diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 451f501..d39509d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -6,20 +6,14 @@ on: - master - develop paths: - - 'defaults/**' - - 'handlers/**' - - 'molecule/**' - - 'tasks/**' - - 'templates/**' - - 'vars/**' - schedule: - - cron: '0 6 * * 0' + - "defaults/**" + - "handlers/**" + - "molecule/**" + - "tasks/**" + - "templates/**" + - "vars/**" workflow_dispatch: -env: - MOLECULE_DOCKER_VOLUMES: rw - MOLECULE_DOCKER_CGROUPS_MODE: host - jobs: repo: name: Test GHA Runner Role @@ -31,10 +25,9 @@ jobs: max-parallel: 5 matrix: config: - - os: "debian11" - - os: "fedora39" - - os: "ubuntu20" - - os: "ubuntu22" + - os: "debian13" + - os: "fedora43" + - os: "ubuntu2404" - os: "rockylinux9" steps: - name: checkout @@ -42,10 +35,15 @@ jobs: with: path: "${{ github.repository }}" + - name: Remove unnecessary files + run: | + sudo rm -rf /usr/share/dotnet + sudo rm -rf "$AGENT_TOOLSDIRECTORY" + - name: Set up Python 3 uses: actions/setup-python@v6 with: - python-version: '3.14' + python-version: "3.14" - name: Install test dependencies run: | @@ -55,11 +53,9 @@ jobs: run: molecule test --scenario-name repo working-directory: "${{ github.repository }}" env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - MOLECULE_IMAGE: ${{ matrix.config.os }} - MOLECULE_DOCKER_CGROUPS_MODE: ${{ matrix.config.cgroup_mode }} - MOLECULE_DOCKER_VOLUMES: ${{ matrix.config.volumes }} + PY_COLORS: "1" + ANSIBLE_FORCE_COLOR: "1" + MOLECULE_DISTRO: ${{ matrix.config.os }} PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} GITHUB_ACCOUNT: monolithprojects-testorg GITHUB_REPO: ansible-github_actions_runner-testrepo @@ -75,10 +71,9 @@ jobs: max-parallel: 5 matrix: config: - - os: "debian11" - - os: "fedora37" - - os: "ubuntu20" - - os: "ubuntu22" + - os: "debian13" + - os: "fedora43" + - os: "ubuntu2404" - os: "rockylinux9" steps: - name: checkout @@ -86,23 +81,26 @@ jobs: with: path: "${{ github.repository }}" + - name: Remove unnecessary files + run: | + sudo rm -rf /usr/share/dotnet + sudo rm -rf "$AGENT_TOOLSDIRECTORY" + - name: Set up Python 3 uses: actions/setup-python@v6 with: - python-version: '3.14' + python-version: "3.14" - name: Install test dependencies run: pip3 install ansible docker molecule molecule-plugins[docker] "requests<2.29.2" jmespath - - name: Run Molecule tests - + - name: Run Molecule tests - org run: molecule test --scenario-name org working-directory: "${{ github.repository }}" env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - MOLECULE_IMAGE: ${{ matrix.config.os }} - MOLECULE_DOCKER_CGROUPS_MODE: ${{ matrix.config.cgroup_mode }} - MOLECULE_DOCKER_VOLUMES: ${{ matrix.config.volumes }} + PY_COLORS: "1" + ANSIBLE_FORCE_COLOR: "1" + MOLECULE_DISTRO: ${{ matrix.config.os }} PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} GITHUB_ACCOUNT: monolithprojects-testorg GITHUB_REPO: ansible-github_actions_runner-testrepo diff --git a/.gitignore b/.gitignore index f76437e..29c61e7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .cache *.gz +.ansible diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 83b3cb6..249b5cd 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.0.1 + rev: v6.0.0 hooks: - id: check-yaml args: [--allow-multiple-documents] @@ -9,7 +9,7 @@ repos: args: [--markdown-linebreak-ext=md] - repo: https://github.com/adrienverge/yamllint - rev: v1.26.3 + rev: v1.37.1 hooks: - id: yamllint args: [-c=.yamllint] diff --git a/README.md b/README.md index b4169bf..5d9606e 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ Personal Access Token for GitHub account can be created [here](https://github.co * Runner user has to be pre-created. Recommended role: `monolithprojects.user_management` -* CentOS systems require EPEL repository. +* CentOS and RockyLinuxsystems require EPEL repository. Recommended role: `robertdebock.epel` ## Supported CPU architecture @@ -55,25 +55,24 @@ Personal Access Token for