diff --git a/.github/renovate.json5 b/.github/renovate.json5 index fa3feeff81..8d07d6c538 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -31,7 +31,8 @@ { "fileMatch": [ "runner/actions-runner.dockerfile", - "runner/actions-runner-dind.dockerfile" + "runner/actions-runner-dind.dockerfile", + "runner/actions-runner-dind-rootless.dockerfile" ], "matchStrings": ["RUNNER_VERSION=+(?.*?)\\n"], "depNameTemplate": "actions/runner", diff --git a/.github/workflows/publish-canary.yaml b/.github/workflows/publish-canary.yaml index cecab759c8..9ac0e860b2 100644 --- a/.github/workflows/publish-canary.yaml +++ b/.github/workflows/publish-canary.yaml @@ -22,11 +22,11 @@ on: # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps permissions: contents: read - packages: write + packages: write jobs: canary-build: - name: Build and Publish Canary Image + name: Build and Publish Canary Image runs-on: ubuntu-latest env: DOCKERHUB_USERNAME: ${{ secrets.DOCKER_USER }} @@ -53,6 +53,6 @@ jobs: push: true tags: | ${{ env.DOCKERHUB_USERNAME }}/actions-runner-controller:canary - ghcr.io/actions-runner-controller/actions-runner-controller:canary + ghcr.io/${{ github.repository }}:canary cache-from: type=gha,scope=arc-canary cache-to: type=gha,mode=max,scope=arc-canary diff --git a/.github/workflows/publish-chart.yaml b/.github/workflows/publish-chart.yaml index 50569dcaff..0dfe0b4a27 100644 --- a/.github/workflows/publish-chart.yaml +++ b/.github/workflows/publish-chart.yaml @@ -31,7 +31,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3.1 + uses: azure/setup-helm@v3.3 with: version: ${{ env.HELM_VERSION }} @@ -57,7 +57,7 @@ jobs: python-version: '3.7' - name: Set up chart-testing - uses: helm/chart-testing-action@v2.2.1 + uses: helm/chart-testing-action@v2.3.0 - name: Run chart-testing (list-changed) id: list-changed diff --git a/.github/workflows/runners.yaml b/.github/workflows/runners.yaml index 599e9c1560..21a4a5031e 100644 --- a/.github/workflows/runners.yaml +++ b/.github/workflows/runners.yaml @@ -25,7 +25,7 @@ on: - '!**.md' env: - RUNNER_VERSION: 2.294.0 + RUNNER_VERSION: 2.295.0 DOCKER_VERSION: 20.10.12 RUNNER_CONTAINER_HOOKS_VERSION: 0.1.2 DOCKERHUB_USERNAME: summerwind @@ -47,6 +47,9 @@ jobs: - name: actions-runner-dind os-name: ubuntu os-version: 20.04 + - name: actions-runner-dind-rootless + os-name: ubuntu + os-version: 20.04 steps: - name: Checkout diff --git a/.github/workflows/validate-chart.yaml b/.github/workflows/validate-chart.yaml index 4d6598a82a..f156fdb4d1 100644 --- a/.github/workflows/validate-chart.yaml +++ b/.github/workflows/validate-chart.yaml @@ -26,7 +26,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3.1 + uses: azure/setup-helm@v3.3 with: version: ${{ env.HELM_VERSION }} @@ -52,7 +52,7 @@ jobs: python-version: '3.7' - name: Set up chart-testing - uses: helm/chart-testing-action@v2.2.1 + uses: helm/chart-testing-action@v2.3.0 - name: Run chart-testing (list-changed) id: list-changed diff --git a/Actions-Runner-Controller-Overview.md b/Actions-Runner-Controller-Overview.md new file mode 100644 index 0000000000..d20ec4e6bb --- /dev/null +++ b/Actions-Runner-Controller-Overview.md @@ -0,0 +1,132 @@ +## Introduction +This document provides a high level overview of Actions Runner Controller (ARC). ARC enables running Github Actions Runners on Kubernetes (K8s) clusters. + +This document provides a background of Github Actions, self-hosted runners and ARC overview. By the end of the doc, the reader should have a foundation with basic scenarios and be capable of reviewing other advanced topics. + +## GitHub Actions +[GitHub Actions]](https://github.com/features/actions) is a continuous integration and continuous delivery (CI/CD) platform to automate your build, test, and deployment pipeline. + +You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production. Your workflow contains one or more jobs which can run in sequential order or in parallel. Each job will run inside its own runner and has one or more steps that either run a script that you define or run an action, which is a reusable extension that can simplify your workflow. To learn more about about Actions - see "[Learn Github Actions](https://docs.github.com/en/actions/learn-github-actions)". + +## Runners +Runners execute the job that is assigned to them by Github Actions workflow. There are two types of Runners: + +- [Github-hosted runners](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) - GitHub provides Linux, Windows, and macOS virtual machines to run your workflows. These virtual machines are hosted in the cloud by Github. +- [Self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) - you can host your own self-hosted runners in your own data center or cloud infrastructure. ARC deploys self-hosted runners. + +## Self hosted runners +Self-hosted runners offer more control of hardware, operating system, and software tools than GitHub-hosted runners. With self-hosted runners, you can create custom hardware configurations that meet your needs with processing power or memory to run larger jobs, install software available on your local network, and choose an operating system not offered by GitHub-hosted runners. + +### Types of Self hosted runners +Self-hosted runners can be physical, virtual, in a container, on-premises, or in a cloud. +- Traditional Deployment is having a physical machine, with OS and apps on it. The runner runs on this machine and executes any jobs. It comes with the cost of owning and operating the hardware 24/7 even if it isn't in use that entire time. +- Virtualized deployments are simpler to manage. Each runner runs on a virtual machine (VM) that runs on a host. There could be multiple such VMs running on the same host. VMs are complete OS’s and might take time to bring up everytime a clean environment is needed to run workflows. +- Containerized deployments are similar to VMs, but instead of bringing up entire VM’s, a container gets deployed.Kubernetes (K8s) provides a scalable and reproducible environment for containerized workloads. They are lightweight, loosely coupled, highly efficient and can be managed centrally. There are advantages to using Kubernetes (outlined "[here](https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/)."), but it is more complicated and less widely-understood than the other options. A managed provider makes this much simpler to run at scale. + +*Actions Runner Controller(ARC) makes it simpler to run self hosted runners on K8s managed containers.* + +## Actions Runner Controller (ARC) +ARC is a K8s controller to create self-hosted runners on your K8s cluster. With few commands, you can set up self hosted runners that can scale up and down based on demand. And since these could be ephemeral and based on containers, new instances of the runner can be brought up rapidly and cleanly. + +### Deploying ARC +We have a quick start guide that demonstrates how to easily deploy ARC into your K8s environment. For more details, see "[QuickStart Guide](https://github.com/actions-runner-controller/actions-runner-controller/blob/master/QuickStartGuide.md)." + +## ARC components +ARC basically consists of a set of custom resources. An ARC deployment is applying these custom resources onto a K8s cluster. Once applied, it creates a set of Pods, with the Github Actions runner running within them. Github is now able to treat these Pods as self hosted runners and allocate jobs to them. + +### Custom resources +ARC consists of several custom resource definitions (Runner, Runner Set, Runner Deployment, Runner Replica Set and Horizontal Runner AutoScaler). For more information on CRDs, refer "[Kubernetes Custom Resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)." + +The helm command (in the QuickStart guide) installs the custom resources into the actions-runner-system namespace. +```console +helm install -f custom-values.yaml --wait --namespace actions-runner-system \ + --create-namespace actions-runner-controller \ + actions-runner-controller/actions-runner-controller + ``` + +### Runner deployment +Once the custom resources are installed, another command deploys ARC into your K8s cluster. + +![actions-runner-controller architecture](https://user-images.githubusercontent.com/53718047/183928236-ddf72c15-1d11-4304-ad6f-0a0ff251ca55.jpg) + + + +The `Deployment and Configure ARC` section in the `Quick Start guide` lists the steps to deploy ARC using a `runnerdeployment.yaml` file. Here, we will explain the details +For more details, see "[QuickStart Guide](https://github.com/actions-runner-controller/actions-runner-controller/blob/master/QuickStartGuide.md)." + +```yaml +apiVersion: actions.summerwind.dev/v1alpha1 +kind: RunnerDeployment +metadata: + name: example-runnerdeploy +spec: + replicas: 1 + template: + spec: + repository: mumoshu/actions-runner-controller-ci +``` + +- `kind: RunnerDeployment`: