feat(ibmcloud): add GitLab runner support for IBM Power (ppc64le) and IBM Z (s390x)

Makefile

@@ -28,8 +28,7 @@ VERSION_VARIABLES := -X $(MODULEPATH)/pkg/manager/context.OCI=$(IMG) \
 	-X $(MODULEPATH)/pkg/integrations/cirrus.version=$(CIRRUS_CLI) \
 	-X $(MODULEPATH)/pkg/integrations/github.runnerVersion=$(GITHUB_RUNNER) \
 	-X $(MODULEPATH)/pkg/integrations/gitlab.version=$(GITLAB_RUNNER) \
-	-X $(MODULEPATH)/pkg/provider/ibmcloud/action/ibm-power.otelColVersion=$(OTELCOL_VERSION) \
-	-X $(MODULEPATH)/pkg/provider/ibmcloud/action/ibm-z.otelColVersion=$(OTELCOL_VERSION)
+	-X $(MODULEPATH)/pkg/integrations/otelcol.version=$(OTELCOL_VERSION)
 LDFLAGS := $(VERSION_VARIABLES) ${GO_EXTRA_LDFLAGS}
 GCFLAGS := all=-N -l
 GOOS := $(shell go env GOOS)

cmd/mapt/cmd/aws/hosts/fedora.go

@@ -57,7 +57,7 @@ func getFedoraCreate() *cobra.Command {
 					DebugLevel:    viper.GetUint(params.DebugLevel),
 					CirrusPWArgs:  params.CirrusPersistentWorkerArgs(),
 					GHRunnerArgs:  params.GithubRunnerArgs(),
-					GLRunnerArgs:  params.GitLabRunnerArgs(),
+					GLRunnerArgs:  params.GitLabRunnerArgs(params.LinuxGitLabArch()),
 					Tags:          viper.GetStringMapString(params.Tags),
 				},
 				&fedora.FedoraArgs{

cmd/mapt/cmd/aws/hosts/mac.go

@@ -48,7 +48,7 @@ func getMacRequest() *cobra.Command {
 					Debug:         viper.IsSet(params.Debug),
 					DebugLevel:    viper.GetUint(params.DebugLevel),
 					GHRunnerArgs:  params.GithubRunnerArgs(),
-					GLRunnerArgs:  params.GitLabRunnerArgs(),
+					GLRunnerArgs:  params.GitLabRunnerArgs(params.LinuxGitLabArch()),
 					Tags:          viper.GetStringMapString(params.Tags),
 				},
 				&mac.MacRequestArgs{

cmd/mapt/cmd/aws/hosts/rhel.go

@@ -53,7 +53,7 @@ func getRHELCreate() *cobra.Command {
 					DebugLevel:    viper.GetUint(params.DebugLevel),
 					CirrusPWArgs:  params.CirrusPersistentWorkerArgs(),
 					GHRunnerArgs:  params.GithubRunnerArgs(),
-					GLRunnerArgs:  params.GitLabRunnerArgs(),
+					GLRunnerArgs:  params.GitLabRunnerArgs(params.LinuxGitLabArch()),
 					Tags:          viper.GetStringMapString(params.Tags),
 				},
 				&rhel.RHELArgs{

cmd/mapt/cmd/aws/hosts/windows.go

@@ -66,7 +66,7 @@ func getWindowsCreate() *cobra.Command {
 					DebugLevel:    viper.GetUint(params.DebugLevel),
 					CirrusPWArgs:  params.CirrusPersistentWorkerArgs(),
 					GHRunnerArgs:  params.GithubRunnerArgs(),
-					GLRunnerArgs:  params.GitLabRunnerArgs(),
+					GLRunnerArgs:  params.GitLabRunnerArgs(params.LinuxGitLabArch()),
 					Tags:          viper.GetStringMapString(params.Tags),
 				},
 				&windows.WindowsServerArgs{

cmd/mapt/cmd/aws/services/mac-pool.go

@@ -174,7 +174,7 @@ func request() *cobra.Command {
 					DebugLevel:    viper.GetUint(params.DebugLevel),
 					CirrusPWArgs:  params.CirrusPersistentWorkerArgs(),
 					GHRunnerArgs:  params.GithubRunnerArgs(),
-					GLRunnerArgs:  params.GitLabRunnerArgs(),
+					GLRunnerArgs:  params.GitLabRunnerArgs(params.LinuxGitLabArch()),
 					Tags:          viper.GetStringMapString(params.Tags),
 				},
 				&macpool.RequestMachineArgs{

