Improved handling for organisation runners

leonsteinhaeuser · leonsteinhaeuser · commit e397b3a831f9 · 2021-04-16T12:55:20.000+02:00
Added option to switch between organisation and repository runners

Some variables have been renamed to correspond to the task for which they are intended.
diff --git a/scripts/local/destroy_runner.sh b/scripts/local/destroy_runner.sh
@@ -4,14 +4,25 @@ machine_names=$1
 github_user=$2
 github_user_token=$3
 github_repo_name=$4
-github_repo_owner=$5
+github_owner=$5
+github_runner_type=$6
 
 array=(`echo $machine_names | sed 's/,/\n/g'`)
 for i in "${array[@]}"
 do
-    ./scripts/remote/gh-runner-cli repo runner destroy-by-name --username="$github_user" --token="$github_user_token" --owner="$github_repo_owner" --name="$github_repo_name" --runner-name "$i"
+    case "$github_runner_type" in
+        "repo")
+            ./scripts/remote/gh-runner-cli repo runner destroy-by-name \
+                --username="$github_user" \
+                --token="$github_user_token" \
+                --owner="$github_owner" \
+                --name="$github_repo_name" \
+                --runner-name "$i";;
+        "org")
+            ./scripts/remote/gh-runner-cli org runner destroy-by-name \
+                --username "$github_user" \
+                --token "$github_user_token" \
+                --name "$github_owner" \
+                --runner-name "$i";;
+    esac    
 done
-
-#runner_id=$(../gh-runner-cli repo runner id-by-name --username=$1 --token=$2 --owner=$3 --name=$4 --runner-name=$5)
-
-#../gh-runner-cli repo runner destroy --username=$1 --token=$2 --owner=$3 --name=$4
diff --git a/scripts/remote/setup-runner.sh b/scripts/remote/setup-runner.sh
@@ -2,9 +2,14 @@
 
 cd /srv/actions-runner
 
-registration_token=$(../gh-runner-cli repo runner provision-token --username=$1 --token=$2 --owner=$3 --name=$4)
-
-./config.sh --unattended --url https://github.com/$3/$4 --token $registration_token --name $(hostname) --labels $5 --replace $6 --work _work
+case "$GH_RUNNER_TYPE" in
+    "repo")
+        registration_token=$(../gh-runner-cli repo runner provision-token --username=$GH_USERNAME --token=$GH_TOKEN --owner=$GH_OWNER --name=$GH_NAME)
+        ./config.sh --unattended --url https://github.com/$GH_OWNER/$GH_NAME --token $registration_token --name $(hostname) --labels $GH_LABELS --replace $GH_REPLACE_RUNNERS --work _work;;
+    "org")
+        registration_token=$(../gh-runner-cli org runner provision-token --username=$GH_USERNAME --token=$GH_TOKEN --name=$GH_OWNER)
+        ./config.sh --unattended --url https://github.com/$GH_OWNER --token $registration_token --name $(hostname) --labels $GH_LABELS --replace $GH_REPLACE_RUNNERS --work _work;;
+esac
 
 sudo ./svc.sh install
 sudo ./svc.sh start
diff --git a/servers.tf b/servers.tf
@@ -3,7 +3,7 @@ resource "hcloud_server" "github_runner" {
   name        = format("%s-%s-%s-%d", "github-runner", var.hetzner_machine_os, random_uuid.hetzner_machine.result, count.index + 1)
   server_type = var.hetzner_machine_type
   image       = var.hetzner_machine_os
-  ssh_keys    = concat([hcloud_ssh_key.admin_ssh_key.id], var.additional_public_key_ids)
+  ssh_keys    = concat([hcloud_ssh_key.admin_ssh_key.id], var.hetzner_additional_public_key_ids)
 
