From 34b459d917f197459205adbfa3f52171ad8263b0 Mon Sep 17 00:00:00 2001 From: Jonathan Perry Date: Wed, 22 Jan 2025 15:15:45 -0600 Subject: [PATCH 1/7] switch to spot in template --- .github/workflows/aws-runner-template.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/aws-runner-template.yaml b/.github/workflows/aws-runner-template.yaml index 37f8700..4cf7d64 100644 --- a/.github/workflows/aws-runner-template.yaml +++ b/.github/workflows/aws-runner-template.yaml @@ -24,12 +24,13 @@ jobs: - name: Start EC2 runner id: start-ec2-runner - uses: machulav/ec2-github-runner@v2 + uses: machulav/ec2-github-runner@28fbe1c4d7d9ba74134ca5ebc559d5b0a989a856 with: mode: start github-token: ${{ secrets.REPO_ADMIN_TOKEN }} ec2-image-id: ami-006ec002b74f6c066 # Amazon Linux 2 in us-east-2 ec2-instance-type: t3.micro + market-type: spot subnet-id: ${{ secrets.AWS_SUBNET_ID }} security-group-id: ${{ secrets.AWS_SECURITY_GROUP_ID }} pre-runner-script: | @@ -72,7 +73,7 @@ jobs: role-session-name: github-runner-session - name: Stop EC2 runner - uses: machulav/ec2-github-runner@v2 + uses: machulav/ec2-github-runner@28fbe1c4d7d9ba74134ca5ebc559d5b0a989a856 with: mode: stop github-token: ${{ secrets.REPO_ADMIN_TOKEN }} From 86e7001d6833e288fd9ae7a9fd1a65498fbb8d3c Mon Sep 17 00:00:00 2001 From: Jonathan Perry Date: Wed, 22 Jan 2025 15:19:22 -0600 Subject: [PATCH 2/7] try to remove permissions --- .github/workflows/aws-runner-template.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/aws-runner-template.yaml b/.github/workflows/aws-runner-template.yaml index 4cf7d64..3aad568 100644 --- a/.github/workflows/aws-runner-template.yaml +++ b/.github/workflows/aws-runner-template.yaml @@ -2,10 +2,10 @@ name: Template for EC2 Runner on: workflow_dispatch # Manual trigger for testing # Add permissions needed for OIDC authentication -permissions: - id-token: write # Required for requesting the JWT - contents: read # Required for actions/checkout - actions: write # Required for registering runners +# permissions: +# id-token: write # Required for requesting the JWT +# contents: read # Required for actions/checkout +# actions: write # Required for registering runners jobs: start-runner: From ef89fe1de92e77da6e2353dbe6a39786325171cd Mon Sep 17 00:00:00 2001 From: Jonathan Perry Date: Wed, 22 Jan 2025 15:20:16 -0600 Subject: [PATCH 3/7] re-add id-token permission --- .github/workflows/aws-runner-template.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/aws-runner-template.yaml b/.github/workflows/aws-runner-template.yaml index 3aad568..9f26242 100644 --- a/.github/workflows/aws-runner-template.yaml +++ b/.github/workflows/aws-runner-template.yaml @@ -2,8 +2,8 @@ name: Template for EC2 Runner on: workflow_dispatch # Manual trigger for testing # Add permissions needed for OIDC authentication -# permissions: -# id-token: write # Required for requesting the JWT +permissions: + id-token: write # Required for requesting the JWT # contents: read # Required for actions/checkout # actions: write # Required for registering runners From 9b111ceb4a441e40d71fda730a410bba6ab08dd7 Mon Sep 17 00:00:00 2001 From: Jonathan Perry Date: Wed, 22 Jan 2025 15:33:22 -0600 Subject: [PATCH 4/7] try removing permissions from cpi-count-test --- .github/workflows/cpi-count-test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cpi-count-test.yaml b/.github/workflows/cpi-count-test.yaml index 5d07e7d..8d70280 100644 --- a/.github/workflows/cpi-count-test.yaml +++ b/.github/workflows/cpi-count-test.yaml @@ -3,8 +3,8 @@ on: workflow_dispatch permissions: id-token: write - contents: read - actions: write + # contents: read + # actions: write jobs: start-runner: From 51e96b7452885c350737c70a41223c77c8e7bd92 Mon Sep 17 00:00:00 2001 From: Jonathan Perry Date: Wed, 22 Jan 2025 15:37:03 -0600 Subject: [PATCH 5/7] remove unneeded permissions from AWS tests --- .github/workflows/aws-runner-template.yaml | 