cmd/mapt/cmd/azure/hosts/rhel.go

@@ -49,7 +49,7 @@ func getCreateRHEL() *cobra.Command {
 					DebugLevel:    viper.GetUint(params.DebugLevel),
 					CirrusPWArgs:  params.CirrusPersistentWorkerArgs(),
 					GHRunnerArgs:  params.GithubRunnerArgs(),
-					GLRunnerArgs:  params.GitLabRunnerArgs(),
+					GLRunnerArgs:  params.GitLabRunnerArgs(params.LinuxGitLabArch()),
 					Tags:          viper.GetStringMapString(params.Tags),
 				},
 				&azureRHEL.RhelArgs{

cmd/mapt/cmd/azure/hosts/windows.go

@@ -62,7 +62,7 @@ func getCreateWindowsDesktop() *cobra.Command {
 					DebugLevel:    viper.GetUint(params.DebugLevel),
 					CirrusPWArgs:  params.CirrusPersistentWorkerArgs(),
 					GHRunnerArgs:  params.GithubRunnerArgs(),
-					GLRunnerArgs:  params.GitLabRunnerArgs(),
+					GLRunnerArgs:  params.GitLabRunnerArgs(params.LinuxGitLabArch()),
 					Tags:          viper.GetStringMapString(params.Tags),
 				},
 				&azureWindows.WindowsArgs{

cmd/mapt/cmd/ibmcloud/hosts/ibm-power.go

@@ -2,6 +2,7 @@ package hosts
 
 import (
 	"github.com/redhat-developer/mapt/cmd/mapt/cmd/params"
+	"github.com/redhat-developer/mapt/pkg/integrations/gitlab"
 	maptContext "github.com/redhat-developer/mapt/pkg/manager/context"
 	ibmpower "github.com/redhat-developer/mapt/pkg/provider/ibmcloud/action/ibm-power"
 	"github.com/spf13/cobra"
@@ -52,17 +53,24 @@ func ibmPowerCreate() *cobra.Command {
 					DebugLevel:    viper.GetUint(params.DebugLevel),
 					CirrusPWArgs:  params.CirrusPersistentWorkerArgs(),
 					GHRunnerArgs:  params.GithubRunnerArgs(),
+					GLRunnerArgs:  params.GitLabRunnerArgs(&gitlab.Ppc64le),
 					Tags:          viper.GetStringMapString(params.Tags),
 				},
 				&ibmpower.PWArgs{
 					PIPrivateSubnetID: viper.GetString(params.PIPrivateSubnetID),
 					WorkspaceID:       viper.GetString(params.WorkspaceID),
 					VPCPublicSubnetID: viper.GetString(params.VPCPublicSubnetID),
+					Memory:            viper.GetFloat64(params.PIMemory),
+					Processors:        viper.GetFloat64(params.PIProcessors),
+					ProcType:          viper.GetString(params.PIProcType),
+					SysType:           viper.GetString(params.PISysType),
+					StorageType:       viper.GetString(params.PIStorageType),
+					DiskSize:          viper.GetInt(params.PIDiskSize),
 					OtelAppCode:       viper.GetString(params.OtelAppCode),
 					OtelAuthToken:     viper.GetString(params.OtelAuthToken),
 					OtelEndpoint:      viper.GetString(params.OtelEndpoint),
-					OtelIndex:          viper.GetString(params.OtelIndex),
-					OtelExtraAttrs:     viper.GetStringMapString(params.OtelExtraAttrs),
+					OtelIndex:         viper.GetString(params.OtelIndex),
+					OtelExtraAttrs:    viper.GetStringMapString(params.OtelExtraAttrs),
 				})
 		},
 	}
@@ -77,8 +85,16 @@ func ibmPowerCreate() *cobra.Command {
 	flagSet.StringP(params.OtelEndpoint, "", "https://otel-input.corp.redhat.com", params.OtelEndpointDesc)
 	flagSet.StringP(params.OtelIndex, "", "", params.OtelIndexDesc)
 	flagSet.StringToStringP(params.OtelExtraAttrs, "", nil, params.OtelExtraAttrsDesc)
+	flagSet.Float64(params.PIMemory, params.PIMemoryDefault, params.PIMemoryDesc)
+	flagSet.Float64(params.PIProcessors, params.PIProcessorsDefault, params.PIProcessorsDesc)
+	flagSet.String(params.PIProcType, params.PIProcTypeDefault, params.PIProcTypeDesc)
+	flagSet.String(params.PISysType, params.PISysTypeDefault, params.PISysTypeDesc)
+	flagSet.String(params.PIStorageType, params.PIStorageTypeDefault, params.PIStorageTypeDesc)
+	flagSet.Int(params.PIDiskSize, params.PIDiskSizeDefault, params.PIDiskSizeDesc)
 	params.AddGHActionsFlags(flagSet)
 	params.AddCirrusFlags(flagSet)
+	params.AddGitLabRunnerFlags(flagSet)
+	flagSet.Int(params.GlRunnerConcurrent, params.GlRunnerConcurrentPowerDefault, params.GlRunnerConcurrentDesc)
 	c.PersistentFlags().AddFlagSet(flagSet)
 	_ = c.MarkPersistentFlagRequired(params.PIPrivateSubnetID)
 	_ = c.MarkPersistentFlagRequired(params.WorkspaceID)

