Merge pull request #4 from bapung/fix/repo-scope-for-user

fix: handle case if owner is a user, take priority over org
2026-06-22 07:58:44 +00:00 · 2026-01-13 22:15:08 +08:00 · 2026-01-13 21:28:33 +08:00
11 changed files with 95 additions and 612 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,9 +1,8 @@
-name: Build and Push
+name: Build and Push Docker Image
 on:
  push:
    branches: ["main", "master"]
    tags: ["v*"]
  pull_request:
    branches: ["main", "master"]
  workflow_dispatch:
@@ -13,7 +12,7 @@ env:
  IMAGE_NAME: ${{ github.repository }}
 jobs:
-  build-image:
+  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
@@ -23,9 +22,6 @@ jobs:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -42,63 +38,14 @@ jobs:
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=ref,event=branch
-            type=sha,prefix=sha-
+            type=sha
      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
  publish-chart:
    needs: build-image
    if: startsWith(github.ref, 'refs/tags/v')
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Install Helm
        uses: azure/setup-helm@v4
      - name: Login to GHCR
        run: echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ${{ env.REGISTRY }} --username ${{ github.actor }} --password-stdin
      - name: Get Version
        id: get_version
        run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV
      - name: Update Chart Version and Image Tag
        run: |
          CHART_PATH="charts/gitea-runner-operator"
          # Update version (stripping v)
          sed -i "s/^version:.*/version: ${{ env.VERSION }}/" $CHART_PATH/Chart.yaml
          # Update appVersion (keeping v, matches docker tag)
          sed -i "s/^appVersion:.*/appVersion: \"v${{ env.VERSION }}\"/" $CHART_PATH/Chart.yaml
          # Update image tag in values.yaml to match the release
          # Replaces 'tag: "latest"' with 'tag: "v1.2.3"'
          sed -i 's/tag: "latest"/tag: "v${{ env.VERSION }}"/' $CHART_PATH/values.yaml
      - name: Package Helm Chart
        run: |
          helm package charts/gitea-runner-operator
      - name: Push Helm Chart
        run: |
          # Push to oci://ghcr.io/<owner>/charts
          # The chart will be accessible as oci://ghcr.io/<owner>/charts/gitea-runner-operator
          OWNER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
          helm push gitea-runner-operator-${{ env.VERSION }}.tgz oci://${{ env.REGISTRY }}/${OWNER}/charts
--- a/README.md
+++ b/README.md
@@ -16,14 +16,7 @@ A Kubernetes Operator to manage ephemeral Gitea Act runners. This operator autom
 ## Installation (Helm Chart)
-You can install the operator using the provided Helm chart.
+### Incoming
 ```bash
 # Install the chart
 helm upgrade --install gitea-runner-operator ./charts/gitea-runner-operator \
  --namespace gitea-runner-operator-system \
  --create-namespace
 ```
 ## Installation (Manual)
@@ -70,39 +63,27 @@ kubectl apply -f secret.yaml
 ## Configuration
-The core resource is the `RunnerGroup`. Use the `scope` field to control which jobs the runner picks up.
+The core resource is the `RunnerGroup`. Below are examples for different scopes.
 ### 1. Repository Scope
 Spawns runners only for jobs in a specific repository.
 ```yaml
 apiVersion: gitea.bpg.pw/v1alpha1
 kind: RunnerGroup
 metadata:
-  name: example-runner
+  name: my-repo-runner
  namespace: gitea-runner-operator-system
 spec:
  # Base Gitea URL
  giteaURL: https://gitea.example.com
  # Scope configuration:
  # - global: Runs all jobs (requires instance admin token)
  # - org:    Runs jobs for a specific organization (requires `org` field)
  # - user:   Runs jobs for a specific user (requires `user` field)
  # - repo:   Runs jobs for a specific repository (requires `org` and `repo` fields)
  scope: repo
-
+  org: myorg
-  # Scope-specific fields (uncomment as needed based on scope):
+  repo: myrepo
-  org: my-org # Required for 'org' or 'repo' scopes
+  giteaURL: https://gitea.example.com
  repo: my-repo # Required for 'repo' scope
  # user: my-user   # Required for 'user' or 'repo' scope
  # Maximum concurrent runners
  maxActiveRunners: 5
  # Labels supported by this runner group
  labels:
    - "ubuntu-latest"
-    - "custom-label:docker://node:16"
+    - "custom-label"
  # Credentials
  registrationToken:
    secretRef:
      name: gitea-runner-secret
@@ -113,6 +94,62 @@ spec:
      key: authToken
 ```
 ### 2. Organization Scope
 Spawns runners for any repository within the organization.
 ```yaml
 apiVersion: gitea.bpg.pw/v1alpha1
 kind: RunnerGroup
 metadata:
  name: my-org-runner
  namespace: gitea-runner-operator-system
 spec:
  scope: org
  org: myorg
  # repo is omitted
  giteaURL: https://gitea.example.com
  maxActiveRunners: 10
  # ... (tokens)
 ```
 ### 3. User Scope
 Spawns runners for any repository owned by the specified user.
 ```yaml
 apiVersion: gitea.bpg.pw/v1alpha1
 kind: RunnerGroup
 metadata:
  name: my-user-runner
  namespace: gitea-runner-operator-system
 spec:
  scope: user
  user: myusername
  # org and repo are omitted
  giteaURL: https://gitea.example.com
  maxActiveRunners: 3
  # ... (tokens)
 ```
 ### 4. Global Scope
 Spawns runners for any job in the Gitea instance (Admin level).
 ```yaml
 apiVersion: gitea.bpg.pw/v1alpha1
 kind: RunnerGroup
 metadata:
  name: global-runner
  namespace: gitea-runner-operator-system
 spec:
  scope: global
  # org, user, and repo are omitted
  giteaURL: https://gitea.example.com
  maxActiveRunners: 20
  # ... (tokens)
 ```
 ## How it works
 1.  The **Controller** polls the Gitea API (using the `authToken`) to check for queued jobs matching the scope and labels.
--- a/charts/gitea-runner-operator/Chart.yaml
+++ b/charts/gitea-runner-operator/Chart.yaml
@@ -1,17 +0,0 @@
 apiVersion: v2
 name: gitea-runner-operator
 description: A Helm chart for managing Gitea Runner Operator
 type: application
 version: 0.1.0
 appVersion: "0.0.1"
 keywords:
  - gitea
  - runner
  - operator
  - ci
  - cd
 home: https://github.com/bapung/gitea-runner-operator
 sources:
  - https://github.com/bapung/gitea-runner-operator
 maintainers:
  - name: bapung
--- a/charts/gitea-runner-operator/templates/NOTES.txt
+++ b/charts/gitea-runner-operator/templates/NOTES.txt
@@ -1,37 +0,0 @@
 Gitea Runner Operator has been installed!
 1. Check if the controller is running:
   kubectl get pods -n {{ .Release.Namespace }} -l control-plane=controller-manager
 2. Create a Secret with your Gitea credentials:
   kubectl create secret generic gitea-runner-secret \
     --namespace {{ .Release.Namespace }} \
     --from-literal=registrationToken=<YOUR_TOKEN> \
     --from-literal=authToken=<YOUR_API_TOKEN>
 3. Create a RunnerGroup instance to spawn runners:
   apiVersion: gitea.bpg.pw/v1alpha1
   kind: RunnerGroup
   metadata:
     name: example-runner
     namespace: {{ .Release.Namespace }}
   spec:
     scope: repo
     org: your-org
     repo: your-repo
     giteaURL: https://gitea.example.com
     maxActiveRunners: 2
     labels: ["ubuntu-latest"]
     registrationToken:
       secretRef:
         name: gitea-runner-secret
         key: registrationToken
     authToken:
       secretRef:
         name: gitea-runner-secret
         key: authToken
 For more details, please visit: https://github.com/bapung/gitea-runner-operator
--- a/charts/gitea-runner-operator/templates/_helpers.tpl
+++ b/charts/gitea-runner-operator/templates/_helpers.tpl
@@ -1,63 +0,0 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "gitea-runner-operator.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "gitea-runner-operator.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "gitea-runner-operator.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "gitea-runner-operator.labels" -}}
 helm.sh/chart: {{ include "gitea-runner-operator.chart" . }}
 {{ include "gitea-runner-operator.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "gitea-runner-operator.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "gitea-runner-operator.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 control-plane: controller-manager
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "gitea-runner-operator.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "gitea-runner-operator.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
--- a/charts/gitea-runner-operator/templates/deployment.yaml
+++ b/charts/gitea-runner-operator/templates/deployment.yaml
@@ -1,67 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 spec:
  replicas: 1
  selector:
    matchLabels:
      {{- include "gitea-runner-operator.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/default-container: manager
        {{- with .Values.podAnnotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      labels:
        {{- include "gitea-runner-operator.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "gitea-runner-operator.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: manager
          command:
            - /manager
          args:
            - --leader-elect={{ .Values.manager.leaderElect }}
            - --health-probe-bind-address={{ .Values.manager.healthProbeBindAddress }}
            - --metrics-bind-address={{ .Values.manager.metricsBindAddress }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          livenessProbe:
            httpGet:
              path: /healthz
              port: {{ .Values.manager.healthProbeBindAddress | trimPrefix ":" }}
            initialDelaySeconds: 15
            periodSeconds: 20
          readinessProbe:
            httpGet:
              path: /readyz
              port: {{ .Values.manager.healthProbeBindAddress | trimPrefix ":" }}
            initialDelaySeconds: 5
            periodSeconds: 10
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      terminationGracePeriodSeconds: 10
--- a/charts/gitea-runner-operator/templates/rbac.yaml
+++ b/charts/gitea-runner-operator/templates/rbac.yaml
@@ -1,262 +0,0 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "gitea-runner-operator.serviceAccountName" . }}
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
 {{- if .Values.rbac.create -}}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}-leader-election-role
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 rules:
 - apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
 - apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
 - apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}-manager-role
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 rules:
 - apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - batch
  resources:
  - jobs
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
 - apiGroups:
  - gitea.bpg.pw
  resources:
  - runnergroups
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
 - apiGroups:
  - gitea.bpg.pw
  resources:
  - runnergroups/finalizers
  verbs:
  - update
 - apiGroups:
  - gitea.bpg.pw
  resources:
  - runnergroups/status
  verbs:
  - get
  - patch
  - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}-metrics-reader
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 rules:
 - nonResourceURLs:
  - /metrics
  verbs:
  - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}-metrics-auth-role
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 rules:
 - apiGroups:
  - authentication.k8s.io
  resources:
  - tokenreviews
  verbs:
  - create
 - apiGroups:
  - authorization.k8s.io
  resources:
  - subjectaccessreviews
  verbs:
  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}-leader-election-rolebinding
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ include "gitea-runner-operator.fullname" . }}-leader-election-role
 subjects:
 - kind: ServiceAccount
  name: {{ include "gitea-runner-operator.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}-manager-rolebinding
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "gitea-runner-operator.fullname" . }}-manager-role
 subjects:
 - kind: ServiceAccount
  name: {{ include "gitea-runner-operator.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}-metrics-auth-rolebinding
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ include "gitea-runner-operator.fullname" . }}-metrics-auth-role
 subjects:
 - kind: ServiceAccount
  name: {{ include "gitea-runner-operator.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}-runnergroup-admin-role
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 rules:
 - apiGroups:
  - gitea.bpg.pw
  resources:
  - runnergroups
  verbs:
  - '*'
 - apiGroups:
  - gitea.bpg.pw
  resources:
  - runnergroups/status
  verbs:
  - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}-runnergroup-editor-role
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 rules:
 - apiGroups:
  - gitea.bpg.pw
  resources:
  - runnergroups
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
 - apiGroups:
  - gitea.bpg.pw
  resources:
  - runnergroups/status
  verbs:
  - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}-runnergroup-viewer-role
  labels:
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 rules:
 - apiGroups:
  - gitea.bpg.pw
  resources:
  - runnergroups
  verbs:
  - get
  - list
  - watch
 - apiGroups:
  - gitea.bpg.pw
  resources:
  - runnergroups/status
  verbs:
  - get
 {{- end }}
--- a/charts/gitea-runner-operator/templates/service.yaml
+++ b/charts/gitea-runner-operator/templates/service.yaml
@@ -1,15 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "gitea-runner-operator.fullname" . }}-metrics-service
  labels:
    control-plane: controller-manager
    {{- include "gitea-runner-operator.labels" . | nindent 4 }}
 spec:
  ports:
    - name: https
      port: 8443
      protocol: TCP
      targetPort: {{ .Values.manager.metricsBindAddress | trimPrefix ":" }}
  selector:
    {{- include "gitea-runner-operator.selectorLabels" . | nindent 4 }}
--- a/charts/gitea-runner-operator/values.yaml
+++ b/charts/gitea-runner-operator/values.yaml
@@ -1,62 +0,0 @@
 # Default values for gitea-runner-operator.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 image:
  repository: ghcr.io/bapung/gitea-runner-operator
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: "latest"
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: "gitea-runner-operator-controller-manager"
 podAnnotations: {}
 podSecurityContext:
  runAsNonRoot: true
  seccompProfile:
    type: RuntimeDefault
 securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
    - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 resources:
  limits:
    cpu: 500m
    memory: 128Mi
  requests:
    cpu: 10m
    memory: 64Mi
 nodeSelector: {}
 tolerations: []
 affinity: {}
 # Manager configuration
 manager:
  metricsBindAddress: ":8443"
  healthProbeBindAddress: ":8081"
  leaderElect: true
 # RBAC configuration
 rbac:
  create: true
--- a/internal/gitea/client.go
+++ b/internal/gitea/client.go
@@ -131,6 +131,9 @@ func (c *HTTPClient) GetRunnerStats(
 ) (*RunnerStats, error) {
 	switch scope {
 	case v1alpha1.RunnerGroupScopeRepo:
 		if user != "" {
 			return c.getRunnerStatsForRepo(ctx, giteaURL, authToken, user, repo, labels)
 		}
 		return c.getRunnerStatsForRepo(ctx, giteaURL, authToken, org, repo, labels)
 	case v1alpha1.RunnerGroupScopeOrg:
 		return c.getRunnerStatsForOrg(ctx, giteaURL, authToken, org, labels)
--- a/internal/gitea/client_test.go
+++ b/internal/gitea/client_test.go
@@ -80,6 +80,21 @@ func TestHTTPClient_GetRunnerStats(t *testing.T) {
 			expectedQueued: 0, // No runner capabilities provided -> no match
 			expectedError:  false,
 		},
 		{
 			name:   "repo scope (user owned)",
 			scope:  v1alpha1.RunnerGroupScopeRepo,
 			user:   "testuser",
 			repo:   "testrepo",
 			labels: []string{"linux"},
 			mockResponse: ActionWorkflowJobsResponse{
 				TotalCount: 1,
 				Jobs: []ActionWorkflowJob{
 					{ID: 1, Status: "queued", Labels: []string{"linux"}},
 				},
 			},
 			expectedQueued: 1,
 			expectedError:  false,
 		},
 		{
 			name:   "global scope with specific labels",
 			scope:  v1alpha1.RunnerGroupScopeGlobal,
@@ -135,9 +150,13 @@ func TestHTTPClient_GetRunnerStats(t *testing.T) {
 				expectedPath := ""
 				switch tt.scope {
 				case v1alpha1.RunnerGroupScopeRepo:
-					expectedPath = "/api/v1/repos/testorg/testrepo/actions/jobs"
+					owner := tt.org
 					if tt.user != "" {
 						owner = tt.user
 					}
 					expectedPath = "/api/v1/repos/" + owner + "/" + tt.repo + "/actions/jobs"
 				case v1alpha1.RunnerGroupScopeOrg:
-					expectedPath = "/api/v1/orgs/testorg/actions/jobs"
+					expectedPath = "/api/v1/orgs/" + tt.org + "/actions/jobs"
 				case v1alpha1.RunnerGroupScopeGlobal:
 					expectedPath = "/api/v1/admin/actions/jobs"
 				case v1alpha1.RunnerGroupScopeUser:
Author	SHA1	Message	Date
Bagas Purwa S	776a3fbd7f	Merge pull request #4 from bapung/fix/repo-scope-for-user fix: handle case if owner is a user, take priority over org	2026-01-13 22:15:08 +08:00
Bapung	e6755bf2ba	fix: handle case if owner is a user, take priority over org	2026-01-13 21:28:33 +08:00