actions/actions-runner-controller
1
0
Fork 0
mirror of https://github.com/actions/actions-runner-controller.git synced 2026-02-26 04:12:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

warn when requireJobContainer is set to false

Browse Source
This commit is contained in:
Nikola Jokic
2026-02-24 20:27:40 +01:00
parent 6638905d3e
commit 79d2bc29fa
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
charts/gha-runner-scale-set-experimental/templates/_mode_kubernetes.tpl
View File

@@ -62,6 +62,9 @@ env:
fieldPath: metadata.name
- name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
value: {{ ternary "true" "false" $requireJobContainer | quote }}
{{- if not $requireJobContainer -}}
{{- printf "# WARNING: runner.kubernetesMode.requireJobContainer is set to false. This means that the runner container will be used to execute jobs, which may lead to security risks if the runner is compromised. It is recommended to set runner.kubernetesMode.requireJobContainer to true in production environments." }}
{{- end -}}
{{- if and $hasExtension $setHookTemplateEnv }}
- name: ACTIONS_RUNNER_CONTAINER_HOOK_TEMPLATE
value: {{ $hookTemplatePath | quote }}
@@ -236,4 +239,4 @@ Create the labels for the hook extension ConfigMap.
{{- $commonLabels := include "gha-common-labels" . | fromYaml -}}
{{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}}
{{- toYaml (mergeOverwrite $global $resourceLabels $commonLabels) -}}
{{- end }}
{{- end }}