cmd/mapt/cmd/ibmcloud/hosts/ibm-z.go

@@ -2,6 +2,7 @@ package hosts
 
 import (
 	"github.com/redhat-developer/mapt/cmd/mapt/cmd/params"
+	"github.com/redhat-developer/mapt/pkg/integrations/gitlab"
 	maptContext "github.com/redhat-developer/mapt/pkg/manager/context"
 	ibmz "github.com/redhat-developer/mapt/pkg/provider/ibmcloud/action/ibm-z"
 	"github.com/spf13/cobra"
@@ -52,14 +53,17 @@ func ibmZCreate() *cobra.Command {
 					DebugLevel:    viper.GetUint(params.DebugLevel),
 					CirrusPWArgs:  params.CirrusPersistentWorkerArgs(),
 					GHRunnerArgs:  params.GithubRunnerArgs(),
+					GLRunnerArgs:  params.GitLabRunnerArgs(&gitlab.S390x),
 					Tags:          viper.GetStringMapString(params.Tags),
 				},
 				&ibmz.ZArgs{
 					SubnetID:      viper.GetString(params.SubnetID),
+					Profile:       viper.GetString(params.IZProfile),
+					DiskSize:      viper.GetInt(params.IZDiskSize),
 					OtelAppCode:   viper.GetString(params.OtelAppCode),
 					OtelAuthToken: viper.GetString(params.OtelAuthToken),
 					OtelEndpoint:  viper.GetString(params.OtelEndpoint),
-					OtelIndex:      viper.GetString(params.OtelIndex),
+					OtelIndex:     viper.GetString(params.OtelIndex),
 					OtelExtraAttrs: viper.GetStringMapString(params.OtelExtraAttrs),
 				})
 		},
@@ -73,8 +77,12 @@ func ibmZCreate() *cobra.Command {
 	flagSet.StringP(params.OtelEndpoint, "", "https://otel-input.corp.redhat.com", params.OtelEndpointDesc)
 	flagSet.StringP(params.OtelIndex, "", "", params.OtelIndexDesc)
 	flagSet.StringToStringP(params.OtelExtraAttrs, "", nil, params.OtelExtraAttrsDesc)
+	flagSet.String(params.IZProfile, params.IZProfileDefault, params.IZProfileDesc)
+	flagSet.Int(params.IZDiskSize, params.IZDiskSizeDefault, params.IZDiskSizeDesc)
 	params.AddGHActionsFlags(flagSet)
 	params.AddCirrusFlags(flagSet)
+	params.AddGitLabRunnerFlags(flagSet)
+	flagSet.Int(params.GlRunnerConcurrent, params.GlRunnerConcurrentS390xDefault, params.GlRunnerConcurrentDesc)
 	c.PersistentFlags().AddFlagSet(flagSet)
 	return c
 }

cmd/mapt/cmd/params/params.go

@@ -7,6 +7,7 @@ import (
 	cr "github.com/redhat-developer/mapt/pkg/provider/api/compute-request"
 	spotTypes "github.com/redhat-developer/mapt/pkg/provider/api/spot"
 	"github.com/redhat-developer/mapt/pkg/util"
+	"github.com/redhat-developer/mapt/pkg/util/logging"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
 )
@@ -82,7 +83,7 @@ const (
 	cirrusPWLabelsDesc string = "additional labels to use on the persistent worker (--it-cirrus-pw-labels key1=value1,key2=value2)"
 
