From 71f8fa7b885769bbef5667df96cb08c9ffc4a52b Mon Sep 17 00:00:00 2001
From: auricom <27022259+auricom@users.noreply.github.com>
Date: Mon, 25 Dec 2023 16:43:06 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=91=20actions-runner-controller?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../app/externalsecret.yaml                   | 12 ++++++-
 .../app/helmrelease.yaml                      |  2 --
 .../runners/helmrelease.yaml                  | 36 ++++++++++---------
 3 files changed, 30 insertions(+), 20 deletions(-)

diff --git a/kubernetes/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml
index 644cdfac4..fad35c8d0 100644
--- a/kubernetes/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml
+++ b/kubernetes/apps/actions-runner-system/actions-runner-controller/app/externalsecret.yaml
@@ -11,7 +11,17 @@ spec:
     name: onepassword-connect
   target:
     name: actions-runner-controller-auth-secret
+    template:
+      engineVersion: v2
+      data:
+        ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID: |-
+          {{ .ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID }}
+        ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID: |-
+          {{ .ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID }}
+        ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY: |-
+          {{ .ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY }}
+        ACTION_RUNNER_CONTROLLER_GITHUB_WEBHOOK_SECRET_TOKEN: |-
+          {{ .ACTION_RUNNER_CONTROLLER_GITHUB_WEBHOOK_SECRET_TOKEN }}
   dataFrom:
     - extract:
-        # github_app_id, github_app_installation_id, github_app_private_key
         key: actions-runner-controller
diff --git a/kubernetes/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml
index 1763ff1fb..f931cf4df 100644
--- a/kubernetes/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml
+++ b/kubernetes/apps/actions-runner-system/actions-runner-controller/app/helmrelease.yaml
@@ -15,9 +15,7 @@ spec:
         kind: HelmRepository
         name: actions-runner-controller
         namespace: flux-system
-  maxHistory: 2
   install:
-    createNamespace: true
     crds: CreateReplace
     remediation:
       retries: 3
diff --git a/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/helmrelease.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/helmrelease.yaml
index b35a94942..628a4b547 100644
--- a/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/helmrelease.yaml
+++ b/kubernetes/apps/actions-runner-system/actions-runner-controller/runners/helmrelease.yaml
@@ -15,9 +15,7 @@ spec:
         kind: HelmRepository
         name: actions-runner-controller
         namespace: flux-system
-  maxHistory: 2
   install:
-    createNamespace: true
     remediation:
       retries: 3
   upgrade:
@@ -26,28 +24,32 @@ spec:
       retries: 3
   uninstall:
     keepHistory: false
+  valuesFrom:
+    - targetPath: githubConfigSecret.github_app_id
+      kind: Secret
+      name: actions-runner-controller-auth-secret
+      valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_APP_ID
+    - targetPath: githubConfigSecret.github_app_installation_id
+      kind: Secret
+      name: actions-runner-controller-auth-secret
+      valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_INSTALLATION_ID
+    - targetPath: githubConfigSecret.github_app_private_key
+      kind: Secret
+      name: actions-runner-controller-auth-secret
+      valuesKey: ACTION_RUNNER_CONTROLLER_GITHUB_PRIVATE_KEY
   values:
     runnerScaleSetName: arc-runner-set-home-ops
     githubConfigUrl: https://github.com/auricom/home-ops
     minRunners: 1
-    maxRunners: 3
+    maxRunners: 6
     containerMode:
       type: dind
     template:
       spec:
         containers:
           - name: runner
-            image: ghcr.io/onedr0p/github-actions-runner:rolling@sha256:97b74a2c9ae3f573e5168a247d3e0a14bd18aaf1e7b1003192090f4a089a8c07
-  valuesFrom:
-    - kind: Secret
-      name: actions-runner-controller-auth-secret
-      valuesKey: github_app_id
-      targetPath: githubConfigSecret.github_app_id
-    - kind: Secret
-      name: actions-runner-controller-auth-secret
-      valuesKey: github_app_installation_id
-      targetPath: githubConfigSecret.github_app_installation_id
-    - kind: Secret
-      name: actions-runner-controller-auth-secret
-      valuesKey: github_app_private_key
-      targetPath: githubConfigSecret.github_app_private_key
+            image: ghcr.io/actions/actions-runner:2.311.0
+            command: ["/home/runner/run.sh"]
+    controllerServiceAccount:
+      name: actions-runner-controller-gha-rs-controller
+      namespace: actions-runner-system