Bump the actions group across 1 directory with 4 updates

Bumps the actions group with 4 updates in the / directory: [helm/chart-testing-action](https://github.com/helm/chart-testing-action), [helm/kind-action](https://github.com/helm/kind-action), [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action).


Updates `helm/chart-testing-action` from 2.7.0 to 2.8.0
- [Release notes](https://github.com/helm/chart-testing-action/releases)
- [Commits](0d28d3144d...6ec842c01d)

Updates `helm/kind-action` from 1.12.0 to 1.13.0
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](a1b0e39133...92086f6be0)

Updates `docker/setup-qemu-action` from 3.6.0 to 3.7.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](29109295f8...c7c5346462)

Updates `golangci/golangci-lint-action` from 8.0.0 to 9.0.0
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](4afd733a84...0a35821d5c)

---
updated-dependencies:
- dependency-name: helm/chart-testing-action
  dependency-version: 2.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: helm/kind-action
  dependency-version: 1.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: docker/setup-qemu-action
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: golangci/golangci-lint-action
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/arc-publish-chart.yaml

@@ -63,7 +63,7 @@ jobs:
           python-version: "3.11"
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
+        uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -79,7 +79,7 @@ jobs:
 
       - name: Create kind cluster
         if: steps.list-changed.outputs.changed == 'true'
-        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3
+        uses: helm/kind-action@92086f6be054225fa813e0a4b13787fc9088faab
 
       # We need cert-manager already installed in the cluster because we assume the CRDs exist
       - name: Install cert-manager

.github/workflows/arc-release-runners.yaml

@@ -19,7 +19,7 @@ env:
   PUSH_TO_REGISTRIES: true
   TARGET_ORG: actions-runner-controller
   TARGET_WORKFLOW: release-runners.yaml
-  DOCKER_VERSION: 24.0.7
+  DOCKER_VERSION: 28.0.4
 
 concurrency:
   group: ${{ github.workflow }}

.github/workflows/arc-validate-chart.yaml

@@ -55,7 +55,7 @@ jobs:
           python-version: "3.11"
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
+        uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -70,7 +70,7 @@ jobs:
           ct lint --config charts/.ci/ct-config.yaml
 
       - name: Create kind cluster
-        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3
+        uses: helm/kind-action@92086f6be054225fa813e0a4b13787fc9088faab
         if: steps.list-changed.outputs.changed == 'true'
 
       # We need cert-manager already installed in the cluster because we assume the CRDs exist

.github/workflows/gha-e2e-tests.yaml

@@ -984,7 +984,7 @@ jobs:
               echo "5 pods are up!"
               break
             fi
-            if [[ "$count" -ge 12 ]]; then
+            if [[ "$count" -ge 30 ]]; then
               echo "Timeout waiting for 5 pods to be created"
               exit 1
             fi

.github/workflows/gha-publish-chart.yaml

@@ -72,7 +72,7 @@ jobs:
           echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435

.github/workflows/gha-validate-chart.yaml

@@ -51,7 +51,7 @@ jobs:
           python-version: "3.11"
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b
+        uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -88,7 +88,7 @@ jobs:
           cache-to: type=gha,mode=max
 
       - name: Create kind cluster
-        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3
+        uses: helm/kind-action@92086f6be054225fa813e0a4b13787fc9088faab
         if: steps.list-changed.outputs.changed == 'true'
         with:
           cluster_name: chart-testing

.github/workflows/global-publish-canary.yaml

@@ -110,7 +110,7 @@ jobs:
           echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435

.github/workflows/go.yaml

@@ -48,7 +48,7 @@ jobs:
           go-version-file: "go.mod"
           cache: false
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9
+        uses: golangci/golangci-lint-action@0a35821d5c230e903fcfe077583637dea1b27b47
         with:
           only-new-issues: true
           version: v2.5.0
@@ -78,7 +78,7 @@ jobs:
         run: git diff --exit-code
       - name: Install kubebuilder
         run: |
-          curl -D headers.txt -fsL "https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-1.26.1-linux-amd64.tar.gz" -o kubebuilder-tools
+          curl -D headers.txt -fsL "https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-1.30.0-linux-amd64.tar.gz" -o kubebuilder-tools
           echo "$(grep -i etag headers.txt -m 1 | cut -d'"' -f2) kubebuilder-tools" > sum
           md5sum -c sum
           tar -zvxf kubebuilder-tools

