diff --git a/apps/github-runner/github-runner.yaml b/apps/github-runner/github-runner.yaml index 886da73..7cb3629 100644 --- a/apps/github-runner/github-runner.yaml +++ b/apps/github-runner/github-runner.yaml @@ -4168,6 +4168,409 @@ spec: - name: tmp emptyDir: {} restartPolicy: Always +--- +# Runner for FlowerCore.DeviceManagement. Two replicas use per-pod emptyDir +# caches, so backlog can drain without sharing a ReadWriteOnce PVC. Added +# 2026-05-26 morning-routine — DM had ZERO registered runners while Sprint 37 +# Cx-1 PRs #20 (CI-to-Linux migration), #21 (WDAC), and #22 (AppLocker) were +# all queued indefinitely. Chicken-and-egg: the migration PRs need Linux +# runners that the migration creates. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: github-runner-device-management + namespace: github-runner + labels: + app.kubernetes.io/name: github-runner-device-management + app.kubernetes.io/component: runner + app.kubernetes.io/part-of: flowercore + app.kubernetes.io/managed-by: argocd + flowercore.io/created-by: argocd + flowercore.io/runner-repo: device-management + flowercore.io/github-repo: FlowerCore.DeviceManagement +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: github-runner-device-management + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: github-runner-device-management + app.kubernetes.io/component: runner + app.kubernetes.io/part-of: flowercore + flowercore.io/created-by: argocd + flowercore.io/runner-repo: device-management + flowercore.io/github-repo: FlowerCore.DeviceManagement + spec: + serviceAccountName: github-runner + securityContext: + runAsNonRoot: true + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + initContainers: + - name: setup-runner-home + image: localhost/fc-github-runner:v20260525-ruby3.3.11-stepca + imagePullPolicy: Never + command: + - sh + - -c + - | + set -e + mkdir -p /home/runner/.dotnet /home/runner/.nuget/packages /home/runner/.nuget/NuGet /home/runner/.cache /home/runner/_tool + if [ -d /opt/runner-toolcache/Ruby ] && [ ! -d /home/runner/_tool/Ruby ]; then + cp -a /opt/runner-toolcache/Ruby /home/runner/_tool/ + fi + chown -R 1001:1001 /home/runner/.dotnet /home/runner/.nuget /home/runner/.cache /home/runner/_tool + chmod -R 755 /home/runner/.dotnet /home/runner/.nuget /home/runner/.cache /home/runner/_tool + securityContext: + runAsUser: 0 + runAsNonRoot: false + volumeMounts: + - name: runner-home + mountPath: /home/runner + containers: + - name: runner + image: localhost/fc-github-runner:v20260525-ruby3.3.11-stepca + imagePullPolicy: Never + env: + - name: REPO_URL + value: "https://github.com/astoltz/FlowerCore.DeviceManagement" + - name: RUNNER_NAME_PREFIX + value: "rke2-linux-device-management" + - name: RUNNER_WORKDIR + value: "/tmp/runner/work" + - name: EPHEMERAL + value: "true" + - name: LABELS + value: "self-hosted,linux,fc-build-linux" + - name: HOME + value: "/home/runner" + - name: DOTNET_INSTALL_DIR + value: "/home/runner/.dotnet" + - name: DOTNET_CLI_TELEMETRY_OPTOUT + value: "1" + - name: DOTNET_NOLOGO + value: "1" + - name: DOTNET_GENERATE_ASPNET_CERTIFICATE + value: "false" + - name: DOTNET_CLI_HOME + value: "/home/runner" + - name: NUGET_PACKAGES + value: "/home/runner/.nuget/packages" + - name: XDG_CACHE_HOME + value: "/home/runner/.cache" + - name: RUNNER_TOOL_CACHE + value: "/home/runner/_tool" + - name: ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: github-runner-token + key: credential + - name: RUN_AS_ROOT + value: "false" + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "2000m" + memory: "4Gi" + volumeMounts: + - name: runner-home + mountPath: /home/runner + - name: nuget-cache + mountPath: /home/runner/.nuget/packages + - name: tmp + mountPath: /tmp + livenessProbe: + exec: + command: + - /bin/sh + - -c + - "pgrep -f Runner.Listener > /dev/null" + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + volumes: + - name: runner-home + emptyDir: {} + - name: nuget-cache + emptyDir: + sizeLimit: 2Gi + - name: tmp + emptyDir: {} + restartPolicy: Always +--- +# Runner for FlowerCore.AiStation.Linux. Two replicas use per-pod emptyDir +# caches. Added 2026-05-26 — #13 master-CI-fix PR was queued indefinitely +# (Linux job has no runner; Windows job remains queued until the Windows +# runner host substrate lands per Sprint 36 v2 Cl-2 / ADR-174). +apiVersion: apps/v1 +kind: Deployment +metadata: + name: github-runner-aistation-linux + namespace: github-runner + labels: + app.kubernetes.io/name: github-runner-aistation-linux + app.kubernetes.io/component: runner + app.kubernetes.io/part-of: flowercore + app.kubernetes.io/managed-by: argocd + flowercore.io/created-by: argocd + flowercore.io/runner-repo: aistation-linux + flowercore.io/github-repo: FlowerCore.AiStation.Linux +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: github-runner-aistation-linux + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: github-runner-aistation-linux + app.kubernetes.io/component: runner + app.kubernetes.io/part-of: flowercore + flowercore.io/created-by: argocd + flowercore.io/runner-repo: aistation-linux + flowercore.io/github-repo: FlowerCore.AiStation.Linux + spec: + serviceAccountName: github-runner + securityContext: + runAsNonRoot: true + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + initContainers: + - name: setup-runner-home + image: localhost/fc-github-runner:v20260525-ruby3.3.11-stepca + imagePullPolicy: Never + command: + - sh + - -c + - | + set -e + mkdir -p /home/runner/.dotnet /home/runner/.nuget/packages /home/runner/.nuget/NuGet /home/runner/.cache /home/runner/_tool + if [ -d /opt/runner-toolcache/Ruby ] && [ ! -d /home/runner/_tool/Ruby ]; then + cp -a /opt/runner-toolcache/Ruby /home/runner/_tool/ + fi + chown -R 1001:1001 /home/runner/.dotnet /home/runner/.nuget /home/runner/.cache /home/runner/_tool + chmod -R 755 /home/runner/.dotnet /home/runner/.nuget /home/runner/.cache /home/runner/_tool + securityContext: + runAsUser: 0 + runAsNonRoot: false + volumeMounts: + - name: runner-home + mountPath: /home/runner + containers: + - name: runner + image: localhost/fc-github-runner:v20260525-ruby3.3.11-stepca + imagePullPolicy: Never + env: + - name: REPO_URL + value: "https://github.com/astoltz/FlowerCore.AiStation.Linux" + - name: RUNNER_NAME_PREFIX + value: "rke2-linux-aistation-linux" + - name: RUNNER_WORKDIR + value: "/tmp/runner/work" + - name: EPHEMERAL + value: "true" + - name: LABELS + value: "self-hosted,linux,fc-build-linux" + - name: HOME + value: "/home/runner" + - name: DOTNET_INSTALL_DIR + value: "/home/runner/.dotnet" + - name: DOTNET_CLI_TELEMETRY_OPTOUT + value: "1" + - name: DOTNET_NOLOGO + value: "1" + - name: DOTNET_GENERATE_ASPNET_CERTIFICATE + value: "false" + - name: DOTNET_CLI_HOME + value: "/home/runner" + - name: NUGET_PACKAGES + value: "/home/runner/.nuget/packages" + - name: XDG_CACHE_HOME + value: "/home/runner/.cache" + - name: RUNNER_TOOL_CACHE + value: "/home/runner/_tool" + - name: ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: github-runner-token + key: credential + - name: RUN_AS_ROOT + value: "false" + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "2000m" + memory: "4Gi" + volumeMounts: + - name: runner-home + mountPath: /home/runner + - name: nuget-cache + mountPath: /home/runner/.nuget/packages + - name: tmp + mountPath: /tmp + livenessProbe: + exec: + command: + - /bin/sh + - -c + - "pgrep -f Runner.Listener > /dev/null" + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + volumes: + - name: runner-home + emptyDir: {} + - name: nuget-cache + emptyDir: + sizeLimit: 2Gi + - name: tmp + emptyDir: {} + restartPolicy: Always +--- +# Runner for FlowerCore.WorldBuilder. Two replicas use per-pod emptyDir +# caches. Added 2026-05-26 — #3 and #4 Linux migration PRs queued +# indefinitely with one stale offline runner registered against the repo. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: github-runner-worldbuilder + namespace: github-runner + labels: + app.kubernetes.io/name: github-runner-worldbuilder + app.kubernetes.io/component: runner + app.kubernetes.io/part-of: flowercore + app.kubernetes.io/managed-by: argocd + flowercore.io/created-by: argocd + flowercore.io/runner-repo: worldbuilder + flowercore.io/github-repo: FlowerCore.WorldBuilder +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: github-runner-worldbuilder + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: github-runner-worldbuilder + app.kubernetes.io/component: runner + app.kubernetes.io/part-of: flowercore + flowercore.io/created-by: argocd + flowercore.io/runner-repo: worldbuilder + flowercore.io/github-repo: FlowerCore.WorldBuilder + spec: + serviceAccountName: github-runner + securityContext: + runAsNonRoot: true + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + initContainers: + - name: setup-runner-home + image: localhost/fc-github-runner:v20260525-ruby3.3.11-stepca + imagePullPolicy: Never + command: + - sh + - -c + - | + set -e + mkdir -p /home/runner/.dotnet /home/runner/.nuget/packages /home/runner/.nuget/NuGet /home/runner/.cache /home/runner/_tool + if [ -d /opt/runner-toolcache/Ruby ] && [ ! -d /home/runner/_tool/Ruby ]; then + cp -a /opt/runner-toolcache/Ruby /home/runner/_tool/ + fi + chown -R 1001:1001 /home/runner/.dotnet /home/runner/.nuget /home/runner/.cache /home/runner/_tool + chmod -R 755 /home/runner/.dotnet /home/runner/.nuget /home/runner/.cache /home/runner/_tool + securityContext: + runAsUser: 0 + runAsNonRoot: false + volumeMounts: + - name: runner-home + mountPath: /home/runner + containers: + - name: runner + image: localhost/fc-github-runner:v20260525-ruby3.3.11-stepca + imagePullPolicy: Never + env: + - name: REPO_URL + value: "https://github.com/astoltz/FlowerCore.WorldBuilder" + - name: RUNNER_NAME_PREFIX + value: "rke2-linux-worldbuilder" + - name: RUNNER_WORKDIR + value: "/tmp/runner/work" + - name: EPHEMERAL + value: "true" + - name: LABELS + value: "self-hosted,linux,fc-build-linux" + - name: HOME + value: "/home/runner" + - name: DOTNET_INSTALL_DIR + value: "/home/runner/.dotnet" + - name: DOTNET_CLI_TELEMETRY_OPTOUT + value: "1" + - name: DOTNET_NOLOGO + value: "1" + - name: DOTNET_GENERATE_ASPNET_CERTIFICATE + value: "false" + - name: DOTNET_CLI_HOME + value: "/home/runner" + - name: NUGET_PACKAGES + value: "/home/runner/.nuget/packages" + - name: XDG_CACHE_HOME + value: "/home/runner/.cache" + - name: RUNNER_TOOL_CACHE + value: "/home/runner/_tool" + - name: ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: github-runner-token + key: credential + - name: RUN_AS_ROOT + value: "false" + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "2000m" + memory: "4Gi" + volumeMounts: + - name: runner-home + mountPath: /home/runner + - name: nuget-cache + mountPath: /home/runner/.nuget/packages + - name: tmp + mountPath: /tmp + livenessProbe: + exec: + command: + - /bin/sh + - -c + - "pgrep -f Runner.Listener > /dev/null" + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + volumes: + - name: runner-home + emptyDir: {} + - name: nuget-cache + emptyDir: + sizeLimit: 2Gi + - name: tmp + emptyDir: {} + restartPolicy: Always # Long-tail runner pattern: # @@ -4175,3 +4578,6 @@ spec: # Common as the only PVC-backed runner at replicas: 1. Any future multi-replica # runner must use per-pod emptyDir caches, not a shared ReadWriteOnce PVC. # 2026-05-25: PiManager added (was missed in the Sprint 32 long-tail sweep). +# 2026-05-26: Updater + DeviceManagement + AiStation.Linux + WorldBuilder +# added by the morning-routine sweep — those repos had had ZERO online Linux +# PR-CI capacity, blocking the Sprint 37 Cx-1 Linux-CI-migration PRs.