├── .github └── workflows │ ├── helm_lint.yml │ ├── link_check.yml │ ├── publish_pages.yml │ └── test_selfhosted.yml ├── .gitignore ├── .helmignore ├── Chart.yaml ├── LICENSE ├── README.md ├── _config.yml ├── templates ├── deployment.yaml ├── github-app-secret.yml ├── pat-secret.yaml └── pki-configmap.yaml └── values.yaml /.github/workflows/helm_lint.yml: -------------------------------------------------------------------------------- 1 | name: Helm Lint 2 | on: 3 | push: 4 | pull_request: 5 | 6 | env: 7 | CHART_DIR: . 8 | 9 | jobs: 10 | helm_lint: 11 | name: Helm Lint 12 | runs-on: ubuntu-20.04 13 | 14 | steps: 15 | - uses: actions/checkout@v2 16 | 17 | - run: helm lint ${{ env.CHART_DIR }} 18 | 19 | # - uses: stackrox/kube-linter-action@v1 20 | # with: 21 | # directory: . 22 | -------------------------------------------------------------------------------- /.github/workflows/link_check.yml: -------------------------------------------------------------------------------- 1 | name: Link checker 2 | on: 3 | push: 4 | paths: 5 | - '**.md' 6 | pull_request: 7 | paths: 8 | -'**.md' 9 | 10 | jobs: 11 | markdown-link-check: 12 | name: Check links in markdown 13 | runs-on: ubuntu-20.04 14 | steps: 15 | - uses: actions/checkout@v2 16 | - uses: gaurav-nelson/github-action-markdown-link-check@v1 17 | with: 18 | use-verbose-mode: true 19 | -------------------------------------------------------------------------------- /.github/workflows/publish_pages.yml: -------------------------------------------------------------------------------- 1 | name: Publish chart to Pages 2 | on: 3 | push: 4 | tags: 5 | - "v*" 6 | env: 7 | PAGES_BRANCH: release-chart 8 | PAGES_URL: https://redhat-actions.github.io/openshift-actions-runner-chart/ 9 | CHART_OUTPUT_DIR: packages/ 10 | CHART_SRC_DIR: . 11 | 12 | jobs: 13 | package-chart: 14 | name: Package Helm Chart 15 | runs-on: ubuntu-20.04 16 | concurrency: publish 17 | 18 | steps: 19 | - uses: actions/checkout@v2 20 | 21 | - name: Helm lint 22 | run: helm lint ${{ env.CHART_SRC_DIR }} 23 | 24 | - uses: redhat-actions/common/commit-data@v1 25 | id: commit_data 26 | 27 | - uses: redhat-actions/openshift-tools-installer@v1 28 | with: 29 | source: github 30 | github_pat: ${{ github.token }} 31 | yq: latest 32 | 33 | - uses: redhat-actions/openshift-tools-installer@v1 34 | with: 35 | source: mirror 36 | helm: latest 37 | 38 | - name: Get tag 39 | shell: bash 40 | run: | 41 | export TAG=${{ steps.commit_data.outputs.tag }} 42 | if [[ $TAG =~ v* ]]; then 43 | TAG=${TAG#v*} 44 | fi 45 | echo "TAG=$TAG" >> $GITHUB_ENV 46 | 47 | - name: Get Chart.yaml path 48 | run: echo "CHART_YAML=${{ env.CHART_SRC_DIR }}/Chart.yaml" | tee -a $GITHUB_ENV 49 | 50 | - name: Update Chart.yaml version 51 | run: yq -ei e '.version = "${{ env.TAG }}"' Chart.yaml 52 | 53 | - name: Package Helm Chart 54 | shell: bash 55 | run: | 56 | set -xeE -o pipefail 57 | cat Chart.yaml 58 | echo 59 | mkdir -p ${{ env.CHART_OUTPUT_DIR }} 60 | helm package ${{ env.CHART_SRC_DIR }} --destination ${{ env.CHART_OUTPUT_DIR }} 61 | 62 | helm repo index ${{ env.CHART_SRC_DIR }} \ 63 | --url ${{ env.PAGES_URL }} 64 | 65 | # The chart name will be eg. 'actions-runner-v1.0.0.tgz' 66 | - name: Get chart package filename 67 | shell: bash 68 | run: | 69 | set -xeE -o pipefail 70 | export CHART_SUFFIX=${{ env.TAG }}.tgz 71 | export CHART_PATH=$(ls ${{ env.CHART_OUTPUT_DIR }}*$CHART_SUFFIX) 72 | echo "CHART_PATH=$CHART_PATH" >> $GITHUB_ENV 73 | echo "CHART_FILENAME=$(basename $CHART_PATH)" >> $GITHUB_ENV 74 | 75 | - name: Upload helm chart 76 | uses: actions/upload-artifact@v2 77 | with: 78 | path: ${{ env.CHART_PATH }} 79 | name: ${{ env.CHART_FILENAME }} 80 | 81 | - name: Commit and push packaged chart 82 | run: | 83 | set -xeE -o pipefail 84 | git config user.name "Chart Packager Bot" 85 | git config user.email github-actions@github.com 86 | 87 | git status 88 | git add -Av 89 | git stash save 90 | 91 | git fetch origin 92 | git checkout ${{ env.PAGES_BRANCH }} 93 | 94 | git checkout stash -- . 95 | 96 | git commit -m "Add ${{ env.TAG }} chart package" 97 | git push origin ${{ env.PAGES_BRANCH }} 98 | -------------------------------------------------------------------------------- /.github/workflows/test_selfhosted.yml: -------------------------------------------------------------------------------- 1 | name: Self Hosted Workflow 2 | on: 3 | workflow_dispatch: 4 | 5 | jobs: 6 | test: 7 | runs-on: self-hosted 8 | 9 | steps: 10 | - run: hostname 11 | - run: ps -aux 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /.helmignore: -------------------------------------------------------------------------------- 1 | .helmignore 2 | .git/ 3 | .github/ 4 | .gitignore 5 | kube-linter.config.yml 6 | -------------------------------------------------------------------------------- /Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | version: 1.0.0 3 | name: actions-runner 4 | description: Install GitHub Action self-hosted runners into a Kubernetes cluster. 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Red Hat. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OpenShift GitHub Actions Runner Chart 2 | 3 | [![Helm Lint](https://github.com/redhat-actions/openshift-actions-runner-chart/workflows/Helm%20Lint/badge.svg)](https://github.com/redhat-actions/openshift-actions-runner-chart/actions) 4 | [![Link checker](https://github.com/redhat-actions/openshift-actions-runner-chart/workflows/Link%20checker/badge.svg)](https://github.com/redhat-actions/openshift-actions-runner-chart/actions) 5 | [![Publish chart to Pages](https://github.com/redhat-actions/openshift-actions-runner-chart/workflows/Publish%20chart%20to%20Pages/badge.svg)](https://github.com/redhat-actions/openshift-actions-runner-chart/actions) 6 | 7 | [![Tag](https://img.shields.io/github/v/tag/redhat-actions/openshift-actions-runner-chart)](https://github.com/redhat-actions/openshift-actions-runner-chart/tags) 8 | [![Quay org](https://img.shields.io/badge/quay-redhat--github--actions-red)](https://quay.io/organization/redhat-github-actions) 9 | 10 | This repository contains a Helm chart for deploying one or more self-hosted [GitHub Actions Runners]((https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners)) 11 | into a Kubernetes cluster. By default, the container image used is the [**OpenShift Actions Runner**](https://github.com/redhat-actions/openshift-actions-runner). 12 | 13 | You can deploy runners automatically in an Actions workflow using the [**OpenShift Actions Runner Installer**](https://github.com/redhat-actions/openshift-actions-runner-installer). 14 | 15 | While this chart and the images are developed for and tested on OpenShift, they do not contain any OpenShift specific code and should be compatible with any Kubernetes platform. 16 | 17 | ## Prerequisites 18 | You must have access to a Kubernetes cluster. Visit [openshift.com/try](https://www.openshift.com/try) or sign up for our [Developer Sandbox](https://developers.redhat.com/developer-sandbox). 19 | 20 | You must have Helm 3 installed. 21 | 22 | You do **not** need cluster administrator privileges to deploy the runners and run workloads. However, some images or tools may require special permissions. 23 | 24 | ## Helm repository 25 | This GitHub repository serves a Helm repository through GitHub Pages. 26 | 27 | The repository can be added with: 28 | ``` 29 | helm repo add openshift-actions-runner https://redhat-actions.github.io/openshift-actions-runner-chart 30 | ``` 31 | 32 | The packaged charts can be browsed [here](https://github.com/redhat-actions/openshift-actions-runner-chart/tree/release-chart/packages). 33 | 34 | ## Installing runners 35 | 36 | You can install runners into your cluster using the Helm chart in this repository. 37 | 38 | 1. Runners can be scoped to an **organization** or a **repository**. Decide what the scope of your runner will be. 39 | - User-scoped runners are not supported by GitHub. 40 | 2. Determine how you will authorize the runner creation in GitHub. Choose one of the following: 41 | 42 | a. Create a GitHub Personal Access Token as per the PAT instructions in the [runner image README](https://github.com/redhat-actions/openshift-actions-runner#pat-guidelines). 43 | 44 | b. Create a GitHub App and install into your org or user account as per the app instructions in the [runner image README](https://github.com/redhat-actions/openshift-actions-runners/blob/main/docs/github-app-authentication.md). 45 | 46 | - Note that the default `secrets.GITHUB_TOKEN` **does not** have permission to manage self-hosted runners. See [Permissions for the GITHUB_TOKEN](https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token). 47 | 48 | 3. Add this repository as a Helm repository. 49 | ```bash 50 | helm repo add openshift-actions-runner \ 51 | https://redhat-actions.github.io/openshift-actions-runner-chart \ 52 | && helm repo update 53 | ``` 54 | You can also clone this repository and reference the chart's directory. This allows you to modify the chart if necessary. 55 | 56 | 4. Install the helm chart, which creates a deployment and a secret. Leave out `githubRepository` if you want an organization-scoped runner. 57 | - Add the `--namespace` argument to all `helm` and `kubectl/oc` commands if you want to use a namespace other than your current context's namespace. 58 | 59 | ```bash 60 | # Authorization from Step 2: 61 | # Either GITHUB_PAT, OR all 3 of GITHUB_APP_* 62 | export GITHUB_PAT=c0ffeeface1234567890 63 | # OR, GitHub App information: 64 | export GITHUB_APP_ID=123456 65 | export GITHUB_APP_INSTALL_ID=7890123 66 | export GITHUB_APP_PEM='----------BEGIN RSA PRIVATE KEY...' 67 | 68 | # For an org runner, this is the org. 69 | # For a repo runner, this is the repo owner (org or user). 70 | export GITHUB_OWNER=redhat-actions 71 | # For an org runner, omit this argument. 72 | # For a repo runner, the repo name. 73 | export GITHUB_REPO=openshift-actions-runner-chart 74 | # Helm release name to use. 75 | export RELEASE_NAME=actions-runner 76 | 77 | # If you cloned the repository (eg. to edit the chart) 78 | # replace openshift-actions-runner/actions-runner below with the directory containing Chart.yaml. 79 | 80 | # Installing using PAT Auth 81 | helm install $RELEASE_NAME openshift-actions-runner/actions-runner \ 82 | --set-string githubPat=$GITHUB_PAT \ 83 | --set-string githubOwner=$GITHUB_OWNER \ 84 | --set-string githubRepository=$GITHUB_REPO \ 85 | && echo "---------------------------------------" \ 86 | && helm get manifest $RELEASE_NAME | kubectl get -f - 87 | 88 | # OR, Installing using App Auth 89 | helm install $RELEASE_NAME openshift-actions-runner/actions-runner \ 90 | --set-string githubAppId=$GITHUB_APP_ID \ 91 | --set-string githubAppInstallId=$GITHUB_APP_INSTALL_ID \ 92 | --set-string githubAppPem="$GITHUB_APP_PEM" \ 93 | --set-string githubOwner=$GITHUB_OWNER \ 94 | --set-string githubRepository=$GITHUB_REPO \ 95 | && echo "---------------------------------------" \ 96 | && helm get manifest $RELEASE_NAME | kubectl get -f - 97 | ``` 98 | 5. You can re-run step 4 if you want to add runners with different images, labels, etc. You can leave out the `githubPat` or `githubApp*` strings on subsequent runs, since the chart will re-use an existing secret. 99 | 100 | 101 | The runners should show up under `Settings > Actions > Self-hosted runners` shortly afterward. 102 | 103 | ## Values 104 | 105 | You can override the default values such as resource limits and replica counts or inject environment variables by passing `--set` or `--set-string` to the `helm install` command. 106 | 107 | Refer to the [`values.yaml`](./values.yaml) for values that can be overridden. 108 | 109 | ## Using your own runner image 110 | Refer to [Building your own runner image](https://github.com/redhat-actions/openshift-actions-runner/tree/main/base#own-image). 111 | 112 | ## GitHub Enterprise Support 113 | Use `--set githubDomain=github.mycompany.com`. 114 | 115 | Refer to the [OpenShift Actions Runner README](https://github.com/redhat-actions/openshift-actions-runner#enterprise-support). 116 | 117 | ## Managing PATs 118 | See [the wiki](https://github.com/redhat-actions/openshift-actions-runner-chart/wiki/Managing-PATs) for a note on managing mulitple PATs, if you want to add a new PAT or replace an existing one. 119 | 120 | ## Troubleshooting 121 | You can view the resources created by Helm using `helm get manifest $RELEASE_NAME`, and then inspect those resources using `kubectl get`. 122 | 123 | The resources are also labeled with `app.kubernetes.io/instance={{ .Release.Name }}`, so you can view all the resources with: 124 | 125 | ```sh 126 | kubectl get all,secret -l=app.kubernetes.io/instance=$RELEASE_NAME 127 | ``` 128 | 129 | If the pods are created but stuck in a crash loop, view the logs with `kubectl logs ` to see the problem. Refer to the [runner container troubleshooting](https://github.com/redhat-actions/openshift-actions-runner#troubleshooting) to resolve any issues. 130 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-slate 2 | -------------------------------------------------------------------------------- /templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ .Release.Name }} 5 | labels: 6 | # https://helm.sh/docs/chart_best_practices/labels/ 7 | app.kubernetes.io/component: deployment 8 | # DO NOT edit the instance label, it is used by the runner installer action to find the installed pod. 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | app.kubernetes.io/name: {{ .Values.appName }} 12 | app.kubernetes.io/version: {{ .Chart.Version | quote }} 13 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 14 | {{- if .Values.annotations }} 15 | annotations: 16 | {{- toYaml .Values.annotations | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | selector: 20 | matchLabels: 21 | app.kubernetes.io/instance: {{ .Release.Name }} 22 | replicas: {{ .Values.replicas }} 23 | template: 24 | metadata: 25 | labels: 26 | # DO NOT edit the instance label, it is used by the runner installer action to find the installed pod. 27 | app.kubernetes.io/instance: {{ .Release.Name }} 28 | spec: 29 | serviceAccountName: {{ .Values.serviceAccountName }} 30 | securityContext: 31 | runAsNonRoot: true 32 | 33 | {{- with .Values.imagePullSecrets }} 34 | imagePullSecrets: 35 | {{- toYaml . | nindent 8 }} 36 | {{- end }} 37 | 38 | {{- if .Values.nodeSelector }} 39 | nodeSelector: 40 | {{- toYaml .Values.nodeSelector | nindent 8 }} 41 | {{- end }} 42 | 43 | {{- if .Values.affinity }} 44 | affinity: 45 | {{- toYaml .Values.affinity | nindent 8 }} 46 | {{- end }} 47 | 48 | volumes: 49 | # Enable custom cluster PKI 50 | # https://docs.openshift.com/container-platform/4.6/networking/configuring-a-custom-pki.html 51 | {{- if .Values.clusterPKI }} 52 | - name: trusted-ca 53 | configMap: 54 | name: trusted-ca 55 | items: 56 | - key: ca-bundle.crt 57 | path: tls-ca-bundle.pem 58 | {{- end }} 59 | 60 | containers: 61 | - name: {{ .Release.Name }} 62 | imagePullPolicy: Always 63 | 64 | {{- $taggedImage := printf "%s:%s" .Values.runnerImage .Values.runnerTag }} 65 | image: {{ $taggedImage }} 66 | 67 | env: 68 | - name: GITHUB_OWNER 69 | value: {{ required ".Values.githubOwner must be set." .Values.githubOwner }} 70 | - name: GITHUB_REPOSITORY 71 | value: {{ .Values.githubRepository }} 72 | - name: GITHUB_DOMAIN 73 | value: {{ .Values.githubDomain }} 74 | 75 | # The labels must be trimmed. The config script will stop reading labels if it encounters a space. 76 | - name: RUNNER_LABELS 77 | value: "{{ $taggedImage }},{{- range .Values.runnerLabels }}{{trim .}},{{- end }}" 78 | 79 | {{- if .Values.runnerGroup }} 80 | - name: RUNNER_GROUP 81 | value: {{ .Values.runnerGroup }} 82 | {{- end }} 83 | 84 | {{- if .Values.ephemeral }} 85 | - name: EPHEMERAL 86 | value: "{{ .Values.ephemeral }}" 87 | {{- end }} 88 | 89 | # App Auth 90 | {{- if .Values.githubAppId }} 91 | - name: GITHUB_APP_ID 92 | valueFrom: 93 | secretKeyRef: 94 | name: {{ .Values.appSecretName }} 95 | key: {{ .Values.appIdSecretKey}} 96 | - name: GITHUB_APP_INSTALL_ID 97 | valueFrom: 98 | secretKeyRef: 99 | name: {{ .Values.appSecretName }} 100 | key: {{ .Values.appInstallIdSecretKey}} 101 | - name: GITHUB_APP_PEM 102 | valueFrom: 103 | secretKeyRef: 104 | name: {{ .Values.appSecretName }} 105 | key: {{ .Values.appPemSecretKey}} 106 | {{- end }} 107 | 108 | # or, PAT Auth 109 | {{- if .Values.githubPat }} 110 | - name: GITHUB_PAT 111 | valueFrom: 112 | secretKeyRef: 113 | name: {{ .Values.secretName }} 114 | key: {{ .Values.secretKey }} 115 | {{- end }} 116 | 117 | # Any injected env values from values.yaml will go here 118 | {{- range .Values.runnerEnv }} 119 | - name: {{ .name }} 120 | value: {{ .value }} 121 | {{- end }} 122 | 123 | securityContext: 124 | 125 | resources: 126 | requests: 127 | memory: {{ .Values.memoryRequest }} 128 | cpu: {{ .Values.cpuRequest }} 129 | limits: 130 | memory: {{ .Values.memoryLimit }} 131 | cpu: {{ .Values.cpuLimit }} 132 | 133 | # Wait until the runner service is actually listening before the pod goes into the Ready state. 134 | # The entrypoint script takes 5-10s to connect to GitHub and start listening for jobs. 135 | # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#probe-v1-core 136 | readinessProbe: 137 | initialDelaySeconds: 5 138 | periodSeconds: 5 139 | failureThreshold: 1 140 | exec: 141 | command: 142 | - pgrep 143 | - Runner.Listener 144 | 145 | volumeMounts: 146 | {{- if .Values.clusterPKI }} 147 | - name: trusted-ca 148 | mountPath: /etc/pki/ca-trust/extracted/pem 149 | readOnly: true 150 | {{- end }} 151 | -------------------------------------------------------------------------------- /templates/github-app-secret.yml: -------------------------------------------------------------------------------- 1 | {{- if .Values.githubAppId }} 2 | 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ .Values.appSecretName }} 7 | labels: 8 | app.kubernetes.io/component: deployment 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | app.kubernetes.io/name: {{ .Values.appName }} 12 | app.kubernetes.io/version: {{ .Chart.Version | quote }} 13 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 14 | type: Opaque 15 | data: 16 | {{- $encodedAppId := (required ".Values.githubAppId must be set" .Values.githubAppId) | b64enc | quote }} 17 | {{- $encodedInstallId := (required ".Values.githubAppInstallId must be set" .Values.githubAppInstallId) | b64enc | quote }} 18 | {{- $encodedPEM := (required ".Values.githubAppPem must be set" .Values.githubAppPem) | b64enc | quote }} 19 | {{ .Values.appIdSecretKey }}: {{ $encodedAppId }} 20 | {{ .Values.appInstallIdSecretKey }}: {{ $encodedInstallId }} 21 | {{ .Values.appPemSecretKey }}: {{ $encodedPEM }} 22 | 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /templates/pat-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.githubPat }} 2 | 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ .Values.secretName }} 7 | labels: 8 | app.kubernetes.io/component: deployment 9 | app.kubernetes.io/instance: {{ .Release.Name }} 10 | app.kubernetes.io/managed-by: {{ .Release.Service }} 11 | app.kubernetes.io/name: {{ .Values.appName }} 12 | app.kubernetes.io/version: {{ .Chart.Version | quote }} 13 | helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 14 | type: Opaque 15 | data: 16 | {{- $encodedPAT := (required ".Values.githubPat must be set" .Values.githubPat) | b64enc | quote }} 17 | {{ .Values.secretKey }}: {{ $encodedPAT }} 18 | 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /templates/pki-configmap.yaml: -------------------------------------------------------------------------------- 1 | # Enable custom cluster PKI 2 | # https://docs.openshift.com/container-platform/4.6/networking/configuring-a-custom-pki.html 3 | {{- if .Values.clusterPKI }} 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: trusted-ca 8 | labels: 9 | config.openshift.io/inject-trusted-cabundle: "true" 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /values.yaml: -------------------------------------------------------------------------------- 1 | appName: actions-runner 2 | 3 | runnerImage: quay.io/redhat-github-actions/runner 4 | runnerTag: v1 5 | 6 | # GitHub organization or user. Required. 7 | # If githubRepository is set, this must be the organization or user who owns that repository. 8 | githubOwner: "" 9 | # GitHub repository to install runners to. Can be omitted for an organization-level runner. 10 | githubRepository: "" 11 | # If you're using GitHub Enterprise, enter your company domain here. 12 | # eg. github.mycompany.com 13 | githubDomain: "" 14 | 15 | ### Values for PAT Auth 16 | ### Refer to https://github.com/redhat-actions/openshift-actions-runners#pat-guidelines 17 | 18 | # The name of the k8s secret to create for PAT auth 19 | secretName: "github-pat" 20 | # The name of the key that points to the data within the secret. 21 | # Modify this to store multiple PATs in one secret. 22 | secretKey: "github-pat" 23 | # The PAT itself - must be set if the secret is being created. 24 | githubPat: "" 25 | 26 | ### End PAT Auth 27 | 28 | ### Values for GitHub App Auth 29 | ### Refer to https://github.com/redhat-actions/openshift-actions-runners/blob/main/docs/github-app-authentication.md 30 | 31 | # The name of the k8s secret to create for GitHub App Auth 32 | appSecretName: "github-app" 33 | # The name of the key that points to the Github App ID 34 | appIdSecretKey: "github-app-id" 35 | # The name of the key that points to the Github App Install ID 36 | appInstallIdSecretKey: "github-install-id" 37 | # The name of the key that points to the Github App PEM 38 | appPemSecretKey: "github-pem" 39 | ## All 3 githubApp values are required 40 | githubAppId: "" 41 | githubAppInstallId: "" 42 | githubAppPem: "" 43 | 44 | ### End App Auth 45 | 46 | # Pass labels using array syntax, which is curly braces surrounding comma-separated items. 47 | # --set runnerLabels="{ label1, label2 }" results in the labels "label1" and "label2". 48 | runnerLabels: [] 49 | 50 | # The name of an organization runner group name to attach the runner to 51 | runnerGroup: "" 52 | 53 | # Add annotations to the deployment. This is easist with a values file but can be done on the command line with: 54 | # --set annotations.= is equivalent to the values file: 55 | # annotations: 56 | # key: value 57 | annotations: {} 58 | 59 | # Refer to https://docs.openshift.com/container-platform/4.7/nodes/scheduling/nodes-scheduler-node-selectors.html 60 | # Add nodeSelector to the deployment. This is easiest with a values file but can be done on the command line with: 61 | # --set nodeSelector.= is equivalent to the values file: 62 | # nodeSelector: 63 | # key: value 64 | nodeSelector: {} 65 | 66 | # Private registries may require keys to read images from them. Specifying 67 | # ImagePullSecrets on a Pod is the recommended approach to run containers based 68 | # on images in private registries. 69 | imagePullSecrets: {} 70 | 71 | # Add affinity to the deployment. This is easist with a values file 72 | # Refer to https://docs.openshift.com/container-platform/4.7/nodes/scheduling/nodes-scheduler-node-affinity.html 73 | affinity: {} 74 | 75 | # Adjust replicas depending on your resources available, 76 | # and how many jobs you want to run concurrently. 77 | replicas: 1 78 | 79 | # If these should be registered as ephemeral runners 80 | # i.e. will quit and restart after running one job 81 | ephemeral: false 82 | 83 | serviceAccountName: default 84 | 85 | # Adjust requests and limits depending on your resources, 86 | # and how heavyweight your workloads are. 87 | memoryRequest: "512Mi" 88 | memoryLimit: "1Gi" 89 | cpuRequest: "100m" 90 | cpuLimit: "250m" 91 | 92 | # Enable custom cluster PKI loading 93 | # https://docs.openshift.com/container-platform/4.6/networking/configuring-a-custom-pki.html 94 | clusterPKI: false 95 | 96 | # You can inject arbitrary environment variables here: 97 | runnerEnv: 98 | # - name: ENV_VAR 99 | # value: env_value 100 | # or, through the command line: 101 | # --set runnerEnv[0].name="ENV_VAR" --set runnerEnv[0].value="env_value" 102 | 103 | ## Proxy Configuration Example: 104 | # - name: https_proxy 105 | # value: http://proxy.example.com:9000 106 | # - name: http_proxy 107 | # value: http://proxy.example.com:9000 108 | # - name: no_proxy 109 | # value: localhost 110 | --------------------------------------------------------------------------------