag_name }}-${{ steps.resolve_parameters.outputs.short_sha }} - - - name: Job summary - run: | - echo "The [gha-publish-chart.yaml](https://github.com/actions/actions-runner-controller/blob/main/.github/workflows/gha-publish-chart.yaml) workflow run was completed successfully!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY - echo "- Ref: ${{ steps.resolve_parameters.outputs.resolvedRef }}" >> $GITHUB_STEP_SUMMARY - echo "- Short SHA: ${{ steps.resolve_parameters.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY - echo "- Release tag: ${{ inputs.release_tag_name }}" >> $GITHUB_STEP_SUMMARY - echo "- Push to registries: ${{ inputs.push_to_registries }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - - publish-helm-chart-gha-runner-scale-set-controller: - if: ${{ inputs.publish_gha_runner_scale_set_controller_chart == true }} - needs: build-push-image - name: Publish Helm chart for gha-runner-scale-set-controller - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v5 - with: - # If inputs.ref is empty, it'll resolve to the default branch - ref: ${{ inputs.ref }} - - - name: Resolve parameters - id: resolve_parameters - run: | - resolvedRef="${{ inputs.ref }}" - if [ -z "$resolvedRef" ] - then - resolvedRef="${{ github.ref }}" - fi - echo "INFO: Resolving short SHA for $resolvedRef" - echo "short_sha=$(git rev-parse --short $resolvedRef)" >> $GITHUB_OUTPUT - echo "INFO: Normalizing repository name (lowercase)" - echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - - - name: Set up Helm - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 - with: - version: ${{ env.HELM_VERSION }} - - - name: Publish new helm chart for gha-runner-scale-set-controller - run: | - echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin - GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG=$(cat charts/gha-runner-scale-set-controller/Chart.yaml | grep version: | cut -d " " -f 2) - echo "GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG=${GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG}" >> $GITHUB_ENV - helm package charts/gha-runner-scale-set-controller/ --version="${GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG}" - helm push gha-runner-scale-set-controller-"${GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG}".tgz oci://ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/actions-runner-controller-charts - - - name: Job summary - run: | - echo "New helm chart for gha-runner-scale-set-controller published successfully!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY - echo "- Ref: ${{ steps.resolve_parameters.outputs.resolvedRef }}" >> $GITHUB_STEP_SUMMARY - echo "- Short SHA: ${{ steps.resolve_parameters.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY - echo "- gha-runner-scale-set-controller Chart version: ${{ env.GHA_RUNNER_SCALE_SET_CONTROLLER_CHART_VERSION_TAG }}" >> $GITHUB_STEP_SUMMARY - - publish-helm-chart-gha-runner-scale-set: - if: ${{ inputs.publish_gha_runner_scale_set_chart == true }} - needs: build-push-image - name: Publish Helm chart for gha-runner-scale-set - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v5 - with: - # If inputs.ref is empty, it'll resolve to the default branch - ref: ${{ inputs.ref }} - - - name: Resolve parameters - id: resolve_parameters - run: | - resolvedRef="${{ inputs.ref }}" - if [ -z "$resolvedRef" ] - then - resolvedRef="${{ github.ref }}" - fi - echo "INFO: Resolving short SHA for $resolvedRef" - echo "short_sha=$(git rev-parse --short $resolvedRef)" >> $GITHUB_OUTPUT - echo "INFO: Normalizing repository name (lowercase)" - echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - - - name: Set up Helm - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 - with: - version: ${{ env.HELM_VERSION }} - - - name: Publish new helm chart for gha-runner-scale-set - run: | - echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin - - GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG=$(cat charts/gha-runner-scale-set/Chart.yaml | grep version: | cut -d " " -f 2) - echo "GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG=${GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG}" >> $GITHUB_ENV - helm package charts/gha-runner-scale-set/ --version="${GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG}" - helm push gha-runner-scale-set-"${GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG}".tgz oci://ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/actions-runner-controller-charts - - - name: Job summary - run: | - echo "New helm chart for gha-runner-scale-set published successfully!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY - echo "- Ref: ${{ steps.resolve_parameters.outputs.resolvedRef }}" >> $GITHUB_STEP_SUMMARY - echo "- Short SHA: ${{ steps.resolve_parameters.outputs.short_sha }}" >> $GITHUB_STEP_SUMMARY - echo "- gha-runner-scale-set Chart version: ${{ env.GHA_RUNNER_SCALE_SET_CHART_VERSION_TAG }}" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/gha-validate-chart.yaml b/.github/workflows/gha-validate-chart.yaml deleted file mode 100644 index 92312e10..00000000 --- a/.github/workflows/gha-validate-chart.yaml +++ /dev/null @@ -1,122 +0,0 @@ -name: (gha) Validate Helm Charts - -on: - pull_request: - branches: - - master - paths: - - "charts/**" - - ".github/workflows/gha-validate-chart.yaml" - - "!charts/actions-runner-controller/**" - - "!**.md" - push: - paths: - - "charts/**" - - ".github/workflows/gha-validate-chart.yaml" - - "!charts/actions-runner-controller/**" - - "!**.md" - workflow_dispatch: -env: - KUBE_SCORE_VERSION: 1.16.1 - HELM_VERSION: v3.17.0 - -permissions: - contents: read - -concurrency: - # This will make sure we only apply the concurrency limits on pull requests - # but not pushes to master branch by making the concurrency group name unique - # for pushes - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - validate-chart: - name: Lint Chart - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v5 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 - with: - version: ${{ env.HELM_VERSION }} - - # python is a requirement for the chart-testing action below (supports yamllint among other tests) - - uses: actions/setup-python@v6 - with: - python-version: "3.11" - - - name: Set up chart-testing - uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - ct version - changed=$(ct list-changed --config charts/.ci/ct-config-gha.yaml) - if [[ -n "$changed" ]]; then - echo "changed=true" >> $GITHUB_OUTPUT - fi - - - name: Run chart-testing (lint) - run: | - ct lint --config charts/.ci/ct-config-gha.yaml - - - name: Set up docker buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - if: steps.list-changed.outputs.changed == 'true' - with: - version: latest - - - name: Build controller image - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 - if: steps.list-changed.outputs.changed == 'true' - with: - file: Dockerfile - platforms: linux/amd64 - load: true - build-args: | - DOCKER_IMAGE_NAME=test-arc - VERSION=dev - tags: | - test-arc:dev - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Create kind cluster - uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 - if: steps.list-changed.outputs.changed == 'true' - with: - cluster_name: chart-testing - - - name: Load image into cluster - if: steps.list-changed.outputs.changed == 'true' - run: | - export DOCKER_IMAGE_NAME=test-arc - export VERSION=dev - export IMG_RESULT=load - make docker-buildx - kind load docker-image test-arc:dev --name chart-testing - - - name: Run chart-testing (install) - if: steps.list-changed.outputs.changed == 'true' - run: | - ct install --config charts/.ci/ct-config-gha.yaml - test-chart: - name: Test Chart - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v5 - - uses: actions/setup-go@v6 - with: - go-version-file: "go.mod" - cache: false - - name: Test gha-runner-scale-set - run: go test ./charts/gha-runner-scale-set/... - - name: Test gha-runner-scale-set-controller - run: go test ./charts/gha-runner-scale-set-controller/... diff --git a/.github/workflows/global-publish-canary.yaml b/.github/workflows/global-publish-canary.yaml deleted file mode 100644 index c1d50f32..00000000 --- a/.github/workflows/global-publish-canary.yaml +++ /dev/null @@ -1,133 +0,0 @@ -name: Publish Canary Images - -# Revert to https://github.com/actions-runner-controller/releases#releases -# for details on why we use this approach -on: - push: - branches: - - master - paths-ignore: - - "**.md" - - ".github/actions/**" - - ".github/ISSUE_TEMPLATE/**" - - ".github/workflows/e2e-test-dispatch-workflow.yaml" - - ".github/workflows/gha-e2e-tests.yaml" - - ".github/workflows/arc-publish.yaml" - - ".github/workflows/arc-publish-chart.yaml" - - ".github/workflows/gha-publish-chart.yaml" - - ".github/workflows/arc-release-runners.yaml" - - ".github/workflows/global-run-codeql.yaml" - - ".github/workflows/global-run-first-interaction.yaml" - - ".github/workflows/global-run-stale.yaml" - - ".github/workflows/arc-update-runners-scheduled.yaml" - - ".github/workflows/validate-arc.yaml" - - ".github/workflows/arc-validate-chart.yaml" - - ".github/workflows/gha-validate-chart.yaml" - - ".github/workflows/arc-validate-runners.yaml" - - ".github/dependabot.yml" - - ".github/RELEASE_NOTE_TEMPLATE.md" - - "runner/**" - - ".gitignore" - - "PROJECT" - - "LICENSE" - - "Makefile" - -# https://docs.github.com/en/rest/overview/permissions-required-for-github-apps -permissions: - contents: read - packages: write - -concurrency: - group: ${{ github.workflow }} - cancel-in-progress: true - -env: - # Safeguard to prevent pushing images to registeries after build - PUSH_TO_REGISTRIES: true - -jobs: - legacy-canary-build: - name: Build and Publish Legacy Canary Image - runs-on: ubuntu-latest - env: - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - TARGET_ORG: actions-runner-controller - TARGET_REPO: actions-runner-controller - steps: - - name: Checkout - uses: actions/checkout@v5 - - - name: Get Token - id: get_workflow_token - uses: peter-murray/workflow-application-token-action@d17e3a9a36850ea89f35db16c1067dd2b68ee343 - with: - application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} - application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }} - organization: ${{ env.TARGET_ORG }} - - - name: Trigger Build And Push Images To Registries - run: | - # Authenticate - gh auth login --with-token <<< ${{ steps.get_workflow_token.outputs.token }} - - # Trigger the workflow run - jq -n '{"event_type": "canary", "client_payload": {"sha": "${{ github.sha }}", "push_to_registries": ${{ env.PUSH_TO_REGISTRIES }}}}' \ - | gh api -X POST /repos/actions-runner-controller/releases/dispatches --input - - - - name: Job summary - run: | - echo "The [publish-canary](https://github.com/actions-runner-controller/releases/blob/main/.github/workflows/publish-canary.yaml) workflow has been triggered!" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Parameters:**" >> $GITHUB_STEP_SUMMARY - echo "- sha: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY - echo "- Push to registries: ${{ env.PUSH_TO_REGISTRIES }}" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**Status:**" >> $GITHUB_STEP_SUMMARY - echo "[https://github.com/actions-runner-controller/releases/actions/workflows/publish-canary.yaml](https://github.com/actions-runner-controller/releases/actions/workflows/publish-canary.yaml)" >> $GITHUB_STEP_SUMMARY - - canary-build: - name: Build and Publish gha-runner-scale-set-controller Canary Image - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v5 - - - name: Login to GitHub Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Normalization is needed because upper case characters are not allowed in the repository name - # and the short sha is needed for image tagging - - name: Resolve parameters - id: resolve_parameters - run: | - echo "INFO: Resolving short sha" - echo "short_sha=$(git rev-parse --short ${{ github.ref }})" >> $GITHUB_OUTPUT - echo "INFO: Normalizing repository name (lowercase)" - echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - - - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 - with: - version: latest - - # Unstable builds - run at your own risk - - name: Build and Push - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 - with: - context: . - file: ./Dockerfile - platforms: linux/amd64,linux/arm64 - build-args: VERSION=canary-${{ steps.resolve_parameters.outputs.short_sha }} - push: ${{ env.PUSH_TO_REGISTRIES }} - tags: | - ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/gha-runner-scale-set-controller:canary - ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/gha-runner-scale-set-controller:canary-${{ steps.resolve_parameters.outputs.short_sha }} - cache-from: type=gha - cache-to: type=gha,mode=max diff --git a/.github/workflows/global-run-codeql.yaml b/.github/workflows/global-run-codeql.yaml deleted file mode 100644 index 5359dc2e..00000000 --- a/.github/workflows/global-run-codeql.yaml +++ /dev/null @@ -1,44 +0,0 @@ -name: Run CodeQL - -on: - push: - branches: - - master - pull_request: - branches: - - master - schedule: - - cron: '30 1 * * 0' - -concurrency: - # This will make sure we only apply the concurrency limits on pull requests - # but not pushes to master branch by making the concurrency group name unique - # for pushes - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - security-events: write - steps: - - name: Checkout repository - uses: actions/checkout@v5 - - - name: Install Go - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - name: Initialize CodeQL - uses: github/codeql-action/init@v4 - with: - languages: go, actions - - - name: Autobuild - uses: github/codeql-action/autobuild@v4 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/global-run-first-interaction.yaml b/.github/workflows/global-run-first-interaction.yaml deleted file mode 100644 index 79ae7cc1..00000000 --- a/.github/workflows/global-run-first-interaction.yaml +++ /dev/null @@ -1,34 +0,0 @@ -name: First Interaction - -permissions: - contents: read - issues: write - pull-requests: write - -on: - issues: - types: [opened] - pull_request: - branches: [master] - types: [opened] - -jobs: - check_for_first_interaction: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - - uses: actions/first-interaction@v3 - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - issue_message: | - Hello! Thank you for filing an issue. - - The maintainers will triage your issue shortly. - - In the meantime, please take a look at the [troubleshooting guide](https://github.com/actions/actions-runner-controller/blob/master/TROUBLESHOOTING.md) for bug reports. - - If this is a feature request, please review our [contribution guidelines](https://github.com/actions/actions-runner-controller/blob/master/CONTRIBUTING.md). - pr_message: | - Hello! Thank you for your contribution. - - Please review our [contribution guidelines](https://github.com/actions/actions-runner-controller/blob/master/CONTRIBUTING.md) to understand the project's testing and code conventions. diff --git a/.github/workflows/global-run-stale.yaml b/.github/workflows/global-run-stale.yaml deleted file mode 100644 index 1d30b0d4..00000000 --- a/.github/workflows/global-run-stale.yaml +++ /dev/null @@ -1,25 +0,0 @@ -name: Run Stale Bot -on: - schedule: - - cron: '30 1 * * *' - -permissions: - contents: read - -jobs: - stale: - name: Run Stale - runs-on: ubuntu-latest - permissions: - issues: write # for actions/stale to close stale issues - pull-requests: write # for actions/stale to close stale PRs - steps: - - uses: actions/stale@v10 - with: - stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.' - # turn off stale for both issues and PRs - days-before-stale: -1 - # turn stale back on for issues only - days-before-issue-stale: 30 - days-before-issue-close: 14 - exempt-issue-labels: 'pinned,security,enhancement,refactor,documentation,chore,bug,dependencies,needs-investigation' diff --git a/.github/workflows/go.yaml b/.github/workflows/go.yaml deleted file mode 100644 index 9a2e2d24..00000000 --- a/.github/workflows/go.yaml +++ /dev/null @@ -1,88 +0,0 @@ -name: Go -on: - push: - branches: - - master - paths: - - ".github/workflows/go.yaml" - - "**.go" - - "go.mod" - - "go.sum" - pull_request: - paths: - - ".github/workflows/go.yaml" - - "**.go" - - "go.mod" - - "go.sum" - -permissions: - contents: read - -concurrency: - # This will make sure we only apply the concurrency limits on pull requests - # but not pushes to master branch by making the concurrency group name unique - # for pushes - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - fmt: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - - uses: actions/setup-go@v6 - with: - go-version-file: "go.mod" - cache: false - - name: fmt - run: go fmt ./... - - name: Check diff - run: git diff --exit-code - - lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - - uses: actions/setup-go@v6 - with: - go-version-file: "go.mod" - cache: false - - name: golangci-lint - uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 - with: - only-new-issues: true - version: v2.5.0 - - generate: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - - uses: actions/setup-go@v6 - with: - go-version-file: "go.mod" - cache: false - - name: Generate - run: make generate - - name: Check diff - run: git diff --exit-code - - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - - uses: actions/setup-go@v6 - with: - go-version-file: "go.mod" - - run: make manifests - - name: Check diff - run: git diff --exit-code - - name: Install kubebuilder - run: | - curl -D headers.txt -fsL "https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-1.30.0-linux-amd64.tar.gz" -o kubebuilder-tools - echo "$(grep -i etag headers.txt -m 1 | cut -d'"' -f2) kubebuilder-tools" > sum - md5sum -c sum - tar -zvxf kubebuilder-tools - sudo mv kubebuilder /usr/local/ - - name: Run go tests - run: | - go test -short `go list ./... | grep -v ./test_e2e_arc`