Skip to content

Commit

Permalink
Merge pull request #166 from danielefranceschi/main
Browse files Browse the repository at this point in the history
support for enterprise self-hosted runners
  • Loading branch information
MonolithProjects authored Aug 18, 2023
2 parents a4c37f3 + ac3137e commit d6844c6
Show file tree
Hide file tree
Showing 10 changed files with 157 additions and 111 deletions.
1 change: 1 addition & 0 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on:
push:
branches:
- master
- main

jobs:
lint:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
pull_request:
branches:
- master
- main
types: [opened, synchronize, reopened]
paths:
- 'defaults/**'
Expand Down
40 changes: 20 additions & 20 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.0.1
hooks:
- id: check-yaml
args: [--allow-multiple-documents]
- id: end-of-file-fixer
- id: trailing-whitespace
args: [--markdown-linebreak-ext=md]
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.0.1
hooks:
- id: check-yaml
args: [--allow-multiple-documents]
- id: end-of-file-fixer
- id: trailing-whitespace
args: [--markdown-linebreak-ext=md]

- repo: https://github.com/adrienverge/yamllint
rev: v1.26.3
hooks:
- id: yamllint
args: [-c=.yamllint]
- repo: https://github.com/adrienverge/yamllint
rev: v1.26.3
hooks:
- id: yamllint
args: [-c=.yamllint]

- repo: https://github.com/robertdebock/pre-commit
rev: v1.2.3
hooks:
- id: ansible_role_find_unused_variable
- id: ansible_role_find_empty_files
- id: ansible_role_find_empty_directories
- id: ansible_role_fix_readability
- repo: https://github.com/robertdebock/pre-commit
rev: v1.2.3
hooks:
- id: ansible_role_find_unused_variable
- id: ansible_role_find_empty_files
- id: ansible_role_find_empty_directories
- id: ansible_role_fix_readability
24 changes: 21 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@


This role will deploy/redeploy/uninstall and register/unregister local GitHub Actions Runner on Linux and macOS Systems (see [compatibility list](#supported-operating-systems) ).
It supports both, Organization and Repository Runners.
It supports Enterprise, Organization and Repository Runners.

## Requirements

Expand All @@ -18,7 +18,8 @@ It supports both, Organization and Repository Runners.
* The role require Personal Access Token to access the GitHub. The token can be set as `PERSONAL_ACCESS_TOKEN` environment variable.

> **Note**
> The token must have the `repo` scope (when creating a repo runner) or the `admin:org` scope (when creating a runner for an organization).
> The token must have the `repo` scope (when creating a repo runner), the `admin:org` scope (when creating a runner for an organization),
> the `manage_runners:enterprise` scope (when creating a enterprise runner).
Personal Access Token for GitHub account can be created [here](https://github.com/settings/tokens).

> **Warning**
Expand Down Expand Up @@ -112,6 +113,9 @@ runner_name: "{{ ansible_hostname }}"
# Github repository name
# github_repo: "yourrepo"

# GitHub Enterprise name
# github_enterprise: "yourenterprise"

# Configuring a custom .env file
# custom_env: |
# http_proxy=YOUR_URL_HERE
Expand All @@ -122,7 +126,7 @@ runner_name: "{{ ansible_hostname }}"
# HTTP_PROXY=
```

## Example Playbook
## Example Playbooks

In this example the Ansible role will install (or update) the GitHub Actions Runner service (latest available version). The runner will be registered for *my_awesome_repo* GitHub repo.
Runner service will be stated and will run under the same user as the Ansible is using for ssh connection (*ansible*).
Expand Down Expand Up @@ -156,6 +160,20 @@ Same example as above, but runner will be added to an organization and deployed
- role: monolithprojects.github_actions_runner
```
If you have a Github Enterprise Cloud license and you want to manage all the self-hosted runners from the enterprise:
```yaml
---
- name: Install GitHub Actions Runner
hosts: all
user: automation
become: yes
vars:
- github_enterprise: my_awesome_enterprise
- runner_org: no
roles:
- role: monolithprojects.github_actions_runner
```
In this example the Ansible role will deploy (or update) the GitHub Actions runner service (version 2.165.2) and register the runner for the GitHub repo. Runner service will run under the user `runner-user`. Runner will be registered with two labels.
The runner service will be *stopped* and disabled. Runner will use custom environment variables (from file named `.env` in the self-hosted runner application directory).

