├── .github └── workflows │ └── default.yml ├── .yamllint ├── CONTRIBUTORS.md ├── LICENSE.md ├── README.md ├── defaults └── main.yml ├── files └── .gitkeep ├── includes ├── configure.yml ├── install.yml └── remove.yml ├── meta └── main.yml ├── molecule ├── shared │ ├── converge.yml │ └── verify.yml └── ubuntu1804 │ ├── destroy.yml │ ├── molecule.yml │ └── verify.yml ├── playbook.yml ├── releaseNote.md ├── requirements.txt ├── tasks └── main.yml └── vars └── main.yml /.github/workflows/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Molecule Test 3 | on: push 4 | jobs: 5 | build: 6 | runs-on: ubuntu-latest 7 | strategy: 8 | max-parallel: 4 9 | matrix: 10 | python-version: [3.7] 11 | steps: 12 | - uses: actions/checkout@v1 13 | with: 14 | path: ansible-github-action-runner 15 | - name: Set up Python ${{ matrix.python-version }} 16 | uses: actions/setup-python@v1 17 | with: 18 | python-version: ${{ matrix.python-version }} 19 | - name: Install dependencies 20 | run: | 21 | python -m pip install --upgrade pip 22 | pip3 install -r requirements.txt 23 | ansible --version 24 | molecule --version 25 | - name: Test with molecule 26 | run: | 27 | molecule test --destroy=never --scenario-name ubuntu1804 28 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on ansible-lint config 3 | extends: default 4 | 5 | ignore: | 6 | venv/ 7 | 8 | rules: 9 | braces: 10 | max-spaces-inside: 1 11 | level: error 12 | brackets: 13 | max-spaces-inside: 1 14 | level: error 15 | colons: 16 | max-spaces-after: -1 17 | level: error 18 | commas: 19 | max-spaces-after: -1 20 | level: error 21 | comments: disable 22 | comments-indentation: disable 23 | document-start: disable 24 | empty-lines: 25 | max: 3 26 | level: error 27 | hyphens: 28 | level: error 29 | indentation: disable 30 | key-duplicates: enable 31 | line-length: disable 32 | new-line-at-end-of-file: disable 33 | new-lines: 34 | type: unix 35 | trailing-spaces: disable 36 | truthy: disable 37 | -------------------------------------------------------------------------------- /CONTRIBUTORS.md: -------------------------------------------------------------------------------- 1 | Martin Albiez - martin.albiez@lts-beratung.de 2 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 LTS Beratung GmbH 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role GitHub Action Runner (self-hosted) 2 | 3 | Ansible Role to install and configure a self-hosted GitHub Actions Runner on a machine. Use this role to install, configure and even uninstall GitHub Action self-hosted runner aka build runners. 4 | 5 | Have a look at the official [GitHub Action self-hosted Runner documentation](https://docs.github.com/en/actions/reference/software-installed-on-github-hosted-runners) to figure out how things work. 6 | 7 | ## GitHub Action Build Status 8 | 9 | ![Molecule Test](https://github.com/lts-beratung/ansible-github-action-runner/workflows/Molecule%20Test/badge.svg) 10 | 11 | ## Role Variables 12 | 13 | Please have a look at the comments and variables in the default files on how to configure this role. 14 | 15 | Use the `runner_action` to determine what which action to perform. You can either set it to `install` (install Github Runner on machine but do not configure), `configure` (configure Guthub Runner) and `remove` to delete configured Github Runner. Any combination like `install,configure` is possible. 16 | 17 | Have a look at all the variables at [defaults/main.yml](defaults/main.yml) 18 | 19 | ## Example Playbook 20 | 21 | You may use the example playbook to test the waters: 22 | 23 | [playbook.yml](playbook.yml) 24 | 25 | To install a GitHub Runner, set the variables in `playbook.yml` to suit your GubHub Configuration. 26 | 27 | You can find the `runner_config_token` value in your Github Organisation or Github Repository, depending on which level you want to register the Runner. Go to `Settings | Actions` and click on `Add Runner` to get the `runner_config_token` value. 28 | 29 | Once configured, run 30 | 31 | ``` 32 | ansible-playbook --connection=local --inventory 127.0.0.1, playbook.yml 33 | ``` 34 | 35 | If you want to remove a runner and its workspace again, set the `runner_config_token` variable to the removal token provided by Github and run with the `runner_action` set to `"uninstall"` (either as command line parameter or in your Ansible Playbook). 