indicates its a kind of custom resource RunnerDeployment. +- `replicas: 1` : will deploy one replica. Multiple replicas can also be deployed ( more on that later). +- `repository: mumoshu/actions-runner-controller-ci` : is the repository to link to when the pod comes up with the Actions runner (Note, this can be configured to link at the Enterprise or Organization level also). + +When this configuration is applied with `kubectl apply -f runnerdeployment.yaml` , ARC creates one pod `example-runnerdeploy-[**]` with 2 containers `runner` and `docker`. +`runner` container has the github runner component installed, `docker` container has docker installed. + + +### The Runner container image +The GitHub hosted runners include a large amount of pre-installed software packages. For complete list, see "[Runner images](https://github.com/actions/virtual-environments/tree/main/images/linux)." + +ARC maintains a few runner images with `latest` aligning with GitHub's Ubuntu version. These images do not contain all of the software installed on the GitHub runners. They contain subset of packages from the GitHub runners: Basic CLI packages, git, docker and build-essentials. To install additional software, it is recommended to use the corresponding setup actions. For instance, `actions/setup-java` for Java or `actions/setup-node` for Node. + +## Executing workflows +Now, all the setup and configuration is done. A workflow can be created in the same repository that could target the self hosted runner created from ARC. The workflow needs to have `runs-on: self-hosted` so it can target the self host pool. For more information on targeting workflows to run on self hosted runners, see "[Using Self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/using-self-hosted-runners-in-a-workflow)." + +## Scaling runners - statically with replicas count +With a small tweak to the replicas count (for eg - `replicas: 2`) in the `runnerdeployment.yaml` file, more runners can be created. Depending on the count of replicas, those many sets of pods would be created. As before, Each pod contains the two containers. + + +## Scaling runners - dynamically with Pull Driven Scaling +ARC also allows for scaling the runners dynamically. There are two mechanisms for dynamically scaling - (1) Webhook driven scaling and (2) Pull Driven scaling, This document describes the Pull Driven scaling model. + +![actions-runner-controller architecture_2](https://user-images.githubusercontent.com/53718047/183928429-7000329d-38eb-4054-9879-41ae44e1ff85.jpg) + + + +You can enable scaling with 3 steps +1) Enable `HorizontalRunnerAutoscaler` - Create a `deployment.yaml` file of type `HorizontalRunnerAutoscaler`. The schema for this file is defined below. +2) Scaling parameters - `minReplicas` and `maxReplicas` indicates the min and max number of replicas to scale to. +3) Scaling metrics - ARC currently supports `PercentageRunnersBusy` as a metric type. The `PercentageRunnersBusy` will poll GitHub for the number of runners in the `busy` state in the RunnerDeployment's namespace, it will then scale depending on how you have configured the scale factors. + +### Pull Driven Scaling Schema +```yaml +apiVersion: actions.summerwind.dev/v1alpha1 +kind: HorizontalRunnerAutoscaler +metadata: + name: example-runner-deployment-autoscaler +spec: + scaleTargetRef: + # Your RunnerDeployment Here + name: example-runnerdeploy + kind: RunnerDeployment + minReplicas: 1 + maxReplicas: 5 + metrics: + - type: PercentageRunnersBusy + scaleUpThreshold: '0.75' + scaleDownThreshold: '0.25' + scaleUpFactor: '2' + scaleDownFactor: '0.5' + ``` + +For more details - please see "[Pull Driven Scaling](https://github.com/actions-runner-controller/actions-runner-controller#pull-driven-scaling)." + +*The period between polls is defined by the controller's `--sync-period` flag. If this flag isn't provided then the controller defaults to a sync period of `1m`, this can be configured in seconds or minutes.* + +## Other Configurations +ARC supports several different advanced configuration. +- support for alternate runners : Setting up runner pods with Docker-In-Docker configuration. +- managing runner groups : Managing a set of running with runner groups thus making it easy to manage different groups within enterprise +- Webhook driven scaling. + +Please refer to the documentation in this repo for further details. diff --git a/Makefile b/Makefile index cea419eed6..14f1cc4952 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ else endif DOCKER_USER ?= $(shell echo ${NAME} | cut -d / -f1) VERSION ?= dev -RUNNER_VERSION ?= 2.294.0 +RUNNER_VERSION ?= 2.295.0 TARGETPLATFORM ?= $(shell arch) RUNNER_NAME ?= ${DOCKER_USER}/actions-runner RUNNER_TAG ?= ${VERSION} diff --git a/QuickStartGuide.md b/QuickStartGuide.md new file mode 100644 index 0000000000..f2bcff9a48 --- /dev/null +++ b/QuickStartGuide.md @@ -0,0 +1,136 @@ +## Introduction + +GitHub Actions can be run in GitHub-hosted cloud or self hosted environments. Self-hosted runners offer more control of hardware, operating system, and software tools than GitHub-hosted runners provide. + +With just a few steps, you can set up your kubernetes (K8s) cluster to be a self-hosted environment. +In this guide, we will setup prerequistes, deploy Actions Runner controller (ARC) and then target that cluster to run GitHub Action workflows. + +

+ +

+ + + +## Setup your K8s cluster + +
Create a K8s cluster, if not available. + +If you don't have a K8s cluster, you can install a local environment using minikube. For more information, see "[Installing minikube](https://minikube.sigs.k8s.io/docs/start/)." + + "[Using workflows](/actions/using-workflows)." + +
+ +:one: Install cert-manager in your cluster. For more information, see "[cert-manager](https://cert-manager.io/docs/installation/)." + +```shell +kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml +``` + *note:- This command uses v1.8.2. Please replace with a later version, if available. + + +>You may also install cert-manager using Helm. For instructions, see "[Installing with Helm](https://cert-manager.io/docs/installation/helm/#installing-with-helm)." + + +:two: Next, Generate a Personal Access Token (PAT) for ARC to authenticate with GitHub. + - Login to GitHub account and Navigate to https://github.com/settings/tokens/new. + - Select **repo**. + - Click **Generate Token** and then copy the token locally ( we’ll need it later). + + + + +## Deploy and Configure ARC +1️⃣ Deploy and configure ARC on your K8s cluster. You may use Helm or Kubectl. + + +
Helm deployment + +##### Add repository +```shell +helm repo add actions-runner-controller https://actions-runner-controller.github.io/actions-runner-controller +``` + +##### Install Helm chart +```shell +helm upgrade --install --namespace actions-runner-system --create-namespace\ + --set=authSecret.create=true\ + --set=authSecret.github_token="REPLACE_YOUR_TOKEN_HERE"\ + --wait actions-runner-controller actions-runner-controller/actions-runner-controller +``` + *note:- Replace REPLACE_YOUR_TOKEN_HERE with your PAT that was generated in Step 1 +
+ +
Kubectl deployment + +##### Deploy ARC +```shell +kubectl apply -f \ +https://github.com/actions-runner-controller/actions-runner-controller/\ +releases/download/v0.22.0/actions-runner-controller.yaml +``` + *note:- Replace "v0.22.0" with the version you wish to deploy + + +##### Configure Personal Access Token +```shell +kubectl create secret generic controller-manager \ + -n actions-runner-system \ + --from-literal=github_token=REPLACE_YOUR_TOKEN_HERE +```` + *note:- Replace REPLACE_YOUR_TOKEN_HERE with your PAT that was generated in Step 1. + +