   connection {
     host        = self.ipv4_address
@@ -26,7 +26,7 @@ resource "hcloud_server" "github_runner" {
     inline = [
         "apt-get update -y", 
         "DEBIAN_FRONTEND=noninteractive apt-get upgrade -y", 
-        "DEBIAN_FRONTEND=noninteractive apt-get install sudo git vim tmux apt-transport-https ca-certificates curl gnupg lsb-release gcc build-essential ffmpeg imagemagick sqlite3 libopenjp2-tools libopenjp2-7 libopenjp2-7-dev rsync make pkg-config exiftool ghostscript xsltproc gnupg2 pass -y",
+        "DEBIAN_FRONTEND=noninteractive apt-get install sudo git vim tmux apt-transport-https ca-certificates curl gnupg lsb-release pass ${var.hetzner_machine_additional_packages} -y",
         "echo '127.0.0.1       fylr-server-postgres    fylr-server-sqlite      execserver      minio2  postgres2       elasticsearch2' >> /etc/hosts",
         "curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg",
         "echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian buster stable' | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null",
@@ -43,7 +43,7 @@ resource "hcloud_server" "github_runner" {
         "chown -R github-runner /srv",
         "chmod +x /srv/setup-runner.sh /srv/gh-runner-cli",
         "mv /srv/actions-runner/run.sh /srv/actions-runner/run.sh.old",
-        "su github-runner -c '/srv/setup-runner.sh ${var.github_authentication_user} ${var.github_authentication_token} ${var.github_repository_owner} ${var.github_repository_name} ${var.github_actions_runner_labels} ${var.github_actions_runner_replace_existing}'"
+        "su github-runner -c 'export GH_USERNAME=${var.github_authentication_user}; export GH_TOKEN=${var.github_authentication_token}; export GH_OWNER=${var.github_owner}; export GH_NAME=${var.github_repository_name}; export GH_LABELS=${var.github_actions_runner_labels}; export GH_REPLACE_RUNNERS=${var.github_actions_runner_replace_existing}; export GH_RUNNER_TYPE=${var.github_runner_type}; /srv/setup-runner.sh'"
         ]
   }
 }
@@ -54,11 +54,12 @@ resource "null_resource" "deprovision" {
     github_user = var.github_authentication_user
     github_user_token = var.github_authentication_token
     github_repo_name = var.github_repository_name
-    github_repo_owner = var.github_repository_owner
+    github_repo_owner = var.github_owner
+    github_runner_type = var.github_runner_type
   }
 
   provisioner "local-exec" {
       when = destroy
-      command = "./scripts/local/destroy_runner.sh ${self.triggers.machine_names} ${self.triggers.github_user} ${self.triggers.github_user_token} ${self.triggers.github_repo_name} ${self.triggers.github_repo_owner}"
+      command = "./scripts/local/destroy_runner.sh ${self.triggers.machine_names} ${self.triggers.github_user} ${self.triggers.github_user_token} ${self.triggers.github_repo_name} ${self.triggers.github_repo_owner} ${self.triggers.github_runner_type}"
   }
 }
diff --git a/variables.tf b/variables.tf
@@ -46,48 +46,60 @@ variable "hetzner_machine_os" {
     type = string
 }
 
+variable hetzner_additional_public_key_ids {
+    description = "Adds public keys to the server that are already registered at hetzner"
+    default = []
+    type = list(string)
+}
+
+variable hetzner_machine_additional_packages {
+    description = "Defines additional packages that must be installed on the machine."
+    default = ""
+    type = string
+}
+
+//
+
 variable "github_actions_runner_count" {
-    description = "Defines the amount of runners that should be provisioned"
+    description = "Defines the number of runners to be provided. This option is equal to Machines at hetzner."
     default = 1
     type = number
 }
 
-//
-
 variable "github_actions_runner_labels" {
-    description = "Defines a list of labels used to identify the runner. The list is a simple string seperated by ','"
+    description = "Defines a list of labels used to identify the runners. The list is divided by separating the individual entries with `,`."
     default = ""
     type = string
 }
 
 variable "github_actions_runner_replace_existing" {
-    description = "Defines if existing runners should be destroyed"
+    description = "Specifies whether to replace existing Github action runners with the same name."
     default = false
     type = bool
 }
 
-variable "github_repository_owner" {
-    description = "Defines the repository owner"
+variable "github_owner" {
+    description = "Defines the organisation name or repository owner."
     type = string
 }
 
 variable "github_repository_name" {
-    description = "Defines the repository name"
+    description = "Sets the name of the repository. This option is only used if you use self-hosted Github runners at the repository level."
     type = string
 }
 
 variable "github_authentication_user" {
-    description = "Defines the authentication username"
+    description = "Sets the user used for issuing new registration tokens. Ensure that the user has the appropriate permissions. "
     type = string
 }
 
 variable "github_authentication_token" {
-    description = "Defines the authentication personal access token"
+    description = " Sets the personal access token for the configured user in the variable github_authentication_user."
     type = string
 }
 
-variable additional_public_key_ids {
-    description = "Adds public keys to the server that are already registered at hetzner"
-    default = []
-    type = list(string)
-}
+variable "github_runner_type" {
+    description = "Defines the github runner type. Available values are: repo, org"
+    default = "repo"
+    type = string
+}
