Update index.yaml

Signed-off-by: mumoshu <mumoshu@users.noreply.github.com>

.github/workflows/build-runner.yml

@@ -27,7 +27,7 @@ jobs:
           - name: actions-runner-dind
             dockerfile: dindrunner.Dockerfile
     env:
-      RUNNER_VERSION: 2.274.2
+      RUNNER_VERSION: 2.275.1
       DOCKER_VERSION: 19.03.12
       DOCKERHUB_USERNAME: ${{ github.repository_owner }}
     steps:

README.md

@@ -25,7 +25,7 @@ kubectl apply -f https://github.com/summerwind/actions-runner-controller/release
 If you use either Github Enterprise Cloud or Server (and have recent enought version supporting Actions), you can use **actions-runner-controller**  with those, too. Authentication works same way as with public Github (repo and organization level).
 
 ```shell
-kubectl set env deploy controller-manager -c manager GITHUB_ENTERPRISE_URL=<GHEC/S URL>
+kubectl set env deploy controller-manager -c manager GITHUB_ENTERPRISE_URL=<GHEC/S URL> --namespace actions-runner-system
 ```
 
 [Enterprise level](https://docs.github.com/en/enterprise-server@2.22/actions/hosting-your-own-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-an-enterprise) runners are not working yet as there's no API definition for those.
@@ -409,7 +409,7 @@ Note that if you specify `self-hosted` in your workflow, then this will run your
 
 ## Runner Groups
 
-Runner groups can be used to limit which repositories are able to use the GitHub Runner at an Organisation level.
+Runner groups can be used to limit which repositories are able to use the GitHub Runner at an Organisation level. Runner groups have to be [created in GitHub first](https://docs.github.com/en/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups) before they can be referenced.
 
 To add the runner to the group `NewGroup`, specify the group in your `Runner` or `RunnerDeployment` spec.
 
@@ -468,11 +468,11 @@ The virtual environments from GitHub contain a lot more software packages (diffe
 If there is a need to include packages in the runner image for which there is no setup action, then this can be achieved by building a custom container image for the runner. The easiest way is to start with the `summerwind/actions-runner` image and installing the extra dependencies directly in the docker image:
 
 ```shell
-FROM summerwind/actions-runner:v2.169.1
+FROM summerwind/actions-runner:latest
 
 RUN sudo apt update -y \
-  && apt install YOUR_PACKAGE
+  && sudo apt install YOUR_PACKAGE
-  && rm -rf /var/lib/apt/lists/*
+  && sudo rm -rf /var/lib/apt/lists/*
 ```
 
 You can then configure the runner to use a custom docker image by configuring the `image` field of a `Runner` or `RunnerDeployment`:
@@ -519,7 +519,7 @@ NAME=$DOCKER_USER/actions-runner-controller \
 
 Please follow the instructions explained in [Using Personal Access Token](#using-personal-access-token) to obtain
 `GITHUB_TOKEN`, and those in [Using GitHub App](#using-github-app) to obtain `APP_ID`, `INSTALLATION_ID`, and
-`PRIAVTE_KEY_FILE_PATH`.
+`PRIVATE_KEY_FILE_PATH`.
 
 The test creates a one-off `kind` cluster, deploys `cert-manager` and `actions-runner-controller`,
 creates a `RunnerDeployment` custom resource for a public Git repository to confirm that the
@@ -527,7 +527,7 @@ controller is able to bring up a runner pod with the actions runner registration
 
 If you prefer to test in a non-kind cluster, you can instead run:
 
-```shell script
+```shell
 KUBECONFIG=path/to/kubeconfig \
 NAME=$DOCKER_USER/actions-runner-controller \
   GITHUB_TOKEN=*** \

artifacthub-repo.yml

@@ -0,0 +1,4 @@
+repositoryID: 6e120248-b034-45e5-b16c-6015ecfa7c6c
+owners:
+- name: mumoshu
+  email: ykuoka@gmail.com

charts/actions-runner-controller/templates/manager_secrets.yaml

@@ -0,0 +1,14 @@
+{{- if or .Values.authSecret.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: controller-manager
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "actions-runner-controller.labels" . | nindent 4 }}
+type: Opaque
+data:
+{{- range $k, $v := .Values.authSecret }}
+  {{ $k }}: {{ $v | toString | b64enc }}
+{{- end }} 
+{{- end }}

charts/actions-runner-controller/values.yaml

@@ -8,6 +8,17 @@ replicaCount: 1
 
 syncPeriod: 10m
 
+# Only 1 authentication method can be deployed at a time
+# Uncomment the configuration you are applying and fill in the details
+authSecret:
+  enabled: false
+  ### GitHub Apps Configuration
+  #github_app_id: ""
+  #github_app_installation_id: ""
+  #github_app_private_key: |
+  ### GitHub PAT Configuration
+  #github_token: ""
+
 image:
   repository: summerwind/actions-runner-controller
   # Overrides the manager image tag whose default is the chart appVersion if the tag key is commented out

