actions-runner-dind-rootless image not built for runner version 2.317.0

[mantoine96]

Checks

• I've already read https://github.com/actions/actions-runner-controller/blob/master/TROUBLESHOOTING.md and I'm sure my issue is not covered in the troubleshooting guide.
• I'm not using a custom entrypoint in my runner image

Controller Version

v0.27.6

Helm Chart Version

No response

CertManager Version

No response

Deployment Method

Helm

cert-manager installation

N/A

Checks

• This isn't a question or user support case (For Q&A and community support, go to Discussions. It might also be a good idea to contract with any of contributors and maintainers if your business is so critical and therefore you need priority support
• I've read releasenotes before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes
• My actions-runner-controller version (v0.x.y) does support the feature
• I've already upgraded ARC (including the CRDs, see charts/actions-runner-controller/docs/UPGRADING.md for details) to the latest and it didn't fix the issue
• I've migrated to the workflow job webhook event (if you using webhook driven scaling)

Resource Definitions

apiVersion: actions.summerwind.dev/v1alpha1
kind: RunnerDeployment
metadata:
  creationTimestamp: "2023-08-31T16:13:22Z"
  generation: 9276
  name: gh-terraform-secure
  namespace: actions-runner-system
  resourceVersion: "137974423"
  uid: 6a78ee69-9a07-4ac6-9d7d-3b93dfe195fe
spec:
  effectiveTime: "2024-06-10T13:03:25Z"
  replicas: 0
  selector: null
  template:
    metadata:
      annotations:
        ad.datadoghq.com/tags: '{"gha_runner_type": "gh-terraform-secure"}'
      labels:
        app.kubernetes.io/name: gh-terraform-secure
    spec:
      dockerdContainerResources: {}
      env:
      - name: DISABLE_RUNNER_UPDATE
        value: "false"
      - name: DISABLE_WAIT_FOR_DOCKER
        value: "true"
      ephemeral: true
      image: xxxxxxxxxxx.dkr.ecr.eu-west-1.amazonaws.com/tools/gh-terraform-runner:v0.1.73
      labels:
      - gh-terraform-secure
      organization: jumo
      resources:
        requests:
          cpu: "1"
          memory: 512Mi
      serviceAccountName: gh-terraform-secure-runner
      tolerations:
      - effect: NoSchedule
        key: runner-type
        operator: Equal
        value: gh-terraform-secure

To Reproduce

Go to: https://hub.docker.com/r/summerwind/actions-runner-dind-rootless/tags

Latest tag is v2.316.0-ubuntu-20.04-49490c4

Go to: https://hub.docker.com/r/summerwind/actions-runner-dind/tags

Latest tag is v2.317.0-ubuntu-20.04-8947327

Describe the bug

Latest image build (with runner version 2.317.0) for actions-runner-dind-rootless failed (for both ubuntu-20.04 and ubuntu-22.04): https://github.com/actions-runner-controller/releases/actions/runs/9415130587/job/25935482037

Describe the expected behavior

I would expect an image would be available with runner version 2.317.0, same as for the other images built from this repository.

Whole Controller Logs

N/A

Whole Runner Pod Logs

√ Settings Saved.

2024-06-10 13:29:13.952  DEBUG --- Runner successfully configured.
{
  "agentId": 1044721,
  "agentName": "gh-terraform-hsr79-5gf28",
  "poolId": 1,
  "poolName": "Default",
  "disableUpdate": true,
  "ephemeral": true,
  "serverUrl": "https://pipelinesghubeus21.actions.githubusercontent.com/xxxxxxx/",
  "gitHubUrl": "https://github.com/jumo",
  "workFolder": "/runner/_work"
2024-06-10 13:29:13.955  NOTICE --- Docker wait check skipped. Either Docker is disabled or the wait is disabled, continuing with entrypoint
2024-06-10 13:29:13.956  NOTICE --- WARNING LATEST TAG HAS BEEN DEPRECATED. SEE GITHUB ISSUE FOR DETAILS:
2024-06-10 13:29:13.957  NOTICE --- https://github.com/actions/actions-runner-controller/issues/2056
}
√ Connected to GitHub

Current runner version: '2.316.0'
2024-06-10 13:29:16Z: Listening for Jobs
An error occured: Runner version v2.316.0 is deprecated and cannot receive messages.
Runner listener exit with terminated error, stop the service, no retry needed.
Exiting runner...
2024-06-10 13:29:16.469  NOTICE --- Runner init exited. Exiting this process with code 0 so that the container and the pod is GC'ed Kubernetes soon.

Additional Context

[github-actions]

Hello! Thank you for filing an issue.

The maintainers will triage your issue shortly.

In the meantime, please take a look at the troubleshooting guide for bug reports.

If this is a feature request, please review our contribution guidelines.

[YvesZelros]

1. Check the image used on ephemeralrunnersets
   kubectl get ephemeralrunnersets.actions.github.com -o jsonpath='{.items[].spec.ephemeralRunnerSpec.spec.containers[].image}'

Must be ghcr.io/actions/actions-runner:2.317.0 or ghcr.io/actions/actions-runner:latest

2. imagePullPolicy
   If image tag is latest ensure that imagePullPolicy is Always

Seem that default value of imagePullPolicy is IfNotPresent that can be the root cause of this issue ...

[mantoine96]

@YvesZelros This isn't relevant to this discussion. The issue at hands here is that the latest build for the image for summerwind/actions-runner-dind-rootless containing version 2.317.0 of the GHA runner failed, due to:

#26 2.180 + PATH=/home/runner/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/runner/.local/bin:/home/runner/bin /home/runner/bin/dockerd-rootless-setuptool.sh install --skip-iptables
#26 2.199 [rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: operation not permitted
#26 2.200 [ERROR] RootlessKit failed, see the error messages and https://rootlesscontaine.rs/getting-started/common/ .
#26 ERROR: process "/bin/sh -c export SKIP_IPTABLES=1     && curl -fsSL https://get.docker.com/rootless | sh     && /home/runner/bin/docker -v" did not complete successfully: exit code: 1

#12 [linux/arm64  2/18] RUN apt-get update -y     && apt-get install -y software-properties-common     && add-apt-repository -y ppa:git-core/ppa     && apt-get update -y     && apt-get install -y --no-install-recommends     build-essential     curl     ca-certificates     dnsutils     ftp     git     iproute2     iputils-ping     iptables     jq     libunwind8     locales     netcat     net-tools     openssh-client     parallel     python3-pip     rsync     shellcheck     software-properties-common     sudo     telnet     time     tzdata     uidmap     unzip     upx     wget     zip     zstd     && ln -sf /usr/bin/python3 /usr/bin/python     && ln -sf /usr/bin/pip3 /usr/bin/pip     && rm -rf /var/lib/apt/lists/*
#12 CANCELED

This issue's goal is to figure out what needs to happen to fix this. In this case, it looks like there might have been an issue with the seccomp of the container used by BuildKit. This could be a transient issue, although I'm inclined to say it isn't given the build before that also failed with the same errors: https://github.com/actions-runner-controller/releases/actions/runs/9076975144/job/25047042394

[mohamed-haidara-cko]

This seems likend to docker/docker-install#417.

Downgrading the Docker version fixes the issue.