36 | 37 | ``` 38 | ansible-playbook --connection=local --extra-vars="runner_action=remove" --inventory 127.0.0.1, playbook.yml 39 | ``` 40 | 41 | ## License 42 | 43 | MIT 44 | 45 | ## Author Information 46 | 47 | Martin Albiez @ LTS Beratung GmbH 48 | 49 | - [http://www.lts-beratung.de](http://www.lts-beratung.de) -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ansible-github-action-runner 3 | 4 | # set what do do: install, configure or remove, use i.e. "install,configure" to perform two actions 5 | runner_action: "install,configure" 6 | 7 | # Mandatory variables for runner_action: "install" 8 | 9 | # Install Define Github Actions Runner base download URL 10 | runner_download_base_url: https://github.com/actions/runner/releases/download 11 | 12 | # Install - Define the Github Action Runner version to use: 13 | runner_version: 2.267.1 14 | 15 | # Mandatory variables for runner_action: "configure" 16 | 17 | # Configure - Define the name of the runner as it appears in github_deploy_key 18 | runner_config_name: my-runner 19 | 20 | # Configure - Define folder on disk where to store the runner 21 | runner_install_folder: /usr/lib/github-action-runner 22 | 23 | # Configure - Define the runner's workspace directory (i.e. that builds are using for checkout and stuff) 24 | runner_work_folder: /var/lib/github-action-runner 25 | 26 | # Configure - Define the Github Action Runner Repo or Organisation URL 27 | runner_config_repo_url: https://github.com/no-repo-set 28 | 29 | # Configure - Define the Github Action Runner tags for your runner (coma separated, no spaces) 30 | runner_config_labels: "ansible,IaS" 31 | 32 | # Configure - Define the Github Action Registration or Deletion token for your runner (default RUNNER_CONFIG_TOKEN from Linux env) 33 | runner_config_token: "{{ lookup('env','RUNNER_CONFIG_TOKEN') }}" -------------------------------------------------------------------------------- /files/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lts-beratung/ansible-github-action-runner/364acbce65007aee309f1d4e187297d4028e8300/files/.gitkeep -------------------------------------------------------------------------------- /includes/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Make file permissions ok 3 | file: 4 | path: "{{ runner_install_folder }}" 5 | owner: "{{ login_user }}" 6 | recurse: yes 7 | mode: 0755 8 | become: true 9 | 10 | - name: Configure Runner 11 | shell: | 12 | cd "{{ runner_install_folder }}" 13 | [ -e /etc/profile ] && source /etc/profile 14 | {{ runner_install_folder }}/config.sh --unattended --url {{ runner_config_repo_url }} --token {{ runner_config_token }} --name {{ runner_config_name }} --work {{ runner_work_folder }} --labels {{ runner_config_labels | replace(' ', '-') }} --replace 15 | when: runner_config_token|length > 0 16 | become: true 17 | become_user: "{{ login_user }}" 18 | 19 | - name: Run runner as service 20 | shell: | 21 | cd "{{ runner_install_folder }}" 22 | {{ runner_install_folder }}/svc.sh install 23 | when: runner_config_token|length > 0 24 | become: true 25 | 26 | - name: Start runner as service 27 | shell: | 28 | cd "{{ runner_install_folder }}" 29 | {{ runner_install_folder }}/svc.sh start 30 | when: runner_config_token|length > 0 31 | become: true 32 | -------------------------------------------------------------------------------- /includes/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Download Runner Package 4 | get_url: 5 | url: "{{ runner_download_base_url }}/v{{ runner_version }}/actions-runner-linux-x64-{{ runner_version }}.tar.gz" 6 | dest: /tmp/actions-runner-{{ runner_version }}.tar.gz 7 | 8 | - name: Create runner install folder 9 | file: 10 | path: "{{ runner_install_folder }}" 11 | state: directory 12 | owner: "{{ login_user }}" 13 | mode: '0755' 14 | become: true 15 | 16 | - name: Create runner workspace folder 17 | file: 18 | path: "{{ runner_work_folder }}" 19 | state: directory 20 | owner: "{{ login_user }}" 21 | mode: '0755' 22 | become: true 23 | 24 | - name: Unarchive Actions Runner package 25 | shell: | 26 | tar xvf /tmp/actions-runner-{{ runner_version }}.tar.gz -C {{ runner_install_folder }} 27 | become: true 28 | 29 | - name: Make file permissions ok 30 | file: 31 | path: "{{ runner_install_folder }}" 32 | owner: "{{ login_user }}" 33 | recurse: yes 34 | mode: 0755 35 | become: true 36 | 37 | - name: Install dependencies 38 | shell: | 39 | cd "{{ runner_install_folder }}" 40 | "{{ runner_install_folder }}/bin/installdependencies.sh" 41 | become: true -------------------------------------------------------------------------------- /includes/remove.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Deregister Runner 3 | shell: | 4 | cd "{{ runner_install_folder }}" 5 | [ -e /etc/profile ] && source /etc/profile 6 | {{ runner_install_folder }}/config.sh remove --token {{ runner_config_token }} 7 | ignore_errors: yes 8 | become_user: "{{ login_user }}" 9 | when: runner_config_token|length > 0 10 | 11 | - name: Stop runner as service 12 | shell: | 13 | cd "{{ runner_install_folder }}" 14 | {{ runner_install_folder }}/svc.sh uninstall 15 | become: true 16 | 17 | - name: Delete runner install folder 18 | file: 19 | state: absent 20 | path: "{{ runner_install_folder }}/" 21 | become: true 22 | 23 | - name: Delete runner workspace folder 24 | file: 25 | state: absent 26 | path: "{{ runner_work_folder }}/" 27 | become: true -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: LTS Beratung GmbH 4 | description: Ansible Role to install GitHub Actions Runner as Service 5 | license: MIT 6 | min_ansible_version: 2.8 7 | 8 | platforms: 9 | - name: Ubuntu 10 | versions: 11 | - bionic 12 | - precise 13 | - trusty 14 | - vivid 15 | - wily 16 | - xenial 17 | - name: Debian 18 | versions: 19 | - jessie 20 | - stretch 21 | - wheezy 22 | 23 | galaxy_tags: 24 | - system 25 | - github 26 | dependencies: [] 27 | -------------------------------------------------------------------------------- /molecule/shared/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | vars: 5 | runner_action: "install" 6 | runner_config_name: my_runner 7 | runner_config_labels: "linux,x-large" 8 | runner_config_token: 9 | roles: 10 | - role: ansible-github-action-runner 11 | -------------------------------------------------------------------------------- /molecule/shared/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/ubuntu1804/destroy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lts-beratung/ansible-github-action-runner/364acbce65007aee309f1d4e187297d4028e8300/molecule/ubuntu1804/destroy.yml -------------------------------------------------------------------------------- /molecule/ubuntu1804/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | enabled: false 5 | options: 6 | role-file: requirements.yml 7 | driver: 8 | name: docker 9 | lint: | 10 | yamllint . 11 | ansible-lint 12 | flake8 13 | platforms: 14 | - name: ubuntu1804 15 | image: jrei/systemd-ubuntu:18.04 16 | privileged: true 17 | command: /lib/systemd/systemd 18 | tmpfs: 19 | - /run 20 | - /tmp 21 | volumes: 22 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 23 | scenario: 24 | test_sequence: 25 | - lint 26 | - destroy 27 | - dependency 28 | - syntax 29 | - create 30 | - prepare 31 | - converge 32 | - side_effect 33 | - verify 34 | - destroy 35 | provisioner: 36 | name: ansible 37 | playbooks: 38 | converge: ../shared/converge.yml 39 | verifier: 40 | name: ansible 41 | -------------------------------------------------------------------------------- /molecule/ubuntu1804/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Example Playbook for Github Action Runner install 3 | hosts: all 4 | vars: 5 | runner_action: "install,configure" 6 | runner_version: 2.267.1 7 | runner_config_name: my_runner 8 | runner_config_labels: "linux,x-large" 9 | runner_config_token: 10 | roles: 11 | - role: ansible-github-action-runner 12 | -------------------------------------------------------------------------------- /releaseNote.md : -------------------------------------------------------------------------------- 1 | ## Features 2 | - Initial version of Ansible Role 3 | - Added molecule test 4 | - Allowed `runner_config_token` to be sourced via OS env vars -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # Python requirements for executing 2 | ansible 3 | ansible-lint 4 | docker 5 | flake8 6 | molecule 7 | testinfra -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | - debug: 2 | msg: Using action {{ runner_action }} with token {{ runner_config_token }} 3 | 4 | - name: Run whoami to find out the current user 5 | command: whoami 6 | changed_when: false 7 | become: false 8 | register: whoami 9 | 10 | - name: Set a fact with the user name. 11 | set_fact: 12 | login_user: "{{ whoami.stdout }}" 13 | 14 | - import_tasks: "../includes/install.yml" 15 | when: runner_action.find("install") != -1 16 | 17 | - import_tasks: "../includes/configure.yml" 18 | when: runner_action.find("configure") != -1 19 | 20 | - import_tasks: "../includes/remove.yml" 21 | when: runner_action.find("remove") != -1 -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-github-action-runner 3 | --------------------------------------------------------------------------------