 	glRunnerToken         string = "glrunner-token"
-	glRunnerTokenDesc     string = "GitLab Personal Access Token with api scope"
+	glRunnerTokenDesc     string = "GitLab token with create_runner scope (personal access token, group/project access token, or service account token)"
 	glRunnerProjectID     string = "glrunner-project-id"
 	glRunnerProjectIDDesc string = "GitLab project ID for project runner registration"
 	glRunnerGroupID       string = "glrunner-group-id"
@@ -92,6 +93,13 @@ const (
 	glRunnerURLDefault    string = "https://gitlab.com"
 	glRunnerTags          string = "glrunner-tags"
 	glRunnerTagsDesc      string = "List of tags separated by comma to be added to the self-hosted runner"
+	glRunnerUnsecure string = "glrunner-unsecure"
+	glRunnerUnsecureDesc string = "when set, the runner service runs as the default OS user instead of a dedicated system account; by default a locked-down gitlab-runner system user is created"
+
+	GlRunnerConcurrent             string = "glrunner-concurrent"
+	GlRunnerConcurrentDesc         string = "maximum number of jobs the runner executes concurrently"
+	GlRunnerConcurrentPowerDefault int    = 2
+	GlRunnerConcurrentS390xDefault int    = 3
 
 	//RHEL
 	SubsUsername              string = "rh-subscription-username"
@@ -134,6 +142,34 @@ const (
 	VPCPublicSubnetID     string = "vpc-public-subnet-id"
 	VPCPublicSubnetIDDesc string = "ID of an existing VPC subnet (with public gateway, connected to Transit Gateway) for the SSH bastion"
 
+	// IBM Power instance sizing
+	PIMemory             string  = "pi-memory"
+	PIMemoryDesc         string  = "PowerVS instance memory in GB"
+	PIMemoryDefault      float64 = 96.0
+	PIProcessors         string  = "pi-processors"
+	PIProcessorsDesc     string  = "PowerVS instance processor count (shared cores)"
+	PIProcessorsDefault  float64 = 24.0
+	PIProcType           string  = "pi-proc-type"
+	PIProcTypeDesc       string  = "PowerVS processor type (shared, dedicated, capped)"
+	PIProcTypeDefault    string  = "shared"
+	PISysType            string  = "pi-sys-type"
+	PISysTypeDesc        string  = "PowerVS system type (s922, s1022, e880, e980)"
+	PISysTypeDefault     string  = "s1022"
+	PIStorageType        string  = "pi-storage-type"
+	PIStorageTypeDesc    string  = "PowerVS storage tier for instance and data volume (tier1, tier3)"
+	PIStorageTypeDefault string  = "tier1"
+	PIDiskSize           string  = "pi-disk-size"
+	PIDiskSizeDesc       string  = "data volume size in GB attached to the PowerVS instance"
+	PIDiskSizeDefault    int     = 300
+
+	// IBM Z instance sizing
+	IZProfile         string = "iz-profile"
+	IZProfileDesc     string = "IBM Z VPC instance profile name"
+	IZProfileDefault  string = "mz2-16x128"
+	IZDiskSize        string = "iz-disk-size"
+	IZDiskSizeDesc    string = "boot volume size in GB for the IBM Z instance (10-250 for general-purpose profile)"
+	IZDiskSizeDefault int    = 250
+
 	OtelAppCode       string = "otel-app-code"
 	OtelAppCodeDesc   string = "OpenTelemetry appcode identifier (e.g. MAPT-001); when set together with --otel-auth-token, installs the otelcol-contrib filelog collector on the instance"
 	OtelAuthToken     string = "otel-auth-token"
@@ -269,8 +305,10 @@ func AddGitLabRunnerFlags(fs *pflag.FlagSet) {
 	fs.StringP(glRunnerGroupID, "", "", glRunnerGroupIDDesc)
 	fs.StringP(glRunnerURL, "", glRunnerURLDefault, glRunnerURLDesc)
 	fs.StringSlice(glRunnerTags, nil, glRunnerTagsDesc)
+	fs.Bool(glRunnerUnsecure, false, glRunnerUnsecureDesc)
 }
 
