perf: custom DinD template with 4 CPU/4Gi per runner + anti-affinity to spread across nodes

pipelines/arc/runner-scaleset.yaml

@@ -1,20 +1,102 @@
 # Helm values for ARC runner scale set
 # Chart: oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set
 # Namespace: arc-system
+#
+# Custom DinD template with resource requests to spread pods across nodes.
+# containerMode is NOT set — we provide the full template ourselves.
+# Based on the chart's default DinD template for Kubernetes >= v1.29 (sidecar containers).
 
-# GitHub repository to register the runner against
 githubConfigUrl: "https://github.com/celesrenata/stonks-oracle"
-
-# Runner label used in workflow runs-on
 runnerScaleSetName: "self-hosted-gremlin"
 
-# Authentication — GitHub PAT injected at install time via --set
-# runmefirst.sh reads /run/secrets/github_token and passes it here
 githubConfigSecret:
   github_token: "PLACEHOLDER"
 
-# Docker-in-Docker mode — runner has a full Docker daemon, works like GitHub-hosted runners
-# NOTE: Do NOT override template.spec when using containerMode — the chart auto-injects
-# the correct DinD sidecar, volume mounts, DOCKER_HOST env, and startup probes.
-containerMode:
-  type: dind
+template:
+  spec:
+    # Spread runner pods across nodes
+    affinity:
+      podAntiAffinity:
+        preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                  - key: actions.github.com/scale-set-name
+                    operator: In
+                    values:
+                      - self-hosted-gremlin
+              topologyKey: kubernetes.io/hostname
+
+    initContainers:
+      - name: init-dind-externals
+        image: ghcr.io/actions/actions-runner:latest
+        command: ["cp", "-r", "/home/runner/externals/.", "/home/runner/tmpDir/"]
+        volumeMounts:
+          - name: dind-externals
+            mountPath: /home/runner/tmpDir
+
+      - name: dind
+        image: docker:dind
+        args:
+          - dockerd
+          - --host=unix:///var/run/docker.sock
+          - --group=$(DOCKER_GROUP_GID)
+        env:
+          - name: DOCKER_GROUP_GID
+            value: "123"
+        securityContext:
+          privileged: true
+        restartPolicy: Always
+        startupProbe:
+          exec:
+            command:
+              - docker
+              - info
+          initialDelaySeconds: 0
+          failureThreshold: 24
+          periodSeconds: 5
+        resources:
+          requests:
+            cpu: "2"
+            memory: 2Gi
+          limits:
+            cpu: "4"
+            memory: 4Gi
+        volumeMounts:
+          - name: work
+            mountPath: /home/runner/_work
+          - name: dind-sock
+            mountPath: /var/run
+          - name: dind-externals
+            mountPath: /home/runner/externals
+
+    containers:
+      - name: runner
+        image: ghcr.io/actions/actions-runner:latest
+        command: ["/home/runner/run.sh"]
+        env:
+          - name: DOCKER_HOST
+            value: unix:///var/run/docker.sock
+          - name: RUNNER_WAIT_FOR_DOCKER_IN_SECONDS
+            value: "120"
+        resources:
+          requests:
+            cpu: "2"
+            memory: 2Gi
+          limits:
+            cpu: "4"
+            memory: 8Gi
+        volumeMounts:
+          - name: work
+            mountPath: /home/runner/_work
+          - name: dind-sock
+            mountPath: /var/run
+
+    volumes:
+      - name: work
+        emptyDir: {}
+      - name: dind-sock
+        emptyDir: {}
+      - name: dind-externals
+        emptyDir: {}