actions/actions-runner-controller
1
0
Fork 0
mirror of https://github.com/actions/actions-runner-controller.git synced 2026-01-14 23:45:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

adding tests checking auth

Browse Source
This commit is contained in:
Nikola Jokic
2026-01-12 15:59:27 +01:00
parent 9e871b42d4
commit 0bb603edc8
6 changed files with 620 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml
View File

@@ -10,6 +10,7 @@ spec:
githubConfigUrl: {{ required ".Values.auth.url is required" (trimSuffix "/" .Values.auth.url) | quote }} githubConfigUrl: {{ required ".Values.auth.url is required" (trimSuffix "/" .Values.auth.url) | quote }}
githubConfigSecret: {{ include "github-secret.name" . | quote }} githubConfigSecret: {{ include "github-secret.name" . | quote }}
runnerGroup: {{ .Values.scaleset.runnerGroup | quote }} runnerGroup: {{ .Values.scaleset.runnerGroup | quote }}
runnerScaleSetName: {{ .Values.scaleset.name | quote }}
{{- if .Values.githubServerTLS }} {{- if .Values.githubServerTLS }}
githubServerTLS: githubServerTLS:

245
charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_auth_test.yaml Normal file
View File

@@ -0,0 +1,245 @@
suite: "Test AutoscalingRunnerSet Authentication & Configuration"
templates:
- autoscalingrunnserset.yaml
tests:
- it: should require githubConfigUrl
set:
scaleset.name: "test"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- failedTemplate:
errorMessage: ".Values.auth.url is required"
- it: should render githubConfigUrl from auth.url
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.githubConfigUrl
value: "https://github.com/org"
- it: should trim trailing slash from githubConfigUrl
set:
scaleset.name: "test"
auth.url: "https://github.com/org/"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.githubConfigUrl
value: "https://github.com/org"
- it: should render default githubConfigSecret from release name
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.githubConfigSecret
value: "test-name-github-secret"
- it: should render custom githubConfigSecret when auth.secretName is provided
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
auth.secretName: "custom-github-secret"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.githubConfigSecret
value: '"custom-github-secret"'
- it: should render default runnerGroup when not configured
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.runnerGroup
value: "default"
- it: should render custom runnerGroup when configured
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
scaleset.runnerGroup: "custom-group"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.runnerGroup
value: "custom-group"
- it: should render runnerGroup with special characters
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
scaleset.runnerGroup: "my-custom-runner-group-123"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.runnerGroup
value: "my-custom-runner-group-123"
- it: should render runnerScaleSetName from scaleset.name
set:
scaleset.name: "my-runner-set"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.runnerScaleSetName
value: "my-runner-set"
- it: should use release name as metadata name when runnerScaleSetName not provided
set:
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "release-name"
namespace: "test-namespace"
asserts:
- equal:
path: metadata.name
value: "release-name"
- it: should use scaleset.name for spec.runnerScaleSetName when provided
set:
scaleset.name: "spec-runner-name"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "release-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.runnerScaleSetName
value: "spec-runner-name"
- it: should not normalize underscores in runnerScaleSetName (underscores are preserved)
set:
scaleset.name: "my_runner_set"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.runnerScaleSetName
value: "my_runner_set"
- it: should reject metadata name exceeding 45 characters
set:
runnerScaleSetName: "this-is-a-very-long-name-that-exceeds-forty-five-characters-long"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- failedTemplate:
errorMessage: "Autoscaling runner set name must have up to 45 characters"
- it: should handle githubConfigUrl with enterprise GitHub instance
set:
scaleset.name: "test"
auth.url: "https://github.enterprise.com/api/v3"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.githubConfigUrl
value: "https://github.enterprise.com/api/v3"
- it: should render all configuration together
set:
runnerScaleSetName: "prod-runners"
scaleset.name: "prod-spec-name"
auth.url: "https://github.com/myorg"
auth.githubToken: "gh_token12345"
auth.secretName: "gh-token-secret"
scaleset.runnerGroup: "prod-group"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "prod-scale-set"
namespace: "arc"
asserts:
- equal:
path: spec.githubConfigUrl
value: "https://github.com/myorg"
- equal:
path: spec.githubConfigSecret
value: '"gh-token-secret"'
- equal:
path: spec.runnerGroup
value: "prod-group"
- equal:
path: spec.runnerScaleSetName
value: "prod-spec-name"
- equal:
path: metadata.name
value: "prod-runners"
- equal:
path: metadata.namespace
value: "arc"

