actions/actions-runner-controller
1
0
Fork 0
mirror of https://github.com/actions/actions-runner-controller.git synced 2026-01-16 16:59:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

add more fields and tests

Browse Source
This commit is contained in:
Nikola Jokic
2026-01-15 21:24:52 +01:00
parent 0bb603edc8
commit a7a4eb481a
5 changed files with 284 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
charts/gha-runner-scale-set-dev/templates/_helpers.tpl
View File

@@ -63,6 +63,41 @@ Takes a map of user labels and removes the ones with "actions.github.com/" prefi
{{- $processed | toYaml -}} {{- $processed | toYaml -}}
{{- end }} {{- end }}
{{/*
Takes a map of user annotations and removes reserved ones.
Reserved annotations are managed by ARC/controllers and should not be set by users:
- actions.github.com/cleanup-*
- actions.github.com/values-hash
*/}}
{{- define "gha-process-annotations" -}}
{{- $userAnnotations := . -}}
{{- $processed := dict -}}
{{- range $key, $value := $userAnnotations -}}
{{- if not (or (hasPrefix "actions.github.com/cleanup-" $key) (eq $key "actions.github.com/values-hash")) -}}
{{- $_ := set $processed $key $value -}}
{{- end -}}
{{- end -}}
{{- $processed | toYaml -}}
{{- end }}
{{/*
Create the annotations for the autoscaling runner set.
Order of precedence:
1) resource.all.metadata.annotations
2) resource.autoscalingRunnerSet.metadata.annotations
Reserved annotations are excluded from both levels.
*/}}
{{- define "autoscaling-runner-set.annotations" -}}
{{- $global := include "gha-process-annotations" (.Values.resource.all.metadata.annotations | default (dict)) | fromYaml -}}
{{- $resource := include "gha-process-annotations" (.Values.resource.autoscalingRunnerSet.metadata.annotations | default (dict)) | fromYaml -}}
{{- $annotations := mergeOverwrite $global $resource -}}
{{- range $k, $v := $annotations }}
{{ $k }}: {{ $v | quote }}
{{- end }}
{{- end }}
{{/* {{/*
Create chart name and version as used by the chart label. Create chart name and version as used by the chart label.
*/}} */}}

6
charts/gha-runner-scale-set-dev/templates/autoscalingrunnserset.yaml
View File

@@ -5,6 +5,9 @@ metadata:
namespace: {{ include "autoscaling-runner-set.namespace" . | quote }} namespace: {{ include "autoscaling-runner-set.namespace" . | quote }}
labels: labels:
{{- include "autoscaling-runner-set.labels" . | nindent 4 }} {{- include "autoscaling-runner-set.labels" . | nindent 4 }}
annotations:
{{- include "autoscaling-runner-set.annotations" . | nindent 4 }}
actions.github.com/values-hash: {{ toJson .Values | sha256sum | trunc 63 }}
spec: spec:
githubConfigUrl: {{ required ".Values.auth.url is required" (trimSuffix "/" .Values.auth.url) | quote }} githubConfigUrl: {{ required ".Values.auth.url is required" (trimSuffix "/" .Values.auth.url) | quote }}
@@ -36,7 +39,7 @@ spec:
certificatePath: {{ .Values.secretResolution.azureKeyVault.certificatePath }} certificatePath: {{ .Values.secretResolution.azureKeyVault.certificatePath }}
secretKey: {{ .Values.secretResolution.azureKeyVault.secretKey }} secretKey: {{ .Values.secretResolution.azureKeyVault.secretKey }}
{{- else }} {{- else }}
{{- fail "Unsupported keyVault type: " .Values.secretResolution.type }} {{- fail (printf "Unsupported keyVault type: %s" .Values.secretResolution.type) }}
{{- end }} {{- end }}
{{- end }} {{- end }}
@@ -94,4 +97,3 @@ spec:
template: template:
spec: spec:
containers: containers:
# {{- include "container-spec.runner" . | nindent 8 }}

79
charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_annotations_test.yaml Normal file
View File