GitHub account can be created [here](https://github.co ## Supported Operating Systems -* Red Hat Enterprise Linux 7+ -* CentOS 7+ +* Red Hat Enterprise Linux 8+ * Rocky Linux 8+ -* Fedora 29+ -* Debian 9+ -* Ubuntu 18.04+ +* Fedora 40+ +* Debian 10+ +* Ubuntu 22.04+ * MacOS High Sierra + * Windows ## Weekly tested on: -* Debian 11 -* Fedora 39 +* Debian 13 +* Fedora 43 * Rocky Linux 9 -* Ubuntu 20,22 +* Ubuntu 24 ## Role Variables -This is a copy from `defaults/main.yml` +This is a copy of `defaults/main.yml` ```yaml --- @@ -113,9 +112,6 @@ runner_org: false # Labels to apply to the runner runner_labels: [] -# Disable default labels (self-hosted, Linux, X64) and require custom labels. Set `runner_no_default_labels: true` and provide at least one label in `runner_labels` to use this feature. -runner_no_default_labels: false - # Group to add organization runner to runner_group: "" @@ -126,6 +122,9 @@ runner_download_repository: "actions/runner" # Several arguments must be set as one string (i.e. "--ephemeral --my_special_fork") runner_extra_config_args: "" +# Disable default labels (self-hosted, Linux, X64) and require custom labels. Set `runner_no_default_labels: true` and provide at least one label in `runner_labels` to use this feature. +runner_no_default_labels: false + # Name to assign to this runner in GitHub (System hostname as default) runner_name: "{{ ansible_facts.hostname }}" diff --git a/defaults/main.yml b/defaults/main.yml index 3c98014..64a0620 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -45,7 +45,8 @@ runner_download_repository: "actions/runner" # Several arguments must be set as one string (i.e. "--ephemeral --my_special_fork") runner_extra_config_args: "" -# Disable default labels (self-hosted, Linux, X64) and require custom labels. Set `runner_no_default_labels: true` and provide at least one label in `runner_labels` to use this feature. +# Disable default labels (self-hosted, Linux, X64) and require custom labels. +# Set `runner_no_default_labels: true` and provide at least one label in `runner_labels` to use this feature. runner_no_default_labels: false # Name to assign to this runner in GitHub (System hostname as default) diff --git a/molecule/custom_env/cleanup.yml b/molecule/custom_env/cleanup.yml deleted file mode 100644 index 34bc208..0000000 --- a/molecule/custom_env/cleanup.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Cleanup - user: ansible - hosts: all - become: yes - vars: - runner_user: ansible - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - runner_state: absent - runner_name: test_name - roles: - - monolithprojects.github_actions_runner diff --git a/molecule/custom_env/converge.yml b/molecule/custom_env/converge.yml deleted file mode 100644 index bd8f486..0000000 --- a/molecule/custom_env/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Dev test playbook - user: ansible - hosts: all - gather_facts: yes - become: yes - vars: - runner_user: ansible - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - runner_version: "latest" - runner_name: test_name - runner_labels: - - label1 - - repo-runner - custom_env: | - # HTTPS_PROXY=YOUR_URL_HERE - - roles: - - robertdebock.epel - - monolithprojects.github_actions_runner diff --git a/molecule/custom_env/molecule.yml b/molecule/custom_env/molecule.yml deleted file mode 100644 index 5bc8d31..0000000 --- a/molecule/custom_env/molecule.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - verbosity: 0 - playbooks: - converge: converge.yml - cleanup: cleanup.yml - verify: verify.yml -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-monolithprojects}/systemd-${MOLECULE_IMAGE:-ubuntu22}:latest" - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 - cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 - command: ${MOLECULE_DOCKER_COMMAND:-""} - privileged: true - pre_build_image: true -verifier: - name: ansible -scenario: - name: custom_env - test_sequence: - - dependency - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy diff --git a/molecule/custom_env/requirements.yml b/molecule/custom_env/requirements.yml deleted file mode 100644 index ee41ee4..0000000 --- a/molecule/custom_env/requirements.