-
Notifications
You must be signed in to change notification settings - Fork 709
Expand file tree
/
Copy pathgithub_agent.ubuntu.pkr.hcl
More file actions
215 lines (190 loc) · 7.25 KB
/
github_agent.ubuntu.pkr.hcl
File metadata and controls
215 lines (190 loc) · 7.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
packer {
required_plugins {
amazon = {
version = ">= 0.0.2"
source = "github.com/hashicorp/amazon"
}
}
}
variable "runner_version" {
description = "The version (no v prefix) of the runner software to install https://github.com/actions/runner/releases. The latest release will be fetched from GitHub if not provided."
default = null
}
variable "region" {
description = "The region to build the image in"
type = string
default = "eu-west-1"
}
variable "security_group_id" {
description = "The ID of the security group Packer will associate with the builder to enable access"
type = string
default = null
}
variable "subnet_id" {
description = "If using VPC, the ID of the subnet, such as subnet-12345def, where Packer will launch the EC2 instance. This field is required if you are using an non-default VPC"
type = string
default = null
}
variable "associate_public_ip_address" {
description = "If using a non-default VPC, there is no public IP address assigned to the EC2 instance. If you specified a public subnet, you probably want to set this to true. Otherwise the EC2 instance won't have access to the internet"
type = string
default = null
}
variable "instance_type" {
description = "The instance type Packer will use for the builder"
type = string
default = "c8i-flex.large"
}
variable "iam_instance_profile" {
description = "IAM instance profile Packer will use for the builder. An empty string (default) means no profile will be assigned."
type = string
default = ""
}
variable "root_volume_size_gb" {
type = number
default = 8
}
variable "ebs_delete_on_termination" {
description = "Indicates whether the EBS volume is deleted on instance termination."
type = bool
default = true
}
variable "global_tags" {
description = "Tags to apply to everything"
type = map(string)
default = {}
}
variable "ami_tags" {
description = "Tags to apply to the AMI"
type = map(string)
default = {}
}
variable "snapshot_tags" {
description = "Tags to apply to the snapshot"
type = map(string)
default = {}
}
variable "custom_shell_commands" {
description = "Additional commands to run on the EC2 instance, to customize the instance, like installing packages"
type = list(string)
default = []
}
variable "temporary_security_group_source_public_ip" {
description = "When enabled, use public IP of the host (obtained from https://checkip.amazonaws.com) as CIDR block to be authorized access to the instance, when packer is creating a temporary security group. Note: If you specify `security_group_id` then this input is ignored."
type = bool
default = false
}
data "http" github_runner_release_json {
url = "https://api.github.com/repos/actions/runner/releases/latest"
request_headers = {
Accept = "application/vnd.github+json"
X-GitHub-Api-Version : "2022-11-28"
}
}
locals {
runner_version = coalesce(var.runner_version, trimprefix(jsondecode(data.http.github_runner_release_json.body).tag_name, "v"))
}
source "amazon-ebs" "githubrunner" {
ami_name = "github-runner-ubuntu-jammy-amd64-${formatdate("YYYYMMDDhhmm", timestamp())}"
instance_type = var.instance_type
iam_instance_profile = var.iam_instance_profile
region = var.region
security_group_id = var.security_group_id
subnet_id = var.subnet_id
associate_public_ip_address = var.associate_public_ip_address
temporary_security_group_source_public_ip = var.temporary_security_group_source_public_ip
source_ami_filter {
filters = {
name = "*ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["099720109477"]
}
ssh_username = "ubuntu"
tags = merge(
var.global_tags,
var.ami_tags,
{
OS_Version = "ubuntu-jammy"
Release = "Latest"
Base_AMI_Name = "{{ .SourceAMIName }}"
})
snapshot_tags = merge(
var.global_tags,
var.snapshot_tags,
)
launch_block_device_mappings {
device_name = "/dev/sda1"
volume_size = "${var.root_volume_size_gb}"
volume_type = "gp3"
delete_on_termination = "${var.ebs_delete_on_termination}"
}
}
build {
name = "githubactions-runner"
sources = [
"source.amazon-ebs.githubrunner"
]
provisioner "shell" {
environment_vars = [
"DEBIAN_FRONTEND=noninteractive"
]
inline = concat([
"sudo cloud-init status --wait",
"sudo apt-get -y update",
"sudo apt-get -y install ca-certificates curl gnupg lsb-release",
"sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg",
"echo deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null",
"sudo apt-get -y update",
"sudo apt-get -y install docker-ce docker-ce-cli containerd.io jq git unzip",
"sudo systemctl enable containerd.service",
"sudo service docker start",
"sudo usermod -a -G docker ubuntu",
"sudo curl -f https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb -o amazon-cloudwatch-agent.deb",
"sudo dpkg -i amazon-cloudwatch-agent.deb",
"sudo systemctl restart amazon-cloudwatch-agent",
"sudo curl -f https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip",
"unzip awscliv2.zip",
"sudo ./aws/install",
], var.custom_shell_commands)
}
provisioner "file" {
content = templatefile("../install-runner.sh", {
install_runner = templatefile("../../modules/runners/templates/install-runner.sh", {
ARM_PATCH = ""
S3_LOCATION_RUNNER_DISTRIBUTION = ""
RUNNER_ARCHITECTURE = "x64"
})
})
destination = "/tmp/install-runner.sh"
}
provisioner "shell" {
environment_vars = [
"RUNNER_TARBALL_URL=https://github.com/actions/runner/releases/download/v${local.runner_version}/actions-runner-linux-x64-${local.runner_version}.tar.gz"
]
inline = [
"sudo chmod +x /tmp/install-runner.sh",
"echo ubuntu | tee -a /tmp/install-user.txt",
"sudo RUNNER_ARCHITECTURE=x64 RUNNER_TARBALL_URL=$RUNNER_TARBALL_URL /tmp/install-runner.sh",
"echo ImageOS=ubuntu22 | tee -a /opt/actions-runner/.env"
]
}
provisioner "file" {
content = templatefile("../start-runner.sh", {
start_runner = templatefile("../../modules/runners/templates/start-runner.sh", { metadata_tags = "enabled" })
})
destination = "/tmp/start-runner.sh"
}
provisioner "shell" {
inline = [
"sudo mv /tmp/start-runner.sh /var/lib/cloud/scripts/per-boot/start-runner.sh",
"sudo chmod +x /var/lib/cloud/scripts/per-boot/start-runner.sh",
]
}
post-processor "manifest" {
output = "manifest.json"
strip_path = true
}
}