famedly · jdreichmann · Oct 23, 2023
@@ -0,0 +1,25 @@
+---
+
+github_runner_user: "github-runner"
+github_runner_user_groups:
+  - "docker"
+github_runner_base_path: "/opt/github-runner"
+github_runner_work_path: "{{ github_runner_base_path }}/cache"
+github_runner_tarball: "{{ github_runner_base_path }}/github-actions-runner.tar.gz"
+
+github_runner_systemd_unit_name: "github-actions-runner.service"
+github_runner_systemd_unit_description: >-
+  GitHub Actions self-hosted runner
+
+github_runner_github_org: ~
+github_runner_github_bearer_token: ~
+github_runner_github_registration_token_url: >-
+  https://api.github.com/orgs/{{ github_runner_github_org }}/actions/runners/registration-token
+github_runner_github_runner_download_url: >-
+  https://api.github.com/orgs/{{ github_runner_github_org }}/actions/runners/downloads
+github_runner_distribution: linux
+github_runner_architecture: x64
+
+github_runner_enabled: true
+github_runner_autostart: "{{ github_runner_enabled | ternary('enabled', 'disabled') }}"
+github_runner_state: "started"
@@ -0,0 +1,6 @@
+---
+
+- name: Ensure systemd has reloaded the unit files
+  ansible.builtin.systemd:
+    daemon_reload: true
+  listen: systemd_reload
@@ -0,0 +1,125 @@
+---
+
+- name: Ensure required variables are provided
+  ansible.builtin.assert:
+    that:
+      - github_runner_github_org is defined 
+      - >-
+          github_runner_github_org is string
+          and github_runner_github_org is iterable
+          and github_runner_github_org is sequence
+          and github_runner_github_org is not mapping
+      - github_runner_github_bearer_token is defined
+      - >-
+          github_runner_github_bearer_token is string
+          and github_runner_github_bearer_token is iterable
+          and github_runner_github_bearer_token is sequence
+          and github_runner_github_bearer_token is not mapping
+    fail_msg: "Both 'github_runner_github_org" and 'github_runner_github_bearer_token' need to be defined"
+    success_msg: "'github_runner_github_org' and 'github_runner_github_bearer_token' are populated"
+  when: github_runner_enabled == true and github_runner_state == "started"
+
+- name: Ensure user '{{ github_runner_user }}' exists
+  ansible.builtin.user:
+    name: "{{ github_runner_user }}"
+    state: present
+    system: true
+    create_home: false
+    groups: "{{ github_runner_user_groups }}"
+    append: true
+  register: github_runner_user_info
+
+- name: Ensure directories for binaries and work dir exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: "directory"
+    mode: "0750"
+  loop:
+    - "{{ github_runner_base_path }}"
+    - "{{ github_runner_work_path }}"
+
+- name: Download and unpack tarball with github runner
+  block:
+    - name: Retrieve download URL from GitHub API
+      ansible.builtin.uri:
+        method:
+        url: "{{ github_runner_github_runner_download_url }}"
+        headers:
+          Accept: "Application/vnd.github+json"
+          Authorization: "{{ github_runner_github_bearer_token }}"
+          "X-GitHub-Api-Version": "2022-11-28"
+        register: github_runner_download_urls
+
+    - name: Download github runner tarball
+      ansible.builtin.get_url:
+        url: "{{ gh_runner_dl_url }}" 
+        dest: "{{ github_runner_tarball }}"
+        mode: "0644"
+        owner: "{{ github_runner_user_info.uid | default(github_runner_user) }}"
+      vars:
+        gh_runner_dl_url: >-
+          {{ github_runner_download_urls.json
+          | selectattr('os', 'eq', github_runner_distribution)
+          | selectattr('architecture', 'eq', github_runner-architecture)
+          | map(attribute='download_url')
+          }}
+
+    - name: Extract github runner tarball
+      ansible.builtin.unarchive:
+        src: "{{ github_runner_tarball }}"
+        dest: "{{ github_runner_base_path }}"
+        remote_src: true
+        mode: "u+rwX,g+rX,o+rX"
+        owner: "{{ github_runner_user_info.uid | default(github_runner_user) }}"
+  always:
+    - name: Ensure tarball is cleaned up
+      ansible.builtin.file:
+        path: "{{ github_runner_tarball }}"
+        state: absent
+
+- name: Register runner with GitHub
+  block:
+    - name: Obtain short-lived registration token
+      ansible.builtin.uri:
+        method: POST
+        url: "{{ github_runner_github_registration_token_url }}"
+        headers:
+          Accept: "application/vnd.github+json"
+          Authorization: "Bearer {{ github_runner_github_bearer_token }}"
+          "X-GitHub-Api-Version": "2022-11-28"
+        body_format: raw
+        body: omit
+      register: github_runner_registration_token_info
+
+      failed_when: github_runner_registratio_token_info.status | int != 201
+      changed_when: github_runner_registratio_token_info.status | int == 201
+
+    - name: Run configure script
+      ansible.builtin.command:
+        cmd: "{{ github_runner_base_path }}/configure.sh --url {{ gh_url }} --token {{ gh_token }}"
+      vars:
+        gh_token: "{{ github_runner_registration_token_info.json.token }}"
+        gh_url: "https://github.com/{{ github_runner_github_org_name }}"
+
+- name: Ensure systemd service file is templated
+  ansible.builtin.template:
+    src: "github-actions-runner.service.j2"
+    dest: "/etc/systemd/systemd/{{ github_runner_systemd_unit_name }}"
+    mode: "0644"
+    owner: root
+    group: root
+  notify:
+    - systemd_reload
+  when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: Ensure systemd unit for github actions runner is {{ github_runner_autostart }}
+  ansible.builtin.systemd:
+    name: "{{ github_runner_systemd_unit_name }}"
+    enabled: "{{ github_runner_enabled }}"
+  when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: Ensure systemd unit for github actions runner is {{ github_runner_state }}
+  ansible.builtin.systemd:
+    name: "{{ github_runner_systemd_unit_name }}"
+    state: "{{ github_runner_state }}"
+  when: ansible_facts['service_mgr'] == 'systemd'
@@ -0,0 +1,12 @@
+[Unit]
+Description={{ github_runner_systemd_unit_description }}
+
+[Service]
+Type=exec
+User={{ github_runner_user }}
+WorkingDirectory={{ github_runner_base_path }}
+
+ExecStart={{ github_runner_base_path }}/run.sh
+
+[Install]
+WantedBy=multi-user.target