Allow listener service account annotations#4360
Open
jonny-rimek wants to merge 2 commits intoactions:masterfrom
Open
Allow listener service account annotations#4360jonny-rimek wants to merge 2 commits intoactions:masterfrom
jonny-rimek wants to merge 2 commits intoactions:masterfrom
Conversation
jonny-rimek
requested review from
mumoshu,
nikola-jokic and
toast-gear
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds support for configuring custom annotations and labels on the listener service account through the AutoscalingRunnerSet and AutoscalingListener specifications.
Changes:
- Added
ListenerServiceAccountstruct with annotations and labels fields to the CRD specs - Implemented reconciliation logic to update existing service accounts when metadata changes
- Extended RBAC permissions to allow update, patch, and delete operations on service accounts
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| controllers/actions.github.com/resourcebuilder_test.go | Added test coverage for listener service account metadata propagation |
| controllers/actions.github.com/resourcebuilder.go | Updated service account builder to merge custom labels and annotations |
| controllers/actions.github.com/autoscalinglistener_controller.go | Implemented reconciliation logic for service account updates and added RBAC permissions |
| config/rbac/role.yaml | Added patch and update verbs for service account operations |
| config/crd/bases/actions.github.com_autoscalingrunnersets.yaml | Added listenerServiceAccount field to CRD schema |
| config/crd/bases/actions.github.com_autoscalinglisteners.yaml | Added listenerServiceAccount field to CRD schema |
| charts/gha-runner-scale-set-controller/crds/actions.github.com_autoscalingrunnersets.yaml | Added listenerServiceAccount field to Helm chart CRD |
| charts/gha-runner-scale-set-controller/crds/actions.github.com_autoscalinglisteners.yaml | Added listenerServiceAccount field to Helm chart CRD |
| apis/actions.github.com/v1alpha1/zz_generated.deepcopy.go | Generated deep copy methods for new ListenerServiceAccount type |
| apis/actions.github.com/v1alpha1/autoscalingrunnerset_types.go | Added ListenerServiceAccount field to AutoscalingRunnerSetSpec |
| apis/actions.github.com/v1alpha1/autoscalinglistener_types.go | Defined ListenerServiceAccount type and added field to AutoscalingListenerSpec |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
The logic here prevents overwriting existing labels, but the same pattern is not applied to annotations (lines 444-447). This inconsistency could lead to confusion. Consider either applying the same non-overwrite logic to annotations or documenting why annotations should overwrite while labels should not.
Suggested change
| // Unlike labels above, annotations from ListenerServiceAccount are intended | |
| // to fully define the ServiceAccount's annotations, so we copy them | |
| // directly instead of merging or preserving any existing values. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What?
Why?
Listener service accounts are created without any annotations/labels and are not reconciled after creation. This adds an explicit spec field so users can provide metadata and have it applied consistently.
The goal is to resolve the following issue #4293 (comment)