From c15f62c4f3852da92b7f5457e59222ed1d5fee0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sofie=20Finnes=20=C3=98vrelid?= Date: Fri, 30 Aug 2024 15:16:32 +0200 Subject: [PATCH 1/8] feat: initial windows support --- README.md | 3 + defaults/main.yml | 7 +- tasks/assert.yml | 8 + tasks/collect_info.yml | 10 +- ...all_runner.yml => install_runner_unix.yml} | 2 +- tasks/install_runner_win.yml | 143 ++++++++++++++++++ tasks/main.yml | 38 ++++- ...l_runner.yml => uninstall_runner_unix.yml} | 0 tasks/uninstall_runner_win.yml | 47 ++++++ vars/main.yml | 6 + 10 files changed, 248 insertions(+), 16 deletions(-) rename tasks/{install_runner.yml => install_runner_unix.yml} (98%) create mode 100644 tasks/install_runner_win.yml rename tasks/{uninstall_runner.yml => uninstall_runner_unix.yml} (100%) create mode 100644 tasks/uninstall_runner_win.yml diff --git a/README.md b/README.md index d300c13..1739d39 100644 --- a/README.md +++ b/README.md @@ -132,6 +132,9 @@ all_runners_in_same_repo: true # GitHub Enterprise name # github_enterprise: "yourenterprise" +# Runner user Windows password - the logon password for the service user when running on windows. +# runner_user_win_password: "{{ lookup('env', 'PASS') }}" + # Configuring a custom .env file # custom_env: | # http_proxy=YOUR_URL_HERE diff --git a/defaults/main.yml b/defaults/main.yml index 2c30cbc..78d532e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,7 +3,7 @@ runner_user: "{{ lookup('env', 'USER') }}" # Directory where the local runner will be installed -runner_dir: /opt/actions-runner +runner_dir: "{{ 'C:\\actions-runner' if ansible_facts.system == 'Win32NT' else '/opt/actions-runner' }}" # Version of the GitHub Actions Runner runner_version: "latest" @@ -42,7 +42,7 @@ runner_group: "" runner_download_repository: "actions/runner" # Extra arguments to pass to `config.sh`. -# Several arguments muste be set as one string (i.e. "--ephemeral --my_special_fork") +# Several arguments must be set as one string (i.e. "--ephemeral --my_special_fork") runner_extra_config_args: "" # Name to assign to this runner in GitHub (System hostname as default) @@ -63,6 +63,9 @@ all_runners_in_same_repo: true # GitHub Enterprise name # github_enterprise: "yourenterprise" +# Runner user Windows password - the logon password for the service user when running on windows. +# runner_user_win_password: "{{ lookup('env', 'PASS') }}" + # Configuring a custom .env file # custom_env: | # http_proxy=YOUR_URL_HERE diff --git a/tasks/assert.yml b/tasks/assert.yml index 2657ca5..6abf982 100644 --- a/tasks/assert.yml +++ b/tasks/assert.yml @@ -31,3 +31,11 @@ fail_msg: "github_repo was not found or is using an invalid format." run_once: true when: not runner_org and github_enterprise is not defined + +- name: Check runner_user_win_password (RUN ONCE) + ansible.builtin.assert: + that: + - runner_user_win_password is defined + fail_msg: "runner_user_win_password was not defined, but it is required on a windows system" + run_once: true + when: github_actions_system == "win" diff --git a/tasks/collect_info.yml b/tasks/collect_info.yml index f017e27..a030585 100644 --- a/tasks/collect_info.yml +++ b/tasks/collect_info.yml @@ -27,6 +27,7 @@ status_code: 201 force_basic_auth: true register: registration + delegate_to: localhost run_once: true - name: "Check currently registered runners for repo {{ '(RUN ONCE)' if all_runners_in_same_repo else '' }}" @@ -42,21 +43,20 @@ status_code: 200 force_basic_auth: true register: registered_runners + delegate_to: localhost run_once: "{{ all_runners_in_same_repo }}" - name: Get Runner User IDs ansible.builtin.command: id -u "{{ runner_user }}" changed_when: false register: runner_user_id + when: github_actions_system != "win" - name: Get Runner Group IDs ansible.builtin.command: id -g "{{ runner_user }}" changed_when: false register: runner_user_group_id - - - name: Set runner_system variable - ansible.builtin.set_fact: - runner_system: "{{ 'osx' if ansible_facts.system == 'Darwin' else 'linux' }}" + when: github_actions_system != "win" - name: Find the latest runner version (RUN ONCE) ansible.builtin.uri: @@ -77,4 +77,4 @@ - name: Get systemd service facts ansible.builtin.service_facts: register: service_facts - when: ansible_facts.system == "Linux" + when: github_actions_system == "linux" diff --git a/tasks/install_runner.yml