+ +2️⃣ Create the GitHub self hosted runners and configure to run against your repository. + +Create a `runnerdeployment.yaml` file containing.. + +```yaml +apiVersion: actions.summerwind.dev/v1alpha1 +kind: RunnerDeployment +metadata: + name: example-runnerdeploy +spec: + replicas: 1 + template: + spec: + repository: mumoshu/actions-runner-controller-ci +```` + *note:- Replace mumoshu/actions-runner-controller-ci with the full path to your github repository. + +Apply this file to your K8s cluster. +```shell +kubectl apply -f runnerdeployment.yaml +```` + + +> +>🎉 We are done - now we should have self hosted runners running in K8s configured to your repository. 🎉 +> +> Up Next - lets verify and execute some workflows. + +## Verify and execute workflows +:one: Verify your setup is successful with.. +```shell +$ kubectl get runners +NAME REPOSITORY STATUS +example-runnerdeploy2475h595fr mumoshu/actions-runner-controller-ci Running + +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +example-runnerdeploy2475ht2qbr 2/2 Running 0 1m +```` +Also, this runner has been registered directly to the specified repository, you can see it in repository settings. For more information, see "[settings](https://docs.github.com/en/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners#checking-the-status-of-a-self-hosted-runner)." + +:two: You are ready to execute workflows against this self hosted runner. +GitHub documentation lists the steps to target Actions against self hosted runners. For more information, see "[Using self-hosted runners in a workflow - GitHub Docs](https://docs.github.com/en/actions/hosting-your-own-runners/using-self-hosted-runners-in-a-workflow#using-self-hosted-runners-in-a-workflow)." + +There's also has a quick start guide to get started on Actions, For more information, see "[Quick start Guide to GitHub Actions](https://docs.github.com/en/actions/quickstart)." + +## Next steps +ARC provides several interesting features and capabilities. For more information, see "[readme](https://github.com/actions-runner-controller/actions-runner-controller/blob/master/README.md)." + + + + diff --git a/README.md b/README.md index d08bbe5096..0e24348dae 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ ToC: - [Scheduled Overrides](#scheduled-overrides) - [Alternative Runners](#alternative-runners) - [Runner with DinD](#runner-with-dind) + - [Runner with rootless DinD](#runner-with-rootless-dind) - [Runner with k8s jobs](#runner-with-k8s-jobs) - [Additional Tweaks](#additional-tweaks) - [Custom Volume mounts](#custom-volume-mounts) @@ -83,8 +84,8 @@ After installing cert-manager, install the custom resource definitions and actio **Kubectl Deployment:** ```shell -# REPLACE "v0.22.0" with the version you wish to deploy -kubectl apply -f https://github.com/actions-runner-controller/actions-runner-controller/releases/download/v0.22.0/actions-runner-controller.yaml +# REPLACE "v0.25.2" with the version you wish to deploy +kubectl create -f https://github.com/actions-runner-controller/actions-runner-controller/releases/download/v0.25.2/actions-runner-controller.yaml ``` **Helm Deployment:** @@ -272,7 +273,7 @@ Alternatively, you can install each controller stack into a unique namespace (re - The organization level - The enterprise level -Runners can be deployed as 1 of 2 abstractions: +Runners can be deployed as 1 of 2 abstractions: - A `RunnerDeployment` (similar to k8s's `Deployments`, based on `Pods`) - A `RunnerSet` (based on k8s's `StatefulSets`) @@ -542,9 +543,10 @@ spec: # for 5 minutes instead of the default 10 minutes now scaleDownDelaySecondsAfterScaleOut: 300 scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runner-deployment - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet minReplicas: 1 maxReplicas: 5 metrics: @@ -570,10 +572,10 @@ metadata: name: example-runner-deployment-autoscaler spec: scaleTargetRef: - # Your RunnerDeployment Here + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runner-deployment - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet minReplicas: 1 maxReplicas: 5 # Your chosen scaling metrics here @@ -614,9 +616,10 @@ metadata: name: example-runner-deployment-autoscaler spec: scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runner-deployment - # IMPORTANT : If your HRA is targeting a RunnerSet you must specify the kind in the scaleTargetRef:, uncomment the below - #kind: RunnerSet minReplicas: 1 maxReplicas: 5 metrics: @@ -649,9 +652,10 @@ metadata: name: example-runner-deployment-autoscaler spec: scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runner-deployment - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet minReplicas: 1 maxReplicas: 5 metrics: @@ -670,9 +674,10 @@ metadata: name: example-runner-deployment-autoscaler spec: scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runner-deployment - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet minReplicas: 1 maxReplicas: 5 metrics: @@ -699,9 +704,10 @@ More concretely, you can configure the targeted GitHub event types and the `N` i kind: HorizontalRunnerAutoscaler spec: scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runners - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet scaleUpTriggers: - githubEvent: checkRun: @@ -909,9 +915,10 @@ spec: minReplicas: 1 maxReplicas: 10 scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runners - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet scaleUpTriggers: - githubEvent: workflowJob: {} @@ -944,9 +951,10 @@ spec: minReplicas: 1 maxReplicas: 10 scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runners - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet scaleUpTriggers: - githubEvent: checkRun: @@ -972,9 +980,10 @@ spec: minReplicas: 1 maxReplicas: 10 scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runners - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet scaleUpTriggers: - githubEvent: checkRun: @@ -1004,9 +1013,10 @@ spec: minReplicas: 1 maxReplicas: 10 scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runners - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet scaleUpTriggers: - githubEvent: pullRequest: @@ -1034,9 +1044,10 @@ spec: minReplicas: 1 maxReplicas: 10 scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runners - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet scaleUpTriggers: - githubEvent: push: @@ -1081,9 +1092,10 @@ metadata: name: example-runner-deployment-autoscaler spec: scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runner-deployment - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet scheduledOverrides: # Override minReplicas to 100 only between 2021-06-01T00:00:00+09:00 and 2021-06-03T00:00:00+09:00 - startTime: "2021-06-01T00:00:00+09:00" @@ -1103,9 +1115,10 @@ metadata: name: example-runner-deployment-autoscaler spec: scaleTargetRef: + kind: RunnerDeployment + # # In case the scale target is RunnerSet: + # kind: RunnerSet name: example-runner-deployment - # Uncomment the below in case the target is not RunnerDeployment but RunnerSet - #kind: RunnerSet scheduledOverrides: # Override minReplicas to 0 only between 0am sat to 0am mon - startTime: "2021-05-01T00:00:00+09:00" @@ -1141,7 +1154,7 @@ A common use case for this may be to have 1 override to scale to 0 during the we ### Alternative Runners -ARC also offers a few altenrative runner options +ARC also offers a few alternative runner options #### Runner with DinD @@ -1163,6 +1176,10 @@ spec: env: [] ``` +#### Runner with rootless DinD + +When using the DinD runner, it assumes that the main runner is rootful, which can be problematic in a regulated or more security-conscious environment, such as co-tenanting across enterprise projects. The `actions-runner-dind-rootless` image runs rootless Docker inside the container as `runner` user. Note that this user does not have sudo access, so anything requiring admin privileges must be built into the runner's base image (like running `apt` to install additional software). + #### Runner with K8s Jobs When using the default runner, jobs that use a container will run in docker. This necessitates privileged mode, either on the runner pod or the sidecar container @@ -1770,7 +1787,7 @@ Or `spec.template.spec.githubAPICredentialsFrom.secretRef.name` field for the fo Usually, you should have a set of GitHub App credentials per a GitHub organization and you would have a RunnerDeployment and a HorizontalRunnerAutoscaler per an organization runner group. So, you might end up having the following resources for each organization: -- 1 Kuernetes secret that contains GitHub App credentials +- 1 Kubernetes secret that contains GitHub App credentials - 1 RunnerDeployment/RunnerSet and 1 HorizontalRunnerAutoscaler per Runner Group And the RunnerDeployment/RunnerSet and HorizontalRunnerAutoscaler should have the same value for `spec.githubAPICredentialsFrom.secretRef.name`, which refers to the name of the Kubernetes secret. @@ -1786,9 +1803,11 @@ kind: RunnerDeployment metadata: namespace: org1-runners spec: - githubAPICredentialsFrom: - secretRef: - name: org1-github-app + template: + spec: + githubAPICredentialsFrom: + secretRef: + name: org1-github-app --- kind: HorizontalRunnerAutoscaler metadata: diff --git a/api/v1alpha1/horizontalrunnerautoscaler_types.go b/api/v1alpha1/horizontalrunnerautoscaler_types.go index a4a8cc06ff..138d8da1db 100644 --- a/api/v1alpha1/horizontalrunnerautoscaler_types.go +++ b/api/v1alpha1/horizontalrunnerautoscaler_types.go @@ -133,7 +133,7 @@ type ScaleTargetRef struct { type MetricSpec struct { // Type is the type of metric to be used for autoscaling. - // The only supported Type is TotalNumberOfQueuedAndInProgressWorkflowRuns + // It can be TotalNumberOfQueuedAndInProgressWorkflowRuns or PercentageRunnersBusy. Type string `json:"type,omitempty"` // RepositoryNames is the list of repository names to be used for calculating the metric. @@ -173,7 +173,7 @@ type MetricSpec struct { } // ScheduledOverride can be used to override a few fields of HorizontalRunnerAutoscalerSpec on schedule. -// A schedule can optionally be