aboutsummaryrefslogtreecommitdiffstats
path: root/.github
diff options
context:
space:
mode:
Diffstat (limited to '.github')
-rw-r--r--.github/arc_config/runner.yaml38
-rw-r--r--.github/arc_config/values.yaml204
2 files changed, 204 insertions, 38 deletions
diff --git a/.github/arc_config/runner.yaml b/.github/arc_config/runner.yaml
deleted file mode 100644
index 6dd1c89e1..000000000
--- a/.github/arc_config/runner.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 2023 syzkaller project authors. All rights reserved.
-# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
-
-apiVersion: actions.summerwind.dev/v1alpha1
-kind: RunnerDeployment
-metadata:
- name: k8s-action-runner
- namespace: actions-runner-system
-spec:
- template:
- spec:
- repository: google/syzkaller
- resources:
- requests:
- cpu: "31"
- memory: "26Gi"
- limits:
- memory: "28Gi"
- labels:
- - k8s-env
-
----
-
-apiVersion: actions.summerwind.dev/v1alpha1
-kind: HorizontalRunnerAutoscaler
-metadata:
- name: k8s-action-runner-autoscaler
- namespace: actions-runner-system
-spec:
- scaleTargetRef:
- kind: RunnerDeployment
- name: k8s-action-runner
- minReplicas: 3
- maxReplicas: 10
- metrics:
- - type: TotalNumberOfQueuedAndInProgressWorkflowRuns
- repositoryNames:
- - google/syzkaller
diff --git a/.github/arc_config/values.yaml b/.github/arc_config/values.yaml
new file mode 100644
index 000000000..db7b63fd9
--- /dev/null
+++ b/.github/arc_config/values.yaml
@@ -0,0 +1,204 @@
+## githubConfigUrl is the GitHub url for where you want to configure runners
+## ex: https://github.com/myorg/myrepo or https://github.com/myorg
+githubConfigUrl: ""
+
+## githubConfigSecret is the k8s secrets to use when auth with GitHub API.
+## You can choose to use GitHub App or a PAT token
+githubConfigSecret:
+ ### GitHub Apps Configuration
+ ## NOTE: IDs MUST be strings, use quotes
+ #github_app_id: ""
+ #github_app_installation_id: ""
+ #github_app_private_key: |
+
+ ### GitHub PAT Configuration
+ github_token: ""
+## If you have a pre-define Kubernetes secret in the same namespace the gha-runner-scale-set is going to deploy,
+## you can also reference it via `githubConfigSecret: pre-defined-secret`.
+## You need to make sure your predefined secret has all the required secret data set properly.
+## For a pre-defined secret using GitHub PAT, the secret needs to be created like this:
+## > kubectl create secret generic pre-defined-secret --namespace=my_namespace --from-literal=github_token='ghp_your_pat'
+## For a pre-defined secret using GitHub App, the secret needs to be created like this:
+## > kubectl create secret generic pre-defined-secret --namespace=my_namespace --from-literal=github_app_id=123456 --from-literal=github_app_installation_id=654321 --from-literal=github_app_private_key='-----BEGIN CERTIFICATE-----*******'
+# githubConfigSecret: pre-defined-secret
+
+## proxy can be used to define proxy settings that will be used by the
+## controller, the listener and the runner of this scale set.
+#
+# proxy:
+# http:
+# url: http://proxy.com:1234
+# credentialSecretRef: proxy-auth # a secret with `username` and `password` keys
+# https:
+# url: http://proxy.com:1234
+# credentialSecretRef: proxy-auth # a secret with `username` and `password` keys
+# noProxy:
+# - example.com
+# - example.org
+
+## maxRunners is the max number of runners the autoscaling runner set will scale up to.
+# maxRunners: 5
+
+## minRunners is the min number of idle runners. The target number of runners created will be
+## calculated as a sum of minRunners and the number of jobs assigned to the scale set.
+# minRunners: 0
+
+# runnerGroup: "default"
+
+## name of the runner scale set to create. Defaults to the helm release name
+# runnerScaleSetName: ""
+
+## A self-signed CA certificate for communication with the GitHub server can be
+## provided using a config map key selector. If `runnerMountPath` is set, for
+## each runner pod ARC will:
+## - create a `github-server-tls-cert` volume containing the certificate
+## specified in `certificateFrom`
+## - mount that volume on path `runnerMountPath`/{certificate name}
+## - set NODE_EXTRA_CA_CERTS environment variable to that same path
+## - set RUNNER_UPDATE_CA_CERTS environment variable to "1" (as of version
+## 2.303.0 this will instruct the runner to reload certificates on the host)
+##
+## If any of the above had already been set by the user in the runner pod
+## template, ARC will observe those and not overwrite them.
+## Example configuration:
+#
+# githubServerTLS:
+# certificateFrom:
+# configMapKeyRef:
+# name: config-map-name
+# key: ca.crt
+# runnerMountPath: /usr/local/share/ca-certificates/
+
+## Container mode is an object that provides out-of-box configuration
+## for dind and kubernetes mode. Template will be modified as documented under the
+## template object.
+##
+## If any customization is required for dind or kubernetes mode, containerMode should remain
+## empty, and configuration should be applied to the template.
+# containerMode:
+# type: "dind" ## type can be set to dind or kubernetes
+# ## the following is required when containerMode.type=kubernetes
+# kubernetesModeWorkVolumeClaim:
+# accessModes: ["ReadWriteOnce"]
+# # For local testing, use https://github.com/openebs/dynamic-localpv-provisioner/blob/develop/docs/quickstart.md to provide dynamic provision volume with storageClassName: openebs-hostpath
+# storageClassName: "dynamic-blob-storage"
+# resources:
+# requests:
+# storage: 1Gi
+# kubernetesModeServiceAccount:
+# annotations:
+
+## template is the PodSpec for each listener Pod
+## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
+# listenerTemplate:
+# spec:
+# containers:
+# # Use this section to append additional configuration to the listener container.
+# # If you change the name of the container, the configuration will not be applied to the listener,
+# # and it will be treated as a side-car container.
+# - name: listener
+# securityContext:
+# runAsUser: 1000
+# # Use this section to add the configuration of a side-car container.
+# # Comment it out or remove it if you don't need it.
+# # Spec for this container will be applied as is without any modifications.
+# - name: side-car
+# image: example-sidecar
+
+## template is the PodSpec for each runner Pod
+## For reference: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec
+template:
+ ## template.spec will be modified if you change the container mode
+ ## with containerMode.type=dind, we will populate the template.spec with following pod spec
+ ## template:
+ ## spec:
+ ## initContainers:
+ ## - name: init-dind-externals
+ ## image: ghcr.io/actions/actions-runner:latest
+ ## command: ["cp", "-r", "-v", "/home/runner/externals/.", "/home/runner/tmpDir/"]
+ ## volumeMounts:
+ ## - name: dind-externals
+ ## mountPath: /home/runner/tmpDir
+ ## containers:
+ ## - name: runner
+ ## image: ghcr.io/actions/actions-runner:latest
+ ## command: ["/home/runner/run.sh"]
+ ## env:
+ ## - name: DOCKER_HOST
+ ## value: unix:///run/docker/docker.sock
+ ## volumeMounts:
+ ## - name: work
+ ## mountPath: /home/runner/_work
+ ## - name: dind-sock
+ ## mountPath: /run/docker
+ ## readOnly: true
+ ## - name: dind
+ ## image: docker:dind
+ ## args:
+ ## - dockerd
+ ## - --host=unix:///run/docker/docker.sock
+ ## - --group=$(DOCKER_GROUP_GID)
+ ## env:
+ ## - name: DOCKER_GROUP_GID
+ ## value: "123"
+ ## securityContext:
+ ## privileged: true
+ ## volumeMounts:
+ ## - name: work
+ ## mountPath: /home/runner/_work
+ ## - name: dind-sock
+ ## mountPath: /run/docker
+ ## - name: dind-externals
+ ## mountPath: /home/runner/externals
+ ## volumes:
+ ## - name: work
+ ## emptyDir: {}
+ ## - name: dind-sock
+ ## emptyDir: {}
+ ## - name: dind-externals
+ ## emptyDir: {}
+ ######################################################################################################
+ ## with containerMode.type=kubernetes, we will populate the template.spec with following pod spec
+ ## template:
+ ## spec:
+ ## containers:
+ ## - name: runner
+ ## image: ghcr.io/actions/actions-runner:latest
+ ## command: ["/home/runner/run.sh"]
+ ## env:
+ ## - name: ACTIONS_RUNNER_CONTAINER_HOOKS
+ ## value: /home/runner/k8s/index.js
+ ## - name: ACTIONS_RUNNER_POD_NAME
+ ## valueFrom:
+ ## fieldRef:
+ ## fieldPath: metadata.name
+ ## - name: ACTIONS_RUNNER_REQUIRE_JOB_CONTAINER
+ ## value: "true"
+ ## volumeMounts:
+ ## - name: work
+ ## mountPath: /home/runner/_work
+ ## volumes:
+ ## - name: work
+ ## ephemeral:
+ ## volumeClaimTemplate:
+ ## spec:
+ ## accessModes: [ "ReadWriteOnce" ]
+ ## storageClassName: "local-path"
+ ## resources:
+ ## requests:
+ ## storage: 1Gi
+ spec:
+ containers:
+ - name: runner
+ image: ghcr.io/actions/actions-runner:latest
+ command: ["/home/runner/run.sh"]
+
+## Optional controller service account that needs to have required Role and RoleBinding
+## to operate this gha-runner-scale-set installation.
+## The helm chart will try to find the controller deployment and its service account at installation time.
+## In case the helm chart can't find the right service account, you can explicitly pass in the following value
+## to help it finish RoleBinding with the right service account.
+## Note: if your controller is installed to only watch a single namespace, you have to pass these values explicitly.
+# controllerServiceAccount:
+# namespace: arc-system
+# name: test-arc-gha-runner-scale-set-controller \ No newline at end of file
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 18:01:55 +0000