b/tasks/install_runner_unix.yml similarity index 98% rename from tasks/install_runner.yml rename to tasks/install_runner_unix.yml index ded230d..b398de4 100644 --- a/tasks/install_runner.yml +++ b/tasks/install_runner_unix.yml @@ -22,7 +22,7 @@ - name: Unarchive runner package ansible.builtin.unarchive: src: "https://github.com/{{ runner_download_repository }}/releases/download/v{{ runner_version }}/\ - actions-runner-{{ runner_system }}-{{ github_actions_architecture }}-{{ runner_version }}.tar.gz" + actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.tar.gz" dest: "{{ runner_dir }}/" owner: "{{ runner_user_id.stdout }}" group: "{{ runner_user_group_id.stdout }}" diff --git a/tasks/install_runner_win.yml b/tasks/install_runner_win.yml new file mode 100644 index 0000000..632c69e --- /dev/null +++ b/tasks/install_runner_win.yml @@ -0,0 +1,143 @@ +--- +- name: Create directory + ansible.windows.win_file: + path: "{{ runner_dir }}" + state: directory + +- name: Set owner of directory + ansible.windows.win_owner: + path: "{{ runner_dir }}" + user: "{{ runner_user }}" + recurse: true + +- name: Set runner_version variable (If latest) + ansible.builtin.set_fact: + runner_version: "{{ api_response.json.tag_name | regex_replace('^v', '') }}" + when: runner_version == "latest" + +- name: Check if desired version already installed + ansible.windows.win_command: "grep -i {{ runner_version }} {{ runner_dir }}\\bin\\Runner.Listener.deps.json" + register: runner_installed + check_mode: false + changed_when: false + ignore_errors: true + +- name: Download runner package + ansible.windows.win_get_url: + url: "https://github.com/{{ runner_download_repository }}/releases/download/v{{ runner_version }}/\ + actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.zip" + dest: "%TEMP%\\actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.zip" + when: runner_version not in runner_installed.stdout or reinstall_runner + +- name: Unarchive runner package + community.windows.win_unzip: + src: "%TEMP%\\actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.zip" + dest: "{{ runner_dir }}\\" + delete_archive: yes + when: runner_version not in runner_installed.stdout or reinstall_runner + +- name: Configure custom env file if required + randrej.windows.win_blockinfile: + path: "{{ runner_dir }}\\.env" + block: "{{ custom_env }}" + create: true + marker: "# {mark} ANSIBLE MANAGED BLOCK" + marker_begin: BEGIN + marker_end: END + when: custom_env is defined + +- name: Check if runner service name file exist + ansible.windows.win_stat: + path: "{{ runner_dir }}/.service" + register: runner_service_file_path + +- name: Set complete GitHub url for repo runner + ansible.builtin.set_fact: + github_full_url: "{{ github_url }}/{{ github_owner | default(github_account) }}/{{ github_repo }}" + when: not runner_org and github_enterprise is not defined + +- name: Set complete GitHub url for org runner + ansible.builtin.set_fact: + github_full_url: "{{ github_url }}/{{ github_owner | default(github_account) }}" + when: runner_org | bool and github_enterprise is not defined + +- name: Set complete GitHub url for enterprise runner + ansible.builtin.set_fact: + github_full_url: "{{ github_url }}/enterprises/{{ github_enterprise }}" + when: github_enterprise is defined + +- name: Register runner # noqa no-changed-when + environment: + RUNNER_ALLOW_RUNASROOT: "1" + ansible.windows.win_command: + "{{ runner_dir }}\\config.cmd \ + --url {{ github_full_url }} \ + --token {{ registration.json.token }} \ + --name {{ runner_name }} \ + --labels {{ runner_labels | join(',') }} \ + --runnergroup {{ runner_group }} \ + --runasservice \ + --windowslogonaccount {{ runner_user }} \ + --windowslogonpassword {{ runner_user_win_password }} \ + --unattended \ + {{ runner_extra_config_args }}" + args: + chdir: "{{ runner_dir }}" + changed_when: true + become_method: runas + become_user: "{{ runner_user }}" + become: true + no_log: "{{ hide_sensitive_logs | bool }}" + when: runner_name not in registered_runners.json.runners|map(attribute='name')|list + +- name: Replace registered runner # noqa no-changed-when + environment: + RUNNER_ALLOW_RUNASROOT: "1" + ansible.windows.win_command: + "{{ runner_dir }}\\config.cmd \ + --url {{ github_full_url }} \ + --token {{ registration.json.token }} \ + --name {{ runner_name }} \ + --labels {{ runner_labels | join(',') }} \ + --runasservice \ + --windowslogonaccount {{ runner_user }} \ + --windowslogonpassword {{ runner_user_win_password }} \ + --unattended \ + {{ runner_extra_config_args }} \ + --replace" + args: + chdir: "{{ runner_dir }}" + changed_when: true + become_method: runas + become_user: "{{ runner_user }}" + become: true + no_log: "{{ hide_sensitive_logs | bool }}" + when: > + runner_name in registered_runners.json.runners|map(attribute='name')|list and + reinstall_runner + +- name: Read service name from file + ansible.windows.win_command: "cat {{ runner_dir }}\\.service" + register: runner_service + changed_when: false + +- name: START and enable Github Actions Runner service + ansible.windows.win_service: + name: "{{ runner_service.stdout }}" + start_mode: auto + state: started + when: runner_state|lower == "started" + +- name: STOP and disable Github Actions Runner service + ansible.windows.win_service: + name: "{{ runner_service.stdout }}" + start_mode: manual + state: stopped + when: runner_state|lower == "stopped" + +- name: Version changed - RESTART Github Actions Runner service + ansible.windows.win_service: + name: "{{ runner_service.stdout }}" + start_mode: auto + state: restarted + when: runner_version not in runner_installed.stdout and not runner_state|lower == "stopped" diff --git a/tasks/main.yml b/tasks/main.yml index 9884999..b546592 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -5,7 +5,7 @@ - install - uninstall -- name: Include Information collection taks +- name: Include Information collection tasks ansible.builtin.include_tasks: collect_info.yml tags: - install @@ -13,18 +13,40 @@ - name: Include tasks to install dependencies ansible.builtin.include_tasks: install_deps.yml - when: runner_state|lower == "started" or runner_state|lower == "stopped" + when: + - runner_state|lower == "started" or runner_state|lower == "stopped" + - github_actions_system == "linux" tags: - install -- name: Include tasks to uninstall runner - ansible.builtin.include_tasks: uninstall_runner.yml - when: reinstall_runner or runner_state|lower == "absent" +- name: Include tasks to uninstall runner (UNIX-like) + ansible.builtin.include_tasks: uninstall_runner_unix.yml + when: + - reinstall_runner or runner_state|lower == "absent" + - github_actions_system == "linux" or github_actions_system == "osx" tags: - uninstall -- name: Include tasks to install runner - ansible.builtin.include_tasks: install_runner.yml - when: runner_state|lower == "started" or runner_state|lower == "stopped" +- name: Include tasks to uninstall runner (Windows) + ansible.builtin.include_tasks: uninstall_runner_win.yml + when: + - reinstall_runner or runner_state|lower == "absent" + - github_actions_system == "win" + tags: + - uninstall + +- name: Include tasks to install runner (UNIX-like) + ansible.builtin.include_tasks: install_runner_unix.yml + when: + - runner_state|lower == "started" or runner_state|lower == "stopped" + - github_actions_system == "linux" or github_actions_system == "osx" + tags: + - install + +- name: Include tasks to install runner (Windows) + ansible.builtin.include_tasks: install_runner_win.yml + when: + - runner_state|lower == "started" or runner_state|lower == "stopped" + - github_actions_system == "win" tags: - install diff --git a/tasks/uninstall_runner.yml b/tasks/uninstall_runner_unix.yml similarity index 100% rename from tasks/uninstall_runner.yml rename to tasks/uninstall_runner_unix.yml diff --git a/tasks/uninstall_runner_win.yml b/tasks/uninstall_runner_win.yml new file mode 100644 index 0000000..54fd14f --- /dev/null +++ b/tasks/uninstall_runner_win.yml @@ -0,0 +1,47 @@ +--- +- name: Check if runner service name file exist + ansible.windows.win_stat: + path: "{{ runner_dir }}/.service" + register: runner_service_file_path + +- name: Read service name from file + ansible.windows.win_command: "cat {{ runner_dir }}\\.service" + register: runner_service + changed_when: false + when: runner_service_file_path.stat.exists + +- name: Uninstall service runner + ansible.windows.win_shell: | + if(Get-Service {{ runner_service.stdout }} -ErrorAction SilentlyContinue) { + Write-Host "Stopping and removing service: {{ runner_service.stdout }}" + sc.exe stop "{{ runner_service.stdout }}" + sc.exe delete "{{ runner_service.stdout }}" + } + args: + chdir: "{{ runner_dir }}" + register: uninstall_service_runner + changed_when: "'Stopping and removing service:' in uninstall_service_runner.stdout" + when: runner_service_file_path.stat.exists + +- name: Check GitHub Actions runner file + ansible.windows.win_stat: + path: "{{ runner_dir }}/.runner" + register: runner_file + +- name: Unregister runner from the GitHub + environment: + RUNNER_ALLOW_RUNASROOT: "1" + ansible.windows.win_command: "config.cmd remove --token {{ registration.json.token }} --name {{ runner_name }} --unattended" + args: + chdir: "{{ runner_dir }}" + become: true + become_method: runas + become_user: "{{ runner_user }}" + no_log: "{{ hide_sensitive_logs | bool }}" + changed_when: true + when: runner_name in registered_runners.json.runners|map(attribute='name')|list and runner_file.stat.exists + +- name: Delete runner directory + ansible.windows.win_file: + path: "{{ runner_dir }}" + state: absent diff --git a/vars/main.yml b/vars/main.yml index 4236c1a..4c31c34 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -3,7 +3,13 @@ github_actions_architecture_map: amd64: x64 x86_64: x64 + 64-bit: x64 armv7l: arm aarch64: arm64 arm64: arm64 github_actions_architecture: "{{ github_actions_architecture_map[ansible_facts.architecture] }}" +github_actions_system_map: + Darwin: osx + Linux: linux + Win32NT: win +github_actions_system: "{{ github_actions_system_map[ansible_facts.system] }}" From 279de90f169b3ae72830fcc5409528636555b5bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sofie=20Finnes=20=C3=98vrelid?= Date: Tue, 17 Sep 2024 11:37:18 +0200 Subject: [PATCH 2/8] fix: don't run uri collection tasks with sudo --- tasks/collect_info.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks/collect_info.yml b/tasks/collect_info.yml index a030585..a08bf5d 100644 --- a/tasks/collect_info.yml +++ b/tasks/collect_info.yml @@ -28,6 +28,7 @@ force_basic_auth: true register: registration delegate_to: localhost + become: false run_once: true - name: "Check currently registered runners for repo {{ '(RUN ONCE)' if all_runners_in_same_repo else '' }}" @@ -44,6 +45,7 @@ force_basic_auth: true register: registered_runners delegate_to: localhost + become: false run_once: "{{ all_runners_in_same_repo }}" - name: Get Runner User IDs From 5adc7064fe6291d1fa4d15a3d5004df927f70d2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sofie=20Finnes=20=C3=98vrelid?= Date: Tue, 17 Sep 2024 11:37:48 +0200 Subject: [PATCH 3/8] fix: idempotence, trust binary to handle file permissions correctly --- tasks/install_runner_win.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/install_runner_win.yml b/tasks/install_runner_win.yml index 632c69e..68cdc6b 100644 --- a/tasks/install_runner_win.yml +++ b/tasks/install_runner_win.yml @@ -8,7 +8,6 @@ ansible.windows.win_owner: path: "{{ runner_dir }}" user: "{{ runner_user }}" - recurse: true - name: Set runner_version variable (If latest) ansible.builtin.set_fact: From e0a52f6da5f039ba47ffad623e7e98fb0995152f Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Mon, 30 Sep 2024 22:45:30 +0200 Subject: [PATCH 4/8] docs: galaxy info --- README.md | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 1739d39..dba7d00 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,16 @@ This role will deploy/redeploy/uninstall and register/unregister local GitHub Actions Runner on Linux and macOS Systems (see [compatibility list](#supported-operating-systems) ). It supports Enterprise, Organization and Repository Runners. -## Role Installation +## Role Installation (My Galaxy account is currently broken. Please use Github.) + +**cli** + +```yml +ansible-galaxy role install git+https://github.com/MonolithProjects/ansible-github_actions_runner.git,1.21.1 +``` **requirements.yml** + ```yml roles: - name: monolithprojects.github_actions_runner @@ -47,13 +54,14 @@ Personal Access Token for GitHub account can be created [here](https://github.co ## Supported Operating Systems -* Red Hat Enterprise Linux 7 -* CentOS 7 +* Red Hat Enterprise Linux 7+ +* CentOS 7+ * Rocky Linux 8+ * Fedora 29+ * Debian 9+ -* Ubuntu 16.04+ +* Ubuntu 18.04+ * MacOS High Sierra + +* Windows ## Weekly tested on: @@ -72,7 +80,7 @@ This is a copy from `defaults/main.yml` runner_user: "{{ lookup('env', 'USER') }}" # Directory where the local runner will be installed -runner_dir: /opt/actions-runner +runner_dir: "{{ 'C:\\actions-runner' if