-
Notifications
You must be signed in to change notification settings - Fork 65
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
initial body of self-hosted runners TF modules
Signed-off-by: greg pereira <grpereir@redhat.com>
- Loading branch information
1 parent
b9b3a6f
commit 76d46b8
Showing
42 changed files
with
1,433 additions
and
0 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
# Amazon Linux ARM64 | ||
|
||
This module shows how to create GitHub action runners using AWS Graviton instances which have ARM64 architecture. Lambda release will be downloaded from GitHub. | ||
|
||
## Usages | ||
|
||
Steps for the full setup, such as creating a GitHub app can be found in the root module's [README](https://github.com/philips-labs/terraform-aws-github-runner). First download the Lambda releases from GitHub. Alternatively you can build the lambdas locally with Node or Docker, there is a simple build script in `<root>/.ci/build.sh`. In the `main.tf` you can simply remove the location of the lambda zip files, the default location will work in this case. | ||
|
||
> Ensure you have set the version in `lambdas-download/main.tf` for running the example. The version needs to be set to a GitHub release version, see https://github.com/philips-labs/terraform-aws-github-runner/releases | ||
```bash | ||
cd ../lambdas-download | ||
terraform init | ||
terraform apply -var=module_version=<VERSION> | ||
cd - | ||
``` | ||
|
||
Before running Terraform, ensure the GitHub app is configured. See the [configuration details](https://github.com/philips-labs/terraform-aws-github-runner#usages) for more details. | ||
|
||
```bash | ||
terraform init | ||
terraform apply | ||
``` | ||
|
||
The example will try to update the webhook of your GitHub. In case the update fails the apply will not fail. You can receive the webhook details by running: | ||
|
||
```bash | ||
terraform output -raw webhook_secret | ||
``` | ||
|
||
<!-- BEGIN_TF_DOCS --> | ||
## Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 | | ||
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 5.27 | | ||
| <a name="requirement_local"></a> [local](#requirement\_local) | ~> 2.0 | | ||
| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.0 | | ||
|
||
## Providers | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="provider_random"></a> [random](#provider\_random) | 3.6.0 | | ||
|
||
## Modules | ||
|
||
| Name | Source | Version | | ||
|------|--------|---------| | ||
| <a name="module_base"></a> [base](#module\_base) | ../base | n/a | | ||
| <a name="module_runners"></a> [runners](#module\_runners) | ../../ | n/a | | ||
| <a name="module_webhook_github_app"></a> [webhook\_github\_app](#module\_webhook\_github\_app) | ../../modules/webhook-github-app | n/a | | ||
|
||
## Resources | ||
|
||
| Name | Type | | ||
|------|------| | ||
| [random_id.random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_github_app"></a> [github\_app](#input\_github\_app) | GitHub App for API usages. | <pre>object({<br> id = string<br> key_base64 = string<br> })</pre> | n/a | yes | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| <a name="output_runners"></a> [runners](#output\_runners) | n/a | | ||
| <a name="output_webhook_endpoint"></a> [webhook\_endpoint](#output\_webhook\_endpoint) | n/a | | ||
| <a name="output_webhook_secret"></a> [webhook\_secret](#output\_webhook\_secret) | n/a | | ||
<!-- END_TF_DOCS --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
<!-- BEGIN_TF_DOCS --> | ||
## Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1 | | ||
|
||
## Providers | ||
|
||
No providers. | ||
|
||
## Modules | ||
|
||
| Name | Source | Version | | ||
|------|--------|---------| | ||
| <a name="module_lambdas"></a> [lambdas](#module\_lambdas) | ../../../modules/download-lambda | n/a | | ||
|
||
## Resources | ||
|
||
No resources. | ||
|
||
## Inputs | ||
|
||
No inputs. | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| <a name="output_files"></a> [files](#output\_files) | n/a | | ||
<!-- END_TF_DOCS --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
locals { | ||
version = "5.10.2" | ||
} | ||
|
||
module "lambdas" { | ||
source = "github.com/philips-labs/terraform-aws-github-runner//modules/download-lambda" | ||
lambdas = [ | ||
{ | ||
name = "webhook" | ||
tag = local.version | ||
}, | ||
