Checks

• I've already read https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/troubleshooting-actions-runner-controller-errors and I'm sure my issue is not covered in the troubleshooting guide.
• I am using charts that are officially provided

Controller Version

0.11.0

Deployment Method

Helm

Checks

• This isn't a question or user support case (For Q&A and community support, go to Discussions).
• I've read the Changelog before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes

To Reproduce

- have a scaleset with a GHA token
- expire the token
- scaleset listener pod crashes (correct)
- controller deletes listener pod
- listener config is kept in place, with old copy of the secret
- new listener pod is created with as context the new secret, but as the config already exists, it's not replaced
- listener pod crashes again, because token is still invalid

Describe the bug

Which results into the following, when the token gets refreshed / replaced in the original secret (configured with the autoscalingrunnerset.spec.githubConfigSecret):

$ kubectl -n github-runners get secret test-github-runners-55655b45-listener-config  -o jsonpath="{.data['config\.json']}"|base64 -d|jq .token | md5sum 
c4e76cd6a3e556f2348fa05590baf4a7  -
$ kubectl -n github-runners get secret test-github-runners-55655b45-listener  -o jsonpath={.data.github_token}|base64 -d|md5sum 
91ff6fda9734754b5fed52613bb15d13  -

Describe the expected behavior

I would expect that if I replace the token in the secret configured in autoscalingrunnerset.spec.githubConfigSecret, the listener pod will eventually run with the new token.

Additional Context

.

Controller Logs

https://gist.github.com/hsmade/9f21b38f9680b7c3a42f690ecb6ddf65

Runner Pod Logs

https://gist.github.com/hsmade/82d14b70299d878322e420c605733760