# This is a combination of 6 commits.

# This is the 1st commit message:

Rebase

# This is the commit message #2:

fix: terraform error

# This is the commit message #3:

fix: terraform error

# This is the commit message #4:

fix: test and linter

# This is the commit message #5:

runner labels can be a subset

# This is the commit message #6:

runner labels can be a subset

modules/runners/lambdas/runners/src/scale-runners/gh-auth.test.ts

@@ -1,8 +1,10 @@
 import { createOctoClient, createGithubAuth } from './gh-auth';
 import nock from 'nock';
 import { createAppAuth } from '@octokit/auth-app';
+
 import { StrategyOptions } from '@octokit/auth-app/dist-types/types';
 import { getParameterValue } from './ssm';
+
 import { RequestInterface } from '@octokit/types';
 import { mock, MockProxy } from 'jest-mock-extended';
 import { request } from '@octokit/request';
@@ -23,7 +25,6 @@ const PARAMETER_GITHUB_APP_CLIENT_SECRET_NAME = `/actions-runner/${ENVIRONMENT}/
 
 const mockedGet = mocked(getParameterValue);
 
-
 beforeEach(() => {
   jest.resetModules();
   jest.clearAllMocks();
@@ -93,8 +94,7 @@ describe('Test createGithubAuth', () => {
 
     const mockedAuth = jest.fn();
     mockedAuth.mockResolvedValue({ token });
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    mockedCreatAppAuth.mockImplementation((authOptions: StrategyOptions) => {
+    mockedCreatAppAuth.mockImplementation(() => {
       return mockedAuth;
     });
 
@@ -184,8 +184,7 @@ describe('Test createGithubAuth', () => {
       .mockResolvedValueOnce(GITHUB_APP_CLIENT_SECRET);
     const mockedAuth = jest.fn();
     mockedAuth.mockResolvedValue({ token });
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    mockedCreatAppAuth.mockImplementation((authOptions: StrategyOptions) => {
+    mockedCreatAppAuth.mockImplementation(() => {
       return mockedAuth;
     });
 

modules/webhook/lambdas/webhook/src/webhook/handler.test.ts

@@ -139,6 +139,23 @@ describe('handler', () => {
       expect(sendActionRequest).toBeCalled();
     });
 
+    it('Check runner a runner with multiple labels accept a job with a subset of labels.', async () => {
+      process.env.RUNNER_LABELS = '["test", "linux"]';
+      const event = JSON.stringify({
+        ...workflowjob_event,
+        workflow_job: {
+          ...workflowjob_event.workflow_job,
+          labels: ['self-hosted'],
+        },
+      });
+      const resp = await handle(
+        { 'X-Hub-Signature': await webhooks.sign(event), 'X-GitHub-Event': 'workflow_job' },
+        event,
+      );
+      expect(resp).toBe(200);
+      expect(sendActionRequest).toBeCalled();
+    });
+
     it('Check runner labels in mixed order', async () => {
       process.env.RUNNER_LABELS = '["test", "linux"]';
       const event = JSON.stringify({

modules/webhook/lambdas/webhook/src/webhook/handler.ts

@@ -127,14 +127,12 @@ function isRunnerNotAllowed(job: WorkflowJob): boolean {
 
   // ensure the self-hosted label is in the list.
   runnerLabels.add('self-hosted');
-  const sortedRunnerLabels = Array.from(runnerLabels.values()).sort();
-  const sortedWorkflowLabels = job.workflow_job.labels.slice().sort();
+  const runnerMatch = job.workflow_job.labels.every((l) => runnerLabels.has(l));
 
-  const notMatched = sortedWorkflowLabels.toString() !== sortedRunnerLabels.toString();
   console.debug(
-    `Received runner job labels: '${sortedWorkflowLabels}' do ${
-      notMatched ? 'NOT' : ''
-    } match the configured labels '${sortedRunnerLabels}'`,
+    `Received runner job labels: '${JSON.stringify(job.workflow_job.labels)}' do ${
+      runnerMatch ? '' : 'NOT'
+    } match the configured labels '${JSON.stringify(runnerLabels)}'`,
   );
-  return notMatched;
+  return !runnerMatch;
 }