{{- define "autoscaling-runner-set.name" -}} {{- $name := .Values.runnerScaleSetName | default .Release.Name | replace "_" "-" | trimSuffix "-" }} {{- if or (empty $name) (gt (len $name) 45) }} {{ fail "Autoscaling runner set name must have up to 45 characters" }} {{- end }} {{- $name }} {{- end }} {{- define "autoscaling-runner-set.namespace" -}} {{- .Values.namespaceOverride | default .Release.Namespace -}} {{- end }} {{/* The name of the manager Role. */}} {{- define "manager-role.name" -}} {{- printf "%s-manager-role" (include "autoscaling-runner-set.name" .) -}} {{- end }} {{/* Create the labels for the manager Role. */}} {{- define "manager-role.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "manager-role" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.managerRole.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the manager Role. Order of precedence: 1) resource.all.metadata.annotations 2) resource.managerRole.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "manager-role.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.managerRole.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* The name of the manager RoleBinding. Kept intentionally aligned with the manager Role name, mirroring the legacy chart behavior. */}} {{- define "manager-role-binding.name" -}} {{- include "manager-role.name" . -}} {{- end }} {{/* Create the labels for the manager RoleBinding. */}} {{- define "manager-role-binding.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "manager-role-binding" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.managerRoleBinding.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the manager RoleBinding. Order of precedence: 1) resource.all.metadata.annotations 2) resource.managerRoleBinding.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "manager-role-binding.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.managerRoleBinding.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* The name of the GitHub secret used for authentication. */}} {{- define "github-secret.name" -}} {{- if not (empty .Values.auth.secretName) -}} {{- .Values.auth.secretName -}} {{- else -}} {{- include "autoscaling-runner-set.name" . }}-github-secret {{- end -}} {{- end }} {{/* Create the labels for the GitHub auth secret. */}} {{- define "github-secret.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "github-secret" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the GitHub auth secret. Only global annotations are applied. Reserved annotations are excluded. */}} {{- define "github-secret.annotations" -}} {{- $annotations := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* The name of the no-permission ServiceAccount. This ServiceAccount is intended for non-kubernetes runner modes when the user has not specified an explicit ServiceAccount. */}} {{- define "no-permission-serviceaccount.name" -}} {{- printf "%s-no-permission" (include "autoscaling-runner-set.name" .) -}} {{- end }} {{/* Create the labels for the no-permission ServiceAccount. */}} {{- define "no-permission-serviceaccount.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "no-permission-serviceaccount" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.noPermissionServiceAccount.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the no-permission ServiceAccount. Order of precedence: 1) resource.all.metadata.annotations 2) resource.noPermissionServiceAccount.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "no-permission-serviceaccount.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.noPermissionServiceAccount.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* The name of the kubernetes-mode Role. Kept intentionally aligned with the legacy chart behavior. */}} {{- define "kube-mode-role.name" -}} {{- printf "%s-kube-mode" (include "autoscaling-runner-set.name" .) -}} {{- end }} {{/* The name of the kubernetes-mode RoleBinding. Kept intentionally aligned with the kubernetes-mode Role name. */}} {{- define "kube-mode-role-binding.name" -}} {{- include "kube-mode-role.name" . -}} {{- end }} {{/* The name of the kubernetes-mode ServiceAccount. Kept intentionally aligned with the legacy chart behavior. */}} {{- define "kube-mode-serviceaccount.name" -}} {{- include "kube-mode-role.name" . -}} {{- end }} {{/* Create the labels for the kubernetes-mode RoleBinding. */}} {{- define "kube-mode-role-binding.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "kube-mode-role-binding" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeRoleBinding.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the kubernetes-mode RoleBinding. Order of precedence: 1) resource.all.metadata.annotations 2) resource.kubernetesModeRoleBinding.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "kube-mode-role-binding.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeRoleBinding.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* Create the labels for the kubernetes-mode Role. */}} {{- define "kube-mode-role.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "kube-mode-role" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeRole.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the kubernetes-mode Role. Order of precedence: 1) resource.all.metadata.annotations 2) resource.kubernetesModeRole.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "kube-mode-role.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeRole.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* Create the labels for the kubernetes-mode ServiceAccount. */}} {{- define "kube-mode-serviceaccount.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "kube-mode-serviceaccount" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeServiceAccount.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the annotations for the kubernetes-mode ServiceAccount. Order of precedence: 1) resource.all.metadata.annotations 2) resource.kubernetesModeServiceAccount.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "kube-mode-serviceaccount.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.kubernetesModeServiceAccount.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* Create the labels for the autoscaling runner set. */}} {{- define "autoscaling-runner-set.labels" -}} {{- $resourceLabels := dict "app.kubernetes.io/component" "autoscaling-runner-set" -}} {{- $commonLabels := include "gha-common-labels" . | fromYaml -}} {{- $userLabels := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.autoscalingRunnerSet.metadata.labels | default (dict)) | fromYaml -}} {{- $global := include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.labels | default (dict)) | fromYaml -}} {{- toYaml (mergeOverwrite $global $userLabels $resourceLabels $commonLabels) }} {{- end }} {{/* Create the common labels used across all resources. */}} {{- define "gha-common-labels" -}} helm.sh/chart: {{ include "gha-runner-scale-set.chart" . }} app.kubernetes.io/name: {{ include "autoscaling-runner-set.name" . }} app.kubernetes.io/instance: {{ include "autoscaling-runner-set.name" . }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: "gha-rs" actions.github.com/scale-set-name: {{ include "autoscaling-runner-set.name" . }} actions.github.com/scale-set-namespace: {{ include "autoscaling-runner-set.namespace" . }} {{- end }} {{/* Takes a map of user labels and removes the ones with "actions.github.com/" prefix */}} {{- define "apply-non-reserved-gha-labels-and-annotations" -}} {{- $userLabels := . -}} {{- $processed := dict -}} {{- range $key, $value := $userLabels -}} {{- if not (hasPrefix "actions.github.com/" $key) -}} {{- $_ := set $processed $key $value -}} {{- end -}} {{- end -}} {{- if not (empty $processed) -}} {{- $processed | toYaml }} {{- end }} {{- end }} {{/* Create the annotations for the autoscaling runner set. Order of precedence: 1) resource.all.metadata.annotations 2) resource.autoscalingRunnerSet.metadata.annotations Reserved annotations are excluded from both levels. */}} {{- define "autoscaling-runner-set.annotations" -}} {{- $global := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.all.metadata.annotations | default (dict))) | fromYaml -}} {{- $resource := (include "apply-non-reserved-gha-labels-and-annotations" (.Values.resource.autoscalingRunnerSet.metadata.annotations | default (dict))) | fromYaml -}} {{- $annotations := mergeOverwrite $global $resource -}} {{- if not (empty $annotations) -}} {{- toYaml $annotations }} {{- end }} {{- end }} {{/* Create chart name and version as used by the chart label. */}} {{- define "gha-runner-scale-set.chart" -}} {{- printf "gha-rs-%s" .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Container spec that is expanded for the runner container */}} {{- define "autoscaling-runner-set.template-runner-container" -}} {{- if not .Values.runner.container }} {{ fail "You must provide a runner container specification in values.runner.container" }} {{- end }} {{- $tlsConfig := (default (dict) .Values.githubServerTLS) -}} name: runner image: {{ .Values.runner.container.image | default "ghcr.io/actions/runner:latest" }} command: {{ toJson (default (list "/home/runner/run.sh") .Values.runner.container.command) }} {{- $extra := omit .Values.runner.container "name" "image" "command" -}} {{- if not (empty $extra) -}} {{ toYaml $extra }} {{- end -}} {{- end }} {{- define "autoscaling-runner-set.template-dind-container" -}} {{- $dind := (.Values.runner.dind | default dict) -}} name: {{ $dind.container.name | default "dind" | quote }} image: {{ $dind.container.image | default "docker:dind" | quote }} args: {{- if $dind.container.args -}} {{- toYaml $dind.container.args | indent 2 }} {{- else }} {{- toYaml (include "dind.default-args" .) | indent 2 }} {{- end }} env: - name: DOCKER_GROUP_GID value: "{{ $dind.dockerGroupGid | default "123" }}" {{- if $dind.container.env -}} {{ toYaml $dind.container.env | indent 2 }} {{- end }} securityContext: {{- if $dind.container.securityContext -}} {{ toYaml $dind.container.securityContext | indent 2 }} {{- else }} privileged: true {{- end }} restartPolicy: {{ $dind.restartPolicy | default "Always" | quote }} startupProbe: {{- if $dind.startupProbe -}} {{ toYaml $dind.startupProbe | indent 2 }} {{- else }} {{- toYaml (include "dind.default-startup-probe" .) | indent 2 }} {{- end }} {{- end }} {{- define "dind.default-startup-probe" -}} exec: command: - docker - info initialDelaySeconds: 0 failureThreshold: 24 periodSeconds: 5 {{- end }} {{- define "dind.default-args" -}} - dockerd - --host=unix:///var/run/docker.sock - --group=$(DOCKER_GROUP_GID) {{- end }} {{- define "autoscaling-runner-set.template-service-account" -}} {{- $runner := (.Values.runner | default dict) -}} {{- $runnerMode := (index $runner "mode" | default "") -}} {{- $kubeMode := (index $runner "kubernetesMode" | default dict) -}} {{- $kubeServiceAccountName := (index $kubeMode "serviceAccountName" | default "") -}} {{- $kubeDefaults := (index $kubeMode "default" | default true) -}} {{- if ne $runnerMode "kubernetes" }} {{- include "no-permission-serviceaccount.name" . }} {{- else if not (empty $kubeServiceAccountName) }} {{- $kubeServiceAccountName }} {{- else if $kubeDefaults }} {{- include "kube-mode-serviceaccount.name" . }} {{- else }} {{- fail "runner.kubernetesMode.serviceAccountName must be set when runner.mode is 'kubernetes' and runner.kubernetesMode.default is false" -}} {{- end }} {{- end }}