controllers/actions.github.com/ephemeralrunner_controller.go

@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"net/http"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/actions/actions-runner-controller/apis/actions.github.com/v1alpha1"
@@ -282,7 +283,34 @@ func (r *EphemeralRunnerReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		case kerrors.IsAlreadyExists(err):
 			log.Info("Runner pod already exists. Waiting for the pod event to be received")
 			return ctrl.Result{Requeue: true, RequeueAfter: 5 * time.Second}, nil
-		case kerrors.IsInvalid(err) || kerrors.IsForbidden(err):
+		case kerrors.IsInvalid(err):
+			log.Error(err, "Failed to create a pod due to unrecoverable failure")
+			errMessage := fmt.Sprintf("Failed to create the pod: %v", err)
+			if err := r.markAsFailed(ctx, ephemeralRunner, errMessage, ReasonInvalidPodFailure, log); err != nil {
+				log.Error(err, "Failed to set ephemeral runner to phase Failed")
+				return ctrl.Result{}, err
+			}
+			return ctrl.Result{}, nil
+		case kerrors.IsForbidden(err):
+			if status, ok := err.(kerrors.APIStatus); ok || errors.As(err, &status) {
+				isResourceQuotaExceeded := strings.Contains(status.Status().Message, "exceeded quota:")
+				isAboutToExpire := ephemeralRunner.CreationTimestamp.Time.Add(10 * time.Minute).Before(time.Now())
+				switch {
+				case isResourceQuotaExceeded && isAboutToExpire:
+					log.Error(err, "Failed to create a pod due to resource quota exceeded and the ephemeral runner is about to expire; re-creating the ephemeral runner")
+					if err := r.Delete(ctx, ephemeralRunner); err != nil {
+						log.Error(err, "Failed to delete the ephemeral runner")
+						return ctrl.Result{}, err
+					}
+					return ctrl.Result{}, nil
+				case isResourceQuotaExceeded:
+					log.Error(err, "Resource quota is exceeded; requeue in 30s to retry pod creation")
+					return ctrl.Result{RequeueAfter: 30 * time.Second}, nil
+				default:
+					// other forbidden errors
+					// fallthrough to the default handling below
+				}
+			}
 			log.Error(err, "Failed to create a pod due to unrecoverable failure")
 			errMessage := fmt.Sprintf("Failed to create the pod: %v", err)
 			if err := r.markAsFailed(ctx, ephemeralRunner, errMessage, ReasonInvalidPodFailure, log); err != nil {

controllers/actions.github.com/resourcebuilder.go

@@ -690,20 +690,28 @@ func scaleSetListenerConfigName(autoscalingListener *v1alpha1.AutoscalingListene
 	return fmt.Sprintf("%s-config", autoscalingListener.Name)
 }
 
-func scaleSetListenerName(autoscalingRunnerSet *v1alpha1.AutoscalingRunnerSet) string {
-	namespaceHash := hash.FNVHashString(autoscalingRunnerSet.Namespace)
+func hashSuffix(namespace, runnerGroup, configURL string) string {
+	namespaceHash := hash.FNVHashString(namespace + "@" + runnerGroup + "@" + configURL)
 	if len(namespaceHash) > 8 {
 		namespaceHash = namespaceHash[:8]
 	}
-	return fmt.Sprintf("%v-%v-listener", autoscalingRunnerSet.Name, namespaceHash)
+	return namespaceHash
+}
+
+func scaleSetListenerName(autoscalingRunnerSet *v1alpha1.AutoscalingRunnerSet) string {
+	return fmt.Sprintf(
+		"%v-%v-listener",
+		autoscalingRunnerSet.Name,
+		hashSuffix(
+			autoscalingRunnerSet.Namespace,
+			autoscalingRunnerSet.Spec.RunnerGroup,
+			autoscalingRunnerSet.Spec.GitHubConfigUrl,
+		),
+	)
 }
 
 func proxyListenerSecretName(autoscalingListener *v1alpha1.AutoscalingListener) string {
-	namespaceHash := hash.FNVHashString(autoscalingListener.Spec.AutoscalingRunnerSetNamespace)
-	if len(namespaceHash) > 8 {
-		namespaceHash = namespaceHash[:8]
-	}
-	return fmt.Sprintf("%v-%v-listener-proxy", autoscalingListener.Spec.AutoscalingRunnerSetName, namespaceHash)
+	return autoscalingListener.Name + "-proxy"
 }
 
 func proxyEphemeralRunnerSetSecretName(ephemeralRunnerSet *v1alpha1.EphemeralRunnerSet) string {

runner/Makefile

@@ -8,7 +8,7 @@ TARGETPLATFORM ?= $(shell arch)
 
 RUNNER_VERSION ?= 2.329.0
 RUNNER_CONTAINER_HOOKS_VERSION ?= 0.8.0
-DOCKER_VERSION ?= 24.0.7
+DOCKER_VERSION ?= 28.0.4
 
 # default list of platforms for which multiarch image is built
 ifeq (${PLATFORMS}, )

runner/actions-runner-dind-rootless.ubuntu-20.04.dockerfile

@@ -5,7 +5,7 @@ ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION
 # Docker and Docker Compose arguments
 ENV CHANNEL=stable
-ARG DOCKER_COMPOSE_VERSION=v2.23.0
+ARG DOCKER_COMPOSE_VERSION=v2.38.2
 ARG DUMB_INIT_VERSION=1.2.5
 
