From 59543016c0a80a0cadafbeb662da53ca4731b78f Mon Sep 17 00:00:00 2001 From: Andrew Stoltz Date: Mon, 25 May 2026 22:22:41 -0500 Subject: [PATCH] runners: add github-runner-updater Deployment FlowerCore.Updater had only the offline bluejay-ws-sandbox-1 Windows runner registered (the specialized fcsetup E2E target) and no Linux self-hosted runner, leaving the repo with no Linux PR-CI capacity for any future workflow. Modeled on github-runner-pimanager (Sprint 32 long-tail final entry, 2026-05-25); two replicas with per-pod emptyDir caches to keep ReadWriteOnce PVC contention out of the picture. Also registers github-runner-updater in the LinuxRunnerRepos + ScaledLinuxRunnerDeployments fleet-lint sets so future suite repairs treat the entry as canonically required (the 6 pre-existing lint failures on this file family are orthogonal: initContainer single- container count assertion + fc-updater IngressRoute POST allowlist + DM ApplicationSet convention drift). Co-Authored-By: Claude Opus 4.7 (1M context) --- apps/github-runner/github-runner.yaml | 134 ++++++++++++++++++ .../FleetManifestLintTests.cs | 2 + 2 files changed, 136 insertions(+) diff --git a/apps/github-runner/github-runner.yaml b/apps/github-runner/github-runner.yaml index 0d3fe1b..d9af771 100644 --- a/apps/github-runner/github-runner.yaml +++ b/apps/github-runner/github-runner.yaml @@ -4030,6 +4030,140 @@ spec: - name: tmp emptyDir: {} restartPolicy: Always +--- +# Runner for FlowerCore.Updater. Two replicas use per-pod emptyDir caches, so +# backlog can drain without sharing a ReadWriteOnce PVC. Added 2026-05-26 to +# close the runner-fleet gap that left the repo with only the offline +# windows-sandbox runner and no Linux PR-CI capacity for future workflows. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: github-runner-updater + namespace: github-runner + labels: + app.kubernetes.io/name: github-runner-updater + app.kubernetes.io/component: runner + app.kubernetes.io/part-of: flowercore + app.kubernetes.io/managed-by: argocd + flowercore.io/created-by: argocd + flowercore.io/runner-repo: updater + flowercore.io/github-repo: FlowerCore.Updater +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: github-runner-updater + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: github-runner-updater + app.kubernetes.io/component: runner + app.kubernetes.io/part-of: flowercore + flowercore.io/created-by: argocd + flowercore.io/runner-repo: updater + flowercore.io/github-repo: FlowerCore.Updater + spec: + serviceAccountName: github-runner + securityContext: + runAsNonRoot: true + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + initContainers: + - name: setup-runner-home + image: localhost/fc-github-runner:v20260525-ruby3.3.11-stepca + imagePullPolicy: Never + command: + - sh + - -c + - | + set -e + mkdir -p /home/runner/.dotnet /home/runner/.nuget/packages /home/runner/.nuget/NuGet /home/runner/.cache /home/runner/_tool + if [ -d /opt/runner-toolcache/Ruby ] && [ ! -d /home/runner/_tool/Ruby ]; then + cp -a /opt/runner-toolcache/Ruby /home/runner/_tool/ + fi + chown -R 1001:1001 /home/runner/.dotnet /home/runner/.nuget /home/runner/.cache /home/runner/_tool + chmod -R 755 /home/runner/.dotnet /home/runner/.nuget /home/runner/.cache /home/runner/_tool + securityContext: + runAsUser: 0 + runAsNonRoot: false + volumeMounts: + - name: runner-home + mountPath: /home/runner + containers: + - name: runner + image: localhost/fc-github-runner:v20260525-ruby3.3.11-stepca + imagePullPolicy: Never + env: + - name: REPO_URL + value: "https://github.com/astoltz/FlowerCore.Updater" + - name: RUNNER_NAME_PREFIX + value: "rke2-linux-updater" + - name: RUNNER_WORKDIR + value: "/tmp/runner/work" + - name: EPHEMERAL + value: "true" + - name: LABELS + value: "self-hosted,linux,fc-build-linux" + - name: HOME + value: "/home/runner" + - name: DOTNET_INSTALL_DIR + value: "/home/runner/.dotnet" + - name: DOTNET_CLI_TELEMETRY_OPTOUT + value: "1" + - name: DOTNET_NOLOGO + value: "1" + - name: DOTNET_GENERATE_ASPNET_CERTIFICATE + value: "false" + - name: DOTNET_CLI_HOME + value: "/home/runner" + - name: NUGET_PACKAGES + value: "/home/runner/.nuget/packages" + - name: XDG_CACHE_HOME + value: "/home/runner/.cache" + - name: RUNNER_TOOL_CACHE + value: "/home/runner/_tool" + - name: ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: github-runner-token + key: credential + - name: RUN_AS_ROOT + value: "false" + resources: + requests: + cpu: "500m" + memory: "1Gi" + limits: + cpu: "2000m" + memory: "4Gi" + volumeMounts: + - name: runner-home + mountPath: /home/runner + - name: nuget-cache + mountPath: /home/runner/.nuget/packages + - name: tmp + mountPath: /tmp + livenessProbe: + exec: + command: + - /bin/sh + - -c + - "pgrep -f Runner.Listener > /dev/null" + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 3 + volumes: + - name: runner-home + emptyDir: {} + - name: nuget-cache + emptyDir: + sizeLimit: 2Gi + - name: tmp + emptyDir: {} + restartPolicy: Always # Long-tail runner pattern: # diff --git a/tests/bluejay-infra-lint/FleetManifestLintTests.cs b/tests/bluejay-infra-lint/FleetManifestLintTests.cs index eb9683d..e7ad012 100644 --- a/tests/bluejay-infra-lint/FleetManifestLintTests.cs +++ b/tests/bluejay-infra-lint/FleetManifestLintTests.cs @@ -67,6 +67,7 @@ public sealed class FleetManifestLintTests ["github-runner-chat"] = "https://github.com/astoltz/FlowerCore.Chat", ["github-runner-mysql"] = "https://github.com/astoltz/FlowerCore.MySQL", ["github-runner-kiosk-linux"] = "https://github.com/astoltz/FlowerCore.Kiosk.Linux", + ["github-runner-updater"] = "https://github.com/astoltz/FlowerCore.Updater", }; private static readonly HashSet ScaledLinuxRunnerDeployments = new(StringComparer.Ordinal) @@ -80,6 +81,7 @@ public sealed class FleetManifestLintTests "github-runner-chat", "github-runner-mysql", "github-runner-kiosk-linux", + "github-runner-updater", }; private static readonly IReadOnlyDictionary WritableRunnerEnv = new Dictionary(StringComparer.Ordinal) -- 2.49.1