Orphan no-permission ServiceAccount in kubernetes-novolume mode blocks Argo CD app teardown

[khaykingleb]

Checks

• I've already read https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors and I'm sure my issue is not covered in the troubleshooting guide.
• I am using charts that are officially provided

Controller Version

0.13.1

Deployment Method

ArgoCD

Checks

• This isn't a question or user support case (For Q&A and community support, go to Discussions).
• I've read the Changelog before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes

To Reproduce

1. Install `gha-runner-scale-set` with `containerMode.type=kubernetes-novolume`
2. `kubectl get sa -n <ns>` — observe both `*-gha-rs-kube-mode` and `*-gha-rs-no-permission`
3. `helm uninstall <release>` or delete the Argo CD application, see that the teardown hangs on the orphan SA
4. Use workaround: `kubectl patch sa <release>-gha-rs-no-permission -n <ns> --type=json -p='[{"op":"remove","path":"/metadata/finalizers"}]'`.

Describe the bug

In containerMode.type=kubernetes-novolume, the gha-runner-scale-set chart renders a <release>-gha-rs-no-permission ServiceAccount with a actions.github.com/cleanup-protection finalizer. The runner pod does not use this SA (it uses the kube-mode SA instead), and the AutoscalingRunnerSet is not annotated with actions.github.com/cleanup-no-permission-service-account-name, so autoscalingRunnerSetFinalizerDependencyCleaner.removeNoPermissionServiceAccountFinalizer skips cleanup. The orphan SA then blocks helm uninstall / ArgoCD teardown until the finalizer is manually stripped

Describe the expected behavior

The no-permission SA should only be rendered when the runner pod actually uses it (i.e., containerMode.type is neither kubernetes nor kubernetes-novolume), matching the condition already used for the serviceAccountName assignment and the cleanup annotation in autoscalingrunnerset.yaml

Additional Context

This is a Helm chart templating bug, not a runtime controller bug.

Controller Logs

Not applicable

Runner Pod Logs

Not applicable

[github-actions]

Hello! Thank you for filing an issue.

The maintainers will triage your issue shortly.

In the meantime, please take a look at the troubleshooting guide for bug reports.

If this is a feature request, please review our contribution guidelines.