{ | ||
name = "runners" | ||
tag = local.version | ||
}, | ||
{ | ||
name = "runner-binaries-syncer" | ||
tag = local.version | ||
} | ||
] | ||
} | ||
|
||
output "files" { | ||
value = module.lambdas.files | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
terraform { | ||
required_version = ">= 1" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
locals { | ||
environment = "default" | ||
aws_region = "us-east-1" | ||
} | ||
|
||
resource "random_id" "random" { | ||
byte_length = 20 | ||
} | ||
|
||
|
||
################################################################################ | ||
### Hybrid account | ||
################################################################################ | ||
|
||
module "base" { | ||
source = "../base" | ||
|
||
prefix = local.environment | ||
aws_region = local.aws_region | ||
} | ||
|
||
|
||
module "runners" { | ||
source = "github.com/philips-labs/terraform-aws-github-runner" | ||
create_service_linked_role_spot = true | ||
aws_region = local.aws_region | ||
vpc_id = module.base.vpc.vpc_id | ||
subnet_ids = module.base.vpc.private_subnets | ||
|
||
prefix = local.environment | ||
tags = { | ||
Project = "ProjectX" | ||
} | ||
|
||
github_app = { | ||
key_base64 = var.github_app.key_base64 | ||
id = var.github_app.id | ||
webhook_secret = random_id.random.hex | ||
} | ||
|
||
# Grab zip files via lambda_download, will automatically get the ARM64 build | ||
webhook_lambda_zip = "../lambdas-download/webhook.zip" | ||
runner_binaries_syncer_lambda_zip = "../lambdas-download/runner-binaries-syncer.zip" | ||
runners_lambda_zip = "../lambdas-download/runners.zip" | ||
|
||
enable_organization_runners = false | ||
# Runners will automatically get the "arm64" label | ||
runner_extra_labels = ["default", "example"] | ||
|
||
# enable access to the runners via SSM | ||
enable_ssm_on_runners = true | ||
|
||
# use S3 or KMS SSE to runners S3 bucket | ||
# runner_binaries_s3_sse_configuration = { | ||
# rule = { | ||
# apply_server_side_encryption_by_default = { | ||
# sse_algorithm = "AES256" | ||
# } | ||
# } | ||
# } | ||
|
||
# enable S3 versioning for runners S3 bucket | ||
# runner_binaries_s3_versioning = "Enabled" | ||
|
||
# Uncommet idle config to have idle runners from 9 to 5 in time zone Amsterdam | ||
# idle_config = [{ | ||
# cron = "* * 9-17 * * *" | ||
# timeZone = "Europe/Amsterdam" | ||
# idleCount = 1 | ||
# }] | ||
|
||
# Let the module manage the service linked role | ||
# create_service_linked_role_spot = true | ||
|
||
runner_architecture = "arm64" | ||
# Ensure all instance types have ARM64 architecture (ie. AWS Graviton processors) | ||
instance_types = ["t4g.large", "c6g.large"] | ||
|
||
# override delay of events in seconds | ||
delay_webhook_event = 5 | ||
runners_maximum_count = 1 | ||
|
||
# set up a fifo queue to remain order | ||
enable_fifo_build_queue = true | ||
|
||
# override scaling down | ||
scale_down_schedule_expression = "cron(* * * * ? *)" | ||
} | ||
|
||
module "webhook_github_app" { | ||
source = "../../modules/webhook-github-app" | ||
|
||
github_app = { | ||
key_base64 = var.github_app.key_base64 | ||
id = var.github_app.id | ||
webhook_secret = random_id.random.hex | ||
} | ||
webhook_endpoint = module.runners.webhook.endpoint | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
output "runners" { | ||
value = { | ||
lambda_syncer_name = module.runners.binaries_syncer.lambda.function_name | ||
} | ||
} | ||
|
||
output "webhook_endpoint" { | ||
value = module.runners.webhook.endpoint | ||
} | ||
|
||
output "webhook_secret" { | ||
sensitive = true | ||
value = random_id.random.hex | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
provider "aws" { | ||
region = local.aws_region | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
variable "github_app" { | ||
description = "GitHub App for API usages." | ||
|
||
type = object({ | ||
id = string | ||
key_base64 = string | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
terraform { | ||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = "~> 5.27" | ||
} | ||
local = { | ||
source = "hashicorp/local" | ||
version = "~> 2.0" | ||
} | ||
random = { | ||
source = "hashicorp/random" | ||
version = "~> 3.0" | ||
} | ||
} | ||
required_version = ">= 1.3.0" | ||
} |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.