Github pkg: Bump github package to version 33 (#222)

Deprecated action `crazy-max/setup-buildx-action@v1` has been replaced with:
  `docker/setup-qemu-action@v1`
  `docker/setup-buildx-action@v1`
  `docker/login-action@v1`
  `docker/build-push-action@v2`

See: https://github.com/crazy-max/ghaction-docker-buildx

.github/workflows/build-runner.yml

@@ -27,46 +27,38 @@ jobs:
           - name: actions-runner-dind
             dockerfile: dindrunner.Dockerfile
     env:
-      RUNNER_VERSION: 2.274.1
+      RUNNER_VERSION: 2.274.2
       DOCKER_VERSION: 19.03.12
       DOCKERHUB_USERNAME: ${{ github.repository_owner }}
     steps:
       - name: Checkout
         uses: actions/checkout@v2
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
       - name: Set up Docker Buildx
-        id: buildx
+        uses: docker/setup-buildx-action@v1
-        uses: crazy-max/ghaction-docker-buildx@v1
         with:
-          buildx-version: latest
+          version: latest
 
-      - name: Build Container Image
+      - name: Login to DockerHub
-        working-directory: runner
+        uses: docker/login-action@v1
-        if: ${{ github.event_name == 'pull_request' }}
-        run: |
-          docker buildx build \
-            --build-arg RUNNER_VERSION=${RUNNER_VERSION} \
-            --build-arg DOCKER_VERSION=${DOCKER_VERSION} \
-            --platform linux/amd64,linux/arm64 \
-            --tag ${DOCKERHUB_USERNAME}/${{ matrix.name }}:v${RUNNER_VERSION} \
-            --tag ${DOCKERHUB_USERNAME}/${{ matrix.name }}:latest \
-            -f ${{ matrix.dockerfile }} .
-
-      - name: Login to GitHub Docker Registry
-        run: echo "${DOCKERHUB_PASSWORD}" | docker login -u "${DOCKERHUB_USERNAME}" --password-stdin
         if: ${{ github.event_name == 'push' }}
-        env:
+        with:
-          DOCKERHUB_USERNAME: ${{ github.repository_owner }}
+          username: ${{ github.repository_owner }}
-          DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
 
-      - name: Build and Push Container Image
+      - name: Build [and Push]
-        working-directory: runner
+        uses: docker/build-push-action@v2
-        if: ${{ github.event_name == 'push' }}
+        with:
-        run: |
+          context: ./runner
-          docker buildx build \
+          file: ./runner/${{ matrix.dockerfile }}
-            --build-arg RUNNER_VERSION=${RUNNER_VERSION} \
+          platforms: linux/amd64,linux/arm64
-            --build-arg DOCKER_VERSION=${DOCKER_VERSION} \
+          push: ${{ github.event_name != 'pull_request' }}
-            --platform linux/amd64,linux/arm64 \
+          build-args: |
-            --tag ${DOCKERHUB_USERNAME}/${{ matrix.name }}:v${RUNNER_VERSION} \
+            RUNNER_VERSION=${{ env.RUNNER_VERSION }}
-            --tag ${DOCKERHUB_USERNAME}/${{ matrix.name }}:latest \
+            DOCKER_VERSION=${{ env.DOCKER_VERSION }}
-            -f ${{ matrix.dockerfile }} . --push
+          tags: |
+            ${{ env.DOCKERHUB_USERNAME }}/${{ matrix.name }}:v${{ env.RUNNER_VERSION }}
+            ${{ env.DOCKERHUB_USERNAME }}/${{ matrix.name }}:latest

.github/workflows/release.yml

@@ -6,6 +6,8 @@ jobs:
   build:
     runs-on: ubuntu-latest
     name: Release
+    env:
+      DOCKERHUB_USERNAME: ${{ github.repository_owner }}
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -29,23 +31,26 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: make github-release
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
       - name: Set up Docker Buildx
         id: buildx
-        uses: crazy-max/ghaction-docker-buildx@v1
+        uses: docker/setup-buildx-action@v1
         with:
-          buildx-version: latest
+          version: latest
 
-      - name: Login to GitHub Docker Registry
+      - name: Login to DockerHub
-        run: echo "${DOCKERHUB_PASSWORD}" | docker login -u "${DOCKERHUB_USERNAME}" --password-stdin
+        uses: docker/login-action@v1
-        env:
+        with:
-          DOCKERHUB_USERNAME: ${{ github.repository_owner }}
+          username: ${{ github.repository_owner }}
-          DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+      - name: Build and Push
+        uses: docker/build-push-action@v2
+        with:
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:${{ env.VERSION }} 
 
