bump appVersion to latest available app (#2840)

.github/workflows/global-publish-canary.yaml

@@ -91,7 +91,7 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
-      
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
         with:
@@ -101,14 +101,14 @@ jobs:
 
       # Normalization is needed because upper case characters are not allowed in the repository name
       # and the short sha is needed for image tagging
-      - name: Resolve parameters 
+      - name: Resolve parameters
         id: resolve_parameters
         run: |
           echo "INFO: Resolving short sha"
           echo "short_sha=$(git rev-parse --short ${{ github.ref }})" >> $GITHUB_OUTPUT
           echo "INFO: Normalizing repository name (lowercase)"
           echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
-      
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
 
@@ -124,7 +124,7 @@ jobs:
           context: .
           file: ./Dockerfile
           platforms: linux/amd64,linux/arm64
-          build-args: VERSION=canary-"${{ github.ref }}"
+          build-args: VERSION=canary-${{ steps.resolve_parameters.outputs.short_sha }}
           push: ${{ env.PUSH_TO_REGISTRIES }}
           tags: |
             ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/gha-runner-scale-set-controller:canary

charts/actions-runner-controller/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.23.3
+version: 0.23.5
 
 # Used as the default manager tag value when no tag property is provided in the values.yaml
-appVersion: 0.27.4
+appVersion: 0.27.5
 
 home: https://github.com/actions/actions-runner-controller
 

charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml

@@ -111,10 +111,14 @@ spec:
               name: {{ include "actions-runner-controller.secretName" . }}
               optional: true
         {{- end }}
+        {{- if kindIs "slice" .Values.actionsMetricsServer.env }}
+        {{- toYaml .Values.actionsMetricsServer.env | nindent 8 }}
+        {{- else }}
         {{- range $key, $val := .Values.actionsMetricsServer.env }}
         - name: {{ $key }}
           value: {{ $val | quote }}
         {{- end }}
+        {{- end }}
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag  | default (cat "v" .Chart.AppVersion | replace " " "") }}"
         name: actions-metrics-server
         imagePullPolicy: {{ .Values.image.pullPolicy }}

charts/actions-runner-controller/templates/webhook_configs.yaml

@@ -19,7 +19,7 @@ webhooks:
   {{- if .Values.scope.singleNamespace }}
   namespaceSelector:
     matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
   {{- end }}
   clientConfig:
     {{- if .Values.admissionWebHooks.caBundle }}
@@ -50,7 +50,7 @@ webhooks:
   {{- if .Values.scope.singleNamespace }}
   namespaceSelector:
     matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
   {{- end }}
   clientConfig:
     {{- if .Values.admissionWebHooks.caBundle }}
@@ -81,7 +81,7 @@ webhooks:
   {{- if .Values.scope.singleNamespace }}
   namespaceSelector:
     matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
   {{- end }}
   clientConfig:
     {{- if .Values.admissionWebHooks.caBundle }}
@@ -112,7 +112,7 @@ webhooks:
   {{- if .Values.scope.singleNamespace }}
   namespaceSelector:
     matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
   {{- end }}
   clientConfig:
     {{- if .Values.admissionWebHooks.caBundle }}
@@ -156,7 +156,7 @@ webhooks:
   {{- if .Values.scope.singleNamespace }}
   namespaceSelector:
     matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
   {{- end }}
   clientConfig:
     {{- if .Values.admissionWebHooks.caBundle }}
@@ -187,7 +187,7 @@ webhooks:
   {{- if .Values.scope.singleNamespace }}
   namespaceSelector:
     matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
   {{- end }}
   clientConfig:
     {{- if .Values.admissionWebHooks.caBundle }}
@@ -218,7 +218,7 @@ webhooks:
   {{- if .Values.scope.singleNamespace }}
   namespaceSelector:
     matchLabels:
-      name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
+      kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }}
   {{- end }}
   clientConfig:
     {{- if .Values.admissionWebHooks.caBundle }}

charts/actions-runner-controller/values.yaml

@@ -151,8 +151,7 @@ podDisruptionBudget:
 # PriorityClass: system-cluster-critical
 priorityClassName: ""
 
