Add release note for v0.24.0 (#1493)

docs/releasenotes/0.24.md

@@ -0,0 +1,54 @@
+# actions-runner-controller v0.24.0
+
+All changes in this release can be found in the milestone https://github.com/actions-runner-controller/actions-runner-controller/milestone/4
+
+This log documents breaking and major enhancements
+
+## Upgrading
+
+In case you're using our Helm chart to deploy ARC, use the chart 0.19.0 or greater. Don't miss upgrading CRDs as usual! Helm doesn't upgrade CRDs.
+
+## BREAKING CHANGE : Support for `--once` is being dropped
+
+> **Warning**: If you're using ARC's official runer image, make sure to update the image tag to `v2.292.0` BEFORE upgrading ARC
+
+In #1385 we changed ARC to NOT automatically set the feature flag `RUNNER_FEATURE_FLAG_EPHEMERAL=true`. If you're using ARC's official runer image, make sure to update the image tag to `v2.292.0` before upgrading ARC, because that's the first runner image release since we changed the default to `--ephemeral`. If you kept using an older runner image after upgrading ARC, you end up using `--once` which is unreliable and had been deprecated since almost a year ago.
+
+>> **Warning**: If you're using a custom runner image, incorporate changes made in #1384 to your runner image dockerfile
+
+If you're building a custom runner image on your own and it still requires the user to specify `RUNNER_FEATURE_FLAG_EPHEMERAL=true` to use `--ephemeral`, check #1384 and update your custom runner image dockerfile accordingly. Otherwise, you may unexpectedly end up with using `--once` after upgrading ARC, because that was the previous default.
+
+Relevant PR(s): #1384, #1385
+
+## FIX : Prevent runner form stucking in Terminating when the container disappeared
+
+We occasionally heard about runnner pods stuck in Terminating after the node and containers running on it disappeared due to, for example, the machine terminated prematurely.
+
+We now set runner pods' restartPolicy to `Never` and remove runner pods stuck in `Waiting` after restarting, so that the pods are more likely to NOT stuck forever.
+
+Relevant PR(s): #1395, #1420
+
+## ENHANCEMENT : Support arbitrarily setting `privileged: true` for runner container
+
+This is a frequently asked feature that alows you to force `privileged: true` in case you don't need docker but still need privileged tasks to be run in a job step.
+
+In combination with a container runtime like `sysbox` this should enable you to run docker builds within the dind sidecar, all without privileges. See [the discussion related to Sysbox](https://github.com/actions-runner-controller/actions-runner-controller/discussions/977) for more information.
+
+Note that we ARC maintainers still have no bandwidth to provide a complete description on how to make ARC work with `sysbox` yet, but almost certainly we'd welcome contributions to the documentation if you managed to make it work.
+
+Relevant PR(s): #1383
+
+## ENHANCEMENT : RunnerSet can now retain PVs accross restarts
+
+This enhancement makes it more practical to use RunnerSet in combination with `volumeClaimTemplates` to make your workflow jobs faster.
+
+Please see our updated ["Custom Volume Mounts" section in the documentation](https://github.com/actions-runner-controller/actions-runner-controller#custom-volume-mounts) for more information. Currently, we cover caching Docker image layers, go mod/build, and PV-backed runner work directory(Although this one is backed by another feature unrelated to this enhancement under the hood).
+
+Relevant PR(s): #1340
+
+## ENHANCEMENT : OpenSSF scorecard adoption
+
+We assessed the project's security by following OpenSSF scorecard checks and adopting OpenSSF best practices.
+It should help you judge the security throughout ARC's development and release processes.
+
+Relevant PR(s): #1461