-      - name: Build Container Image
-        env:
-          DOCKERHUB_USERNAME: ${{ github.repository_owner }}
-        run: |
-          docker buildx build \
-            --platform linux/amd64,linux/arm64 \
-            --tag ${DOCKERHUB_USERNAME}/actions-runner-controller:${{ env.VERSION }} \
-            -f Dockerfile . --push

.github/workflows/wip.yml

@@ -9,27 +9,32 @@ jobs:
   build:
     runs-on: ubuntu-latest
     name: release-latest
+    env:
+      DOCKERHUB_USERNAME: ${{ github.repository_owner }}
     steps:
       - name: Checkout
         uses: actions/checkout@v2
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
       - name: Set up Docker Buildx
         id: buildx
-        uses: crazy-max/ghaction-docker-buildx@v1
+        uses: docker/setup-buildx-action@v1
         with:
-          buildx-version: latest
+          version: latest
 
-      - name: Login to GitHub Docker Registry
+      - name: Login to DockerHub
-        run: echo "${DOCKERHUB_PASSWORD}" | docker login -u "${DOCKERHUB_USERNAME}" --password-stdin
+        uses: docker/login-action@v1
-        env:
+        with:
-          DOCKERHUB_USERNAME: ${{ github.repository_owner }}
+          username: ${{ github.repository_owner }}
-          DOCKERHUB_PASSWORD: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+      - name: Build and Push
+        uses: docker/build-push-action@v2
+        with:
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:latest 
 
-      - name: Build Container Image
-        env:
-          DOCKERHUB_USERNAME: ${{ github.repository_owner }}
-        run: |
-          docker buildx build \
-            --platform linux/amd64,linux/arm64 \
-            --tag ${DOCKERHUB_USERNAME}/actions-runner-controller:latest \
-            -f Dockerfile . --push

charts/actions-runner-controller/templates/deployment.yaml

@@ -25,6 +25,9 @@ spec:
       serviceAccountName: {{ include "actions-runner-controller.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- with .Values.priorityClassName }}
+      priorityClassName: "{{ . }}"
+      {{- end }}
       containers:
       - args:
         - "--metrics-addr=127.0.0.1:8080"

charts/actions-runner-controller/values.yaml

@@ -79,3 +79,8 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+# Leverage a PriorityClass to ensure your pods survive resource shortages
+# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+# PriorityClass: system-cluster-critical
+priorityClassName: ""

controllers/runner_controller.go

@@ -397,6 +397,12 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 					EmptyDir: &corev1.EmptyDirVolumeSource{},
 				},
 			},
+			{
+				Name: "certs-client",
+				VolumeSource: corev1.VolumeSource{
+					EmptyDir: &corev1.EmptyDirVolumeSource{},
+				},
+			},
 		}
 		pod.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{
 			{
@@ -407,11 +413,26 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 				Name:      "externals",
 				MountPath: "/runner/externals",
 			},
+			{
+				Name:      "certs-client",
+				MountPath: "/certs/client",
+				ReadOnly:  true,
+			},
 		}
-		pod.Spec.Containers[0].Env = append(pod.Spec.Containers[0].Env, corev1.EnvVar{
+		pod.Spec.Containers[0].Env = append(pod.Spec.Containers[0].Env, []corev1.EnvVar{
-			Name:  "DOCKER_HOST",
+			{
-			Value: "tcp://localhost:2375",
+				Name:  "DOCKER_HOST",
-		})
+				Value: "tcp://localhost:2376",
+			},
+			{
+				Name:  "DOCKER_TLS_VERIFY",
+				Value: "1",
+			},
+			{
+				Name:  "DOCKER_CERT_PATH",
+				Value: "/certs/client",
+			},
+		}...)
 		pod.Spec.Containers = append(pod.Spec.Containers, corev1.Container{
 			Name:  "docker",
 			Image: r.DockerImage,
@@ -424,11 +445,15 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 					Name:      "externals",
 					MountPath: "/runner/externals",
 				},
+				{
+					Name:      "certs-client",
+					MountPath: "/certs/client",
+				},
 			},
 			Env: []corev1.EnvVar{
 				{
 					Name:  "DOCKER_TLS_CERTDIR",
-					Value: "",
+					Value: "/certs",
 				},
 			},
 			SecurityContext: &corev1.SecurityContext{

controllers/runnerreplicaset_controller_test.go

@@ -6,7 +6,7 @@ import (
 	"net/http/httptest"
 	"time"
 
-	"github.com/google/go-github/v32/github"
+	"github.com/google/go-github/v33/github"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes/scheme"

github/fake/runners.go

@@ -6,7 +6,7 @@ import (
 	"net/http/httptest"
 	"strconv"
 
-	"github.com/google/go-github/v32/github"
+	"github.com/google/go-github/v33/github"
 	"github.com/gorilla/mux"
 )
 

github/github.go

@@ -10,7 +10,7 @@ import (
 	"time"
 
