Skip to content

Commit

Permalink
feat(github-runner): add terraform for github runner
Browse files Browse the repository at this point in the history 
Signed-off-by: Bruce Becker <[email protected]>
  • Loading branch information
@brucellino
brucellino committed Oct 21, 2023
1 parent 430446d commit fb61b5c
Show file tree
Hide file tree
Showing 4 changed files with 325 additions and 0 deletions.
84 changes: 84 additions & 0 deletions github-runner/.terraform.lock.hcl
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

69 changes: 69 additions & 0 deletions github-runner/github-runner.nomad
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
variable "runner_version" {
description = "Version to use for the github runner.\nSee https://github.com/actions/runner/releases/"
default = "2.310.2"
type = string
}

variable "github_org" {
description = "Name of the github org we attach the runner to"
default = "SouthAfricaDigitalScience"
type = string
}

variable "token" {
description = "Github Personal Access Token"
default = "AAQEOZFGCRNN2DT7DBTYXMTEGKUB2"
type = string
}
job "github-runner" {
datacenters = ["dc1"]
group "main" {
task "configure" {
driver = "exec"
artifact {
source = "https://github.com/actions/runner/releases/download/v${var.runner_version}/actions-runner-linux-${attr.cpu.arch}-${var.runner_version}.tar.gz"
}
lifecycle {
hook = "prestart"
sidecar = false
}
config {
command = "/bin/bash"
args = [
"local/config.sh",
"--unattended",
"--url https://github.com/${var.github_org}",
"--token ${var.token}",
"--labels test"
]
}
}
task "run" {
env {
RUNNER_CFG_PAT = var.token
}
driver = "exec"
config {
command = "/bin/bash"
args = [
"local/run.sh"
]
}
}
task "remove" {
lifecycle {
hook = "poststop"
sidecar = false
}
driver = "exec"
config {
command = "config.sh"
args = [
"remove",
"--token",
var.token
]
}
}
}
}
60 changes: 60 additions & 0 deletions github-runner/github-runner.nomad.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
variable "runner_version" {
description = "Version to use for the github runner.\nSee https://github.com/actions/runner/releases/"
default = "2.303.0"
type = string
}

// variable "github_org" {
// description = "Name of the github org we attach the runner to"
// default = "SouthAfricaDigitalScience"
// type = string
// }
job "github-runner" {
datacenters = ["dc1"]
group "main" {
task "dependencies" {
driver = "exec"
artifact {
source = "https://github.com/actions/runner/releases/download/v${runner_version}/actions-runner-linux-arm64-${runner_version}.tar.gz"
}
config {
command = "./bin/installdependencies.sh"
args = []
}
}
task "launch" {
env {
RUNNER_CFG_PAT = "${token}"
}
driver = "exec"
artifact {
source = "https://github.com/actions/runner/releases/download/v${runner_version}/actions-runner-linux-arm64-${runner_version}.tar.gz"
}
config {
command = "config.sh"
args = [
"config.sh",
"--unattended",
"--url", "https://github.com/${org_name}",
"--token", "${token}",
"--labels", "test"
]
}
}
task "remove" {
lifecycle {
hook = "poststop"
sidecar = false
}
driver = "exec"
config {
command = "config.sh"
args = [
"remove",
"--token",
"${token}"
]
}
}
}
}
112 changes: 112 additions & 0 deletions github-runner/main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
terraform {
backend "consul" {
scheme = "http"
path = "terraform/personal/github-runners"
}
required_providers {
vault = {
source = "hashicorp/vault"
version = "~> 3.0"
}
github = {
source = "integrations/github"
version = "~> 5.0"
}
http = {
source = "hashicorp/http"
version = "~> 3.0"
}
nomad = {
source = "hashicorp/nomad"
version = "~> 2.0"
}
}
}

variable "org_name" {
description = "Name of the Github organisation"
default = "SouthAfricaDigitalScience"
sensitive = false
type = string
}

provider "vault" {
address = "http://sense:8200"
}

provider "nomad" {}

data "vault_kv_secret_v2" "name" {
mount = "kv"
name = "github"
}

provider "github" {
token = data.vault_kv_secret_v2.name.data.personal
}

data "github_organization" "sads" {
name = var.org_name
}

locals {
runners_api_url = "https://api.github.com/orgs/${var.org_name}/actions/runners"
headers = {
"Accept" = "application/vnd.github+json"
"Authorization" = "Bearer ${data.vault_kv_secret_v2.name.data.personal}"
"X-GitHub-Api-Version" = "2022-11-28"
}
}

provider "http" {}

data "http" "runners" {
url = local.runners_api_url
request_headers = local.headers
lifecycle {
postcondition {
condition = contains([200], self.status_code)
error_message = "Error"
}
}
}

data "http" "runner_reg_token" {
url = "${local.runners_api_url}/registration-token"
request_headers = local.headers
method = "POST"
lifecycle {
postcondition {
condition = contains([201, 204], self.status_code)
error_message = tostring(self.response_body)
}
}
}

resource "vault_kv_secret_v2" "runner_registration_token" {
mount = "kv"
name = "github_runner"
# cas = 1
# delete_all_versions = true
data_json = data.http.runner_reg_token.response_body
custom_metadata {
data = {
created_by = "Terraform"
}
}
}

resource "nomad_job" "runner" {
jobspec = templatefile("github-runner.nomad.tpl", {
token = jsondecode(vault_kv_secret_v2.runner_registration_token.data_json).token,
runner_version = "2.310.2",
org_name = var.org_name
})
}

resource "github_actions_runner_group" "arm64" {
allows_public_repositories = false
name = "hashi-at-home"
visibility = "private"
# default = false
}

0 comments on commit fb61b5c

Please sign in to comment.