@@ -0,0 +1,79 @@
suite: "Test AutoscalingRunnerSet Annotations"
templates:
- autoscalingrunnserset.yaml
tests:
- it: should render values-hash annotation
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- exists:
path: metadata.annotations["actions.github.com/values-hash"]
- it: should merge global and resource annotations (resource overrides global)
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
all:
metadata:
annotations:
a: "global"
shared: "global"
autoscalingRunnerSet:
metadata:
annotations:
b: "resource"
shared: "resource"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: metadata.annotations.a
value: "global"
- equal:
path: metadata.annotations.b
value: "resource"
- equal:
path: metadata.annotations.shared
value: "resource"
- it: should not allow overriding reserved values-hash annotation
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
resource:
all:
metadata:
annotations:
actions.github.com/values-hash: "user-value"
ok: "ok"
autoscalingRunnerSet:
metadata:
annotations:
actions.github.com/cleanup-something: "should-not-render"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: metadata.annotations.ok
value: "ok"
- notEqual:
path: metadata.annotations["actions.github.com/values-hash"]
value: "user-value"
- notExists:
path: metadata.annotations["actions.github.com/cleanup-something"]

55
charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_listener_metrics_test.yaml Normal file
View File

@@ -0,0 +1,55 @@
suite: "Test AutoscalingRunnerSet Listener Metrics"
templates:
- autoscalingrunnserset.yaml
tests:
- it: should not render listenerMetrics when not configured
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- notExists:
path: spec.listenerMetrics
- it: should render listenerMetrics when configured
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
listenerMetrics:
counters:
gha_started_jobs_total:
labels:
- repository
- organization
histograms:
gha_job_startup_duration_seconds:
buckets:
- 0.1
- 1
- 2.5
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- exists:
path: spec.listenerMetrics
- equal:
path: spec.listenerMetrics.counters.gha_started_jobs_total.labels[0]
value: repository
- equal:
path: spec.listenerMetrics.counters.gha_started_jobs_total.labels[1]
value: organization
- contains:
path: spec.listenerMetrics.histograms.gha_job_startup_duration_seconds.buckets
content: 0.1
- contains:
path: spec.listenerMetrics.histograms.gha_job_startup_duration_seconds.buckets
content: 2.5

110
charts/gha-runner-scale-set-dev/tests/autoscaling_runner_set_vault_config_test.yaml Normal file
View File

@@ -0,0 +1,110 @@
suite: "Test AutoscalingRunnerSet Vault Config"
templates:
- autoscalingrunnserset.yaml
tests:
- it: should not render vaultConfig when secretResolution.type is kubernetes
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
secretResolution:
type: kubernetes
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- notExists:
path: spec.vaultConfig
- it: should render azureKeyVault vaultConfig when configured
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
secretResolution:
type: azureKeyVault
azureKeyVault:
url: "https://myvault.vault.azure.net"
tenantId: "tenant-123"
clientId: "client-456"
certificatePath: "/etc/certs/akv.pem"
secretKey: "secret-key-name"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.vaultConfig.type
value: azureKeyVault
- equal:
path: spec.vaultConfig.azureKeyVault.url
value: "https://myvault.vault.azure.net"
- equal:
path: spec.vaultConfig.azureKeyVault.tenantId
value: "tenant-123"
- equal:
path: spec.vaultConfig.azureKeyVault.clientId
value: "client-456"
- equal:
path: spec.vaultConfig.azureKeyVault.certificatePath
value: "/etc/certs/akv.pem"
- equal:
path: spec.vaultConfig.azureKeyVault.secretKey
value: "secret-key-name"
- it: should render vaultConfig proxy when configured
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
secretResolution:
type: azureKeyVault
proxy:
http:
url: "http://proxy.example.com:3128"
credentialSecretRef: "proxy-credentials"
noProxy:
- "localhost"
azureKeyVault:
url: "https://myvault.vault.azure.net"
tenantId: "tenant-123"
clientId: "client-456"
certificatePath: "/etc/certs/akv.pem"
secretKey: "secret-key-name"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- equal:
path: spec.vaultConfig.proxy.http.url
value: "http://proxy.example.com:3128"
- equal:
path: spec.vaultConfig.proxy.http.credentialSecretRef
value: "proxy-credentials"
- contains:
path: spec.vaultConfig.proxy.noProxy
content: "localhost"
- notExists:
path: spec.proxy
- it: should fail for unsupported secretResolution.type
set:
scaleset.name: "test"
auth.url: "https://github.com/org"
auth.githubToken: "gh_token12345"
controllerServiceAccount.name: "arc"
controllerServiceAccount.namespace: "arc-system"
secretResolution:
type: "hashicorpVault"
release:
name: "test-name"
namespace: "test-namespace"
asserts:
- failedTemplate:
errorMessage: "Unsupported keyVault type: hashicorpVault"