{{/* Create the labels for the manager Role. */}} {{- define "manager-role.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "manager-role" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.managerRole.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the manager Role. Order of precedence: 1) resource.all.metadata.annotations 2) resource.managerRole.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "manager-role.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.managerRole.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* The name of the manager RoleBinding. Kept intentionally aligned with the manager Role name, mirroring the legacy chart behavior. */}} {{- define "manager-role-binding.name" -}} {{- include "manager-role.name" . -}} {{- end }} {{/* Create the labels for the manager RoleBinding. */}} {{- define "manager-role-binding.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "manager-role-binding" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.managerRoleBinding.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the manager RoleBinding. Order of precedence: 1) resource.all.metadata.annotations 2) resource.managerRoleBinding.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "manager-role-binding.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.managerRoleBinding.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* Create the labels for the GitHub auth secret. */}} {{- define "github-secret.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "github-secret" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the GitHub auth secret. Only global annotations are applied. Reserved annotations are excluded. */}} {{- define "github-secret.annotations" -}} {{- $annotations := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* Create the labels for the no-permission ServiceAccount. */}} {{- define "no-permission-serviceaccount.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "no-permission-serviceaccount" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.noPermissionServiceAccount.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the no-permission ServiceAccount. Order of precedence: 1) resource.all.metadata.annotations 2) resource.noPermissionServiceAccount.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "no-permission-serviceaccount.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.noPermissionServiceAccount.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* Create the labels for the kubernetes-mode RoleBinding. */}} {{- define "kube-mode-role-binding.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "kube-mode-role-binding" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeRoleBinding.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the kubernetes-mode RoleBinding. Order of precedence: 1) resource.all.metadata.annotations 2) resource.kubernetesModeRoleBinding.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "kube-mode-role-binding.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeRoleBinding.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* Create the labels for the kubernetes-mode Role. */}} {{- define "kube-mode-role.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "kube-mode-role" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeRole.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the kubernetes-mode Role. Order of precedence: 1) resource.all.metadata.annotations 2) resource.kubernetesModeRole.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "kube-mode-role.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeRole.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* Create the labels for the kubernetes-mode ServiceAccount. */}} {{- define "kube-mode-serviceaccount.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "kube-mode-serviceaccount" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeServiceAccount.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the kubernetes-mode ServiceAccount. Order of precedence: 1) resource.all.metadata.annotations 2) resource.kubernetesModeServiceAccount.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "kube-mode-serviceaccount.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeServiceAccount.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* Create the labels for the autoscaling runner set. */}} {{- define "autoscaling-runner-set.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "autoscaling-runner-set" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.autoscalingRunnerSet.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Takes a map of user labels and removes the ones with "actions.github.com/" prefix */}} {{- define "apply-non-reserved-gha-labels-and-annotations" -}} {{- $userLabels := . -}} {{- $processed := dict -}} {{- range $key, $value := $userLabels -}} {{- if not (hasPrefix "actions.github.com/" $key) -}} {{- $_ := set $processed $key $value -}} {{- end -}} {{- end -}} {{- if not (empty $processed) -}} {{- $processed | toYaml }} {{- end }} {{- end }} {{/* Create the annotations for the autoscaling runner set. Order of precedence: 1) resource.all.metadata.annotations 2) resource.autoscalingRunnerSet.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "autoscaling-runner-set.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.autoscalingRunnerSet.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* Create chart name and version as used by the chart label. */}} {{- define "gha-runner-scale-set.chart" -}} {{- printf "gha-rs-%s" .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Container spec that is expanded for the runner container */}} {{- define "autoscaling-runner-set.template-runner-container" -}} {{- if not .Values.runner.container }} {{ fail "You must provide a runner container specification in values.runner.container" }} {{- end }} {{- $tlsConfig := (default (dict) .Values.githubServerTLS) -}} name: runner image: {{ .Values.runner.container.image | default "ghcr.io/actions/runner:latest" }} command: {{ toJson (default (list "/home/runner/run.sh") .Values.runner.container.command) }} {{- $extra := omit .Values.runner.container "name" "image" "command" -}} {{- if not (empty $extra) -}} {{ toYaml $extra }} {{- end -}} {{- end }} {{- define "autoscaling-runner-set.template-service-account" -}} {{- $runner := (.Values.runner | default dict) -}} {{- $runnerMode := (index $runner "mode" | default "") -}} {{- $kubeMode := (index $runner "kubernetesMode" | default dict) -}} {{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") -}} {{- $kubeDefaults := (index $kubeMode "default" | default true) -}} {{- if ne $runnerMode "kubernetes" }} {{- include "no-permission-serviceaccount.name" . }} {{- else if not (empty $kubeServiceAccountName) }} {{- $kubeServiceAccountName }} {{- else if $kubeDefaults }} {{- include "kube-mode-serviceaccount.name" . }} {{- else }} {{- fail "runner.kubernetesMode.serviceAccountName must be set when runner.mode is 'kubernetes' and runner.kubernetesMode.default is false" -}} {{- end }} {{- end }} {{/* Create labels for the runner Pod template (spec.template.metadata.labels). Order of precedence: 1) resource.all.metadata.labels 2) runner.pod.metadata.labels 3) common labels (cannot be overridden) Reserved actions.github.com/* labels are excluded from user/global inputs. */}} {{- define "autoscaling-runner-set.runner-pod.labels" -}} {{- $runner := (.Values.runner | default dict) -}} {{- $pod := (index $runner "pod" | default dict) -}} {{- if not (kindIs "map" $pod) -}} {{- fail ".Values.runner.pod must be a map/object" -}} {{- end -}} {{- $podMetadata := (index $pod "metadata" | default dict) -}} {{- if not (kindIs "map" $podMetadata) -}} {{- fail ".Values.runner.pod.metadata must be a map/object" -}} {{- end -}} {{- $userRaw := (index $podMetadata "labels" | default (dict)) -}} {{- if not (kindIs "map" $userRaw) -}} {{- fail ".Values.runner.pod.metadata.labels must be a map/object" -}} {{- end -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- $user := include "apply-non-reserved-gha-labels-and-annotations" $userRaw | fromYaml -}} {{- $common := include "gha-common-labels" . | fromYaml -}} {{- $labels := mergeOverwrite $global $user $common -}} {{- if not (empty $labels) -}} {{- toYaml $labels -}} {{- end -}} {{- end }} {{/* Create annotations for the runner Pod template (spec.template.metadata.annotations). Order of precedence: 1) resource.all.metadata.annotations 2) runner.pod.metadata.annotations Reserved actions.github.com/* annotations are excluded from user/global inputs. */}} {{- define "autoscaling-runner-set.runner-pod.annotations" -}} {{- $runner := (.Values.runner | default dict) -}} {{- $pod := (index $runner "pod" | default dict) -}} {{- if not (kindIs "map" $pod) -}} {{- fail ".Values.runner.pod must be a map/object" -}} {{- end -}} {{- $podMetadata := (index $pod "metadata" | default dict) -}} {{- if not (kindIs "map" $podMetadata) -}} {{- fail ".Values.runner.pod.metadata must be a map/object" -}} {{- end -}} {{- $userRaw := (index $podMetadata "annotations" | default (dict)) -}} {{- if not (kindIs "map" $userRaw) -}} {{- fail ".Values.runner.pod.metadata.annotations must be a map/object" -}} {{- end -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $user := (include "apply-non-reserved-gha-labels-and-annotations" $userRaw) | fromYaml -}} {{- $annotations := mergeOverwrite $global $user -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations -}} {{- end -}} {{- end }}