Add Ubuntu Jammy (22.04 LTS) runner (#85)

* add ubuntu jammy * Update baremetal-remove.yml copy/paste change apply to delete * capitalization
some-natalie · Jun 30, 2022 · 380e73e · 380e73e
1 parent a417f00
commit 380e73e
Show file tree

Hide file tree

Showing 9 changed files with 439 additions and 35 deletions.
diff --git a/.github/workflows/baremetal-deploy.yml b/.github/workflows/baremetal-deploy.yml
@@ -1,11 +1,11 @@
 name: GHAE - deploy runners (bare metal)
 
 on:
-  workflow_dispatch:  # deploy on demand
+  workflow_dispatch: # deploy on demand
 
 jobs:
   deploy:
-    runs-on: ubuntu-latest  # use the GitHub hosted runners to deploy the self-hosted runners in GHEC
+    runs-on: ubuntu-latest # use the GitHub hosted runners to deploy the self-hosted runners in GHEC
     # If using GHES or GHAE, use another deployment, such as having CentOS redeploy Ubuntu and vice versa
     environment: bare-metal
 
@@ -14,13 +14,15 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Write out the kubeconfig info
-        run: | 
+        run: |
           echo ${{ secrets.DEPLOY_ACCOUNT }} | base64 -d > /tmp/config
 
       - name: Update deployment
         run: |
           kubectl apply -f deployments/ghae/podman.yml --insecure-skip-tls-verify
           kubectl apply -f deployments/ghae/ubuntu-focal.yml --insecure-skip-tls-verify
+          kubectl apply -f deployments/ghae/rootless-ubuntu-focal.yml --insecure-skip-tls-verify
+          kubectl apply -f deployments/ghae/ubuntu-jammy.yml --insecure-skip-tls-verify
         env:
           KUBECONFIG: /tmp/config
 

diff --git a/.github/workflows/baremetal-remove.yml b/.github/workflows/baremetal-remove.yml
@@ -1,11 +1,11 @@
 name: GHAE - remove runners (bare metal)
 
 on:
-  workflow_dispatch:  # deploy on demand
+  workflow_dispatch: # deploy on demand
 
 jobs:
   deploy:
-    runs-on: ubuntu-latest  # use the GitHub hosted runners to deploy the self-hosted runners in GHEC
+    runs-on: ubuntu-latest # use the GitHub hosted runners to deploy the self-hosted runners in GHEC
     # If using GHES or GHAE, use another deployment, such as having CentOS redeploy Ubuntu and vice versa
     environment: bare-metal
 
@@ -14,13 +14,15 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Write out the kubeconfig info
-        run: | 
+        run: |
           echo ${{ secrets.DEPLOY_ACCOUNT }} | base64 -d > /tmp/config
 
       - name: Update deployment
         run: |
           kubectl delete -f deployments/ghae/podman.yml --insecure-skip-tls-verify
           kubectl delete -f deployments/ghae/ubuntu-focal.yml --insecure-skip-tls-verify
+          kubectl delete -f deployments/ghae/rootless-ubuntu-focal.yml --insecure-skip-tls-verify
+          kubectl delete -f deployments/ghae/ubuntu-jammy.yml --insecure-skip-tls-verify
         env:
           KUBECONFIG: /tmp/config
 

diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
@@ -1,20 +1,20 @@
 name: Build/publish/deploy all runners
 
 on:
-  workflow_dispatch:  # build on demand
+  workflow_dispatch: # build on demand
   release:
-    types: [published]  # build on release
+    types: [published] # build on release
 
 jobs:
   build-ubuntu:
-    runs-on: ubuntu-latest  # use the GitHub hosted runners
+    runs-on: ubuntu-latest # use the GitHub hosted runners
     permissions:
-      contents: write  # for uploading the SBOM to the release
-      packages: write  # for uploading the finished container
-      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
+      contents: write # for uploading the SBOM to the release
+      packages: write # for uploading the finished container
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
     strategy:
       matrix:
-        runner-image: [ ubuntu-focal, rootless-ubuntu-focal ]
+        runner-image: [ubuntu-focal, rootless-ubuntu-focal, ubuntu-jammy]
 
     steps:
       - name: Checkout
@@ -26,7 +26,7 @@ jobs:
       - name: Set outputs
         id: vars
         run: echo ::set-output name=sha_short::${GITHUB_SHA::7}
-      
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
@@ -40,7 +40,7 @@ jobs:
       - name: Build and push the image
         uses: docker/build-push-action@v3
         with:
-          file: 'images/${{ matrix.runner-image }}.Dockerfile'
+          file: "images/${{ matrix.runner-image }}.Dockerfile"
           push: true
           tags: |
             ghcr.io/some-natalie/kubernoodles/${{ matrix.runner-image }}:latest
@@ -60,17 +60,17 @@ jobs:
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}
 
