From 8cf47cb6b59014548770d4d2d1decc5e99661c6a Mon Sep 17 00:00:00 2001
From: Rubionic <bot@rkoster.dev>
Date: Mon, 29 Dec 2025 10:28:20 +0000
Subject: [PATCH] fix: add dummy volume to force k8s-novolume hook prepare
 script execution

Add a dummy EmptyDir volume mount to the cached-privileged-kubernetes
container mode to work around a bug in GitHub's runner-container-hooks
that prevents /github/workflow/event.json from being populated.

The bug is in the k8s-novolume hook's prepare-job.ts where the prepare
script (which copies /github/workflow and /github/home content) only
gets created and executed if there are userMountVolumes. Without any
user volumes, the prepare script is never run, leaving /github/workflow
empty and causing Docker Buildx and other actions to fail.

This workaround adds a dummy volume mount at /tmp/dummy-prepare to
trigger the conditional logic that creates the prepare script. The
prepare script itself handles the case where userMountVolumes exist
and performs the necessary GitHub workspace directory copies as a
side effect.

Fixes #26
---
 .../template_spec/testdata/expected/privileged_basic.yaml | 4 ++++
 .../testdata/expected/privileged_multi_cache.yaml         | 4 ++++
 pkg/templates/templates/overlay.yaml                      | 8 ++++++++
 pkg/templates/testdata/expected/privileged_basic.yaml     | 4 ++++
 .../testdata/expected/privileged_emptydir_cache.yaml      | 4 ++++
 .../testdata/expected/privileged_multi_cache.yaml         | 4 ++++
 .../testdata/expected/privileged_single_cache.yaml        | 4 ++++
 7 files changed, 32 insertions(+)