2
charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_test.yaml → charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_labels_test.yaml
View File

@@ -1,4 +1,4 @@
suite: "Test AutoscalingRunnerSet" suite: "Test AutoscalingRunnerSet Labels"
templates: templates:
- autoscalingrunnserset.yaml - autoscalingrunnserset.yaml
tests: tests:

71
charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_min_max_runners_test.yaml Normal file
View File

@@ -0,0 +1,71 @@
suite: "Test AutoscalingRunnerSet MinMax Runners"
templates:
- autoscalingrunnserset.yaml
tests:
- it: should set minRunners and maxRunners correctly
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
scaleset.minRunners: 2
scaleset.maxRunners: 5
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.minRunners
value: 2
- equal:
path: spec.maxRunners
value: 5
- it: should fail when minRunners is greater than maxRunners
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
scaleset.minRunners: 6
scaleset.maxRunners: 5
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- failedTemplate: {}
- it: should work when minRunners equals maxRunners
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
scaleset.minRunners: 5
scaleset.maxRunners: 5
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.minRunners
value: 5
- equal:
path: spec.maxRunners
value: 5
- it: should not set minRunners and maxRunners when not provided
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- notExists:
path: spec.minRunners
- notExists:
path: spec.maxRunners

290
charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_proxy_test.yaml Normal file
View File

@@ -0,0 +1,290 @@
suite: "Test AutoscalingRunnerSet Proxy Configuration"
templates:
- autoscalingrunnserset.yaml
tests:
- it: should not render proxy section when not configured
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- notExists:
path: spec.proxy
- it: should render http proxy configuration
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
proxy:
http:
url: "http://proxy.example.com:3128"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.proxy.http.url
value: "http://proxy.example.com:3128"
- notExists:
path: spec.proxy.https
- it: should render https proxy configuration
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
proxy:
https:
url: "https://secure-proxy.example.com:3128"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.proxy.https.url
value: "https://secure-proxy.example.com:3128"
- notExists:
path: spec.proxy.http
- it: should render both http and https proxy configuration
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
proxy:
http:
url: "http://proxy.example.com:3128"
https:
url: "https://secure-proxy.example.com:3128"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.proxy.http.url
value: "http://proxy.example.com:3128"
- equal:
path: spec.proxy.https.url
value: "https://secure-proxy.example.com:3128"
- it: should render http proxy with credential secret reference
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
proxy:
http:
url: "http://proxy.example.com:3128"
credentialSecretRef: "proxy-credentials"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.proxy.http.url
value: "http://proxy.example.com:3128"
- equal:
path: spec.proxy.http.credentialSecretRef
value: "proxy-credentials"
- it: should render https proxy with credential secret reference
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
proxy:
https:
url: "https://secure-proxy.example.com:3128"
credentialSecretRef: "secure-proxy-creds"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.proxy.https.url
value: "https://secure-proxy.example.com:3128"
- equal:
path: spec.proxy.https.credentialSecretRef
value: "secure-proxy-creds"
- it: should render proxy with noProxy list
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
proxy:
http:
url: "http://proxy.example.com:3128"
noProxy:
- "localhost"
- "127.0.0.1"
- ".example.local"
- "10.0.0.0/8"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.proxy.http.url
value: "http://proxy.example.com:3128"
- contains:
path: spec.proxy.noProxy
content: "localhost"
- contains:
path: spec.proxy.noProxy
content: "127.0.0.1"
- contains:
path: spec.proxy.noProxy
content: ".example.local"
- contains:
path: spec.proxy.noProxy
content: "10.0.0.0/8"
- it: should render complete proxy configuration with all options
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
proxy:
http:
url: "http://proxy.example.com:3128"
credentialSecretRef: "proxy-credentials"
https:
url: "https://secure-proxy.example.com:3128"
credentialSecretRef: "secure-proxy-creds"
noProxy:
- "localhost"
- "127.0.0.1"
- ".local"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.proxy.http.url
value: "http://proxy.example.com:3128"
- equal:
path: spec.proxy.http.credentialSecretRef
value: "proxy-credentials"
- equal:
path: spec.proxy.https.url
value: "https://secure-proxy.example.com:3128"
- equal:
path: spec.proxy.https.credentialSecretRef
value: "secure-proxy-creds"
- contains:
path: spec.proxy.noProxy
content: "localhost"
- contains:
path: spec.proxy.noProxy
content: "127.0.0.1"
- contains:
path: spec.proxy.noProxy
content: ".local"
- it: should render proxy configuration with empty noProxy list
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
proxy:
http:
url: "http://proxy.example.com:3128"
noProxy: []
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.proxy.http.url
value: "http://proxy.example.com:3128"
- notExists:
path: spec.proxy.noProxy
- it: should not render proxy when configured as empty object
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
proxy: {}
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- notExists:
path: spec.proxy
- it: should render proxy with only http without credentials
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
proxy:
http:
url: "http://unauthenticated-proxy.example.com:8080"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.proxy.http.url
value: "http://unauthenticated-proxy.example.com:8080"
- notExists:
path: spec.proxy.http.credentialSecretRef
- notExists:
path: spec.proxy.https
- it: should render proxy with https and noProxy without http
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
proxy:
https:
url: "https://secure-proxy.example.com:3128"
noProxy:
- "internal.example.com"
- "*.local"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.proxy.https.url
value: "https://secure-proxy.example.com:3128"
- notExists:
path: spec.proxy.http
- contains:
path: spec.proxy.noProxy
content: "internal.example.com"
- contains:
path: spec.proxy.noProxy
content: "*.local"

