Fix: Add dummy volume to force k8s-novolume hook prepare script execution

[rubionic]

Summary

Add a dummy EmptyDir volume mount to the cached-privileged-kubernetes container mode to work around a bug in GitHub's runner-container-hooks that prevents /github/workflow/event.json from being populated.

Fixes #26

Problem

When using cached-privileged-kubernetes mode, the "Set up Docker Buildx" action fails because /github/workflow/event.json does not exist. This file is required by Docker Buildx to read the $GITHUB_EVENT_PATH environment variable.

Root Cause

The bug is in GitHub's runner-container-hooks package at packages/k8s/src/hooks/prepare-job.ts:

let prepareScript: { containerPath: string; runnerPath: string } | undefined
if (args.container?.userMountVolumes?.length) {
    prepareScript = prepareJobScript(args.container.userMountVolumes || [])
}

The prepare script (which copies /github/workflow and /github/home content) only gets created and executed if there are userMountVolumes. Without any user volumes, the prepare script is never run, leaving /github/workflow empty.

Solution

This PR adds a dummy volume mount at /tmp/dummy-prepare to trigger the conditional logic that creates the prepare script. The prepare script itself copies the GitHub workspace directories as a side effect.

Changes

/pkg/templates/templates/overlay.yaml

1. Added dummy volume mount (after line 77):

   # WORKAROUND: Add dummy user mount volume to force k8s-novolume hook prepare script execution
   # The prepare script only runs when userMountVolumes exist, but it's needed to copy /github/workflow content
   # See: https://github.com/rkoster/deskrun/issues/26
   volumeMounts.append({"name": "dummy-prepare-trigger", "mountPath": "/tmp/dummy-prepare"})

2. Added dummy volume (after line 110):

   # WORKAROUND: Dummy volume to trigger prepare script (see volumeMounts comment above)
   volumes.append({"name": "dummy-prepare-trigger", "emptyDir": {}})

Testing

• ✅ All existing unit tests pass
• ✅ Updated test fixtures for privileged mode to include the dummy volume
• ✅ No changes to dind or kubernetes modes
• ✅ The dummy EmptyDir volume is harmless and ephemeral

Scope

• Affected Mode: cached-privileged-kubernetes only
• Other Modes: dind and kubernetes are unaffected

Future Work

• Report upstream bug to actions/runner-container-hooks repository
• Remove workaround once upstream fix is available