Expand Down
9 changes: 6 additions & 3 deletions defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@ runner_version: "latest"
runner_state: "started"

# If found on the server, delete already existing runner service and install it again
reinstall_runner: no
reinstall_runner: false

# Do not show Ansible logs which may contain sensitive data (registration token)
hide_sensitive_logs: yes
hide_sensitive_logs: true

# GitHub address
github_url: "https://github.com"
Expand All @@ -27,7 +27,7 @@ github_api_url: "https://api.github.com"
access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"

# Is it the runner for organization or not?
runner_org: no
runner_org: false

# Labels to apply to the runner
runner_labels: []
Expand All @@ -54,6 +54,9 @@ runner_name: "{{ ansible_hostname }}"
# Github repository name
# github_repo: "yourrepo"

# GitHub Enterprise name
# github_enterprise: "yourenterprise"

# Configuring a custom .env file
# custom_env: |
# http_proxy=YOUR_URL_HERE
Expand Down
4 changes: 3 additions & 1 deletion tasks/assert.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
- github_account is defined
fail_msg: "github_account is not defined"
run_once: true
when: not github_enterprise

- name: Check access_token variable (RUN ONCE)
ansible.builtin.assert:
Expand All @@ -20,6 +21,7 @@
- runner_org | bool == True or runner_org == False
fail_msg: "runner_org should be a boolean value"
run_once: true
when: not github_enterprise

- name: Check github_repo variable (RUN ONCE)
ansible.builtin.assert:
Expand All @@ -28,4 +30,4 @@
- github_repo | length > 0
fail_msg: "github_repo was not found or is using an invalid format."
run_once: true
when: not runner_org
when: not runner_org and not github_enterprise
125 changes: 65 additions & 60 deletions tasks/collect_info.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,71 +2,76 @@
- name: Info collections
check_mode: false
block:
- name: Set complete API url for repo runner
ansible.builtin.set_fact:
github_full_api_url: "{{ github_api_url }}/repos/{{ github_owner | default(github_account) }}/{{ github_repo }}/actions/runners"
when: not runner_org
- name: Set complete API url for repo runner
ansible.builtin.set_fact:
github_full_api_url: "{{ github_api_url }}/repos/{{ github_owner | default(github_account) }}/{{ github_repo }}/actions/runners"
when: not runner_org and not github_enterprise

- name: Set complete API url for org runner
ansible.builtin.set_fact:
github_full_api_url: "{{ github_api_url }}/orgs/{{ github_owner | default(github_account) }}/actions/runners"
when: runner_org | bool
- name: Set complete API url for org runner
ansible.builtin.set_fact:
github_full_api_url: "{{ github_api_url }}/orgs/{{ github_owner | default(github_account) }}/actions/runners"
when: runner_org | bool and not github_enterprise

- name: Get registration token (RUN ONCE)
ansible.builtin.uri:
url: "{{ github_full_api_url }}/registration-token"
headers:
Authorization: "token {{ access_token }}"
Accept: "application/vnd.github.v3+json"
method: POST
status_code: 201
force_basic_auth: yes
register: registration
run_once: true
- name: Set complete API url for enterprise runner
ansible.builtin.set_fact:
github_full_api_url: "{{ github_api_url }}/enterprises/{{ github_enterprise }}/actions/runners"
when: github_enterprise

- name: Check currently registered runners for repo (RUN ONCE)
ansible.builtin.uri:
url: "{{ github_full_api_url }}"
headers:
Authorization: "token {{ access_token }}"
Accept: "application/vnd.github.v3+json"
method: GET
status_code: 200
force_basic_auth: yes
register: registered_runners
run_once: true
- name: Get registration token (RUN ONCE)
ansible.builtin.uri:
url: "{{ github_full_api_url }}/registration-token"
headers:
Authorization: "token {{ access_token }}"
Accept: "application/vnd.github.v3+json"
method: POST
status_code: 201
force_basic_auth: true
register: registration
run_once: true

