From d1a1412ea32e3b587004bb0591103dbe313e8f9e Mon Sep 17 00:00:00 2001 From: Ian Moroney <10791260+IanMoroney@users.noreply.github.com> Date: Thu, 10 Jun 2021 17:07:10 +0100 Subject: [PATCH 1/4] Update README.md Updated readme as the instructions were missing details about enabling github app authentication when installing the helm chart instead of manually applying it. Added more detailed instructions for the manual method. --- README.md | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index b0a4d0d3..4b144655 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,9 @@ Depending on whether the GitHub application will operate at a repository or orga * Organization level * Self Hosted Runners - Read/Write -Once the GitHub application has been created, obtain the integration ID and download the private key. +Once the GitHub application has been created, go to the "General" tab of the github app. Under the "About" section, note down the `App ID`. +Scroll down to the `Private keys` section and generate and download a private key. +Install the app from the "install App" section of the github app. A Github application can only be used by injecting environment variables into the Operator deployment. It is recommended that credentials be stored as Kubernetes secrets and then injected into the operator deployment. @@ -45,14 +47,6 @@ Create a secret called `github-runner-app` by executing the following command in kubectl create secret generic github-runner-app --from-literal=GITHUB_APP_INTEGRATION_ID= --from-file=GITHUB_APP_PRIVATE_KEY= ``` -Finally define the following on the operator deployment: - -```shell script -envFrom: -- secretRef: - name: github-runner-app -```` - 2. Using [Personal Access Tokens (PAT)](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token) Create a Personal Access token with rights at a repository or organization level. @@ -113,7 +107,7 @@ Use the following steps to create a namespace and install the operator into the ```shell script helm repo add evryfs-oss https://evryfs.github.io/helm-charts/ kubectl create namespace github-actions-runner-operator -helm install github-actions-runner-operator evryfs-oss/github-actions-runner-operator --namespace github-actions-runner-operator +helm install github-actions-runner-operator evryfs-oss/github-actions-runner-operator --namespace github-actions-runner-operator --set githubapp.existingSecret=github-runner-app --set githubapp.enabled=true ``` ### Manual @@ -127,6 +121,23 @@ _Note:_ The [Kustomize](https://kustomize.io/) tool is required make install ``` +Update the values.yaml file depending on how you deploy the secret for the github app: + +#### Kubernetes Secret: +```shell script +githubapp: + enabled: true + existingSecret: "github-runner-app" +```` + +#### Manually passing values: +```shell script +githubapp: + enabled: true + integrationId: "" + privateKey: +```` + 2. Deploy the Operator ```shell script From 86db6495f4b8b5d64b1ef19b68f001cea9195a76 Mon Sep 17 00:00:00 2001 From: Ian Moroney <10791260+IanMoroney@users.noreply.github.com> Date: Thu, 10 Jun 2021 17:13:52 +0100 Subject: [PATCH 2/4] Update garo_v1alpha1_githubactionrunner.yaml Added additional comment about tokenRef, increased visibility of replacing the org name in two places (maybe this should just be one instead of two?) Removed maven example, as that was preventing the pod from being scheduled at all. example included no sample settings.xml so the example is incomplete. This way, the example will run first time without errors. --- .../samples/garo_v1alpha1_githubactionrunner.yaml | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/config/samples/garo_v1alpha1_githubactionrunner.yaml b/config/samples/garo_v1alpha1_githubactionrunner.yaml index b2a47817..f0515e34 100644 --- a/config/samples/garo_v1alpha1_githubactionrunner.yaml +++ b/config/samples/garo_v1alpha1_githubactionrunner.yaml @@ -9,11 +9,12 @@ spec: # max number of pods, required maxRunners: 6 # the github org, required - organization: yourOrg + organization: # How often it will reconcile, optional, default 1m reconciliationPeriod: 1m # if runner for repo, optional # repository: "theRepoName" + # tokenRef not required if using helm chart with secret deployed. tokenRef: key: GH_TOKEN name: actions-runner @@ -49,7 +50,7 @@ spec: - name: DOCKER_CERT_PATH value: /certs/client - name: GH_ORG - value: yourOrg + value: # if runner for repo: # - name: GH_REPO # value: theRepoName @@ -69,10 +70,6 @@ spec: name: runner-diag - mountPath: /home/runner/_work name: runner-work - - mountPath: /home/runner/.m2 - name: mvn-repo - - mountPath: /home/runner/.m2/settings.xml - name: settings-xml - name: docker env: - name: DOCKER_TLS_CERTDIR @@ -106,13 +103,7 @@ spec: name: runner-work - emptyDir: {} name: runner-diag - - emptyDir: {} - name: mvn-repo - emptyDir: {} name: docker-storage - emptyDir: {} name: docker-certs - - configMap: - defaultMode: 420 - name: settings-xml - name: settings-xml From 46c50cf7dd391355836c03c98c03878a2afd51c3 Mon Sep 17 00:00:00 2001 From: Ian Moroney <10791260+IanMoroney@users.noreply.github.com> Date: Thu, 10 Jun 2021 17:22:02 +0100 Subject: [PATCH 3/4] Update README.md removed trailing colons --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4b144655..15822392 100644 --- a/README.md +++ b/README.md @@ -123,14 +123,14 @@ make install Update the values.yaml file depending on how you deploy the secret for the github app: -#### Kubernetes Secret: +#### Kubernetes Secret ```shell script githubapp: enabled: true existingSecret: "github-runner-app" ```` -#### Manually passing values: +#### Manually passing values ```shell script githubapp: enabled: true From 90be0115b763a01b60355ef978264b12331791f8 Mon Sep 17 00:00:00 2001 From: Ian Moroney <10791260+IanMoroney@users.noreply.github.com> Date: Thu, 10 Jun 2021 19:49:36 +0100 Subject: [PATCH 4/4] Update garo_v1alpha1_githubactionrunner.yaml --- .../garo_v1alpha1_githubactionrunner.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/config/samples/garo_v1alpha1_githubactionrunner.yaml b/config/samples/garo_v1alpha1_githubactionrunner.yaml index f0515e34..08e4048e 100644 --- a/config/samples/garo_v1alpha1_githubactionrunner.yaml +++ b/config/samples/garo_v1alpha1_githubactionrunner.yaml @@ -54,6 +54,11 @@ spec: # if runner for repo: # - name: GH_REPO # value: theRepoName + # if using maven, optional: + # - mountPath: /home/runner/.m2 + # name: mvn-repo + # - mountPath: /home/runner/.m2/settings.xml + # name: settings-xml envFrom: - secretRef: name: runner-pool-regtoken @@ -70,6 +75,11 @@ spec: name: runner-diag - mountPath: /home/runner/_work name: runner-work + # if using maven, optional: + # - mountPath: /home/runner/.m2 + # name: mvn-repo + # - mountPath: /home/runner/.m2/settings.xml + # name: settings-xml - name: docker env: - name: DOCKER_TLS_CERTDIR @@ -103,7 +113,15 @@ spec: name: runner-work - emptyDir: {} name: runner-diag + # if using maven, optional: + # - emptyDir: {} + # name: mvn-repo - emptyDir: {} name: docker-storage - emptyDir: {} name: docker-certs + # if using maven, optional: + # - configMap: + # defaultMode: 420 + # name: settings-xml + # name: settings-xml