suite: "Test Kubernetes Mode ServiceAccount" templates: - kube_mode_serviceaccount.yaml tests: - it: should render base serviceaccount metadata in kubernetes mode set: runner: mode: "kubernetes" kubernetesMode: default: true serviceAccountName: "" release: name: "test-name" namespace: "test-namespace" chart: appVersion: "0.14.0" asserts: - equal: path: apiVersion value: "v1" - equal: path: kind value: "ServiceAccount" - equal: path: metadata.name value: "test-name-kube-mode" - equal: path: metadata.namespace value: "test-namespace" - equal: path: metadata.labels["app.kubernetes.io/component"] value: "kube-mode-serviceaccount" - equal: path: metadata.labels["actions.github.com/scale-set-name"] value: "test-name" - equal: path: metadata.labels["actions.github.com/scale-set-namespace"] value: "test-namespace" - equal: path: metadata.finalizers[0] value: "actions.github.com/cleanup-protection" - it: should not render when runner mode is not kubernetes set: runner: mode: "dind" release: name: "test-name" namespace: "test-namespace" asserts: - hasDocuments: count: 0 - it: should not render when serviceAccountName is provided set: runner: mode: "kubernetes" kubernetesMode: default: true serviceAccountName: "custom-sa" release: name: "test-name" namespace: "test-namespace" asserts: - hasDocuments: count: 0 - it: should include global and resource labels set: runner: mode: "kubernetes" kubernetesMode: default: true serviceAccountName: "" resource: all: metadata: labels: global-team: "platform" kubernetesModeServiceAccount: metadata: labels: sa-team: "arc" release: name: "test-name" namespace: "test-namespace" asserts: - equal: path: metadata.labels["global-team"] value: "platform" - equal: path: metadata.labels["sa-team"] value: "arc" - equal: path: metadata.labels["app.kubernetes.io/component"] value: "kube-mode-serviceaccount" - it: should drop actions.github.com custom labels from config set: runner: mode: "kubernetes" kubernetesMode: default: true serviceAccountName: "" resource: all: metadata: labels: owner: "devops" actions.github.com/global-custom: "global-value" kubernetesModeServiceAccount: metadata: labels: actions.github.com/sa-custom: "sa-value" release: name: "test-name" namespace: "test-namespace" asserts: - equal: path: metadata.labels["owner"] value: "devops" - notExists: path: metadata.labels["actions.github.com/global-custom"] - notExists: path: metadata.labels["actions.github.com/sa-custom"] - it: should not allow overriding reserved labels set: runner: mode: "kubernetes" kubernetesMode: default: true serviceAccountName: "" resource: all: metadata: labels: helm.sh/chart: "bad" app.kubernetes.io/name: "bad" app.kubernetes.io/instance: "bad" app.kubernetes.io/component: "bad" actions.github.com/scale-set-name: "bad" actions.github.com/scale-set-namespace: "bad" release: name: "test-name" namespace: "test-namespace" chart: appVersion: "0.14.0" asserts: - equal: path: metadata.labels["helm.sh/chart"] value: "gha-rs-0.14.0" - equal: path: metadata.labels["app.kubernetes.io/name"] value: "test-name" - equal: path: metadata.labels["app.kubernetes.io/instance"] value: "test-name" - equal: path: metadata.labels["app.kubernetes.io/component"] value: "kube-mode-serviceaccount" - equal: path: metadata.labels["actions.github.com/scale-set-name"] value: "test-name" - equal: path: metadata.labels["actions.github.com/scale-set-namespace"] value: "test-namespace"