- name: Get Runner User IDs
ansible.builtin.command: id -u "{{ runner_user }}"
changed_when: false
register: runner_user_id
- name: Check currently registered runners (RUN ONCE)
ansible.builtin.uri:
url: "{{ github_full_api_url }}"
headers:
Authorization: "token {{ access_token }}"
Accept: "application/vnd.github.v3+json"
method: GET
status_code: 200
force_basic_auth: true
register: registered_runners
run_once: true

- name: Get Runner Group IDs
ansible.builtin.command: id -g "{{ runner_user }}"
changed_when: false
register: runner_user_group_id
- name: Get Runner User IDs
ansible.builtin.command: id -u "{{ runner_user }}"
changed_when: false
register: runner_user_id

- name: Set runner_system variable
ansible.builtin.set_fact:
runner_system: "{{ 'osx' if ansible_system == 'Darwin' else 'linux' }}"
- name: Get Runner Group IDs
ansible.builtin.command: id -g "{{ runner_user }}"
changed_when: false
register: runner_user_group_id

- name: Find the latest runner version (RUN ONCE)
ansible.builtin.uri:
url: "https://api.github.com/repos/{{ runner_download_repository }}/releases/latest"
headers:
Content-Type: "application/json"
method: GET
return_content: yes
status_code: 200
body_format: json
check_mode: false
register: api_response
run_once: true
become: false
delegate_to: localhost
when: runner_version == "latest"
- name: Set runner_system variable
ansible.builtin.set_fact:
runner_system: "{{ 'osx' if ansible_system == 'Darwin' else 'linux' }}"

- name: Get systemd service facts
ansible.builtin.service_facts:
register: service_facts
when: ansible_system == "Linux"
- name: Find the latest runner version (RUN ONCE)
ansible.builtin.uri:
url: "https://api.github.com/repos/{{ runner_download_repository }}/releases/latest"
headers:
Content-Type: "application/json"
method: GET
return_content: true
status_code: 200
body_format: json
check_mode: false
register: api_response
run_once: true
become: false
delegate_to: localhost
when: runner_version == "latest"

- name: Get systemd service facts
ansible.builtin.service_facts:
register: service_facts
when: ansible_system == "Linux"
18 changes: 9 additions & 9 deletions tasks/install_deps.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
- libssl1.1
- libicu57
state: present
update_cache: yes
update_cache: true
when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "9")

- name: Install dependencies on Debian Buster
Expand All @@ -23,7 +23,7 @@
- libssl1.1
- libicu63
state: present
update_cache: yes
update_cache: true
when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "10")

- name: Install dependencies on Debian Bullseye
Expand All @@ -36,7 +36,7 @@
- libssl1.1
- libicu67
state: present
update_cache: yes
update_cache: true
when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "11")

- name: Install dependencies on Debian Bookworm
Expand All @@ -49,7 +49,7 @@
- libssl3
- libicu72
state: present
update_cache: yes
update_cache: true
when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "12")

- name: Install dependencies on Ubuntu Xenial systems
Expand All @@ -62,7 +62,7 @@
- libssl1.0.0
- libicu55
state: present
update_cache: yes
update_cache: true
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "16")

- name: Install dependencies on Ubuntu Bionic systems
Expand All @@ -75,7 +75,7 @@
- libssl1.1
- libicu60
state: present
update_cache: yes
update_cache: true
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "18")

- name: Install dependencies on Ubuntu Focal systems
Expand All @@ -88,7 +88,7 @@
- libssl1.1
- libicu66
state: present
update_cache: yes
update_cache: true
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "20")

- name: Install dependencies on Ubuntu Jammy systems
Expand All @@ -100,7 +100,7 @@
- zlib1g
- libicu70
state: present
update_cache: yes
update_cache: true
when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "22")

- name: Install dependencies on RHEL/CentOS/Fedora systems
Expand All @@ -112,7 +112,7 @@
- zlib
- libicu
state: present
update_cache: yes
update_cache: true
when: (ansible_distribution == "RedHat") or
(ansible_distribution == "CentOS") or
(ansible_distribution == "Fedora") or
Expand Down
Loading

0 comments on commit d6844c6

Please sign in to comment.