recurring, so that the correspoding override happens every day, week, month, or year. +// A schedule can optionally be recurring, so that the corresponding override happens every day, week, month, or year. type ScheduledOverride struct { // StartTime is the time at which the first override starts. StartTime metav1.Time `json:"startTime"` diff --git a/api/v1alpha1/runnerdeployment_types.go b/api/v1alpha1/runnerdeployment_types.go index 588a68551d..693dbaec7e 100644 --- a/api/v1alpha1/runnerdeployment_types.go +++ b/api/v1alpha1/runnerdeployment_types.go @@ -33,7 +33,7 @@ type RunnerDeploymentSpec struct { // EffectiveTime is the time the upstream controller requested to sync Replicas. // It is usually populated by the webhook-based autoscaler via HRA. - // The value is inherited to RunnerRepicaSet(s) and used to prevent ephemeral runners from unnecessarily recreated. + // The value is inherited to RunnerReplicaSet(s) and used to prevent ephemeral runners from unnecessarily recreated. // // +optional // +nullable diff --git a/charts/actions-runner-controller/README.md b/charts/actions-runner-controller/README.md index 9861c91763..beb4f708c3 100644 --- a/charts/actions-runner-controller/README.md +++ b/charts/actions-runner-controller/README.md @@ -8,104 +8,105 @@ All additional docs are kept in the `docs/` folder, this README is solely for do > _Default values are the defaults set in the charts `values.yaml`, some properties have default configurations in the code for when the property is omitted or invalid_ -| Key | Description | Default | -|----------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------| -| `labels` | Set labels to apply to all resources in the chart | | -| `replicaCount` | Set the number of controller pods | 1 | -| `webhookPort` | Set the containerPort for the webhook Pod | 9443 | -| `syncPeriod` | Set the period in which the controler reconciles the desired runners count | 10m | -| `enableLeaderElection` | Enable election configuration | true | -| `leaderElectionId` | Set the election ID for the controller group | | -| `githubEnterpriseServerURL` | Set the URL for a self-hosted GitHub Enterprise Server | | -| `githubURL` | Override GitHub URL to be used for GitHub API calls | | -| `githubUploadURL` | Override GitHub Upload URL to be used for GitHub API calls | | -| `runnerGithubURL` | Override GitHub URL to be used by runners during registration | | -| `logLevel` | Set the log level of the controller container | | -| `additionalVolumes` | Set additional volumes to add to the manager container | | -| `additionalVolumeMounts` | Set additional volume mounts to add to the manager container | | -| `authSecret.create` | Deploy the controller auth secret | false | -| `authSecret.name` | Set the name of the auth secret | controller-manager | -| `authSecret.annotations` | Set annotations for the auth Secret | | -| `authSecret.github_app_id` | The ID of your GitHub App. **This can't be set at the same time as `authSecret.github_token`** | | -| `authSecret.github_app_installation_id` | The ID of your GitHub App installation. **This can't be set at the same time as `authSecret.github_token`** | | -| `authSecret.github_app_private_key` | The multiline string of your GitHub App's private key. **This can't be set at the same time as `authSecret.github_token`** | | -| `authSecret.github_token` | Your chosen GitHub PAT token. **This can't be set at the same time as the `authSecret.github_app_*`** | | -| `authSecret.github_basicauth_username` | Username for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API | | -| `authSecret.github_basicauth_password` | Password for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API | | -| `dockerRegistryMirror` | The default Docker Registry Mirror used by runners. | | -| `hostNetwork` | The "hostNetwork" of the controller container | false | -| `image.repository` | The "repository/image" of the controller container | summerwind/actions-runner-controller | -| `image.tag` | The tag of the controller container | | -| `image.actionsRunnerRepositoryAndTag` | The "repository/image" of the actions runner container | summerwind/actions-runner:latest | -| `image.actionsRunnerImagePullSecrets` | Optional image pull secrets to be included in the runner pod's ImagePullSecrets | | -| `image.dindSidecarRepositoryAndTag` | The "repository/image" of the dind sidecar container | docker:dind | -| `image.pullPolicy` | The pull policy of the controller image | IfNotPresent | -| `metrics.serviceMonitor` | Deploy serviceMonitor kind for for use with prometheus-operator CRDs | false | -| `metrics.serviceAnnotations` | Set annotations for the provisioned metrics service resource | | -| `metrics.port` | Set port of metrics service | 8443 | -| `metrics.proxy.enabled` | Deploy kube-rbac-proxy container in controller pod | true | -| `metrics.proxy.image.repository` | The "repository/image" of the kube-proxy container | quay.io/brancz/kube-rbac-proxy | -| `metrics.proxy.image.tag` | The tag of the kube-proxy image to use when pulling the container | v0.10.0 | -| `metrics.serviceMonitorLabels` | Set labels to apply to ServiceMonitor resources | | -| `imagePullSecrets` | Specifies the secret to be used when pulling the controller pod containers | | -| `fullnameOverride` | Override the full resource names | | -| `nameOverride` | Override the resource name prefix | | -| `serviceAccount.annotations` | Set annotations to the service account | | -| `serviceAccount.create` | Deploy the controller pod under a service account | true | -| `podAnnotations` | Set annotations for the controller pod | | -| `podLabels` | Set labels for the controller pod | | -| `serviceAccount.name` | Set the name of the service account | | -| `securityContext` | Set the security context for each container in the controller pod | | -| `podSecurityContext` | Set the security context to controller pod | | -| `service.annotations` | Set annotations for the provisioned webhook service resource | | -| `service.port` | Set controller service ports | | -| `service.type` | Set controller service type | | -| `topologySpreadConstraints` | Set the controller pod topologySpreadConstraints | | -| `nodeSelector` | Set the controller pod nodeSelector | | -| `resources` | Set the controller pod resources | | -| `affinity` | Set the controller pod affinity rules | | -| `podDisruptionBudget.enabled` | Enables a PDB to ensure HA of controller pods | false | -| `podDisruptionBudget.minAvailable` | Minimum number of pods that must be available after eviction | | -| `podDisruptionBudget.maxUnavailable` | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. | | -| `tolerations` | Set the controller pod tolerations | | -| `env` | Set environment variables for the controller container | | -| `priorityClassName` | Set the controller pod priorityClassName | | -| `scope.watchNamespace` | Tells the controller and the github webhook server which namespace to watch if `scope.singleNamespace` is true | `Release.Namespace` (the default namespace of the helm chart). | -| `scope.singleNamespace` | Limit the controller to watch a single namespace | false | -| `certManagerEnabled` | Enable cert-manager. If disabled you must set admissionWebHooks.caBundle and create TLS secrets manually | true | -| `runner.statusUpdateHook.enabled` | Use custom RBAC for runners (role, role binding and service account), this will enable reporting runner statuses | false | -| `admissionWebHooks.caBundle` | Base64-encoded PEM bundle containing the CA that signed the webhook's serving certificate | | -| `githubWebhookServer.logLevel` | Set the log level of the githubWebhookServer container | | -| `githubWebhookServer.replicaCount` | Set the number of webhook server pods | 1 | -| `githubWebhookServer.useRunnerGroupsVisibility` | Enable supporting runner groups with custom visibility. This will incur in extra API calls and may blow up your budget. Currently, you also need to set `githubWebhookServer.secret.enabled` to enable this feature. | false | -| `githubWebhookServer.enabled` | Deploy the webhook server pod | false | -| `githubWebhookServer.secret.enabled` | Passes the webhook hook secret to the github-webhook-server | false | -| `githubWebhookServer.secret.create` | Deploy the webhook hook secret | false | -| `githubWebhookServer.secret.name` | Set the name of the webhook hook secret | github-webhook-server | -| `githubWebhookServer.secret.github_webhook_secret_token` | Set the webhook secret token value | | -| `githubWebhookServer.imagePullSecrets` | Specifies the secret to be used when pulling the githubWebhookServer pod containers | | -| `githubWebhookServer.nameOverride` | Override the resource name prefix | | -| `githubWebhookServer.fullnameOverride` | Override the full resource names | | -| `githubWebhookServer.serviceAccount.create` | Deploy the githubWebhookServer under a service account | true | -| `githubWebhookServer.serviceAccount.annotations` | Set annotations for the service account | | -| `githubWebhookServer.serviceAccount.name` | Set the service account name | | -| `githubWebhookServer.podAnnotations` | Set annotations for the githubWebhookServer pod | | -| `githubWebhookServer.podLabels` | Set labels for the githubWebhookServer pod | | -| `githubWebhookServer.podSecurityContext` | Set the security context to githubWebhookServer pod | | -| `githubWebhookServer.securityContext` | Set the security context for each container in the githubWebhookServer pod | | -| `githubWebhookServer.resources` | Set the githubWebhookServer pod resources | | -| `githubWebhookServer.topologySpreadConstraints` | Set the githubWebhookServer pod topologySpreadConstraints | | -| `githubWebhookServer.nodeSelector` | Set the githubWebhookServer pod nodeSelector | | -| `githubWebhookServer.tolerations` | Set the githubWebhookServer pod tolerations | | -| `githubWebhookServer.affinity` | Set the githubWebhookServer pod affinity rules | | -| `githubWebhookServer.priorityClassName` | Set the githubWebhookServer pod priorityClassName | | -| `githubWebhookServer.service.type` | Set githubWebhookServer service type | | -| `githubWebhookServer.service.ports` | Set githubWebhookServer service ports | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]` | -| `githubWebhookServer.ingress.enabled` | Deploy an ingress kind for the githubWebhookServer | false | -| `githubWebhookServer.ingress.annotations` | Set annotations for the ingress kind | | -| `githubWebhookServer.ingress.hosts` | Set hosts configuration for ingress | `[{"host": "chart-example.local", "paths": []}]` | -| `githubWebhookServer.ingress.tls` | Set tls configuration for ingress | | -| `githubWebhookServer.ingress.ingressClassName` | Set ingress class name | | -| `githubWebhookServer.podDisruptionBudget.enabled` | Enables a PDB to ensure HA of githubwebhook pods | false | -| `githubWebhookServer.podDisruptionBudget.minAvailable` | Minimum number of pods that must be available after eviction | | -| `githubWebhookServer.podDisruptionBudget.maxUnavailable` | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. | | +| Key | Description | Default | +|----------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------| +| `labels` | Set labels to apply to all resources in the chart | | +| `replicaCount` | Set the number of controller pods | 1 | +| `webhookPort` | Set the containerPort for the webhook Pod | 9443 | +| `syncPeriod` | Set the period in which the controler reconciles the desired runners count | 10m | +| `enableLeaderElection` | Enable election configuration | true | +| `leaderElectionId` | Set the election ID for the controller group | | +| `githubEnterpriseServerURL` | Set the URL for a self-hosted GitHub Enterprise Server | | +| `githubURL` | Override GitHub URL to be used for GitHub API calls | | +| `githubUploadURL` | Override GitHub Upload URL to be used for GitHub API calls | | +| `runnerGithubURL` | Override GitHub URL to be used by runners during registration | | +| `logLevel` | Set the log level of the controller container | | +| `additionalVolumes` | Set additional volumes to add to the manager container | | +| `additionalVolumeMounts` | Set additional volume mounts to add to the manager container | | +| `authSecret.create` | Deploy the controller auth secret | false | +| `authSecret.name` | Set the name of the auth secret | controller-manager | +| `authSecret.annotations` | Set annotations for the auth Secret | | +| `authSecret.github_app_id` | The ID of your GitHub App. **This can't be set at the same time as `authSecret.github_token`** | | +| `authSecret.github_app_installation_id` | The ID of your GitHub App installation. **This can't be set at the same time as `authSecret.github_token`** | | +| `authSecret.github_app_private_key` | The multiline string of your GitHub App's private key. **This can't be set at the same time as `authSecret.github_token`** | | +| `authSecret.github_token` | Your chosen GitHub PAT token. **This can't be set at the same time as the `authSecret.github_app_*`** | | +| `authSecret.github_basicauth_username` | Username for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API | | +| `authSecret.github_basicauth_password` | Password for GitHub basic auth to use instead of PAT or GitHub APP in case it's running behind a proxy API | | +| `dockerRegistryMirror` | The default Docker Registry Mirror used by runners. | | +| `hostNetwork` | The "hostNetwork" of the controller container | false | +| `image.repository` | The "repository/image" of the controller container | summerwind/actions-runner-controller | +| `image.tag` | The tag of the controller container | | +| `image.actionsRunnerRepositoryAndTag` | The "repository/image" of the actions runner container | summerwind/actions-runner:latest | +| `image.actionsRunnerImagePullSecrets` | Optional image pull secrets to be included in the runner pod's ImagePullSecrets | | +| `image.dindSidecarRepositoryAndTag` | The "repository/image" of the dind sidecar container | docker:dind | +| `image.pullPolicy` | The pull policy of the controller image | IfNotPresent | +| `metrics.serviceMonitor` | Deploy serviceMonitor kind for for use with prometheus-operator CRDs | false | +| `metrics.serviceAnnotations` | Set annotations for the provisioned metrics service resource | | +| `metrics.port` | Set port of metrics service | 8443 | +| `metrics.proxy.enabled` | Deploy kube-rbac-proxy container in controller pod | true | +| `metrics.proxy.image.repository` | The "repository/image" of the kube-proxy container | quay.io/brancz/kube-rbac-proxy | +| `metrics.proxy.image.tag` | The tag of the kube-proxy image to use when pulling the container | v0.10.0 | +| `metrics.serviceMonitorLabels` | Set labels to apply to ServiceMonitor resources | | +| `imagePullSecrets` | Specifies the secret to be used when pulling the controller pod containers | | +| `fullnameOverride` | Override the full resource names | | +| `nameOverride` | Override the resource name prefix | | +| `serviceAccount.annotations` | Set annotations to the service account | | +| `serviceAccount.create` | Deploy the controller pod under a service account | true | +| `podAnnotations` | Set annotations for the controller pod | | +| `podLabels` | Set labels for the controller pod | | +| `serviceAccount.name` | Set the name of the service account | | +| `securityContext` | Set the security context for each container in the controller pod | | +| `podSecurityContext` | Set the security context to controller pod | | +| `service.annotations` | Set annotations for the provisioned webhook service resource | | +| `service.port` | Set controller service ports | | +| `service.type` | Set controller service type | | +| `topologySpreadConstraints` | Set the controller pod topologySpreadConstraints | | +| `nodeSelector` | Set the controller pod nodeSelector | | +| `resources` | Set the controller pod resources | | +| `affinity` | Set the controller pod affinity rules | | +| `podDisruptionBudget.enabled` | Enables a PDB to ensure HA of controller pods | false | +| `podDisruptionBudget.minAvailable` | Minimum number of pods that must be available after eviction | | +| `podDisruptionBudget.maxUnavailable` | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. | | +| `tolerations` | Set the controller pod tolerations | | +| `env` | Set environment variables for the controller container | | +| `priorityClassName` | Set the controller pod priorityClassName | | +| `scope.watchNamespace` | Tells the controller and the github webhook server which namespace to watch if `scope.singleNamespace` is true | `Release.Namespace` (the default namespace of the helm chart). | +| `scope.singleNamespace` | Limit the controller to watch a single namespace | false | +| `certManagerEnabled` | Enable cert-manager. If disabled you must set admissionWebHooks.caBundle and create TLS secrets manually | true | +| `runner.statusUpdateHook.enabled` | Use custom RBAC for runners (role, role binding and service account), this will enable reporting runner statuses | false | +| `admissionWebHooks.caBundle` | Base64-encoded PEM bundle containing the CA that signed the webhook's serving certificate | | +| `githubWebhookServer.logLevel` | Set the log level of the githubWebhookServer container | | +| `githubWebhookServer.replicaCount` | Set the number of webhook server pods | 1 | +| `githubWebhookServer.useRunnerGroupsVisibility` | Enable supporting runner groups with custom visibility. This will incur in extra API calls and may blow up your budget. Currently, you also need to set `githubWebhookServer.secret.enabled` to enable this feature. | false | +| `githubWebhookServer.enabled` | Deploy the webhook server pod | false | +| `githubWebhookServer.queueLimit` | Set the queue size limit in the githubWebhookServer | | +| `githubWebhookServer.secret.enabled` | Passes the webhook hook secret to the github-webhook-server | false | +| `githubWebhookServer.secret.create` | Deploy the webhook hook secret | false | +| `githubWebhookServer.secret.name` | Set the name of the webhook hook secret | github-webhook-server | +| `githubWebhookServer.secret.github_webhook_secret_token` | Set the webhook secret token value | | +| `githubWebhookServer.imagePullSecrets` | Specifies the secret to be used when pulling the githubWebhookServer pod containers | | +| `githubWebhookServer.nameOverride` | Override the resource name prefix | | +| `githubWebhookServer.fullnameOverride` | Override the full resource names | | +| `githubWebhookServer.serviceAccount.create` | Deploy the githubWebhookServer under a service account | true | +| `githubWebhookServer.serviceAccount.annotations` | Set annotations for the service account | | +| `githubWebhookServer.serviceAccount.name` | Set the service account name | | +| `githubWebhookServer.podAnnotations` | Set annotations for the githubWebhookServer pod | | +| `githubWebhookServer.podLabels` | Set labels for the githubWebhookServer pod | | +| `githubWebhookServer.podSecurityContext` | Set the security context to githubWebhookServer pod | | +| `githubWebhookServer.securityContext` | Set the security context for each container in the githubWebhookServer pod | | +| `githubWebhookServer.resources` | Set the githubWebhookServer pod resources | | +| `githubWebhookServer.topologySpreadConstraints` | Set the githubWebhookServer pod topologySpreadConstraints | | +| `githubWebhookServer.nodeSelector` | Set the githubWebhookServer pod nodeSelector | | +| `githubWebhookServer.tolerations` | Set the githubWebhookServer pod tolerations | | +| `githubWebhookServer.affinity` | Set the githubWebhookServer pod affinity rules | | +| `githubWebhookServer.priorityClassName` | Set the githubWebhookServer pod priorityClassName | | +| `githubWebhookServer.service.type` | Set githubWebhookServer service type | | +| `githubWebhookServer.service.ports` | Set githubWebhookServer service ports | `[{"port":80, "targetPort:"http", "protocol":"TCP", "name":"http"}]` | +| `githubWebhookServer.ingress.enabled` | Deploy an ingress kind for the githubWebhookServer | false | +| `githubWebhookServer.ingress.annotations` | Set annotations for the ingress kind | | +| `githubWebhookServer.ingress.hosts` | Set hosts configuration for ingress | `[{"host": "chart-example.local", "paths": []}]` | +| `githubWebhookServer.ingress.tls` | Set tls configuration for ingress | | +| `githubWebhookServer.ingress.ingressClassName` | Set ingress class name | | +| `githubWebhookServer.podDisruptionBudget.enabled` | Enables a PDB to ensure HA of githubwebhook pods | false | +| `githubWebhookServer.podDisruptionBudget.minAvailable` | Minimum number of pods that must be available after eviction | | +| `githubWebhookServer.podDisruptionBudget.maxUnavailable` | Maximum number of pods that can be unavailable after eviction. Kubernetes 1.7+ required. | | diff --git a/charts/actions-runner-controller/crds/actions.summerwind.dev_horizontalrunnerautoscalers.yaml b/charts/actions-runner-controller/crds/actions.summerwind.dev_horizontalrunnerautoscalers.yaml index 8f49f1a365..da1fd06baf 100644 --- a/charts/actions-runner-controller/crds/actions.summerwind.dev_horizontalrunnerautoscalers.yaml +++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_horizontalrunnerautoscalers.yaml @@ -102,7 +102,7 @@ spec: description: ScaleUpThreshold is the percentage of busy runners greater than which will trigger the hpa to scale runners up. type: string type: - description: Type is the type of metric to be used for autoscaling. The only supported Type is TotalNumberOfQueuedAndInProgressWorkflowRuns + description: Type is the type of metric to be used for autoscaling. It can be TotalNumberOfQueuedAndInProgressWorkflowRuns or PercentageRunnersBusy. type: string type: object type: array @@ -180,7 +180,7 @@ spec: scheduledOverrides: description: ScheduledOverrides is the list of ScheduledOverride. It can be used to override a few fields of HorizontalRunnerAutoscalerSpec on schedule. The earlier a scheduled override is, the higher it is prioritized. items: - description: ScheduledOverride can be used to override a few fields of HorizontalRunnerAutoscalerSpec on schedule. A schedule can optionally be recurring, so that the correspoding override happens every day, week, month, or year. + description: ScheduledOverride can be used to override a few fields of HorizontalRunnerAutoscalerSpec on schedule. A schedule can optionally be recurring, so that the corresponding override happens every day, week, month, or year. properties: endTime: description: EndTime is the time at which the first override ends. diff --git a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml index a66495b9b6..25708b5304 100644 --- a/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml +++ b/charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml @@ -49,7 +49,7 @@ spec: description: RunnerDeploymentSpec defines the desired state of RunnerDeployment properties: effectiveTime: - description: EffectiveTime is the time the upstream controller requested to sync Replicas. It is usually populated by the webhook-based autoscaler via HRA. The value is inherited to RunnerRepicaSet(s) and used to prevent ephemeral runners from unnecessarily recreated. + description: EffectiveTime is the time the upstream controller requested to sync Replicas. It is usually populated by the webhook-based autoscaler via HRA. The value is inherited to RunnerReplicaSet(s) and used to prevent ephemeral runners from unnecessarily recreated. format: date-time nullable: true type: string diff --git a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml index e7121b8a30..6d9d5738b2 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml @@ -48,6 +48,9 @@ spec: {{- if .Values.runnerGithubURL }} - "--runner-github-url={{ .Values.runnerGithubURL }}" {{- end }} + {{- if .Values.githubWebhookServer.queueLimit }} + - "--queue-limit={{ .Values.githubWebhookServer.queueLimit }}" + {{- end }} command: - "/github-webhook-server" env: diff --git a/charts/actions-runner-controller/values.yaml b/charts/actions-runner-controller/values.yaml index 353e927ae8..266288f8ed 100644 --- a/charts/actions-runner-controller/values.yaml +++ b/charts/actions-runner-controller/values.yaml @@ -270,3 +270,4 @@ githubWebhookServer: enabled: false # minAvailable: 1 # maxUnavailable: 3 + # queueLimit: 100 diff --git a/config/crd/bases/actions.summerwind.dev_horizontalrunnerautoscalers.yaml b/config/crd/bases/actions.summerwind.dev_horizontalrunnerautoscalers.yaml index 8f49f1a365..da1fd06baf 100644 --- a/config/crd/bases/actions.summerwind.dev_horizontalrunnerautoscalers.yaml +++ b/config/crd/bases/actions.summerwind.dev_horizontalrunnerautoscalers.yaml @@ -102,7 +102,7 @@ spec: description: ScaleUpThreshold is the percentage of busy runners greater than which will trigger the hpa to scale runners up. type: string type: - description: Type is the type of metric to be used for autoscaling. The only supported Type is TotalNumberOfQueuedAndInProgressWorkflowRuns + description: Type is the type of metric to be used for autoscaling. It can be TotalNumberOfQueuedAndInProgressWorkflowRuns or PercentageRunnersBusy. type: string type: object type: array @@ -180,7 +180,7 @@ spec: scheduledOverrides: description: ScheduledOverrides is the list of ScheduledOverride. It can be used to override a few fields of HorizontalRunnerAutoscalerSpec on schedule. The earlier a scheduled override is, the higher it is prioritized. items: - description: ScheduledOverride can be used to override a few fields of HorizontalRunnerAutoscalerSpec on schedule. A schedule can optionally be recurring, so that the correspoding override happens every day, week, month, or year. + description: ScheduledOverride can be used to override a few fields of HorizontalRunnerAutoscalerSpec on schedule. A schedule can optionally be recurring, so that the corresponding override happens every day, week, month, or year. properties: endTime: description: EndTime is the time at which the first override ends. diff --git a/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml b/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml index a66495b9b6..25708b5304 100644 --- a/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml +++ b/config/crd/bases/actions.summerwind.dev_runnerdeployments.yaml @@ -49,7 +49,7 @@ spec: description: RunnerDeploymentSpec defines the desired state of RunnerDeployment properties: effectiveTime: - description: EffectiveTime is the time the upstream controller requested to sync Replicas. It is usually populated by the webhook-based autoscaler via HRA. The value is inherited to