-      - name: Generate SBOM for the rootless Ubuntu Focal (20.04 LTS) runner
+      - name: Generate SBOM for the Ubuntu-based runners
         uses: anchore/sbom-action@v0
         with:
           image: ghcr.io/some-natalie/kubernoodles/${{ matrix.runner-image }}:latest
 
   build-podman:
-    runs-on: ubuntu-latest  # use the GitHub hosted runners
+    runs-on: ubuntu-latest # use the GitHub hosted runners
     permissions:
-      contents: write  # for uploading the SBOM to the release
-      packages: write  # for uploading the finished container
-      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
+      contents: write # for uploading the SBOM to the release
+      packages: write # for uploading the finished container
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
 
     steps:
       - name: Checkout
@@ -82,7 +82,7 @@ jobs:
       - name: Set outputs
         id: vars
         run: echo ::set-output name=sha_short::${GITHUB_SHA::7}
-      
+
       - name: Build the image
         id: build-image
         uses: redhat-actions/buildah-build@v2
@@ -108,7 +108,7 @@ jobs:
         uses: anchore/sbom-action@v0
         with:
           image: ghcr.io/some-natalie/kubernoodles/podman:latest
-      
+
       - name: Push image
         uses: redhat-actions/push-to-registry@v2
         with:
@@ -119,20 +119,20 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
   deploy:
-    runs-on: ubuntu-latest  # use the GitHub hosted runners to deploy the self-hosted runners in GHEC
+    runs-on: ubuntu-latest # use the GitHub hosted runners to deploy the self-hosted runners in GHEC
     # If using GHES or GHAE, use another deployment, such as having CentOS redeploy Ubuntu and vice versa
     environment: production
-    needs: [ build-podman, build-ubuntu ]
+    needs: [build-podman, build-ubuntu]
     strategy:
       matrix:
-        runner-image: [ podman, ubuntu-focal, rootless-ubuntu-focal ]
+        runner-image: [podman, ubuntu-focal, rootless-ubuntu-focal]
 
     steps:
       - name: Checkout
         uses: actions/checkout@v3
 
       - name: Write out the kubeconfig info
-        run: | 
+        run: |
           echo ${{ secrets.DEPLOY_ACCOUNT }} | base64 -d > /tmp/config
 
       - name: Update deployment

diff --git a/.github/workflows/test-ubuntu-jammy.yml b/.github/workflows/test-ubuntu-jammy.yml
@@ -0,0 +1,114 @@
+name: Test Ubuntu Jammy runner
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "images/ubuntu-jammy.Dockerfile"
+      - "images/**.sh"
+      - "images/docker/*"
+      - "images/software/*"
+      - "images/supervisor/*"
+
+jobs:
+  build:
+    name: Build test image
+    runs-on: [self-hosted, jammy]
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to GitHub Packages
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@v3
+        with:
+          file: "images/ubuntu-jammy.Dockerfile"
+          push: true
+          tags: ghcr.io/some-natalie/kubernoodles/ubuntu-jammy:latest
+
+  deploy:
+    name: Deploy test image to `test-runners` namespace
+    runs-on: [self-hosted, jammy]
+    needs: [build]
+    environment: test
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Write out the kubeconfig info
+        run: |
+          echo ${{ secrets.DEPLOY_ACCOUNT }} | base64 -d > /tmp/config
+
+      - name: Deploy
+        run: |
+          kubectl apply -f deployments/test-ubuntu-jammy.yml
+        env:
+          KUBECONFIG: /tmp/config
+
+      - name: Remove kubeconfig info
+        run: rm -f /tmp/config
+
+      - name: Wait 5 minutes to let the new pod come up
+        run: sleep 300
+
+  test:
+    name: Run tests!
+    runs-on: [self-hosted, test-ubuntu-jammy]
+    needs: [deploy]
+
+    steps:
+      - name: Sudo test
+        run: sudo echo "sudo is working"
+
+      - name: Docker test
+        run: |
+          docker run hello-world
+          docker network inspect bridge
+          docker info
+
+      - name: Docker compose test
+        run: |
+          docker-compose --version
+
+      - name: Print environmental variables
+        run: printenv
+
+  remove-deploy:
+    name: Delete test image deployment
+    runs-on: [self-hosted, jammy]
+    needs: [test]
+    environment: test
+    if: always()
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Write out the kubeconfig info
+        run: |
+          echo ${{ secrets.DEPLOY_ACCOUNT }} | base64 -d > /tmp/config
+
+      - name: Deploy
+        run: |
+          kubectl delete -f deployments/test-ubuntu-jammy.yml
+        env:
+          KUBECONFIG: /tmp/config
+
+      - name: Remove kubeconfig info
+        run: rm -f /tmp/config
diff --git a/.github/workflows/weekly-cleanup.yml b/.github/workflows/weekly-cleanup.yml
@@ -3,7 +3,7 @@ name: Weekly repo cleanup 🔥
 on:
   workflow_dispatch:
   schedule:
-    - cron: '30 22 * * 1'  # Weekly at 22:30 UTC on Mondays
+    - cron: "30 22 * * 1" # Weekly at 22:30 UTC on Mondays
 