15
charts/gha-runner-scale-set-dev/values.yaml
View File

@@ -27,6 +27,12 @@ auth:
installationId: "" installationId: ""
privateKey: "" privateKey: ""
# secretResolution configures how secrets are resolved for this scale set.
# By default, secrets are resolved using Kubernetes secrets. When Kubernetes
# secrets are used, no proxy config will be applied.
#
# If you decide to use secret integrations with vaults, you can configure
# proxy settings for the vault communication here.
secretResolution: secretResolution:
# Name of the secret resolver to use. # Name of the secret resolver to use.
# Available values: # Available values:
@@ -46,16 +52,15 @@ secretResolution:
# - example.com # - example.com
# - example.org # - example.org
## Configuration for Azure Key Vault integration
# azureKeyVault: # azureKeyVault:
# url: "" # url: ""
# client_id: "" # client_id: ""
# tenant_id: "" # tenant_id: ""
# certificate_path: "" # certificate_path: ""
# ## Proxy can be used to define proxy settings that will be used by the
## proxy can be used to define proxy settings that will be used by the
## controller, the listener and the runner of this scale set. ## controller, the listener and the runner of this scale set.
#
# proxy: # proxy:
# http: # http:
# url: http://proxy.com:1234 # url: http://proxy.com:1234
@@ -86,15 +91,19 @@ secretResolution:
## Resource object allows modifying resources created by the chart itself ## Resource object allows modifying resources created by the chart itself
resource: resource:
# Specifies metadata that will be applied to all resources managed by ARC
all: all:
metadata: metadata:
labels: {} labels: {}
annotations: {} annotations: {}
# Specifies metadata that will be applied to the AutoscalingRunnerSet resource
autoscalingRunnerSet: autoscalingRunnerSet:
metadata: metadata:
labels: {} labels: {}
annotations: {} annotations: {}
# TODO: Add more resource customizations when needed
# Template applied for the runner container # Template applied for the runner container
runner: runner: