feat: allow ephemeral runner to be optional

[thejasn]

Changes

• add ephemeral option to runner.spec

    ....
    template:
       spec:
           ephemeral: false
           repository: mumoshu/actions-runner-controller-ci
    ....
  

• defaults to true

• entrypoint.sh in runner/Dockerfile modified to read RUNNER_EPHEMERAL flag

Fixes

• Ephemeral Runner: Can we make this optional? #457

[mumoshu]

@thejasn Hey! Thank yoy so much for your efforts ☺️
I'm looking forward to merge this.
How did you test this BTW? My theory says it should work without any problem. But it's still good to know if you were able to create, scale-down/up a RunnerDeployment successfully with ephemeral: false.

[thejasn]

Hey @mumoshu,

Tested it on a kind cluster, pretty much followed the procedure in the Makefile(some changes in registries, timeouts, etc).
I did it try out the creation of RunnerDeployments, both with ephemeral: false as well as without the field.
With regards to scale-up/down didn't test it using Github webhooks just tried it out with the HorizontalRunnerAutoScaler, was able to run jobs on multiple replicas at the same time.

Test Output

• pod spec

    name: example-runnerdeploy-jpwb9-r2knj
    namespace: default
    ownerReferences:
    - apiVersion: actions.summerwind.dev/v1alpha1
      blockOwnerDeletion: true
      controller: true
      kind: Runner
      name: example-runnerdeploy-jpwb9-r2knj
      uid: 02839e1f-8ef0-4f5b-a621-9e3d0f17cc91
    resourceVersion: "43686"
    uid: c39b5b84-a0f6-4e10-bcf9-73e50cf7829f
    spec:
    containers:
    - env:
      - name: RUNNER_NAME
        value: example-runnerdeploy-jpwb9-r2knj
      - name: RUNNER_ORG
      - name: RUNNER_REPO
        value: thejasn/Tsekaro
      - name: RUNNER_ENTERPRISE
      - name: RUNNER_LABELS
      - name: RUNNER_GROUP
      - name: RUNNER_TOKEN
        value: <-------sometoken---------->
      - name: DOCKERD_IN_RUNNER
        value: "false"
      - name: GITHUB_URL
        value: https://github.com/
      - name: RUNNER_WORKDIR
        value: /runner/_work
      - name: RUNNER_EPHEMERAL
        value: "false"
      - name: DOCKER_HOST
        value: tcp://localhost:2376
      - name: DOCKER_TLS_VERIFY
        value: "1"
      - name: DOCKER_CERT_PATH
        value: /certs/client
      image: thejasn/actions-runner:latest
      imagePullPolicy: Always
      name: runner
      resources: {}
  

• Action Output
  • github actions with new runner
• Pod Output

  ❯ kubectl logs -f example-runnerdeploy-jpwb9-r2knj runner
  Github endpoint URL https://github.com/
  
  --------------------------------------------------------------------------------
  |        ____ _ _   _   _       _          _        _   _                      |
  |       / ___(_) |_| | | |_   _| |__      / \   ___| |_(_) ___  _ __  ___      |
  |      | |  _| | __| |_| | | | | '_ \    / _ \ / __| __| |/ _ \| '_ \/ __|     |
  |      | |_| | | |_|  _  | |_| | |_) |  / ___ \ (__| |_| | (_) | | | \__ \     |
  |       \____|_|\__|_| |_|\__,_|_.__/  /_/   \_\___|\__|_|\___/|_| |_|___/     |
  |                                                                              |
  |                       Self-hosted runner registration                        |
  |                                                                              |
  --------------------------------------------------------------------------------
  
  # Authentication
  
  
  √ Connected to GitHub
  
  # Runner Registration
  
  
  
  √ Runner successfully added
  √ Runner connection is good
  
  # Runner settings
  
  
  √ Settings Saved.
  
  16c16
  < ./externals/node12/bin/node ./bin/RunnerService.js &
  ---
  > ./externals/node12/bin/node ./bin/RunnerService.js $* &
  20c20
  < wait $PID
  ---
  > wait $PID
  \ No newline at end of file
  27c27
  <                 listener = childProcess.spawn(listenerExePath, ['run'], { env: process.env });
  ---
  >                 listener = childProcess.spawn(listenerExePath, ['run'].concat(process.argv.slice(3)), { env: process.env });
  30c30
  <                 listener = childProcess.spawn(listenerExePath, ['run', '--startuptype', 'service'], { env: process.env });
  ---
  >                 listener = childProcess.spawn(listenerExePath, ['run', '--startuptype', 'service'].concat(process.argv.slice(2)), { env: process.env });
  34c34
  <         
  ---
  > 
  59c59
  <                 
  ---
  > 
  91c91
  < });
  ---
  > });
  \ No newline at end of file
  .path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  Starting Runner listener with startup type: service
  Started listener process
  Started running service
  
  √ Connected to GitHub
  
  2021-05-01 13:48:55Z: Listening for Jobs
  Runner update in progress, do not shutdown runner.
  Downloading 2.278.0 runner
  Waiting for current job finish running.
  Generate and execute update script.
  Runner will exit shortly for update, should back online within 10 seconds.
  Runner listener exited with error code 3
  Runner listener exit because of updating, re-launch runner in 5 seconds.
  Starting Runner listener with startup type: service
  Started listener process
  
  √ Connected to GitHub
  
  2021-05-01 13:49:40Z: Listening for Jobs
  2021-05-01 13:50:07Z: Running job: greet
  2021-05-01 13:50:14Z: Job greet completed with result: Succeeded
  2021-05-01 13:50:45Z: Running job: greet
  2021-05-01 13:50:51Z: Job greet completed with result: Succeeded
  
  

[mumoshu]

I think this breaks newly released runner images to not work with previous versions of actions-runner-controller.

I'm not saying we must support all the previous actions-runner-controller releases, but I'd love it if it could support one or two previous versions.

That being said, can we probably make this backward-compatible by changing the conditional to:

Suggested change

	if [ "${RUNNER_EPHEMERAL}" == "true" ]; then
	if [ "${RUNNER_EPHEMERAL}" != "false" ]; then

WDYT?

[thejasn]

It is backward-compatible as per what I tested, this condition evaluates the variable to true when the field isn't mentioned.

[mumoshu]

@thejasn Yes, it does seem to be backward-compatible in terms of Runner CRD changes.

What I was saying about was though newer runner images being deployed by older actions-runner-controller and older CRDs.

Unlike the controller, runner images are continuously built and released from our default branch, without waiting for a controller release. That implies an older version of actions-runner-controller may use newer runner images depending on the configuration on the user's side.

If the older version of actions-runner-controller instructed to use the latest runner image build after this change, wouldn't the runner pod gets an empty RUNNER_EPHEMERAL which results in missing --once?

That's what I wanted to say.

[thejasn]

Understood, didn't know runner would be released independently of the controller.

[mumoshu]

LGTM. Thank you so much for your contribution @thejasn ☺️

[thejasn]

Hey @mumoshu, I think the docker creds are missing, actions seemed to have failed.

[mumoshu]

@thejasn Thanks for reporting! See #509 and #510. It should work now.

[thejasn]

@thejasn Thanks for reporting! See #509 and #510. It should work now.

Cool, thanks @mumoshu!