 jobs:
   clean-ghcr:
@@ -16,6 +16,7 @@ jobs:
           - ubuntu-focal
           - podman
           - rootless-ubuntu-focal
+          - ubuntu-jammy
     steps:
       - name: Delete untagged containers
         uses: snok/container-retention-policy@v1
@@ -34,18 +35,18 @@ jobs:
       - name: Close stale issues and pull requests
         uses: actions/stale@v5
         with:
-          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 2 weeks.'
-          close-issue-message: 'This issue was closed because it has been stalled for 2 weeks with no activity.'
+          stale-issue-message: "This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 2 weeks."
+          close-issue-message: "This issue was closed because it has been stalled for 2 weeks with no activity."
           days-before-issue-stale: 30
           days-before-issue-close: 14
-          stale-issue-label: 'stale'
-          exempt-issue-labels: 'epic'
-          stale-pr-message: 'This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 2 weeks.'
-          close-pr-message: 'This PR was closed because it has been stalled for 2 weeks with no activity.'
+          stale-issue-label: "stale"
+          exempt-issue-labels: "epic"
+          stale-pr-message: "This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 2 weeks."
+          close-pr-message: "This PR was closed because it has been stalled for 2 weeks with no activity."
           days-before-pr-stale: 30
           days-before-pr-close: 14
-          stale-pr-label: 'stale'
-          exempt-pr-labels: 'dependencies'
+          stale-pr-label: "stale"
+          exempt-pr-labels: "dependencies"
 
   clean-offline-runners:
     name: Delete offline self-hosted runners

diff --git a/deployments/ghae/ubuntu-jammy.yml b/deployments/ghae/ubuntu-jammy.yml
@@ -0,0 +1,55 @@
+apiVersion: actions.summerwind.dev/v1alpha1
+kind: RunnerDeployment
+metadata:
+  name: ubuntu-jammy
+  namespace: runners
+spec:
+  replicas: 1
+  template:
+    spec:
+      organization: universal-exports-ltd
+      # env:
+      #   - name: DISABLE_RUNNER_UPDATE # Disables automatic runner updates
+      #     value: "true"
+      ephemeral: true
+      image: ghcr.io/some-natalie/kubernoodles/ubuntu-jammy:latest # change this to the version you really want!
+      imagePullPolicy: Always
+      imagePullSecrets:
+        - name: ghcr
+      dockerdWithinRunnerContainer: true
+      dockerMTU: 1450
+      resources:
+        limits:
+          cpu: "4000m"
+          memory: "8Gi"
+        requests:
+          cpu: "200m"
+          memory: "200Mi"
+      labels:
+        - docker
+        - ubuntu
+        - jammy
+        - ubuntu-latest # overlaps w/ hosted runners on GHEC, can use in GHES and GHAE
+      securityContext:
+        runAsUser: 1000
+        seccompProfile:
+          type: RuntimeDefault
+        runAsNonRoot: true
+---
+apiVersion: actions.summerwind.dev/v1alpha1
+kind: HorizontalRunnerAutoscaler
+metadata:
+  name: ubuntu-jammy-autoscaling
+  namespace: runners
+spec:
+  scaleTargetRef:
+    name: ubuntu-jammy
+  minReplicas: 1
+  maxReplicas: 3
+  scaleDownDelaySecondsAfterScaleOut: 60
+  metrics:
+    - type: PercentageRunnersBusy
+      scaleUpThreshold: "0.75"
+      scaleDownThreshold: "0.3"
+      scaleUpFactor: "1.5"
+      scaleDownFactor: "0.7"