RunnerRepicaSet(s) and used to prevent ephemeral runners from unnecessarily recreated. + description: EffectiveTime is the time the upstream controller requested to sync Replicas. It is usually populated by the webhook-based autoscaler via HRA. The value is inherited to RunnerReplicaSet(s) and used to prevent ephemeral runners from unnecessarily recreated. format: date-time nullable: true type: string diff --git a/controllers/autoscaling.go b/controllers/autoscaling.go index d7c2fa297e..7534625f72 100644 --- a/controllers/autoscaling.go +++ b/controllers/autoscaling.go @@ -9,6 +9,7 @@ import ( "strings" "github.com/actions-runner-controller/actions-runner-controller/api/v1alpha1" + prometheus_metrics "github.com/actions-runner-controller/actions-runner-controller/controllers/metrics" arcgithub "github.com/actions-runner-controller/actions-runner-controller/github" "github.com/google/go-github/v45/github" corev1 "k8s.io/api/core/v1" @@ -211,6 +212,20 @@ func (r *HorizontalRunnerAutoscalerReconciler) suggestReplicasByQueuedAndInProgr necessaryReplicas := queued + inProgress + prometheus_metrics.SetHorizontalRunnerAutoscalerQueuedAndInProgressWorkflowRuns( + hra.ObjectMeta, + st.enterprise, + st.org, + st.repo, + st.kind, + st.st, + necessaryReplicas, + completed, + inProgress, + queued, + unknown, + ) + r.Log.V(1).Info( fmt.Sprintf("Suggested desired replicas of %d by TotalNumberOfQueuedAndInProgressWorkflowRuns", necessaryReplicas), "workflow_runs_completed", completed, @@ -382,6 +397,19 @@ func (r *HorizontalRunnerAutoscalerReconciler) suggestReplicasByPercentageRunner // // - num_runners can be as twice as large as replicas_desired_before while // the runnerdeployment controller is replacing RunnerReplicaSet for runner update. + prometheus_metrics.SetHorizontalRunnerAutoscalerPercentageRunnersBusy( + hra.ObjectMeta, + st.enterprise, + st.org, + st.repo, + st.kind, + st.st, + desiredReplicas, + numRunners, + numRunnersRegistered, + numRunnersBusy, + numTerminatingBusy, + ) r.Log.V(1).Info( fmt.Sprintf("Suggested desired replicas of %d by PercentageRunnersBusy", desiredReplicas), diff --git a/controllers/metrics/horizontalrunnerautoscaler.go b/controllers/metrics/horizontalrunnerautoscaler.go index 0815e2a597..c3bfe97c97 100644 --- a/controllers/metrics/horizontalrunnerautoscaler.go +++ b/controllers/metrics/horizontalrunnerautoscaler.go @@ -7,8 +7,13 @@ import ( ) const ( - hraName = "horizontalrunnerautoscaler" - hraNamespace = "namespace" + hraName = "horizontalrunnerautoscaler" + hraNamespace = "namespace" + stEnterprise = "enterprise" + stOrganization = "organization" + stRepository = "repository" + stKind = "kind" + stName = "name" ) var ( @@ -16,6 +21,16 @@ var ( horizontalRunnerAutoscalerMinReplicas, horizontalRunnerAutoscalerMaxReplicas, horizontalRunnerAutoscalerDesiredReplicas, + horizontalRunnerAutoscalerReplicasDesired, + horizontalRunnerAutoscalerRunners, + horizontalRunnerAutoscalerRunnersRegistered, + horizontalRunnerAutoscalerRunnersBusy, + horizontalRunnerAutoscalerTerminatingBusy, + horizontalRunnerAutoscalerNecessaryReplicas, + horizontalRunnerAutoscalerWorkflowRunsCompleted, + horizontalRunnerAutoscalerWorkflowRunsInProgress, + horizontalRunnerAutoscalerWorkflowRunsQueued, + horizontalRunnerAutoscalerWorkflowRunsUnknown, } ) @@ -41,6 +56,78 @@ var ( }, []string{hraName, hraNamespace}, ) + // PercentageRunnersBusy + horizontalRunnerAutoscalerReplicasDesired = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "horizontalrunnerautoscaler_replicas_desired", + Help: "replicas_desired of PercentageRunnersBusy", + }, + []string{hraName, hraNamespace, stEnterprise, stOrganization, stRepository, stKind, stName}, + ) + horizontalRunnerAutoscalerRunners = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "horizontalrunnerautoscaler_runners", + Help: "num_runners of PercentageRunnersBusy", + }, + []string{hraName, hraNamespace, stEnterprise, stOrganization, stRepository, stKind, stName}, + ) + horizontalRunnerAutoscalerRunnersRegistered = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "horizontalrunnerautoscaler_runners_registered", + Help: "num_runners_registered of PercentageRunnersBusy", + }, + []string{hraName, hraNamespace, stEnterprise, stOrganization, stRepository, stKind, stName}, + ) + horizontalRunnerAutoscalerRunnersBusy = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "horizontalrunnerautoscaler_runners_busy", + Help: "num_runners_busy of PercentageRunnersBusy", + }, + []string{hraName, hraNamespace, stEnterprise, stOrganization, stRepository, stKind, stName}, + ) + horizontalRunnerAutoscalerTerminatingBusy = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "horizontalrunnerautoscaler_terminating_busy", + Help: "num_terminating_busy of PercentageRunnersBusy", + }, + []string{hraName, hraNamespace, stEnterprise, stOrganization, stRepository, stKind, stName}, + ) + // QueuedAndInProgressWorkflowRuns + horizontalRunnerAutoscalerNecessaryReplicas = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "horizontalrunnerautoscaler_necessary_replicas", + Help: "necessary_replicas of QueuedAndInProgressWorkflowRuns", + }, + []string{hraName, hraNamespace, stEnterprise, stOrganization, stRepository, stKind, stName}, + ) + horizontalRunnerAutoscalerWorkflowRunsCompleted = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "horizontalrunnerautoscaler_workflow_runs_completed", + Help: "workflow_runs_completed of QueuedAndInProgressWorkflowRuns", + }, + []string{hraName, hraNamespace, stEnterprise, stOrganization, stRepository, stKind, stName}, + ) + horizontalRunnerAutoscalerWorkflowRunsInProgress = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "horizontalrunnerautoscaler_workflow_runs_in_progress", + Help: "workflow_runs_in_progress of QueuedAndInProgressWorkflowRuns", + }, + []string{hraName, hraNamespace, stEnterprise, stOrganization, stRepository, stKind, stName}, + ) + horizontalRunnerAutoscalerWorkflowRunsQueued = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "horizontalrunnerautoscaler_workflow_runs_queued", + Help: "workflow_runs_queued of QueuedAndInProgressWorkflowRuns", + }, + []string{hraName, hraNamespace, stEnterprise, stOrganization, stRepository, stKind, stName}, + ) + horizontalRunnerAutoscalerWorkflowRunsUnknown = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "horizontalrunnerautoscaler_workflow_runs_unknown", + Help: "workflow_runs_unknown of QueuedAndInProgressWorkflowRuns", + }, + []string{hraName, hraNamespace, stEnterprise, stOrganization, stRepository, stKind, stName}, + ) ) func SetHorizontalRunnerAutoscalerSpec(o metav1.ObjectMeta, spec v1alpha1.HorizontalRunnerAutoscalerSpec) { @@ -65,3 +152,61 @@ func SetHorizontalRunnerAutoscalerStatus(o metav1.ObjectMeta, status v1alpha1.Ho horizontalRunnerAutoscalerDesiredReplicas.With(labels).Set(float64(*status.DesiredReplicas)) } } + +func SetHorizontalRunnerAutoscalerPercentageRunnersBusy( + o metav1.ObjectMeta, + enterprise string, + organization string, + repository string, + kind string, + name string, + desiredReplicas int, + numRunners int, + numRunnersRegistered int, + numRunnersBusy int, + numTerminatingBusy int, +) { + labels := prometheus.Labels{ + hraName: o.Name, + hraNamespace: o.Namespace, + stEnterprise: enterprise, + stOrganization: organization, + stRepository: repository, + stKind: kind, + stName: name, + } + horizontalRunnerAutoscalerReplicasDesired.With(labels).Set(float64(desiredReplicas)) + horizontalRunnerAutoscalerRunners.With(labels).Set(float64(numRunners)) + horizontalRunnerAutoscalerRunnersRegistered.With(labels).Set(float64(numRunnersRegistered)) + horizontalRunnerAutoscalerRunnersBusy.With(labels).Set(float64(numRunnersBusy)) + horizontalRunnerAutoscalerTerminatingBusy.With(labels).Set(float64(numTerminatingBusy)) +} + +func SetHorizontalRunnerAutoscalerQueuedAndInProgressWorkflowRuns( + o metav1.ObjectMeta, + enterprise string, + organization string, + repository string, + kind string, + name string, + necessaryReplicas int, + workflowRunsCompleted int, + workflowRunsInProgress int, + workflowRunsQueued int, + workflowRunsUnknown int, +) { + labels := prometheus.Labels{ + hraName: o.Name, + hraNamespace: o.Namespace, + stEnterprise: enterprise, + stOrganization: organization, + stRepository: repository, + stKind: kind, + stName: name, + } + horizontalRunnerAutoscalerNecessaryReplicas.With(labels).Set(float64(necessaryReplicas)) + horizontalRunnerAutoscalerWorkflowRunsCompleted.With(labels).Set(float64(workflowRunsCompleted)) + horizontalRunnerAutoscalerWorkflowRunsInProgress.With(labels).Set(float64(workflowRunsInProgress)) + horizontalRunnerAutoscalerWorkflowRunsQueued.With(labels).Set(float64(workflowRunsQueued)) + horizontalRunnerAutoscalerWorkflowRunsUnknown.With(labels).Set(float64(workflowRunsUnknown)) +} diff --git a/controllers/multi_githubclient.go b/controllers/multi_githubclient.go