privileged docker container

.github/workflows/arm64-arc-runner-set.yaml

@@ -4,6 +4,7 @@ on:
   schedule:
   - cron: "0 17 * * 0" # 5pm UTC on Sundays
   workflow_dispatch: {}
+  pull_request:
 
 jobs:
   create-controller:
@@ -56,12 +57,17 @@ jobs:
             --namespace=arc-runners \
             --from-literal=github_token="${{ secrets.GH_PAT }}"
 
-          # bubblewrap (which is a sandbox tool used by melange) requires privileged (containerMode.type=dind) docker containers.
-          # issue reference: https://github.com/containers/bubblewrap/issues/505
-
           helm install arc-runner-set \
             --namespace arc-runners \
             --set githubConfigUrl="https://github.com/replicatedhq/kots" \
             --set githubConfigSecret="github-config-secret" \
-            --set containerMode.type=dind \
             oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set
+
+          # bubblewrap (which is a sandbox tool used by melange) requires privileged docker containers.
+          # bubblewrap also requires setting seccompProfile to unconfined.
+          # issue reference: https://github.com/containers/bubblewrap/issues/505
+
+          kubectl patch autoscalingrunnerset arc-runner-set \
+            --namespace arc-runners \
+            --type merge \
+            --patch '{"spec":{"template":{"spec":{"containers":[{"name":"runner","securityContext":{"privileged":true}}]}}}}'

.github/workflows/build-test.yaml

@@ -281,7 +281,7 @@ jobs:
       - id: cache-dir
         run: echo "cache_dir=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
 
-      - name: install and configure necessary packages for arm64
+      - name: configure packages for arm64
         if: matrix.runner.arch == 'arm64'
         run: |
           sudo apt-get update -y