2 -- .github/workflows/cpi-count-test.yaml | 2 -- 2 files changed, 4 deletions(-) diff --git a/.github/workflows/aws-runner-template.yaml b/.github/workflows/aws-runner-template.yaml index 9f26242..b904b01 100644 --- a/.github/workflows/aws-runner-template.yaml +++ b/.github/workflows/aws-runner-template.yaml @@ -4,8 +4,6 @@ on: workflow_dispatch # Manual trigger for testing # Add permissions needed for OIDC authentication permissions: id-token: write # Required for requesting the JWT -# contents: read # Required for actions/checkout -# actions: write # Required for registering runners jobs: start-runner: diff --git a/.github/workflows/cpi-count-test.yaml b/.github/workflows/cpi-count-test.yaml index 8d70280..bf15128 100644 --- a/.github/workflows/cpi-count-test.yaml +++ b/.github/workflows/cpi-count-test.yaml @@ -3,8 +3,6 @@ on: workflow_dispatch permissions: id-token: write - # contents: read - # actions: write jobs: start-runner: From 76ca0787afddfe2fed2d465aa5dffa2142607352 Mon Sep 17 00:00:00 2001 From: Jonathan Perry Date: Wed, 22 Jan 2025 15:38:16 -0600 Subject: [PATCH 6/7] update ec2-github-runner to the public version that supports spot --- .github/workflows/cpi-count-test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cpi-count-test.yaml b/.github/workflows/cpi-count-test.yaml index bf15128..d98dc3c 100644 --- a/.github/workflows/cpi-count-test.yaml +++ b/.github/workflows/cpi-count-test.yaml @@ -21,7 +21,7 @@ jobs: - name: Start EC2 runner id: start-ec2-runner - uses: tverghis/ec2-github-runner@7170053c36b2928213de1cf2303ac85059dadeee + uses: machulav/ec2-github-runner@28fbe1c4d7d9ba74134ca5ebc559d5b0a989a856 with: mode: start github-token: ${{ secrets.REPO_ADMIN_TOKEN }} @@ -125,7 +125,7 @@ jobs: role-session-name: github-runner-session - name: Stop EC2 runner - uses: machulav/ec2-github-runner@v2 + uses: machulav/ec2-github-runner@28fbe1c4d7d9ba74134ca5ebc559d5b0a989a856 with: mode: stop github-token: ${{ secrets.REPO_ADMIN_TOKEN }} From 5ec1477e6ebae858722e5a020447387c7ae44134 Mon Sep 17 00:00:00 2001 From: Jonathan Perry Date: Thu, 23 Jan 2025 08:16:25 -0600 Subject: [PATCH 7/7] Apply suggestions from code review use version number (rather than hash) to select spot-capable ec2-github-runner version. Credit @tverghis for suggesting Co-authored-by: Tarun Verghis --- .github/workflows/aws-runner-template.yaml | 4 ++-- .github/workflows/cpi-count-test.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/aws-runner-template.yaml b/.github/workflows/aws-runner-template.yaml index b904b01..1ee52be 100644 --- a/.github/workflows/aws-runner-template.yaml +++ b/.github/workflows/aws-runner-template.yaml @@ -22,7 +22,7 @@ jobs: - name: Start EC2 runner id: start-ec2-runner - uses: machulav/ec2-github-runner@28fbe1c4d7d9ba74134ca5ebc559d5b0a989a856 + uses: machulav/ec2-github-runner@v2.3.8 with: mode: start github-token: ${{ secrets.REPO_ADMIN_TOKEN }} @@ -71,7 +71,7 @@ jobs: role-session-name: github-runner-session - name: Stop EC2 runner - uses: machulav/ec2-github-runner@28fbe1c4d7d9ba74134ca5ebc559d5b0a989a856 + uses: machulav/ec2-github-runner@v2.3.8 with: mode: stop github-token: ${{ secrets.REPO_ADMIN_TOKEN }} diff --git a/.github/workflows/cpi-count-test.yaml b/.github/workflows/cpi-count-test.yaml index d98dc3c..17191ea 100644 --- a/.github/workflows/cpi-count-test.yaml +++ b/.github/workflows/cpi-count-test.yaml @@ -21,7 +21,7 @@ jobs: - name: Start EC2 runner id: start-ec2-runner - uses: machulav/ec2-github-runner@28fbe1c4d7d9ba74134ca5ebc559d5b0a989a856 + uses: machulav/ec2-github-runner@v2.3.8 with: mode: start github-token: ${{ secrets.REPO_ADMIN_TOKEN }} @@ -125,7 +125,7 @@ jobs: role-session-name: github-runner-session - name: Stop EC2 runner - uses: machulav/ec2-github-runner@28fbe1c4d7d9ba74134ca5ebc559d5b0a989a856 + uses: machulav/ec2-github-runner@v2.3.8 with: mode: stop github-token: ${{ secrets.REPO_ADMIN_TOKEN }}