controllers/autoscaling.go

@@ -219,23 +219,19 @@ func (r *HorizontalRunnerAutoscalerReconciler) calculateReplicasByPercentageRunn
 	var desiredReplicas int
 	fractionBusy := float64(numRunnersBusy) / float64(numRunners)
 	if fractionBusy >= scaleUpThreshold {
-		scaleUpReplicas := int(math.Ceil(float64(numRunners) * scaleUpFactor))
+		desiredReplicas = int(math.Ceil(float64(numRunners) * scaleUpFactor))
-		if scaleUpReplicas > maxReplicas {
-			desiredReplicas = maxReplicas
-		} else {
-			desiredReplicas = scaleUpReplicas
-		}
 	} else if fractionBusy < scaleDownThreshold {
-		scaleDownReplicas := int(float64(numRunners) * scaleDownFactor)
+		desiredReplicas = int(float64(numRunners) * scaleDownFactor)
-		if scaleDownReplicas < minReplicas {
-			desiredReplicas = minReplicas
-		} else {
-			desiredReplicas = scaleDownReplicas
-		}
 	} else {
 		desiredReplicas = *rd.Spec.Replicas
 	}
 
+	if desiredReplicas < minReplicas {
+		desiredReplicas = minReplicas
+	} else if desiredReplicas > maxReplicas {
+		desiredReplicas = maxReplicas
+	}
+
 	r.Log.V(1).Info(
 		"Calculated desired replicas",
 		"computed_replicas_desired", desiredReplicas,

controllers/runner_controller.go

@@ -426,6 +426,9 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 	}
 
 	if !dockerdInRunner && dockerEnabled {
+		runnerVolumeName := "runner"
+		runnerVolumeMountPath := "/runner"
+
 		pod.Spec.Volumes = []corev1.Volume{
 			{
 				Name: "work",
@@ -434,7 +437,7 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 				},
 			},
 			{
-				Name: "externals",
+				Name: runnerVolumeName,
 				VolumeSource: corev1.VolumeSource{
 					EmptyDir: &corev1.EmptyDirVolumeSource{},
 				},
@@ -452,8 +455,8 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 				MountPath: workDir,
 			},
 			{
-				Name:      "externals",
+				Name:      runnerVolumeName,
-				MountPath: "/runner/externals",
+				MountPath: runnerVolumeMountPath,
 			},
 			{
 				Name:      "certs-client",
@@ -484,8 +487,8 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) {
 					MountPath: workDir,
 				},
 				{
-					Name:      "externals",
+					Name:      runnerVolumeName,
-					MountPath: "/runner/externals",
+					MountPath: runnerVolumeMountPath,
 				},
 				{
 					Name:      "certs-client",

controllers/runnerreplicaset_controller.go

@@ -52,7 +52,7 @@ type RunnerReplicaSetReconciler struct {
 
 func (r *RunnerReplicaSetReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	ctx := context.Background()
-	log := r.Log.WithValues("runner", req.NamespacedName)
+	log := r.Log.WithValues("runnerreplicaset", req.NamespacedName)
 
 	var rs v1alpha1.RunnerReplicaSet
 	if err := r.Get(ctx, req.NamespacedName, &rs); err != nil {

runner/Dockerfile

@@ -4,6 +4,8 @@ ARG TARGETPLATFORM
 ARG RUNNER_VERSION=2.274.2
 ARG DOCKER_VERSION=19.03.12
 
+RUN test -n "$TARGETPLATFORM" || (echo "TARGETPLATFORM must be set" && false)
+
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt update -y \
   && apt install -y software-properties-common \
@@ -42,7 +44,8 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && chmod +x /usr/local/bin/dumb-init
 
 # Docker download supports arm64 as aarch64 & amd64 as x86_64
-RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
+RUN set -vx; \
+  export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && if [ "$ARCH" = "arm64" ]; then export ARCH=aarch64 ; fi \
   && if [ "$ARCH" = "amd64" ]; then export ARCH=x86_64 ; fi \
   && curl -L -o docker.tgz https://download.docker.com/linux/static/stable/${ARCH}/docker-${DOCKER_VERSION}.tgz \
@@ -55,6 +58,8 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && usermod -aG docker runner \
   && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
 
+ENV RUNNER_ASSETS_DIR=/runnertmp
+
 # Runner download supports amd64 as x64. Externalstmp is needed for making mount points work inside DinD.
 #
 # libyaml-dev is required for ruby/setup-ruby action.
@@ -62,8 +67,8 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 # to avoid rerunning apt-update on its own.
 RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && if [ "$ARCH" = "amd64" ]; then export ARCH=x64 ; fi \
-  && mkdir -p /runner \
+  && mkdir -p "$RUNNER_ASSETS_DIR" \
-  && cd /runner \
+  && cd "$RUNNER_ASSETS_DIR" \
   && curl -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz \
   && tar xzf ./runner.tar.gz \
   && rm runner.tar.gz \
@@ -72,14 +77,14 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
   && apt-get install -y libyaml-dev \
   && rm -rf /var/lib/apt/lists/*
 