ansible_facts.system == 'Win32NT' else '/opt/actions-runner' }}" # Version of the GitHub Actions Runner runner_version: "latest" @@ -111,7 +119,7 @@ runner_group: "" runner_download_repository: "actions/runner" # Extra arguments to pass to `config.sh`. -# Several arguments muste be set as one string (i.e. "--ephemeral --my_special_fork") +# Several arguments must be set as one string (i.e. "--ephemeral --my_special_fork") runner_extra_config_args: "" # Name to assign to this runner in GitHub (System hostname as default) From 5b8ca09287ec888581d26f2406c4d061f9674bff Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Mon, 30 Sep 2024 22:46:38 +0200 Subject: [PATCH 5/8] ci: do not run molecule on pr --- .github/workflows/tests.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b414e85..5d3b1a2 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -2,13 +2,9 @@ name: molecule test on: push: - branches: - - develop - pull_request: branches: - master - - main - types: [opened, synchronize, reopened] + - develop paths: - 'defaults/**' - 'handlers/**' @@ -86,7 +82,7 @@ jobs: - os: "rockylinux9" steps: - name: checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: "${{ github.repository }}" From 588e650158da40b3a50b8300078cb3270522b1e6 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Mon, 30 Sep 2024 22:46:47 +0200 Subject: [PATCH 6/8] docs: galaxy info --- README.md | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index dba7d00..c8a2574 100644 --- a/README.md +++ b/README.md @@ -10,22 +10,23 @@ This role will deploy/redeploy/uninstall and register/unregister local GitHub Actions Runner on Linux and macOS Systems (see [compatibility list](#supported-operating-systems) ). It supports Enterprise, Organization and Repository Runners. -## Role Installation (My Galaxy account is currently broken. Please use Github.) - -**cli** - -```yml -ansible-galaxy role install git+https://github.com/MonolithProjects/ansible-github_actions_runner.git,1.21.1 -``` - -**requirements.yml** - -```yml -roles: - - name: monolithprojects.github_actions_runner - version: 1.21.1 - src: https://github.com/MonolithProjects/ansible-github_actions_runner -``` +> [!IMPORTANT] +> My Galaxy account is currently broken. Please use Github for installation source. +> +> **CLI:** +> +>```yml +>ansible-galaxy role install git+https://github.com/MonolithProjects/ansible-github_actions_runner.git,1.21.1 +>``` +> +>**requirements.yml:** +> +>```yml +>roles: +> - name: monolithprojects.github_actions_runner +> version: 1.21.1 +> src: https://github.com/MonolithProjects/ansible-github_actions_runner +>``` ## Requirements From 7b8fd01cfb0292ca28aa7f51f17bda9e892c52e8 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Mon, 30 Sep 2024 22:49:39 +0200 Subject: [PATCH 7/8] ci: use actions/checkout 4 --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 2db312c..6f529c0 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -16,7 +16,7 @@ jobs: SUITE: default steps: - name: Check out the codebase. - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: ${{ env.ANSIBLE_ROLE }} From fcb74e4f8e084d0c0f989bf263ea265db3786748 Mon Sep 17 00:00:00 2001 From: Michal Muransky Date: Mon, 30 Sep 2024 23:03:19 +0200 Subject: [PATCH 8/8] fix: ansible lint --- tasks/install_runner_win.yml | 4 ++-- tasks/uninstall_runner_win.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/install_runner_win.yml b/tasks/install_runner_win.yml index 68cdc6b..1ceca98 100644 --- a/tasks/install_runner_win.yml +++ b/tasks/install_runner_win.yml @@ -83,7 +83,7 @@ args: chdir: "{{ runner_dir }}" changed_when: true - become_method: runas + become_method: ansible.builtin.runas become_user: "{{ runner_user }}" become: true no_log: "{{ hide_sensitive_logs | bool }}" @@ -107,7 +107,7 @@ args: chdir: "{{ runner_dir }}" changed_when: true - become_method: runas + become_method: ansible.builtin.runas become_user: "{{ runner_user }}" become: true no_log: "{{ hide_sensitive_logs | bool }}" diff --git a/tasks/uninstall_runner_win.yml b/tasks/uninstall_runner_win.yml index 54fd14f..58d03d9 100644 --- a/tasks/uninstall_runner_win.yml +++ b/tasks/uninstall_runner_win.yml @@ -35,7 +35,7 @@ args: chdir: "{{ runner_dir }}" become: true - become_method: runas + become_method: ansible.builtin.runas become_user: "{{ runner_user }}" no_log: "{{ hide_sensitive_logs | bool }}" changed_when: true