安全审计>> ansible-github_actions_runner>> 返回
项目作者: MonolithProjects

项目描述 :
Ansible Role to deploy GitHub Actions self-hosted runner
高级语言: HTML
项目地址: git://github.com/MonolithProjects/ansible-github_actions_runner.git
创建时间: 2020-02-16T18:39:19Z
项目社区:https://github.com/MonolithProjects/ansible-github_actions_runner
开源协议:MIT License
下载


GitHub Actions Runner

awesome-runners
Role version
Role downloads
Molecule test
License

This role will deploy/redeploy/uninstall and register/unregister local GitHub Actions Runner on Linux and macOS Systems (see compatibility list ).
It supports Enterprise, Organization and Repository Runners.

[!IMPORTANT]
My Galaxy account is currently broken. Please use Github for installation source.

CLI:

  1. ansible-galaxy role install git+https://github.com/MonolithProjects/ansible-github_actions_runner.git,1.21.1

requirements.yml: 

  1. roles:
  2.  - name: monolithprojects.github_actions_runner
  3.    version: 1.21.1
  4.    src: https://github.com/MonolithProjects/ansible-github_actions_runner

Requirements

  • System must have access to the GitHub API.

  • The role require Personal Access Token to access the GitHub. The token can be set as PERSONAL_ACCESS_TOKEN environment variable.

Note
The token must have the repo scope (when creating a repo runner), the admin:org scope (when creating a runner for an organization),
the manage_runners:enterprise scope (when creating a enterprise runner).
Personal Access Token for GitHub account can be created here.

Warning
Never store you personal access token in the GitHub repository. Use GitHub Secrets or some different secrets service.

  • Runner user has to be pre-created.
    Recommended role: monolithprojects.user_management

  • CentOS systems require EPEL repository.
    Recommended role: robertdebock.epel

Supported CPU architecture

  • ARM, ARM64 (dependencies installation is not covered by this role)
  • AMD64, x86_64

Supported Operating Systems

  • Red Hat Enterprise Linux 7+
  • CentOS 7+
  • Rocky Linux 8+
  • Fedora 29+
  • Debian 9+
  • Ubuntu 18.04+
  • MacOS High Sierra +
  • Windows

Weekly tested on:

  • Debian 11
  • Fedora 39
  • Rocky Linux 9
  • Ubuntu 20,22

Role Variables

This is a copy from defaults/main.yml

  1. ---
  2. # Runner user - user under which is the local runner service running
  3. runner_user: "{{ lookup('env', 'USER') }}"
  5. # Directory where the local runner will be installed
  6. runner_dir: "{{ 'C:\\actions-runner' if ansible_facts.system == 'Win32NT' else '/opt/actions-runner' }}"
  8. # Version of the GitHub Actions Runner
  9. runner_version: "latest"
  11. # State in which the runner service will be after the role is done (started, stopped, absent)
  12. runner_state: "started"
  14. # If found on the server, delete already existing runner service and install it again
  15. reinstall_runner: false
  17. # Do not show Ansible logs which may contain sensitive data (registration token)
  18. hide_sensitive_logs: true
  20. # GitHub address
  21. github_url: "https://github.com"
  23. # GitHub API
  24. github_api_url: "https://api.github.com"
  26. # Number of runners to list per page
  27. github_api_runners_per_page: 100
  29. # Personal Access Token for your GitHub account
  30. access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
  32. # Is it the runner for organization or not?
  33. runner_org: false
  35. # Labels to apply to the runner
  36. runner_labels: []
  38. # Group to add organization runner to
  39. runner_group: ""
  41. # GitHub Actions Runner repository (change it if you want to use custom Actions Runner fork)
  42. runner_download_repository: "actions/runner"
  44. # Extra arguments to pass to `config.sh`.
  45. # Several arguments must be set as one string (i.e. "--ephemeral --my_special_fork")
  46. runner_extra_config_args: ""
  48. # Name to assign to this runner in GitHub (System hostname as default)
  49. runner_name: "{{ ansible_facts.hostname }}"
  51. # Set to false when provisioning runners for more than one repository within single play
  52. all_runners_in_same_repo: true
  54. # GitHub Repository user or Organization owner used for Runner registration
  55. # github_account: "youruser"
  57. # GitHub repository owner name (if other than github_account)
  58. # github_owner: "yourorg"
  60. # Github repository name
  61. # github_repo: "yourrepo"
  63. # GitHub Enterprise name
  64. # github_enterprise: "yourenterprise"
  66. # Runner user Windows password - the logon password for the service user when running on windows.
  67. # runner_user_win_password: "{{ lookup('env', 'PASS') }}"
  69. # Configuring a custom .env file
  70. # custom_env: |
  71. # http_proxy=YOUR_URL_HERE
  72. # ftp_proxy=YOUR_URL_HERE
  73. # HTTPS_PROXY=YOUR_URL_HERE
  74. # https_proxy=YOUR_URL_HERE
  75. # no_proxy=localhost,127.0.0.1,127.0.0.2
  76. # HTTP_PROXY=

Example Playbooks

In this example the Ansible role will install (or update) the GitHub Actions Runner service (latest available version). The runner will be registered for my_awesome_repo GitHub repo.
Runner service will be stated and will run under the same user as the Ansible is using for ssh connection (ansible).

