-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE] Optionally accept manually-generated $RUNNER_TOKEN instead of $GITHUB_PAT #10
Comments
@willhaines with your PR redhat-actions/openshift-actions-runners#10 merged into the runner image repository some time ago, are you interested in making this change in the chart, too? |
@tetchel I would very much still like to see this implemented, but due to a shift in team priorities, likely will not have time to work on it until September. In planning this work, I think it will require some significant changes to the chart, but maybe you an see a simpler path?
|
1 & 2 should be implemented anyway. Then we can evaluate how to add 3. |
I am very interested in this feature too :D |
Is your feature request related to a problem? Please describe.
My GitHub account owns many repositories, and it would be safer to provide a token scoped to a single repo or organization, rather than a PAT with admin access to every repository/org. I'm referring to the token that is provided when going through these steps https://docs.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners.
Describe the solution you'd like
Take advantage of the changes implemented in redhat-actions/openshift-actions-runners#10, which may include resolving #9. Additionally, this would include a pre-install (and maybe pre-upgrade) hook in the chart to run
registration.sh
as a Job before creating the Deployment.Describe alternatives you've considered
Currently, I could supply a bogus $GITHUB_PAT along with a valid $RUNNER_TOKEN, and everything would work until the Pod is recreated, at which point the runner would fail to authenticate because the RUNNER_TOKEN would have expired and the local creds file would be deleted.
Additional context
I should have time to make a PR for this in the next week or two, unless someone pipes up that this is actually impossible, or that it would not be merged for some reason.
The text was updated successfully, but these errors were encountered: