Manually bump dependencies since it needs fixes related to the controller runtime API

Makefile

@@ -314,7 +314,7 @@ ifeq (, $(wildcard $(GOBIN)/controller-gen))
 	CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
 	cd $$CONTROLLER_GEN_TMP_DIR ;\
 	go mod init tmp ;\
-	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.19.0 ;\
+	go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.20.1 ;\
 	rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
 	}
 endif

apis/actions.summerwind.net/v1alpha1/runner_webhook.go

@@ -18,68 +18,55 @@ package v1alpha1
 
 import (
 	"context"
-	"fmt"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // log is for logging in this package.
 var runnerLog = logf.Log.WithName("runner-resource")
 
 func (r *Runner) SetupWebhookWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewWebhookManagedBy(mgr).
-		For(r).
+	return ctrl.NewWebhookManagedBy(mgr, r).
 		WithDefaulter(&RunnerDefaulter{}).
 		WithValidator(&RunnerValidator{}).
 		Complete()
 }
 
 // +kubebuilder:webhook:path=/mutate-actions-summerwind-dev-v1alpha1-runner,verbs=create;update,mutating=true,failurePolicy=fail,groups=actions.summerwind.dev,resources=runners,versions=v1alpha1,name=mutate.runner.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1
 
-var _ webhook.CustomDefaulter = &RunnerDefaulter{}
+var _ admission.Defaulter[*Runner] = &RunnerDefaulter{}
 
 type RunnerDefaulter struct{}
 
-// Default implements webhook.Defaulter so a webhook will be registered for the type
-func (*RunnerDefaulter) Default(ctx context.Context, obj runtime.Object) error {
-	// Nothing to do.
+// Default implements [admission.Defaulter].
+func (in *RunnerDefaulter) Default(ctx context.Context, obj *Runner) error {
 	return nil
 }
 
 // +kubebuilder:webhook:path=/validate-actions-summerwind-dev-v1alpha1-runner,verbs=create;update,mutating=false,failurePolicy=fail,groups=actions.summerwind.dev,resources=runners,versions=v1alpha1,name=validate.runner.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1
 
-var _ webhook.CustomValidator = &RunnerValidator{}
+var _ admission.Validator[*Runner] = &RunnerValidator{}
 
 type RunnerValidator struct{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (*RunnerValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
-	r, ok := obj.(*Runner)
-	if !ok {
-		return nil, fmt.Errorf("expected Runner object, got %T", obj)
-	}
+func (*RunnerValidator) ValidateCreate(ctx context.Context, r *Runner) (admission.Warnings, error) {
 	runnerLog.Info("validate resource to be created", "name", r.Name)
 	return nil, r.Validate()
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (*RunnerValidator) ValidateUpdate(ctx context.Context, old, obj runtime.Object) (admission.Warnings, error) {
-	r, ok := obj.(*Runner)
-	if !ok {
-		return nil, fmt.Errorf("expected Runner object, got %T", obj)
-	}
+func (*RunnerValidator) ValidateUpdate(ctx context.Context, old, r *Runner) (admission.Warnings, error) {
 	runnerLog.Info("validate resource to be updated", "name", r.Name)
 	return nil, r.Validate()
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (*RunnerValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
+func (*RunnerValidator) ValidateDelete(ctx context.Context, obj *Runner) (admission.Warnings, error) {
 	return nil, nil
 }
 

apis/actions.summerwind.net/v1alpha1/runnerdeployment_webhook.go

@@ -18,68 +18,56 @@ package v1alpha1
 
 import (
 	"context"
-	"fmt"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // log is for logging in this package.
 var runnerDeploymentLog = logf.Log.WithName("runnerdeployment-resource")
 
 func (r *RunnerDeployment) SetupWebhookWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewWebhookManagedBy(mgr).
-		For(r).
+	return ctrl.NewWebhookManagedBy(mgr, r).
 		WithDefaulter(&RunnerDeploymentDefaulter{}).
 		WithValidator(&RunnerDeploymentValidator{}).
 		Complete()
 }
 
 // +kubebuilder:webhook:path=/mutate-actions-summerwind-dev-v1alpha1-runnerdeployment,verbs=create;update,mutating=true,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerdeployments,versions=v1alpha1,name=mutate.runnerdeployment.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1
 
-var _ webhook.CustomDefaulter = &RunnerDeploymentDefaulter{}
+var _ admission.Defaulter[*RunnerDeployment] = &RunnerDeploymentDefaulter{}
 
 type RunnerDeploymentDefaulter struct{}
 
 // Default implements webhook.Defaulter so a webhook will be registered for the type
-func (*RunnerDeploymentDefaulter) Default(context.Context, runtime.Object) error {
+func (*RunnerDeploymentDefaulter) Default(context.Context, *RunnerDeployment) error {
 	// Nothing to do.
 	return nil
 }
 
 // +kubebuilder:webhook:path=/validate-actions-summerwind-dev-v1alpha1-runnerdeployment,verbs=create;update,mutating=false,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerdeployments,versions=v1alpha1,name=validate.runnerdeployment.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1
 
-var _ webhook.CustomValidator = &RunnerDeploymentValidator{}
+var _ admission.Validator[*RunnerDeployment] = &RunnerDeploymentValidator{}
 
 type RunnerDeploymentValidator struct{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (*RunnerDeploymentValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
-	r, ok := obj.(*RunnerDeployment)
-	if !ok {
-		return nil, fmt.Errorf("expected RunnerDeployment object, got %T", obj)
-	}
+func (*RunnerDeploymentValidator) ValidateCreate(ctx context.Context, r *RunnerDeployment) (admission.Warnings, error) {
 	runnerDeploymentLog.Info("validate resource to be created", "name", r.Name)
 	return nil, r.Validate()
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (*RunnerDeploymentValidator) ValidateUpdate(ctx context.Context, old, obj runtime.Object) (admission.Warnings, error) {
-	r, ok := obj.(*RunnerDeployment)
-	if !ok {
-		return nil, fmt.Errorf("expected RunnerDeployment object, got %T", obj)
-	}
+func (*RunnerDeploymentValidator) ValidateUpdate(ctx context.Context, old, r *RunnerDeployment) (admission.Warnings, error) {
 	runnerDeploymentLog.Info("validate resource to be updated", "name", r.Name)
 	return nil, r.Validate()
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (*RunnerDeploymentValidator) ValidateDelete(context.Context, runtime.Object) (admission.Warnings, error) {
+func (*RunnerDeploymentValidator) ValidateDelete(context.Context, *RunnerDeployment) (admission.Warnings, error) {
 	return nil, nil
 }
 

apis/actions.summerwind.net/v1alpha1/runnerreplicaset_webhook.go

@@ -18,68 +18,56 @@ package v1alpha1
 
 import (
 	"context"
-	"fmt"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // log is for logging in this package.
 var runnerReplicaSetLog = logf.Log.WithName("runnerreplicaset-resource")
 
 func (r *RunnerReplicaSet) SetupWebhookWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewWebhookManagedBy(mgr).
-		For(r).
+	return ctrl.NewWebhookManagedBy(mgr, r).
 		WithDefaulter(&RunnerReplicaSetDefaulter{}).
 		WithValidator(&RunnerReplicaSetValidator{}).
 		Complete()
 }
 
 // +kubebuilder:webhook:path=/mutate-actions-summerwind-dev-v1alpha1-runnerreplicaset,verbs=create;update,mutating=true,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerreplicasets,versions=v1alpha1,name=mutate.runnerreplicaset.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1
 
-var _ webhook.CustomDefaulter = &RunnerReplicaSetDefaulter{}
+var _ admission.Defaulter[*RunnerReplicaSet] = &RunnerReplicaSetDefaulter{}
 
 type RunnerReplicaSetDefaulter struct{}
 
 // Default implements webhook.Defaulter so a webhook will be registered for the type
-func (*RunnerReplicaSetDefaulter) Default(context.Context, runtime.Object) error {
+func (*RunnerReplicaSetDefaulter) Default(context.Context, *RunnerReplicaSet) error {
 	// Nothing to do.
 	return nil
 }
 
 // +kubebuilder:webhook:path=/validate-actions-summerwind-dev-v1alpha1-runnerreplicaset,verbs=create;update,mutating=false,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerreplicasets,versions=v1alpha1,name=validate.runnerreplicaset.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1
 
-var _ webhook.CustomValidator = &RunnerReplicaSetValidator{}
+var _ admission.Validator[*RunnerReplicaSet] = &RunnerReplicaSetValidator{}
 
 type RunnerReplicaSetValidator struct{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (*RunnerReplicaSetValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
-	r, ok := obj.(*RunnerReplicaSet)
-	if !ok {
-		return nil, fmt.Errorf("expected RunnerReplicaSet object, got %T", obj)
-	}
+func (*RunnerReplicaSetValidator) ValidateCreate(ctx context.Context, r *RunnerReplicaSet) (admission.Warnings, error) {
 	runnerReplicaSetLog.Info("validate resource to be created", "name", r.Name)
 	return nil, r.Validate()
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (*RunnerReplicaSetValidator) ValidateUpdate(ctx context.Context, old, obj runtime.Object) (admission.Warnings, error) {
-	r, ok := obj.(*RunnerReplicaSet)
-	if !ok {
-		return nil, fmt.Errorf("expected RunnerReplicaSet object, got %T", obj)
-	}
+func (*RunnerReplicaSetValidator) ValidateUpdate(ctx context.Context, old, r *RunnerReplicaSet) (admission.Warnings, error) {
 	runnerReplicaSetLog.Info("validate resource to be updated", "name", r.Name)
 	return nil, r.Validate()
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (*RunnerReplicaSetValidator) ValidateDelete(context.Context, runtime.Object) (admission.Warnings, error) {
+func (*RunnerReplicaSetValidator) ValidateDelete(context.Context, *RunnerReplicaSet) (admission.Warnings, error) {
 	return nil, nil
 }
 

charts/actions-runner-controller/crds/actions.summerwind.dev_horizontalrunnerautoscalers.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.1
   name: horizontalrunnerautoscalers.actions.summerwind.dev
 spec:
   group: actions.summerwind.dev

charts/actions-runner-controller/crds/actions.summerwind.dev_runnerdeployments.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.1
   name: runnerdeployments.actions.summerwind.dev
 spec:
   group: actions.summerwind.dev
@@ -1861,7 +1861,9 @@ spec:
                                     type: integer
                                 type: object
                               resizePolicy:
-                                description: Resources resize policy for the container.
+                                description: |-
+                                  Resources resize policy for the container.
+                                  This field cannot be set on ephemeral containers.
                                 items:
                                   description: ContainerResizePolicy represents resource resize policy for the container.
                                   properties:
@@ -5323,7 +5325,9 @@ spec:
                                     type: integer
                                 type: object
                               resizePolicy:
-                                description: Resources resize policy for the container.
+                                description: |-
+                                  Resources resize policy for the container.
+                                  This field cannot be set on ephemeral containers.
                                 items:
                                   description: ContainerResizePolicy represents resource resize policy for the container.
                                   properties:
@@ -7090,7 +7094,9 @@ spec:
                                     type: integer
                                 type: object
                               resizePolicy:
-                                description: Resources resize policy for the container.
+                                description: |-
+                                  Resources resize policy for the container.
+                                  This field cannot be set on ephemeral containers.
                                 items:
                                   description: ContainerResizePolicy represents resource resize policy for the container.
                                   properties:
@@ -7741,9 +7747,10 @@ spec:
                               operator:
                                 description: |-
                                   Operator represents a key's relationship to the value.
-                                  Valid operators are Exists and Equal. Defaults to Equal.
+                                  Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
                                   Exists is equivalent to wildcard for value, so that a pod can
                                   tolerate all taints of a particular category.
+                                  Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
                                 type: string
                               tolerationSeconds:
                                 description: |-
@@ -8573,7 +8580,7 @@ spec:
                                           resources:
                                             description: |-
                                               resources represents the minimum resources the volume should have.
-                                              If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                              Users are allowed to specify resource requirements
                                               that are lower than previous value but must still be higher than capacity recorded in the
                                               status field of the claim.
                                               More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -9408,6 +9415,24 @@ spec:
                                             signerName:
                                               description: Kubelet's generated CSRs will be addressed to this signer.
                                               type: string
+                                            userAnnotations:
+                                              additionalProperties:
+                                                type: string
+                                              description: |-
+                                                userAnnotations allow pod authors to pass additional information to
+                                                the signer implementation.  Kubernetes does not restrict or validate this
+                                                metadata in any way.
+
+                                                These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of
+                                                the PodCertificateRequest objects that Kubelet creates.
+
+                                                Entries are subject to the same validation as object metadata annotations,
+                                                with the addition that all keys must be domain-prefixed. No restrictions
+                                                are placed on values, except an overall size limitation on the entire field.
+
+                                                Signers should document the keys and values they support. Signers should
+                                                deny requests that contain keys they do not recognize.
+                                              type: object
                                           required:
                                             - keyType
                                             - signerName