Runner Scale Set Auth Secret Does Not Support GH App Client ID

[molson504x]

Checks

• [X] I've already read https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors and I'm sure my issue is not covered in the troubleshooting guide.
• [X] I am using charts that are officially provided

Controller Version

0.9.3

Deployment Method

Helm

Checks

• [X] This isn't a question or user support case (For Q&A and community support, go to Discussions).
• [X] I've read the Changelog before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes

To Reproduce

1. Create an auth secret to authenticate a runner scale set, use the GH App's Client ID (not App ID) in the "github_app_id" secret parameter.
2. Attempt to use this secret when deploying the helm chart for a new runner scale set.  Observe the reconciler error stating `"strconv.ParseInt: parsing \"[GH APP CLIENT ID HERE]\": invalid syntax"`.

Describe the bug

While deploying a runner scale set, I attempted to use the GH App client ID rather than the GH App ID. This produces the following error in the reconciler:

ERROR Reconciler error {"controller": "autoscalingrunnerset", "controllerGroup": "actions.github.com", "controllerKind": "AutoscalingRunnerSet", "AutoscalingRunnerSet": {"name":"gh-arc-runners","namespace":"arc-runners"}, "namespace": "arc-runners", "name": "gh-arc-runners", "reconcileID": "bad05748-8745-447f-bac3-62d771451fe0", "error": "strconv.ParseInt: parsing \"I[REDACTED FOR SECURITY REASONS}\": invalid syntax"}

However, per the GH App Docs an App ID and Client ID should both be allowed in the iss parameter of a JWT token. Additionally, GitHub seems to be guiding people to use the Client ID for authenticating GH Apps instead of the App ID (messaging such as:

Using your App ID to get installation tokens? You can now use your Client ID instead.

appears on the app configuration page).

When I run this with an App ID instead of a Client ID the runner scale set deploys as expected.

Describe the expected behavior

I'd expect the Client ID to be able to be used when deploying a new Runner Scale Set.

Additional Context

None.

Controller Logs

See note above about the relevant logs output by the controller.

Runner Pod Logs

None, since the runner pod never was deployed because of this error.

[github-actions[bot]]

Hello! Thank you for filing an issue.

The maintainers will triage your issue shortly.

In the meantime, please take a look at the troubleshooting guide for bug reports.

If this is a feature request, please review our contribution guidelines.

[mark-bennett-droneup]

Hey, @molson504x.

Thanks for sharing your experience and validating my own. I ran into the same problem today as I attempted to use a Terraform module to deploy arc. I ran into the same problem you did. If you're looking to create a Kubernetes secret with gh_app_id, gh_app_installation_id, and gh_app_private_key, this is what worked for me:

1. Navigate to https://github.com/organizations/YOUR_ORGANIZATION/settings/installations
2. Left-click Configure on the GitHub app you created
3. Rip the INSTALLATION_ID integer from the URL
4. Store it and set it where needed

I hope this helps or you've found the same workaround already 👍