actions/runner-container-hooks
1
0
Fork 0
mirror of https://github.com/actions/runner-container-hooks.git synced 2025-12-14 16:46:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix error handling for invalid pods (#16)

Browse Source 
* update readme and fix error handling for bad pods

* update limitations
This commit is contained in:
Thomas Boop
2022-06-16 09:02:55 -04:00
committed by GitHub
parent 47cbf5a0d7
commit 266b8edb99
3 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
packages/k8s/README.md
View File

@@ -7,18 +7,27 @@ This implementation provides a way to dynamically spin up jobs to run container
Some things are expected to be set when using these hooks
- The runner itself should be running in a pod, with a service account with the following permissions
```
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: runner-role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
verbs: ["get", "create"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
verbs: ["get", "list", "watch",]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "create", "delete"]
```
- The `ACTIONS_RUNNER_POD_NAME` env should be set to the name of the pod
- The `ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER` env should be set to true to prevent the runner from running any jobs outside of a container
@@ -30,7 +39,7 @@ Some things are expected to be set when using these hooks
## Limitations
- Container actions
- A [job containers](https://docs.github.com/en/actions/using-jobs/running-jobs-in-a-container) will be required for all jobs
- Building container actions from a dockerfile is not supported at this time
- Container actions will not have access to the services network or job container network
- Docker [create options](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idcontaineroptions) are not supported

2
packages/k8s/src/index.ts
View File

@@ -43,7 +43,7 @@ async function run(): Promise<void> {
throw new Error(`Command not recognized: ${command}`)
}
} catch (error) {
core.error(JSON.stringify(error))
core.error(error as Error)
exitCode = 1
}
process.exitCode = exitCode

2
packages/k8s/src/k8s/index.ts
View File

@@ -311,7 +311,7 @@ export async function waitForPodPhases(
podName: string,
awaitingPhases: Set<PodPhase>,
backOffPhases: Set<PodPhase>,
maxTimeSeconds = 45 * 60 // 45 min
maxTimeSeconds = 10 * 60 // 10 min
): Promise<void> {
const backOffManager = new BackOffManager(maxTimeSeconds)
let phase: PodPhase = PodPhase.UNKNOWN