Skip to content

Latest commit

 

History

History
142 lines (101 loc) · 5.53 KB

File metadata and controls

142 lines (101 loc) · 5.53 KB

Action runners deployment with prebuilt image

This module shows how to create GitHub action runners using a prebuilt AMI for the runners.

  • Configured to run with org level runners.
  • GitHub runner binary syncer is not deployed.

Usages

Steps for the full setup, such as creating a GitHub app can be found in the root module's README.

Variables

Name Description Type Default Required
ami_filter The amis to search. Use the default for the provided amazon linux image, github-runner-windows-core-2019-* for the provided Windows image string github-runner-amzn2-x86_64-2021* no
github_app_key_base64 The base64 encoded private key you downloaded from GitHub when creating the app string yes
github_app_id The id of the app you created on GitHub string yes
region The target aws region string eu-west-1 no
runner_os The os of the image, either linux or windows string linux no

Lambdas

You can either download the released lambda code or build them locally yourself.

First download the Lambda releases from GitHub. Ensure you have set the version in lambdas-download/main.tf for running the example. The version needs to be set to a GitHub release version, see https://github.com/philips-labs/terraform-aws-github-runner/releases

cd lambdas-download
terraform init
terraform apply
cd ..

Alternatively you can build the lambdas locally with Node or Docker, there is a simple build script in <root>/.ci/build.sh. In the main.tf you need to specify the build location for all of the zip files.

  webhook_lambda_zip                = "../../lambda_output/webhook.zip"
  runner_binaries_syncer_lambda_zip = "../../lambda_output/runner-binaries-syncer.zip"
  runners_lambda_zip                = "../../lambda_output/runners.zip"

GitHub App Configuration

Before running Terraform, ensure the GitHub app is configured. See the configuration details for more details.

Packer Image

You will need to build your image. This example deployment uses the image example in /images/linux-amz2. You must build this image with packer in your AWS account first. Once you have built this you need to provider your owner ID as a variable

Deploy

To use your image in the terraform modules you will need to set some values on the module.

Assuming you have built the linux-amzn2 image which has a pre-defined AMI name in the following format github-runner-amzn2-x86_64-YYYYMMDDhhmm you can use the following values.

module "runners" {
  ...
  # set the name of the ami to use
  ami_filter  = { name = ["github-runner-amzn2-x86_64-2021*"], state = ["available"] }
  # provide the owner id of
  ami_owners        = ["<your owner id>"]

  enable_userdata = false
  ...
}

If your owner is the same as the account you are logging into then you can use aws_caller_identity to retrieve it dynamically.

data "aws_caller_identity" "current" {}

module "runners" {
  ...
  ami_owners       = [data.aws_caller_identity.current.account_id]
  ...
}

You can then deploy the terraform

terraform init
terraform apply

You can receive the webhook details by running:

terraform output -raw webhook_secret

Be aware some shells will print some end of line character %.

Requirements

Name Version
terraform >= 1.3.0
aws ~> 5.2
local ~> 2.0
random ~> 3.0

Providers

Name Version
aws 5.2.0
random 3.5.1

Modules

Name Source Version
base ../base n/a
runners ../../ n/a

Resources

Name Type
random_id.random resource
aws_caller_identity.current data source

Inputs

Name Description Type Default Required
ami_name_filter n/a string "github-runner-amzn2-x86_64-*" no
github_app GitHub for API usages.
object({
id = string
key_base64 = string
})
n/a yes
runner_os n/a string "linux" no

Outputs

Name Description
webhook_endpoint n/a
webhook_secret n/a