 	"github.com/bradleyfalzon/ghinstallation"
-	"github.com/google/go-github/v32/github"
+	"github.com/google/go-github/v33/github"
 	"golang.org/x/oauth2"
 )
 
@@ -32,6 +32,7 @@ type Client struct {
 	GithubBaseURL string
 }
 
+// NewClient creates a Github Client
 func (c *Config) NewClient() (*Client, error) {
 	var (
 		httpClient *http.Client
@@ -84,7 +85,7 @@ func (c *Client) GetRegistrationToken(ctx context.Context, org, repo, name strin
 	key := getRegistrationKey(org, repo)
 	rt, ok := c.regTokens[key]
 
-	if ok && rt.GetExpiresAt().After(time.Now().Add(-10*time.Minute)) {
+	if ok && rt.GetExpiresAt().After(time.Now()) {
 		return rt, nil
 	}
 
@@ -179,25 +180,25 @@ func (c *Client) cleanup() {
 func (c *Client) createRegistrationToken(ctx context.Context, owner, repo string) (*github.RegistrationToken, *github.Response, error) {
 	if len(repo) > 0 {
 		return c.Client.Actions.CreateRegistrationToken(ctx, owner, repo)
-	} else {
-		return CreateOrganizationRegistrationToken(ctx, c, owner)
 	}
+
+	return CreateOrganizationRegistrationToken(ctx, c, owner)
 }
 
 func (c *Client) removeRunner(ctx context.Context, owner, repo string, runnerID int64) (*github.Response, error) {
 	if len(repo) > 0 {
 		return c.Client.Actions.RemoveRunner(ctx, owner, repo, runnerID)
-	} else {
-		return RemoveOrganizationRunner(ctx, c, owner, runnerID)
 	}
+
+	return RemoveOrganizationRunner(ctx, c, owner, runnerID)
 }
 
 func (c *Client) listRunners(ctx context.Context, owner, repo string, opts *github.ListOptions) (*github.Runners, *github.Response, error) {
 	if len(repo) > 0 {
 		return c.Client.Actions.ListRunners(ctx, owner, repo, opts)
-	} else {
-		return ListOrganizationRunners(ctx, c, owner, opts)
 	}
+
+	return ListOrganizationRunners(ctx, c, owner, opts)
 }
 
 // Validates owner and repo arguments. Both are optional, but at least one should be specified
@@ -214,9 +215,8 @@ func getOwnerAndRepo(org, repo string) (string, string, error) {
 func getRegistrationKey(org, repo string) string {
 	if len(org) > 0 {
 		return org
-	} else {
-		return repo
 	}
+	return repo
 }
 
 func splitOwnerAndRepo(repo string) (string, string, error) {

github/github_beta.go

@@ -10,7 +10,7 @@ import (
 	"net/url"
 	"reflect"
 
-	"github.com/google/go-github/v32/github"
+	"github.com/google/go-github/v33/github"
 	"github.com/google/go-querystring/query"
 )
 

github/github_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/google/go-github/v32/github"
+	"github.com/google/go-github/v33/github"
 	"github.com/summerwind/actions-runner-controller/github/fake"
 )
 

go.mod

@@ -6,7 +6,9 @@ require (
 	github.com/bradleyfalzon/ghinstallation v1.1.1
 	github.com/davecgh/go-spew v1.1.1
 	github.com/go-logr/logr v0.1.0
+	github.com/google/go-github v17.0.0+incompatible // indirect
 	github.com/google/go-github/v32 v32.1.1-0.20200822031813-d57a3a84ba04
+	github.com/google/go-github/v33 v33.0.0
 	github.com/google/go-querystring v1.0.0
 	github.com/gorilla/mux v1.8.0
 	github.com/kelseyhightower/envconfig v1.4.0

go.sum

@@ -116,10 +116,14 @@ github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
+github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
 github.com/google/go-github/v29 v29.0.2 h1:opYN6Wc7DOz7Ku3Oh4l7prmkOMwEcQxpFtxdU8N8Pts=
 github.com/google/go-github/v29 v29.0.2/go.mod h1:CHKiKKPHJ0REzfwc14QMklvtHwCveD0PxlMjLlzAM5E=
 github.com/google/go-github/v32 v32.1.1-0.20200822031813-d57a3a84ba04 h1:wEYk2h/GwOhImcVjiTIceP88WxVbXw2F+ARYUQMEsfg=
 github.com/google/go-github/v32 v32.1.1-0.20200822031813-d57a3a84ba04/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI=
+github.com/google/go-github/v33 v33.0.0 h1:qAf9yP0qc54ufQxzwv+u9H0tiVOnPJxo0lI/JXqw3ZM=
+github.com/google/go-github/v33 v33.0.0/go.mod h1:GMdDnVZY/2TsWgp/lkYnpSAh6TrzhANBBwm6k6TTEXg=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=