-RUN echo AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache > /runner.env \
+RUN echo AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache > .env \
   && mkdir /opt/hostedtoolcache \
   && chgrp runner /opt/hostedtoolcache \
   && chmod g+rwx /opt/hostedtoolcache
 
-COPY entrypoint.sh /runner
+COPY entrypoint.sh /
-COPY patched /runner/patched
+COPY patched $RUNNER_ASSETS_DIR/patched
 
 USER runner
 ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
-CMD ["/runner/entrypoint.sh"]
+CMD ["/entrypoint.sh"]

runner/Makefile

@@ -23,15 +23,13 @@ else
 endif
 
 docker-build:
-	docker build --build-arg RUNNER_VERSION=${RUNNER_VERSION} --build-arg DOCKER_VERSION=${DOCKER_VERSION} -t ${NAME}:${TAG} -t ${NAME}:v${RUNNER_VERSION} .
+	docker build --build-arg TARGETPLATFORM=amd64 --build-arg RUNNER_VERSION=${RUNNER_VERSION} --build-arg DOCKER_VERSION=${DOCKER_VERSION} -t ${NAME}:${TAG} .
-	docker build --build-arg RUNNER_VERSION=${RUNNER_VERSION} --build-arg DOCKER_VERSION=${DOCKER_VERSION} -t ${DIND_RUNNER_NAME}:${TAG} -t ${DIND_RUNNER_NAME}:v${RUNNER_VERSION} -f dindrunner.Dockerfile .
+	docker build --build-arg TARGETPLATFORM=amd64 --build-arg RUNNER_VERSION=${RUNNER_VERSION} --build-arg DOCKER_VERSION=${DOCKER_VERSION} -t ${DIND_RUNNER_NAME}:${TAG} -f dindrunner.Dockerfile .
 
 
 docker-push:
 	docker push ${NAME}:${TAG}
-	docker push ${NAME}:v${RUNNER_VERSION}
 	docker push ${DIND_RUNNER_NAME}:${TAG}
-	docker push ${DIND_RUNNER_NAME}:v${RUNNER_VERSION}
 
 docker-buildx:
 	export DOCKER_CLI_EXPERIMENTAL=enabled

runner/dindrunner.Dockerfile

@@ -48,6 +48,8 @@ ARG DOCKER_CHANNEL=stable
 ARG DOCKER_VERSION=19.03.13
 ARG DEBUG=false
 
+RUN test -n "$TARGETPLATFORM" || (echo "TARGETPLATFORM must be set" && false)
+
 # Docker installation
 RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
     && if [ "$ARCH" = "arm64" ]; then export ARCH=aarch64 ; fi \
@@ -66,6 +68,8 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 	dockerd --version; \
 	docker --version
 
+ENV RUNNER_ASSETS_DIR=/runnertmp
+
 # Runner download supports amd64 as x64
 #
 # libyaml-dev is required for ruby/setup-ruby action.
@@ -73,8 +77,8 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 # to avoid rerunning apt-update on its own.
 RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
     && if [ "$ARCH" = "amd64" ]; then export ARCH=x64 ; fi \
-    && mkdir -p /runner \
+    && mkdir -p "$RUNNER_ASSETS_DIR" \
-     && cd /runner \
+     && cd "$RUNNER_ASSETS_DIR" \
     && curl -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz \
     && tar xzf ./runner.tar.gz \
     && rm runner.tar.gz \
@@ -100,7 +104,7 @@ RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \
 
 VOLUME /var/lib/docker
 
-COPY patched /runner/patched
+COPY patched $RUNNER_ASSETS_DIR/patched
 
 # No group definition, as that makes it harder to run docker.
 USER runner

runner/entrypoint.sh

@@ -44,9 +44,18 @@ if [ -z "${RUNNER_REPO}" ] && [ -n "${RUNNER_ORG}" ] && [ -n "${RUNNER_GROUP}" ]
   RUNNER_GROUP_ARG="--runnergroup ${RUNNER_GROUP}"
 fi
 
+# Hack due to https://github.com/summerwind/actions-runner-controller/issues/252#issuecomment-758338483
+if [ ! -d /runner ]; then
+  echo "/runner should be an emptyDir mount. Please fix the pod spec." 1>&2
+  exit 1
+fi
+
+sudo chown -R runner:docker /runner
+mv /runnertmp/* /runner/
+
 cd /runner
 ./config.sh --unattended --replace --name "${RUNNER_NAME}" --url "${GITHUB_URL}${ATTACH}" --token "${RUNNER_TOKEN}" ${RUNNER_GROUP_ARG} ${LABEL_ARG} ${WORKDIR_ARG}
-
+mkdir ./externals
 # Hack due to the DinD volumes
 mv ./externalstmp/* ./externals/