 # Other arguments

runner/actions-runner-dind-rootless.ubuntu-22.04.dockerfile

@@ -5,7 +5,7 @@ ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION
 # Docker and Docker Compose arguments
 ENV CHANNEL=stable
-ARG DOCKER_COMPOSE_VERSION=v2.23.0
+ARG DOCKER_COMPOSE_VERSION=v2.38.2
 ARG DUMB_INIT_VERSION=1.2.5
 ARG RUNNER_USER_UID=1001
 

runner/actions-runner-dind-rootless.ubuntu-24.04.dockerfile

@@ -5,7 +5,7 @@ ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION
 # Docker and Docker Compose arguments
 ENV CHANNEL=stable
-ARG DOCKER_COMPOSE_VERSION=v2.23.0
+ARG DOCKER_COMPOSE_VERSION=v2.38.2
 ARG DUMB_INIT_VERSION=1.2.5
 ARG RUNNER_USER_UID=1001
 

runner/actions-runner-dind.ubuntu-20.04.dockerfile

@@ -5,8 +5,8 @@ ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION
 # Docker and Docker Compose arguments
 ARG CHANNEL=stable
-ARG DOCKER_VERSION=24.0.7
-ARG DOCKER_COMPOSE_VERSION=v2.23.0
+ARG DOCKER_VERSION=28.0.4
+ARG DOCKER_COMPOSE_VERSION=v2.38.2
 ARG DUMB_INIT_VERSION=1.2.5
 
 # Use 1001 and 121 for compatibility with GitHub-hosted runners

runner/actions-runner-dind.ubuntu-22.04.dockerfile

@@ -5,8 +5,8 @@ ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION
 # Docker and Docker Compose arguments
 ARG CHANNEL=stable
-ARG DOCKER_VERSION=24.0.7
-ARG DOCKER_COMPOSE_VERSION=v2.23.0
+ARG DOCKER_VERSION=28.0.4
+ARG DOCKER_COMPOSE_VERSION=v2.38.2
 ARG DUMB_INIT_VERSION=1.2.5
 ARG RUNNER_USER_UID=1001
 ARG DOCKER_GROUP_GID=121

runner/actions-runner-dind.ubuntu-24.04.dockerfile

@@ -5,8 +5,8 @@ ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION
 # Docker and Docker Compose arguments
 ARG CHANNEL=stable
-ARG DOCKER_VERSION=24.0.7
-ARG DOCKER_COMPOSE_VERSION=v2.23.0
+ARG DOCKER_VERSION=28.0.4
+ARG DOCKER_COMPOSE_VERSION=v2.38.2
 ARG DUMB_INIT_VERSION=1.2.5
 ARG RUNNER_USER_UID=1001
 ARG DOCKER_GROUP_GID=121

runner/actions-runner.ubuntu-20.04.dockerfile

@@ -5,8 +5,8 @@ ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION
 # Docker and Docker Compose arguments
 ARG CHANNEL=stable
-ARG DOCKER_VERSION=24.0.7
-ARG DOCKER_COMPOSE_VERSION=v2.23.0
+ARG DOCKER_VERSION=28.0.4
+ARG DOCKER_COMPOSE_VERSION=v2.38.2
 ARG DUMB_INIT_VERSION=1.2.5
 
 # Use 1001 and 121 for compatibility with GitHub-hosted runners

runner/actions-runner.ubuntu-22.04.dockerfile

@@ -5,8 +5,8 @@ ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION
 # Docker and Docker Compose arguments
 ARG CHANNEL=stable
-ARG DOCKER_VERSION=24.0.7
-ARG DOCKER_COMPOSE_VERSION=v2.23.0
+ARG DOCKER_VERSION=28.0.4
+ARG DOCKER_COMPOSE_VERSION=v2.38.2
 ARG DUMB_INIT_VERSION=1.2.5
 ARG RUNNER_USER_UID=1001
 ARG DOCKER_GROUP_GID=121

runner/actions-runner.ubuntu-24.04.dockerfile

@@ -5,8 +5,8 @@ ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION
 # Docker and Docker Compose arguments
 ARG CHANNEL=stable
-ARG DOCKER_VERSION=24.0.7
-ARG DOCKER_COMPOSE_VERSION=v2.23.0
+ARG DOCKER_VERSION=28.0.4
+ARG DOCKER_COMPOSE_VERSION=v2.38.2
 ARG DUMB_INIT_VERSION=1.2.5
 ARG RUNNER_USER_UID=1001
 ARG DOCKER_GROUP_GID=121

test/e2e/e2e_test.go

@@ -455,7 +455,7 @@ func buildVars(repo, ubuntuVer string) vars {
 		runnerRootlessDindImage     = testing.Img(runnerRootlessDindImageRepo, runnerImageTag)
 
 		dindSidecarImageRepo = "docker"
-		dindSidecarImageTag  = "24.0.7-dind"
+		dindSidecarImageTag  = "28.0.4-dind"
 		dindSidecarImage     = testing.Img(dindSidecarImageRepo, dindSidecarImageTag)
 	)