+
 func CirrusPersistentWorkerArgs() *cirrus.PersistentWorkerArgs {
 	if viper.IsSet(cirrusPWToken) {
 		return &cirrus.PersistentWorkerArgs{
@@ -284,21 +322,31 @@ func CirrusPersistentWorkerArgs() *cirrus.PersistentWorkerArgs {
 	return nil
 }
 
-func GitLabRunnerArgs() *gitlab.GitLabRunnerArgs {
+func GitLabRunnerArgs(arch *gitlab.Arch) *gitlab.GitLabRunnerArgs {
 	if viper.IsSet(glRunnerToken) {
+		if viper.IsSet(glRunnerProjectID) && viper.IsSet(glRunnerGroupID) {
+			logging.Error("--glrunner-project-id and --glrunner-group-id are mutually exclusive; ignoring GitLab runner configuration")
+			return nil
+		}
 		return &gitlab.GitLabRunnerArgs{
-			GitLabPAT: viper.GetString(glRunnerToken),
-			ProjectID: viper.GetString(glRunnerProjectID),
-			GroupID:   viper.GetString(glRunnerGroupID),
-			URL:       viper.GetString(glRunnerURL),
-			Tags:      viper.GetStringSlice(glRunnerTags),
-			Platform:  &gitlab.Linux,
-			Arch:      linuxArchAsGitLabArch(viper.GetString(LinuxArch)),
+			GitLabToken: viper.GetString(glRunnerToken),
+			ProjectID:   viper.GetString(glRunnerProjectID),
+			GroupID:     viper.GetString(glRunnerGroupID),
+			URL:         viper.GetString(glRunnerURL),
+			Tags:        viper.GetStringSlice(glRunnerTags),
+			Platform:    &gitlab.Linux,
+			Arch:        arch,
+			Unsecure:    viper.GetBool(glRunnerUnsecure),
+			Concurrent:  viper.GetInt(GlRunnerConcurrent),
 		}
 	}
 	return nil
 }
 
+func LinuxGitLabArch() *gitlab.Arch {
+	return linuxArchAsGitLabArch(viper.GetString(LinuxArch))
+}
+
 func linuxArchAsCirrusArch(arch string) *cirrus.Arch {
 	switch arch {
 	case "x86_64":
@@ -338,3 +386,4 @@ func MACArchAsGitLabArch(arch string) *gitlab.Arch {
 	}
 	return &gitlab.Arm64
 }
+

go.mod

@@ -42,7 +42,7 @@ require (
 	github.com/pulumi/pulumi-azure-native-sdk/network/v3 v3.18.0
 	github.com/pulumi/pulumi-azure-native-sdk/resources/v3 v3.18.0
 	github.com/pulumi/pulumi-azure-native-sdk/storage/v3 v3.18.0
-	github.com/pulumi/pulumi-gitlab/sdk/v8 v8.11.0
+	github.com/pulumi/pulumi-gitlab/sdk/v9 v9.11.0
 	github.com/pulumi/pulumi-tls/sdk/v5 v5.5.0
 	golang.org/x/exp v0.0.0-20260508232706-74f9aab9d74a
 	k8s.io/apimachinery v0.36.1

go.sum

@@ -436,8 +436,8 @@ github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.17 h1:XSz9LZ4Q0267
 github.com/pulumi/pulumi-docker-build/sdk/go/dockerbuild v0.0.17/go.mod h1:QgbLZb1Cd1yiX9GsIaZCRuFL/0ortNfUgsp/vx5YTws=
 github.com/pulumi/pulumi-docker/sdk/v4 v4.11.2 h1:mc9IbrRi1pWSg9HWEFT6EcQ274WnZ97nyP2pmUEvSp4=
 github.com/pulumi/pulumi-docker/sdk/v4 v4.11.2/go.mod h1:gPNbbz+ywFqnRRQMDxQQbMp4nXJIk43QBUj0N+xWXbw=
-github.com/pulumi/pulumi-gitlab/sdk/v8 v8.11.0 h1:nR406lhXeltZVfLXH8E4J5JetflNZePBgXz2eyHT7RM=
-github.com/pulumi/pulumi-gitlab/sdk/v8 v8.11.0/go.mod h1:TU9R5gbZHqe1iJ054UW3ygPU8PxQcOi4J2n/YsnTviE=
+github.com/pulumi/pulumi-gitlab/sdk/v9 v9.11.0 h1:XAcIDBAILoK5ZsiBagl+CnWEhquFPcZoJRwzXk4CyJ8=
+github.com/pulumi/pulumi-gitlab/sdk/v9 v9.11.0/go.mod h1:CyyVZdQV+98BE3LSo5Gz8nzteNVnHaOsBZeMpzVZwZQ=
 github.com/pulumi/pulumi-kubernetes/sdk/v4 v4.31.1 h1:Hg9RK9zqIU9kFbD5KeiON06gPP7cLgS68jvsgMBmPgw=
 github.com/pulumi/pulumi-kubernetes/sdk/v4 v4.31.1/go.mod h1:BAWI9R3JEEGOp1JlXLPSZKwBGANSrPGUWKtMnS5w5qw=
 github.com/pulumi/pulumi-random/sdk/v4 v4.21.0 h1:j6LtoXue77y16trYOR40iqCUxXxv8TnxvOCOP/a0zVI=

pkg/integrations/gitlab/glrunner.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"strconv"
 
-	"github.com/pulumi/pulumi-gitlab/sdk/v8/go/gitlab"
+	"github.com/pulumi/pulumi-gitlab/sdk/v9/go/gitlab"
 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 	"github.com/redhat-developer/mapt/pkg/integrations"
 	"github.com/redhat-developer/mapt/pkg/util"
@@ -44,10 +44,12 @@ func (args *GitLabRunnerArgs) GetUserDataValues() *integrations.UserDataValues {
 		return nil
 	}
 	return &integrations.UserDataValues{
-		Name:    args.Name,
-		Token:   args.AuthToken, // Use auth token (set by Pulumi during deployment)
-		CliURL:  downloadURL(),
-		RepoURL: args.URL,
+		Name:       args.Name,
+		Token:      args.AuthToken, // Use auth token (set by Pulumi during deployment)
+		CliURL:     downloadURL(),
+		RepoURL:    args.URL,
+		Unsecure:   args.Unsecure,
+		Concurrent: args.Concurrent,
 	}
 }
 
@@ -147,7 +149,7 @@ func CreateRunner(ctx *pulumi.Context, args *GitLabRunnerArgs) (pulumi.StringOut
 
 	// Configure GitLab provider with PAT
 	provider, err := gitlab.NewProvider(ctx, "gitlab-provider", &gitlab.ProviderArgs{
-		Token:   pulumi.String(args.GitLabPAT),
+		Token:   pulumi.String(args.GitLabToken),
 		BaseUrl: pulumi.String(args.URL),
 	})
 	if err != nil {

pkg/integrations/gitlab/snippet-linux.sh

@@ -8,17 +8,38 @@ chmod +x /tmp/gitlab-runner
 # Move to trusted path
 sudo mv /tmp/gitlab-runner /usr/bin/gitlab-runner
 
-# Fix SELinux context
-sudo restorecon -v /usr/bin/gitlab-runner
+# Fix SELinux context (no-op on non-SELinux systems)
+sudo restorecon -v /usr/bin/gitlab-runner 2>/dev/null || true
 
-# Register runner
+# Enable Podman socket so the docker executor can reach it
+sudo systemctl enable --now podman.socket
+
+# Register runner using docker executor backed by Podman
 sudo gitlab-runner register \
   --non-interactive \
   --url "{{ .RepoURL }}" \
   --token "{{ .Token }}" \
-  --executor "shell"
+  --executor "docker" \
+  --docker-image "fedora:latest" \
+  --docker-host "unix:///run/podman/podman.sock"
+
+{{- if not .Unsecure}}
+# Create a dedicated system user for running CI jobs
+sudo useradd --system \
+  --shell /bin/bash \
+  --create-home \
+  --home-dir /home/gitlab-runner \
+  gitlab-runner
+
+RUNNER_USER=gitlab-runner
+{{- else}}
+RUNNER_USER={{ .User }}
+{{- end}}
 
 # Install and start as service
-sudo gitlab-runner install --user={{ .User }}
+sudo gitlab-runner install --user="${RUNNER_USER}"
+{{- if .Concurrent}}
+sudo sed -i "s/^concurrent = .*/concurrent = {{.Concurrent}}/" /etc/gitlab-runner/config.toml
+{{- end}}
 sudo systemctl daemon-reload
 sudo systemctl enable --now gitlab-runner