-env:
-  {}
+# env:
   # specify additional environment variables for the controller pod.
   # It's possible to specify either key vale pairs e.g.:
   # http_proxy: "proxy.com:8080"
@@ -303,7 +302,7 @@ githubWebhookServer:
   #       key: GITHUB_WEBHOOK_SECRET_TOKEN
   #       name: prod-gha-controller-webhook-token
   #       optional: true
-  env: {}
+  # env:
 
 actionsMetrics:
   serviceAnnotations: {}
@@ -322,6 +321,19 @@ actionsMetrics:
     image:
       repository: quay.io/brancz/kube-rbac-proxy
       tag: v0.13.1
+  # specify additional environment variables for the webhook server pod.
+  # It's possible to specify either key vale pairs e.g.:
+  # my_env_var: "some value"
+  # my_other_env_var: "other value"
+
+  # or a list of complete environment variable definitions e.g.:
+  # - name: GITHUB_WEBHOOK_SECRET_TOKEN
+  #   valueFrom:
+  #     secretKeyRef:
+  #       key: GITHUB_WEBHOOK_SECRET_TOKEN
+  #       name: prod-gha-controller-webhook-token
+  #       optional: true
+  # env:
 
 actionsMetricsServer:
   enabled: false

charts/gha-runner-scale-set-controller/values.yaml

@@ -75,6 +75,17 @@ affinity: {}
 # PriorityClass: system-cluster-critical
 priorityClassName: ""
 
+## If `metrics:` object is not provided, or commented out, the following flags 
+## will be applied the controller-manager and listener pods with empty values: 
+## `--metrics-addr`, `--listener-metrics-addr`, `--listener-metrics-endpoint`. 
+## This will disable metrics.
+##
+## To enable metrics, uncomment the following lines.
+# metrics:
+#   controllerManagerAddr: ":8080"
+#   listenerAddr: ":8080"
+#   listenerEndpoint: "/metrics"
+
 flags:
   ## Log level can be set here with one of the following values: "debug", "info", "warn", "error".
   ## Defaults to "debug".
@@ -102,14 +113,3 @@ flags:
   ##   This can lead to a longer time to apply the change but it will ensure
   ##   that you don't have any overprovisioning of runners.
   updateStrategy: "immediate"
-
-## If `metrics:` object is not provided, or commented out, the following flags 
-## will be applied the controller-manager and listener pods with empty values: 
-## `--metrics-addr`, `--listener-metrics-addr`, `--listener-metrics-endpoint`. 
-## This will disable metrics.
-##
-## To enable metrics, uncomment the following lines.
-# metrics:
-#   controllerManagerAddr: ":8080"
-#   listenerAddr: ":8080"
-#   listenerEndpoint: "/metrics"

docs/automatically-scaling-runners.md

@@ -554,7 +554,7 @@ This can be problematic in two scenarios:
 
 > RunnerDeployment is not affected by the Scenario 1 as RunnerDeployment-managed runners are already tolerable to unlimitedly long in-progress running job while being replaced, as it's graceful termination process is handled outside of the entrypoint and the Kubernetes' pod termination process.
 
-To make it more reliable, please set `spec.template.spec.terminationGracePeriodSeconds` field and the `RUNNER_GRACEFUL_STOP_TIMEOUT` environment variable appropriately.
+To make it more reliable, please set `spec.template.spec.terminationGracePeriodSeconds` field and the `RUNNER_GRACEFUL_STOP_TIMEOUT` environment variable appropriately. **NOTE:** if you are using the default configuration of running DinD as a sidecar, you'll need to set this environment variable in both `spec.template.spec.env` as well as `spec.template.spec.dockerEnv` for RunnerDeployment objects, otherwise the `docker` container will recieve the same termination signal and exit while the remainder of the build runs.
 
 If you want the pod to terminate in approximately 110 seconds at the latest since the termination request, try `terminationGracePeriodSeconds` of `110` and `RUNNER_GRACEFUL_STOP_TIMEOUT` of like `90`.
 

runner/actions-runner-dind-rootless.ubuntu-20.04.dockerfile

@@ -27,7 +27,6 @@ RUN apt-get update -y \
     dnsutils \
     ftp \
     git \
-    git-lfs \
     iproute2 \
     iputils-ping \
     iptables \
@@ -56,6 +55,10 @@ RUN apt-get update -y \
     && ln -sf /usr/bin/pip3 /usr/bin/pip \
     && rm -rf /var/lib/apt/lists/*
 
+# Download latest git-lfs version
+RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \
+    apt-get install -y --no-install-recommends git-lfs
+
 # Runner user
 RUN adduser --disabled-password --gecos "" --uid $RUNNER_UID runner
 

runner/actions-runner-dind-rootless.ubuntu-22.04.dockerfile

@@ -23,7 +23,6 @@ RUN apt-get update -y \
     curl \
     ca-certificates \
     git \
-    git-lfs \
     iproute2 \
     iptables \
     jq \
@@ -33,6 +32,10 @@ RUN apt-get update -y \
     zip \
     && rm -rf /var/lib/apt/lists/*
 
+# Download latest git-lfs version
+RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \
+    apt-get install -y --no-install-recommends git-lfs
+
 # Runner user
 RUN adduser --disabled-password --gecos "" --uid $RUNNER_USER_UID runner
 

runner/actions-runner-dind.ubuntu-20.04.dockerfile

@@ -25,7 +25,6 @@ RUN apt-get update -y \
     dnsutils \
     ftp \
     git \
-    git-lfs \
     iproute2 \
     iputils-ping \
     iptables \
@@ -53,6 +52,10 @@ RUN apt-get update -y \
     && ln -sf /usr/bin/pip3 /usr/bin/pip \
     && rm -rf /var/lib/apt/lists/*
 
+# Download latest git-lfs version
+RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \
+    apt-get install -y --no-install-recommends git-lfs
+
 # Runner user
 RUN adduser --disabled-password --gecos "" --uid $RUNNER_UID runner \
     && groupadd docker --gid $DOCKER_GID \

runner/actions-runner-dind.ubuntu-22.04.dockerfile

@@ -20,7 +20,6 @@ RUN apt-get update -y \
     curl \
     ca-certificates \
     git \
-    git-lfs \
     iptables \
     jq \
     software-properties-common \
@@ -29,6 +28,10 @@ RUN apt-get update -y \
     zip \
     && rm -rf /var/lib/apt/lists/*
 
+# Download latest git-lfs version
+RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \
+    apt-get install -y --no-install-recommends git-lfs
+
 # Runner user
 RUN adduser --disabled-password --gecos "" --uid $RUNNER_USER_UID runner \
     && groupadd docker --gid $DOCKER_GROUP_GID \

runner/actions-runner.ubuntu-20.04.dockerfile

@@ -25,7 +25,6 @@ RUN apt-get update -y \
     dnsutils \
     ftp \
     git \
-    git-lfs \
     iproute2 \
     iputils-ping \
     jq \
@@ -50,6 +49,10 @@ RUN apt-get update -y \
     && ln -sf /usr/bin/pip3 /usr/bin/pip \
     && rm -rf /var/lib/apt/lists/*
 
+# Download latest git-lfs version
+RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \
+    apt-get install -y --no-install-recommends git-lfs
+
 RUN adduser --disabled-password --gecos "" --uid $RUNNER_UID runner \
     && groupadd docker --gid $DOCKER_GID \
     && usermod -aG sudo runner \

runner/actions-runner.ubuntu-22.04.dockerfile

@@ -20,13 +20,16 @@ RUN apt-get update -y \
     curl \
     ca-certificates \
     git \
-    git-lfs \
     jq \
     sudo \
     unzip \
     zip \
     && rm -rf /var/lib/apt/lists/*
 
+# Download latest git-lfs version
+RUN curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash && \
+    apt-get install -y --no-install-recommends git-lfs
+
 RUN adduser --disabled-password --gecos "" --uid $RUNNER_USER_UID runner \
     && groupadd docker --gid $DOCKER_GROUP_GID \
     && usermod -aG sudo runner \