  1. ---
  2. - name: Install GitHub Actions Runner
  3.   hosts: all
  4.   user: ansible
  5.   become: yes
  6.   vars:
  7.     - github_account: github-access-user
  8.     - github_repo: my_awesome_repo
  9.   roles:
  10.     - role: monolithprojects.github_actions_runner

Same example as above, but runner will be added to an organization and deployed on GitHub Enterprise Server.

  1. ---
  2. - name: Install GitHub Actions Runner
  3.   hosts: all
  4.   user: ansible
  5.   become: yes
  6.   vars:
  7.     - github_account: my_awesome_org
  8.     - runner_org: yes
  9.     - runner_on_ghes: yes
  10.   roles:
  11.     - role: monolithprojects.github_actions_runner

If you have a Github Enterprise Cloud license and you want to manage all the self-hosted runners from the enterprise:

  1. ---
  2. - name: Install GitHub Actions Runner
  3.   hosts: all
  4.   user: automation
  5.   become: yes
  6.   vars:
  7.     - github_enterprise: my_awesome_enterprise
  8.     - runner_org: no
  9.   roles:
  10.     - role: monolithprojects.github_actions_runner

In this example the Ansible role will deploy (or update) the GitHub Actions runner service (version 2.165.2) and register the runner for the GitHub repo. Runner service will run under the user runner-user. Runner will be registered with two labels.
The runner service will be stopped and disabled. Runner will use custom environment variables (from file named .env in the self-hosted runner application directory).

  1. ---
  2. - name: Stop GitHub Actions Runner
  3.   hosts: all
  4.   become: yes
  5.   vars:
  6.     - runner_version: "2.165.2"
  7.     - runner_user: runner-user
  8.     - github_account: github-access-user
  9.     - github_repo: my_awesome_repo
  10.     - runner_state: "stopped"
  11.     - runner_labels:
  12.         - production
  13.         - west
  14.     - custom_env: |
  15.         HTTP_PROXY=http://proxy.local:8080
  16.         http_proxy=http://proxy.local:8080
  17.         HTTPS_PROXY=http://proxy.local:8080
  18.         https_proxy=http://proxy.local:8080
  19.         no_proxy=localhost,127.0.0.1,127.0.0.2
  21.   roles:
  22.     - role: monolithprojects.github_actions_runner

In this example the Ansible role will uninstall the runner service and unregister it from the GitHub Repository.

  1. ---
  2. - name: Uninstall GitHub Actions Runner
  3.   hosts: all
  4.   become: yes
  5.   vars:
  6.     - github_account: github-access-user
  7.     - github_repo: my_awesome_repo
  8.     - runner_state: "absent"
  9.   roles:
  10.     - role: monolithprojects.github_actions_runner

Testing with Molecule

Molecule is a testing framework for Ansible. This section is for code contributors.

Prerequisites

  • Python
  • Docker
  • Ansible
  • Molecule

Installation

  1. Install Python, Docker, and Ansible if you haven’t already.
  2. Install Molecule and its Docker driver with pip:
  1. pip install "molecule-plugins[docker]"

Sure, here’s a basic example of how you might structure a README to explain how to test the monolithprojects.github_actions_runner Ansible role with Molecule:

  1. # monolithprojects.github_actions_runner
  3. This is an Ansible role for setting up GitHub Actions runners.
  5. ## Testing with Molecule
  7. [Molecule](https://molecule.readthedocs.io/) is a testing framework for Ansible that we use to test the `monolithprojects.github_actions_runner` role.
  9. ### Prerequisites
  11. - Python
  12. - Docker
  13. - Ansible
  14. - Molecule
  16. ### Installation
  18. 1. Install Python, Docker, and Ansible if you haven't already.
  19. 2. Install Molecule and its Docker driver with pip:
  21. ```bash
  22. pip install molecule[docker]

Running Tests

  1. Navigate to the role’s directory:
  1. cd path/to/monolithprojects.github_actions_runner
  1. Set Environment variables
  1. export PERSONAL_ACCESS_TOKEN=your_github_pat # Your Personal Access Token to Github
  2. export GITHUB_ACCOUNT=your_account # Your Github Account
  3. export GITHUB_REPO=your_repository # Github Repository where you want to setup the Runner
  1. Run Molecule:
  1. molecule test

This will run the molecule test, create a Docker container, run the role against it, run any associated default tests (see molecule/default directory), and then destroy the container.

For more information on using Molecule, see the Molecule documentation.

License

MIT

Author Information

Created in 2020 by Michal Muransky