index fbb822683f..45948948c5 100644 --- a/controllers/multi_githubclient.go +++ b/controllers/multi_githubclient.go @@ -3,7 +3,6 @@ package controllers import ( "context" "crypto/sha1" - "encoding/base64" "encoding/hex" "fmt" "sort" @@ -199,6 +198,12 @@ func (c *MultiGitHubClient) initClientForSecret(secret *corev1.Secret, dependent return nil, err } + // Check if EnterpriseURL is set. + if conf.EnterpriseURL == "" { + // fallback to the controller-wide setting + conf.EnterpriseURL = c.githubClient.GithubBaseURL + } + cli, err := conf.NewClient() if err != nil { return nil, err @@ -270,17 +275,6 @@ func (c *MultiGitHubClient) derefClient(ns, secretName string, dependent *runner } } -func decodeBase64(s []byte) (string, error) { - enc := base64.RawStdEncoding - dbuf := make([]byte, enc.DecodedLen(len(s))) - n, err := enc.Decode(dbuf, []byte(s)) - if err != nil { - return "", err - } - - return string(dbuf[:n]), nil -} - func secretDataToGitHubClientConfig(data map[string][]byte) (*github.Config, error) { var ( conf github.Config @@ -288,55 +282,31 @@ func secretDataToGitHubClientConfig(data map[string][]byte) (*github.Config, err err error ) - conf.URL, err = decodeBase64(data["github_url"]) - if err != nil { - return nil, err - } + conf.URL = string(data["github_url"]) - conf.UploadURL, err = decodeBase64(data["github_upload_url"]) - if err != nil { - return nil, err - } + conf.UploadURL = string(data["github_upload_url"]) - conf.EnterpriseURL, err = decodeBase64(data["github_enterprise_url"]) - if err != nil { - return nil, err - } + conf.EnterpriseURL = string(data["github_enterprise_url"]) - conf.RunnerGitHubURL, err = decodeBase64(data["github_runner_url"]) - if err != nil { - return nil, err - } + conf.RunnerGitHubURL = string(data["github_runner_url"]) - conf.Token, err = decodeBase64(data["github_token"]) - if err != nil { - return nil, err - } + conf.Token = string(data["github_token"]) - appID, err := decodeBase64(data["github_app_id"]) - if err != nil { - return nil, err - } + appID := string(data["github_app_id"]) conf.AppID, err = strconv.ParseInt(appID, 10, 64) if err != nil { return nil, err } - instID, err := decodeBase64(data["github_app_installation_id"]) - if err != nil { - return nil, err - } + instID := string(data["github_app_installation_id"]) conf.AppInstallationID, err = strconv.ParseInt(instID, 10, 64) if err != nil { return nil, err } - conf.AppPrivateKey, err = decodeBase64(data["github_app_private_key"]) - if err != nil { - return nil, err - } + conf.AppPrivateKey = string(data["github_app_private_key"]) return &conf, nil } diff --git a/go.mod b/go.mod index 927aea02b3..52948f26c2 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/actions-runner-controller/actions-runner-controller -go 1.18 +go 1.19 require ( github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 diff --git a/hack/signrel/go.mod b/hack/signrel/go.mod index b48ba7337b..a36951b0db 100644 --- a/hack/signrel/go.mod +++ b/hack/signrel/go.mod @@ -1,3 +1,3 @@ module github.com/actions-runner-controller/actions-runner-controller/hack/sigrel -go 1.17 +go 1.19 diff --git a/runner/Makefile b/runner/Makefile index cf0f1c200c..4cc6b8b0f5 100644 --- a/runner/Makefile +++ b/runner/Makefile @@ -4,7 +4,7 @@ DIND_RUNNER_NAME ?= ${DOCKER_USER}/actions-runner-dind TAG ?= latest TARGETPLATFORM ?= $(shell arch) -RUNNER_VERSION ?= 2.294.0 +RUNNER_VERSION ?= 2.295.0 RUNNER_CONTAINER_HOOKS_VERSION ?= 0.1.2 DOCKER_VERSION ?= 20.10.12 diff --git a/runner/actions-runner-dind-rootless.dockerfile b/runner/actions-runner-dind-rootless.dockerfile new file mode 100644 index 0000000000..91308f92a7 --- /dev/null +++ b/runner/actions-runner-dind-rootless.dockerfile @@ -0,0 +1,138 @@ +FROM ubuntu:20.04 + +# Target architecture +ARG TARGETPLATFORM=linux/amd64 + +# GitHub runner arguments +ARG RUNNER_VERSION=2.295.0 + +# Docker and Docker Compose arguments +ENV CHANNEL=stable +ARG COMPOSE_VERSION=v2.6.0 + +# Dumb-init version +ARG DUMB_INIT_VERSION=1.2.5 + +# Other arguments +ARG DEBUG=false + +# Set environment variables needed at build +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt update -y \ + && apt-get install -y software-properties-common \ + && add-apt-repository -y ppa:git-core/ppa \ + && apt-get update -y \ + && apt-get install -y --no-install-recommends \ + build-essential \ + curl \ + ca-certificates \ + dnsutils \ + ftp \ + git \ + iproute2 \ + iputils-ping \ + iptables \ + jq \ + libunwind8 \ + locales \ + netcat \ + net-tools \ + openssh-client \ + parallel \ + python3-pip \ + rsync \ + shellcheck \ + supervisor \ + software-properties-common \ + sudo \ + telnet \ + time \ + tzdata \ + uidmap \ + unzip \ + upx \ + wget \ + zip \ + zstd \ + && ln -sf /usr/bin/python3 /usr/bin/python \ + && ln -sf /usr/bin/pip3 /usr/bin/pip \ + && rm -rf /var/lib/apt/lists/* + +# Runner user +RUN adduser --disabled-password --gecos "" --uid 1000 runner + +RUN test -n "$TARGETPLATFORM" || (echo "TARGETPLATFORM must be set" && false) + +# Setup subuid and subgid so that "--userns-remap=default" works +RUN set -eux; \ + addgroup --system dockremap; \ + adduser --system --ingroup dockremap dockremap; \ + echo 'dockremap:165536:65536' >> /etc/subuid; \ + echo 'dockremap:165536:65536' >> /etc/subgid + +ENV RUNNER_ASSETS_DIR=/runnertmp + +# Runner download supports amd64 as x64 +RUN ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ + && export ARCH \ + && if [ "$ARCH" = "amd64" ]; then export ARCH=x64 ; fi \ + && mkdir -p "$RUNNER_ASSETS_DIR" \ + && cd "$RUNNER_ASSETS_DIR" \ + && curl -L -o runner.tar.gz https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${ARCH}-${RUNNER_VERSION}.tar.gz \ + && tar xzf ./runner.tar.gz \ + && rm runner.tar.gz \ + && ./bin/installdependencies.sh \ + && apt-get install -y libyaml-dev \ + && rm -rf /var/lib/apt/lists/* + +RUN echo AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache > /runner.env \ + && mkdir /opt/hostedtoolcache \ + && chgrp runner /opt/hostedtoolcache \ + && chmod g+rwx /opt/hostedtoolcache + +# Configure hooks folder structure. +COPY hooks /etc/arc/hooks/ + +# arch command on OS X reports "i386" for Intel CPUs regardless of bitness +RUN export ARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2) \ + && if [ "$ARCH" = "arm64" ]; then export ARCH=aarch64 ; fi \ + && if [ "$ARCH" = "amd64" ] || [ "$ARCH" = "i386" ]; then export ARCH=x86_64 ; fi \ + && curl -f -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_${ARCH} \ + && chmod +x /usr/local/bin/dumb-init + +COPY entrypoint.sh logger.bash rootless-startup.sh update-status /usr/bin/ + +RUN chmod +x /usr/bin/rootless-startup.sh /usr/bin/entrypoint.sh + +# Make the rootless runner directory executable +RUN mkdir /run/user/1000 \ + && chown runner:runner /run/user/1000 \ + && chmod a+x /run/user/1000 + +# Add the Python "User Script Directory" to the PATH +ENV PATH="${PATH}:${HOME}/.local/bin:/home/runner/bin" +ENV ImageOS=ubuntu20 +ENV DOCKER_HOST=unix:///run/user/1000/docker.sock +ENV XDG_RUNTIME_DIR=/run/user/1000 + +RUN echo "PATH=${PATH}" > /etc/environment \ + && echo "ImageOS=${ImageOS}" >> /etc/environment \ + && echo "DOCKER_HOST=${DOCKER_HOST}" >> /etc/environment \ + && echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}" >> /etc/environment + +ENV HOME=/home/runner + +# No group definition, as that makes it harder to run docker. +USER runner + +# Docker installation +ENV SKIP_IPTABLES=1 +RUN curl -fsSL https://get.docker.com/rootless | sh + +# Docker-compose installation +RUN curl -L "https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-Linux-x86_64" -o /home/runner/bin/docker-compose ; \ + chmod +x /home/runner/bin/docker-compose + +ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] +CMD ["rootless-startup.sh"] diff --git a/runner/actions-runner-dind.dockerfile b/runner/actions-runner-dind.dockerfile index 2a192c122d..72844ba89a 100644 --- a/runner/actions-runner-dind.dockerfile +++ b/runner/actions-runner-dind.dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:20.04 ARG TARGETPLATFORM -ARG RUNNER_VERSION=2.294.0 +ARG RUNNER_VERSION=2.295.0 ARG DOCKER_CHANNEL=stable ARG DOCKER_VERSION=20.10.12 ARG DUMB_INIT_VERSION=1.2.5 diff --git a/runner/actions-runner.dockerfile b/runner/actions-runner.dockerfile index 71c228f092..0b0e0039ec 100644 --- a/runner/actions-runner.dockerfile +++ b/runner/actions-runner.dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:20.04 ARG TARGETPLATFORM -ARG RUNNER_VERSION=2.294.0 +ARG RUNNER_VERSION=2.295.0 ARG RUNNER_CONTAINER_HOOKS_VERSION=0.1.2 ARG DOCKER_CHANNEL=stable ARG DOCKER_VERSION=20.10.12 diff --git a/runner/rootless-startup.sh b/runner/rootless-startup.sh new file mode 100644 index 0000000000..e26f5d58d1 --- /dev/null +++ b/runner/rootless-startup.sh @@ -0,0 +1,27 @@ +#!/bin/bash +source logger.bash + +log.notice "Writing out Docker config file" +/bin/bash <