add ca certs option + maven settings support

Author: eksrha

charts/github-actions-runner/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.15
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/github-actions-runner/templates/_helpers.tpl

@@ -61,6 +61,17 @@ Create the name of the service account to use
 {{- end }}
 {{- end }}
 
+{{/*
+Create the image deployment string of init-runner
+*/}}
+{{- define "github-actions-runner.init" -}}
+{{- if not .Values.runner.flavor.override }}
+{{- printf "%s:%s-%s" .Values.image.repository (.Values.image.tag | default .Chart.AppVersion) "init" }}
+{{- else }}
+{{- printf "%s:%s" .Values.image.repository (.Values.image.tag | default .Chart.AppVersion) }}
+{{- end }}
+{{- end }}
+
 {{/*
 Create the image deployment string of runner
 */}}

…-actions-runner/templates/configmap.yaml …ions-runner/templates/configmap-env.yamlcharts/github-actions-runner/templates/configmap.yaml renamed to charts/github-actions-runner/templates/configmap-env.yaml charts/github-actions-runner/templates/configmap.yaml renamed to charts/github-actions-runner/templates/configmap-env.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ .Release.Name }}-configmap
+  name: {{ .Release.Name }}-configmap-env
   labels:
     {{- include "github-actions-runner.labels" . | nindent 4 }}
 data:

charts/github-actions-runner/templates/configmap-files.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-configmap-files
+  labels:
+    {{- include "github-actions-runner.labels" . | nindent 4 }}
+data:
+  {{- if .Values.runner.additionalFiles.maven.settingsXml }}
+  settings.xml: |- {{ .Values.runner.additionalFiles.maven.settingsXml | nindent 4 }}
+  {{- end }}

charts/github-actions-runner/templates/deployment.yaml

@@ -34,6 +34,9 @@ spec:
         - name: workspace-volume
           emptyDir: {}
         {{- end }}
+        - name: ca-certificates.crt
+          configMap: 
+            name: "{{ .Values.runner.customCerts.caCertificatesCrt }}"
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
@@ -53,6 +56,10 @@ spec:
           volumeMounts:
             - name: workspace-volume
               mountPath: /kaniko/workspace/
+            {{- if .Values.runner.customCerts.caCertificatesCrt }}
+            - name: ca-certificates.crt
+              mountPath: /kaniko/ssl/certs/ca-certificates.crt
+            {{- end }}
             {{- if .Values.runner.kaniko.mountedSecret }}
             - name: pull-secret
               readOnly: true
@@ -66,6 +73,10 @@ spec:
           image: {{ include "github-actions-runner.runner-image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           volumeMounts:
+            {{- if .Values.runner.customCerts.caCertificatesCrt }}
+            - name: ca-certificates.crt
+              mountPath: /etc/ssl/certs/ca-certificates.crt
+            {{- end }}
             {{- if .Values.runner.kaniko.enabled }}
             - name: workspace-volume
               mountPath: /kaniko/workspace/
@@ -81,7 +92,7 @@ spec:
             - secretRef:
                 name: {{ .Release.Name }}-secret
             - configMapRef:
-                name: {{ .Release.Name }}-configmap
+                name: {{ .Release.Name }}-configmap-env
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/github-actions-runner/values.yaml

@@ -17,7 +17,10 @@ runner:
     override: false
   labels: ""
   # inject the runner custom env variables
-  env: []
+  env:
+    []
+    # - name: TEST_ENV
+    #   value: "some value"
   kaniko:
     enabled: true
     image:
@@ -30,6 +33,36 @@ runner:
     organisation: "fullstack-devpos"
     repository: ""
     accessToken: ""
+  # custom certs will be used in the runner and kaniko, as well in java (if you using it)
+  customCerts:
+    # Paste your custom ca-certificates.crt:
+    configMapRef: ""
+  additionalFiles:
+    maven:
+      # example settings.xml, will be placed in global .m2 folder
+      settingsXml:
+        ""
+        # <settings xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/settings-1.1.0.xsd">
+        #     <mirrors>
+        #         <mirror>
+        #             <id>custom-nexus</id>
+        #             <mirrorOf>*</mirrorOf>
+        #             <url>https://example.intra.com/repository/maven-public/</url>
+        #         </mirror>
+        #     </mirrors>
+        #     <servers>
+        #         <server>
+        #             <id>custom-maven-releases</id>
+        #             <username>${maven.username}</username>
+        #             <password>${maven.password}</password>
+        #         </server>
+        #         <server>
+        #             <id>custom-maven-snapshots</id>
+        #             <username>${maven.username}</username>
+        #             <password>${maven.password}</password>
+        #         </server>
+        #     </servers>
+        # </settings>
 
 imagePullSecrets: []
 nameOverride: ""