public_git
/
actions-runner-controller
mirror of https://github.com/actions-runner-controller/actions-runner-controller.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,836 Commits 30 Branches 148 Tags 33 MiB
Commit Graph

420 Commits

Author SHA1 Message Date
dhawalseth b1f916ee90
Merge branch 'master' into feature/mtls-proxy-support 2026-05-26 15:30:13 -07:00
Nikola Jokic 30879de182
Fix patch on autoscaling runner set when creating a runner scale set (#4502) 2026-05-22 17:51:47 +02:00
dhawalseth 03c274d103
Merge branch 'master' into feature/mtls-proxy-support 2026-05-18 23:36:48 -07:00
Dhawal Seth 784aad7778 Add mTLS (mutual TLS) support for proxy connections 
This change adds support for mTLS authentication when connecting through
proxies that require client certificates (e.g., corporate proxies like Kraken).

Changes:
- Add ProxyTLSConfig type with fields for:
  - clientCertSecretRef: K8s secret with tls.crt and tls.key
  - caCertSecretRef: K8s secret with ca.crt
  - caCertConfigMapRef: ConfigMap with ca.crt (alternative)
  - insecureSkipVerify: Skip server cert verification (testing only)

- Update ProxyServerConfig to include optional TLS configuration

- Add proxyTLSVolumesAndMounts helper to create volumes and mounts
  for proxy TLS certificates

- Update listener pod creation to mount proxy TLS certs at
  /etc/proxy-tls/{http,https}-proxy/{client,ca}/

- Update runner pod creation to mount proxy TLS certs

- Update Helm values.yaml with mTLS configuration examples

- Update Helm templates to pass TLS config to CRD

- Regenerate CRDs with new ProxyTLSConfig schema

Note: This provides the infrastructure to mount certificates. The actual
TLS client configuration in ghalistener requires corresponding changes
in the github.com/actions/scaleset library to use these certificates.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-05-18 23:23:06 -07:00
Nikola Jokic 081b9ce1ee
Fix secret reconciliation updates for the listener pod (#4492) 2026-05-11 15:04:07 +02:00
Junya Okabe 0f2a659878
Fix: Detect init container failure in EphemeralRunner controller (#4457) 2026-05-07 13:26:46 +02:00
Junya Okabe 8c84ab2f42
Fix empty GVK in OwnerReferences for modern controllers (#4475) 2026-04-29 19:29:09 +02:00
Junya Okabe a401686bd5
Add option to disable workqueue bucket rate limiter (#4451) 2026-04-22 23:26:39 +02:00
Nikola Jokic 802dc28d38
Add multi-label support to scalesets (#4408) 2026-03-19 15:29:40 +01:00
Nikola Jokic 9bc1c9e53e
Shutdown the scaleset when runner is deprecated (#4404) 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-03-19 13:30:20 +01:00
Nikola Jokic dc7c858e68
Remove actions client (#4405) 2026-03-16 14:39:55 +01:00
Nikola Jokic 276717a04b
Manually bump dependencies since it needs fixes related to the controller runtime API (#4406) 2026-03-16 10:09:36 +01:00
Nikola Jokic f99c6eda0b
Moving to scaleset client for the controller (#4390) 2026-03-13 14:36:41 +01:00
Nikola Jokic 1d9f626c53
Allow users to apply labels and annotations to internal resources (#4400) 2026-03-12 10:32:54 +01:00
Nikola Jokic cd5b93d1bc
Bump Go version (#4398) 2026-03-11 10:24:20 +01:00
gateixeira 1f615c1a33
feat: add default linux nodeSelector to listener pod (#4377) 
Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>
 2026-02-24 17:56:39 +01:00
Nikola Jokic 8b7fd9ffef
Switch client to scaleset library for the listener and update mocks (#4383) 2026-02-24 14:17:31 +01:00
Jiaren Wu d3ca9de3ca
Potential fix for code scanning alert no. 7: Use of a broken or weak cryptographic hashing algorithm on sensitive data (#4353) 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
 2026-01-14 21:04:02 -08:00
Nikola Jokic bfe78ccd5d
Make restart pod more flexible to different failure scenarios (#4340) 2025-12-19 15:49:42 +01:00
Nikola Jokic 50038fba61
Re-schedule if the failed reason starts with `OutOf` (#4336) 2025-12-16 13:26:44 +01:00
Nikola Jokic 82d5579696
Restart the listener if pod is evicted (#4332) 2025-12-09 17:55:09 +01:00
Nikola Jokic 95d2107a6a
Code style changes on the controller (#4324) 2025-11-21 14:20:44 +01:00
Nikola Jokic 6d07b8d853
Add ephemeral runner finalizer during creation and check finalizer without requeue (#4320) 2025-11-20 23:06:27 +01:00
Nikola Jokic 9f9409a4c1
Handle resource quota on status forbidden by retrying (#4305) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-10 13:58:25 +01:00
Nikola Jokic 3d73636407
Use combination of namespace, GitHub URL, and runner group when hashing the listener name (#4299) 2025-11-10 13:58:16 +01:00
Nikola Jokic 4d22089978
Delete listener resources without requeueing on each call (#4289) 2025-10-29 13:01:00 +01:00
Nikola Jokic 634e42c916
Bump all dependencies (#4266) 2025-10-14 13:24:25 +02:00
Nikola Jokic 94a6f3cc3a
Ensure ephemeral runner is deleted from the service on exit != 0 (#4260) 2025-10-06 11:38:56 +02:00
Nikola Jokic 088e2a3a90
Remove ephemeral runner when exit code != 0 and is patched with the job (#4239) 2025-09-17 21:40:37 +02:00
Nikola Jokic ddc2918a48
Requeue if create pod returns already exists error (#4201) 2025-08-14 17:00:48 +02:00
Nikola Jokic c27541140a
Remove JIT config from ephemeral runner status field (#4191) 2025-08-04 12:35:04 +02:00
Ho Kim aa14f50e45
feat(runner): add ubuntu 24.04 support (#3598) 2025-07-01 18:34:52 +09:00
Nikola Jokic 9890c0592d
Explicitly requeue during backoff ephemeral runner (#4152) 2025-06-27 12:05:43 +02:00
Nikola Jokic 3b5693eecb
Remove check if runner exists after exit code 0 (#4142) 2025-06-27 11:11:39 +02:00
Nikola Jokic e46c929241
Azure Key Vault integration to resolve secrets (#4090) 2025-06-11 15:53:33 +02:00
Wim Fournier d4af75d82e
Delete config secret when listener pod gets deleted (#4033) 
Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>
 2025-06-11 15:53:04 +02:00
Nikola Jokic 1dbb88cb9e
Allow use of client id as an app id (#4057) 2025-05-16 16:21:06 +02:00
Nikola Jokic 43f1cd0dac
Refactor resource naming removing unnecessary calculations (#4076) 2025-05-15 10:56:34 +02:00
Nikola Jokic 389d842a30
Relax version requirements to allow patch version mismatch (#4080) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-05-14 21:38:16 +02:00
Nikola Jokic cae7efa2c6
Create backoff mechanism for failed runners and allow re-creation of failed ephemeral runners (#4059) 2025-05-14 15:38:50 +02:00
Ryosei Karaki f832b0b254
upgrade(golangci-lint): v2.1.2 (#4023) 
Signed-off-by: karamaru-alpha <mrnk3078@gmail.com>
 2025-04-17 16:14:31 +02:00
Nikola Jokic 5a960b5ebb
Create configurable metrics (#3975) 2025-03-24 15:27:42 +01:00
kahirokunn eaa3f2a3a0
chore: Added `OwnerReferences` during resource creation for `EphemeralRunnerSet`, `EphemeralRunner`, and `EphemeralRunnerPod` (#3575) 2025-03-19 15:03:20 +01:00
Nikola Jokic fb9b96bf75
Update all dependencies, conforming to the new controller-runtime API (#3949) 2025-03-11 15:52:52 +01:00
Nikola Jokic d8f1a61ab6
Clean up as much as possible in a single pass for the EphemeralRunner reconciler (#3941) 2025-03-10 11:03:45 +01:00
Nikola Jokic 2dab45c373
Wrap errors in controller helper methods and swap logic in cleanups (#3960) 2025-03-07 11:58:53 +01:00
Nikola Jokic 7a5996f467
Remove old githubrunnerscalesetlistener, remove warning and fix config bug (#3937) 2025-03-07 11:58:16 +01:00
Nikola Jokic e122615553
Use Ready from the pod conditions when setting it to the EphemeralRunner (#3891) 2025-03-05 10:21:06 +01:00
Nikola Jokic e12a892748
Rename log from target/actual to build/autoscalingRunnerSet version (#3957) 2025-03-04 17:01:34 +01:00
&es 7ccc177b84
Sanitize labels ending in hyphen, underscore, and dot (#3664) 2025-02-18 15:15:39 +01:00