diff --git a/internal/runner/template_spec/testdata/expected/privileged_basic.yaml b/internal/runner/template_spec/testdata/expected/privileged_basic.yaml
index e4a4465..e0ba719 100644
--- a/internal/runner/template_spec/testdata/expected/privileged_basic.yaml
+++ b/internal/runner/template_spec/testdata/expected/privileged_basic.yaml
@@ -293,6 +293,8 @@ data:
           mountPath: /lib64
         - name: glibc-compat
           mountPath: /lib/x86_64-linux-gnu
+        - name: dummy-prepare-trigger
+          mountPath: /tmp/dummy-prepare
       volumes:
       - name: sys
         hostPath:
@@ -320,6 +322,8 @@ data:
           type: Directory
       - name: glibc-compat
         emptyDir: {}
+      - name: dummy-prepare-trigger
+        emptyDir: {}
 ---
 apiVersion: actions.github.com/v1alpha1
 kind: AutoscalingRunnerSet
diff --git a/internal/runner/template_spec/testdata/expected/privileged_multi_cache.yaml b/internal/runner/template_spec/testdata/expected/privileged_multi_cache.yaml
index 0c3ac48..e09061f 100644
--- a/internal/runner/template_spec/testdata/expected/privileged_multi_cache.yaml
+++ b/internal/runner/template_spec/testdata/expected/privileged_multi_cache.yaml
@@ -297,6 +297,8 @@ data:
           mountPath: /var/lib/docker
         - name: cache-1
           mountPath: /nix/store
+        - name: dummy-prepare-trigger
+          mountPath: /tmp/dummy-prepare
       volumes:
       - name: sys
         hostPath:
@@ -332,6 +334,8 @@ data:
         hostPath:
           path: /nix/store
           type: DirectoryOrCreate
+      - name: dummy-prepare-trigger
+        emptyDir: {}
 ---
 apiVersion: actions.github.com/v1alpha1
 kind: AutoscalingRunnerSet
diff --git a/pkg/templates/templates/overlay.yaml b/pkg/templates/templates/overlay.yaml
index d142ede..f238d8a 100644
--- a/pkg/templates/templates/overlay.yaml
+++ b/pkg/templates/templates/overlay.yaml
@@ -76,6 +76,11 @@
 #@     volumeMounts.append({"name": "cache-" + str(i), "mountPath": cachePath.target})
 #@   end
 #@   
+#@   # WORKAROUND: Add dummy user mount volume to force k8s-novolume hook prepare script execution
+#@   # The prepare script only runs when userMountVolumes exist, but it's needed to copy /github/workflow content
+#@   # See: https://github.com/rkoster/deskrun/issues/26
+#@   volumeMounts.append({"name": "dummy-prepare-trigger", "mountPath": "/tmp/dummy-prepare"})
+#@   
 #@   # Note: externals (/__e), work (/__w), and github (/github) volumes are automatically
 #@   # added by the k8s-novolume hooks, so we don't include them here to avoid duplicates.
 #@   # The hooks handle all GitHub workspace paths including /github/workflow/event.json
@@ -109,6 +114,9 @@
 #@     volumes.append({"name": "cache-" + str(i), "hostPath": {"path": cache_source, "type": "DirectoryOrCreate"}})
 #@   end
 #@   
+#@   # WORKAROUND: Dummy volume to trigger prepare script (see volumeMounts comment above)
+#@   volumes.append({"name": "dummy-prepare-trigger", "emptyDir": {}})
+#@   
 #@   spec["containers"] = [container]
 #@   spec["volumes"] = volumes
 #@   
diff --git a/pkg/templates/testdata/expected/privileged_basic.yaml b/pkg/templates/testdata/expected/privileged_basic.yaml
index e4a4465..e0ba719 100644
--- a/pkg/templates/testdata/expected/privileged_basic.yaml
+++ b/pkg/templates/testdata/expected/privileged_basic.yaml
@@ -293,6 +293,8 @@ data:
           mountPath: /lib64
         - name: glibc-compat
           mountPath: /lib/x86_64-linux-gnu
+        - name: dummy-prepare-trigger
+          mountPath: /tmp/dummy-prepare
       volumes:
       - name: sys
         hostPath:
@@ -320,6 +322,8 @@ data:
           type: Directory
       - name: glibc-compat
         emptyDir: {}
+      - name: dummy-prepare-trigger
+        emptyDir: {}
 ---
 apiVersion: actions.github.com/v1alpha1
 kind: AutoscalingRunnerSet
diff --git a/pkg/templates/testdata/expected/privileged_emptydir_cache.yaml b/pkg/templates/testdata/expected/privileged_emptydir_cache.yaml
index 31bdfdd..425a1b9 100644
--- a/pkg/templates/testdata/expected/privileged_emptydir_cache.yaml
+++ b/pkg/templates/testdata/expected/privileged_emptydir_cache.yaml
@@ -295,6 +295,8 @@ data:
           mountPath: /lib/x86_64-linux-gnu
         - name: cache-0
           mountPath: /var/lib/docker
+        - name: dummy-prepare-trigger
+          mountPath: /tmp/dummy-prepare
       volumes:
       - name: sys
         hostPath:
@@ -326,6 +328,8 @@ data:
         hostPath:
           path: /tmp/github-runner-cache/test-runner-1/cache-0
           type: DirectoryOrCreate
+      - name: dummy-prepare-trigger
+        emptyDir: {}
 ---
 apiVersion: actions.github.com/v1alpha1
 kind: AutoscalingRunnerSet
diff --git a/pkg/templates/testdata/expected/privileged_multi_cache.yaml b/pkg/templates/testdata/expected/privileged_multi_cache.yaml
index 0c3ac48..e09061f 100644
--- a/pkg/templates/testdata/expected/privileged_multi_cache.yaml
+++ b/pkg/templates/testdata/expected/privileged_multi_cache.yaml
@@ -297,6 +297,8 @@ data:
           mountPath: /var/lib/docker
         - name: cache-1
           mountPath: /nix/store
+        - name: dummy-prepare-trigger
+          mountPath: /tmp/dummy-prepare
       volumes:
       - name: sys
         hostPath:
@@ -332,6 +334,8 @@ data:
         hostPath:
           path: /nix/store
           type: DirectoryOrCreate
+      - name: dummy-prepare-trigger
+        emptyDir: {}
 ---
 apiVersion: actions.github.com/v1alpha1
 kind: AutoscalingRunnerSet
diff --git a/pkg/templates/testdata/expected/privileged_single_cache.yaml b/pkg/templates/testdata/expected/privileged_single_cache.yaml
index 4c0b5a4..d964566 100644
--- a/pkg/templates/testdata/expected/privileged_single_cache.yaml
+++ b/pkg/templates/testdata/expected/privileged_single_cache.yaml
@@ -295,6 +295,8 @@ data:
           mountPath: /lib/x86_64-linux-gnu
         - name: cache-0
           mountPath: /var/lib/docker
+        - name: dummy-prepare-trigger
+          mountPath: /tmp/dummy-prepare
       volumes:
       - name: sys
         hostPath:
@@ -326,6 +328,8 @@ data:
         hostPath:
           path: /var/lib/docker
           type: DirectoryOrCreate
+      - name: dummy-prepare-trigger
+        emptyDir: {}
 ---
 apiVersion: actions.github.com/v1alpha1
 kind: AutoscalingRunnerSet