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -roles: -- name: robertdebock.epel - version: 3.0.1 diff --git a/molecule/custom_env/verify.yml b/molecule/custom_env/verify.yml deleted file mode 100644 index cba84e6..0000000 --- a/molecule/custom_env/verify.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- name: Validate Repo runners - user: ansible - hosts: all - gather_facts: yes - become: yes - vars: - runner_user: ansible - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - github_api_url: "https://api.github.com" - access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}" - runner_name: test_name - - tasks: - - name: Check currently registered runners - ansible.builtin.uri: - url: "{{ github_api_url }}/repos/{{ github_owner | default(github_account) }}/{{ github_repo }}/actions/runners" - headers: - Authorization: "token {{ access_token }}" - Accept: "application/vnd.github.v3+json" - method: GET - status_code: 200 - force_basic_auth: yes - register: registered_runners - - - name: Debug | var registered_runners - ansible.builtin.debug: - var: registered_runners.json.runners - - - name: Check Runner - ansible.builtin.assert: - that: - - runner_name in registered_runners.json.runners|map(attribute='name')|list - - registered_runners.json.runners.0.status == "online" - quiet: true - - - name: Check Labels (skipped if labels are OK) - ansible.builtin.fail: - msg: Woops some labels differ "{{ (registered_runners.json.runners.0 | json_query('labels[*].name') | difference(['self-hosted', 'Linux', 'X64', 'label1', 'repo-runner'])) }}" - when: not (registered_runners.json.runners.0 | json_query('labels[*].name') | list ) == (['self-hosted', 'Linux', 'X64', 'label1', 'repo-runner'] | list) - - - name: Check custom env file is configured - ansible.builtin.lineinfile: - dest: /opt/actions-runner/.env - line: "# HTTPS_PROXY=YOUR_URL_HERE" - check_mode: yes - register: presence - failed_when: presence.changed diff --git a/molecule/default/cleanup.yml b/molecule/default/cleanup.yml index 34bc208..27a80a6 100644 --- a/molecule/default/cleanup.yml +++ b/molecule/default/cleanup.yml @@ -1,10 +1,9 @@ --- - name: Cleanup - user: ansible hosts: all become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_state: absent diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 2e15c2d..d46b547 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,11 +1,10 @@ --- - name: Dev test playbook - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_version: "latest" @@ -14,31 +13,8 @@ reinstall_runner: false hide_sensitive_logs: no runner_labels: - - label1 - - repo-runner + - label1 + - repo-runner roles: - robertdebock.epel - - monolithprojects.github_actions_runner - -# Run the playbook again with different labels to test -- name: Dev test playbook second run - user: ansible - hosts: all - gather_facts: yes - become: yes - vars: - runner_user: ansible - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - runner_version: "latest" - runner_name: test_name - runner_on_ghes: yes - reinstall_runner: false - hide_sensitive_logs: no - runner_labels: - - label1 - - repo-runner - - label2 - roles: - - robertdebock.epel - - monolithprojects.github_actions_runner + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 4c68ee3..4a10086 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -5,19 +5,21 @@ provisioner: defaults: verbosity: 0 playbooks: - converge: converge.yml - cleanup: cleanup.yml - verify: verify.yml + converge: converge.yml + cleanup: cleanup.yml + verify: verify.yml dependency: name: galaxy + options: + ignore-errors: true driver: name: docker platforms: - - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-monolithprojects}/systemd-${MOLECULE_IMAGE:-ubuntu22}:latest" + - name: "${MOLECULE_DISTRO:-ubuntu2404}-latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 - cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host command: ${MOLECULE_DOCKER_COMMAND:-""} privileged: true pre_build_image: true diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml new file mode 100644 index 0000000..5c3ee04 --- /dev/null +++ b/molecule/default/prepare.yml @@ -0,0 +1,12 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + + tasks: + - name: Workaround for RockyLinux + when: ansible_distribution == 'Rocky' + # Bug in some upstream distros, /etc/shadow has no file perms in container image + ansible.builtin.file: + path: /etc/shadow + mode: "400" diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml index ee41ee4..72e6697 100644 --- a/molecule/default/requirements.yml +++ b/molecule/default/requirements.yml @@ -1,5 +1,4 @@ --- - roles: -- name: robertdebock.epel - version: 3.0.1 + - name: robertdebock.epel + version: 4.1.7 diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 0ecf5c6..54e6f06 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -1,11 +1,10 @@ --- - name: Validate Repo runners - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" github_api_url: "https://api.github.com" diff --git a/molecule/no_default_labels/converge.yml b/molecule/no_default_labels/converge.yml deleted file mode 100644 index 6b32de6..0000000 --- a/molecule/no_default_labels/converge.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Test no_default_labels scenario - hosts: all - become: yes - vars: - runner_user: ansible - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - runner_version: "latest" - runner_name: test_name - runner_no_default_labels: true - runner_labels: - - testlabel1 - - testlabel2 - roles: - - role: monolithprojects.github_actions_runner - diff --git a/molecule/no_default_labels/molecule.yml b/molecule/no_default_labels/molecule.yml deleted file mode 100644 index 8d3aa46..0000000 --- a/molecule/no_default_labels/molecule.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -provisioner: - name: ansible - config_options: - defaults: - verbosity: 0 - playbooks: - converge: converge.yml - cleanup: ../default/cleanup.yml - verify: verify.yml -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-monolithprojects}/systemd-${MOLECULE_IMAGE:-ubuntu22}:latest" - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 - cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 - command: ${MOLECULE_DOCKER_COMMAND:-""} - privileged: true - pre_build_image: true -verifier: - name: ansible -scenario: - name: no_default_labels - test_sequence: - - dependency - - destroy - - syntax - - create - - prepare - - converge - - idempotence - - side_effect - - verify - - cleanup - - destroy diff --git a/molecule/no_default_labels/requirements.yml b/molecule/no_default_labels/requirements.yml deleted file mode 100644 index ee41ee4..0000000 --- a/molecule/no_default_labels/requirements.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -roles: -- name: robertdebock.epel - version: 3.0.1 diff --git a/molecule/no_default_labels/verify.yml b/molecule/no_default_labels/verify.yml deleted file mode 100644 index a079a88..0000000 --- a/molecule/no_default_labels/verify.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- name: Validate Repo runners - user: ansible - hosts: all - gather_facts: yes - become: yes - vars: - runner_user: ansible - github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" - github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - github_api_url: "https://api.github.com" - access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}" - runner_name: "{{ ansible_facts.hostname }}" - - tasks: - - name: Check currently registered runners - ansible.builtin.uri: - url: "{{ github_api_url }}/repos/{{ github_owner | default(github_account) }}/{{ github_repo }}/actions/runners" - headers: - Authorization: "token {{ access_token }}" - Accept: "application/vnd.github.v3+json" - method: GET - status_code: 200 - force_basic_auth: yes - register: registered_runners - - - name: Check Runner - ansible.builtin.assert: - that: - - registered_runners.json.runners.0.status == "online" - quiet: true - - - debug: - var: registered_runners.json.runners.0 - - - name: Set fact - current labels - ansible.builtin.set_fact: - current_labels: "{{ registered_runners.json.runners.0 | json_query('labels[*].name') | list }}" - - - name: Check Labels (skipped if labels are OK) - ansible.builtin.assert: - that: - - current_labels == ['testlabel1', 'testlabel2'] - fail_msg: "Expected only the custom labels 'testlabel1' and 'testlabel2', but got {{ current_labels }}" \ No newline at end of file diff --git a/molecule/org/cleanup.yml b/molecule/org/cleanup.yml index 6023cee..8764c8f 100644 --- a/molecule/org/cleanup.yml +++ b/molecule/org/cleanup.yml @@ -1,10 +1,9 @@ --- - name: Cleanup - user: ansible hosts: all become: yes vars: - runner_user: ansible + runner_user: root github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_org: yes runner_state: absent diff --git a/molecule/org/converge.yml b/molecule/org/converge.yml index 27e6ef6..9184729 100644 --- a/molecule/org/converge.yml +++ b/molecule/org/converge.yml @@ -1,14 +1,17 @@ --- - name: Install Org Runner - user: ansible hosts: all + gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_org: yes - runner_state: "stopped" - runner_version: "2.303.0" + runner_version: "2.330.0" + runner_no_default_labels: true + runner_labels: + - testlabel1 + - testlabel2 roles: - robertdebock.epel - - monolithprojects.github_actions_runner + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}" diff --git a/molecule/org/molecule.yml b/molecule/org/molecule.yml index a071d05..0d54702 100644 --- a/molecule/org/molecule.yml +++ b/molecule/org/molecule.yml @@ -1,23 +1,25 @@ --- provisioner: name: ansible + config_options: + defaults: + verbosity: 0 playbooks: - converge: converge.yml - cleanup: cleanup.yml - verify: verify.yml + converge: converge.yml + cleanup: cleanup.yml + verify: verify.yml dependency: name: galaxy -lint: | - yamllint . - ansible-lint . + options: + ignore-errors: true driver: name: docker platforms: - - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-monolithprojects}/systemd-${MOLECULE_IMAGE:-ubuntu22}:latest" + - name: "${MOLECULE_DISTRO:-ubuntu2404}-latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 - cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host command: ${MOLECULE_DOCKER_COMMAND:-""} privileged: true pre_build_image: true @@ -32,7 +34,7 @@ scenario: - create - prepare - converge - # - idempotence + - idempotence - side_effect - verify - cleanup diff --git a/molecule/org/prepare.yml b/molecule/org/prepare.yml new file mode 100644 index 0000000..5c3ee04 --- /dev/null +++ b/molecule/org/prepare.yml @@ -0,0 +1,12 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + + tasks: + - name: Workaround for RockyLinux + when: ansible_distribution == 'Rocky' + # Bug in some upstream distros, /etc/shadow has no file perms in container image + ansible.builtin.file: + path: /etc/shadow + mode: "400" diff --git a/molecule/org/requirements.yml b/molecule/org/requirements.yml index ee41ee4..72e6697 100644 --- a/molecule/org/requirements.yml +++ b/molecule/org/requirements.yml @@ -1,5 +1,4 @@ --- - roles: -- name: robertdebock.epel - version: 3.0.1 + - name: robertdebock.epel + version: 4.1.7 diff --git a/molecule/org/verify.yml b/molecule/org/verify.yml index 7b4a5fa..3088190 100644 --- a/molecule/org/verify.yml +++ b/molecule/org/verify.yml @@ -1,11 +1,10 @@ --- - name: Validate Repo runners - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_org: yes github_api_url: "https://api.github.com" @@ -28,8 +27,18 @@ force_basic_auth: yes register: registered_runners - - name: Check Runner + - name: Check Runner state ansible.builtin.assert: that: - - registered_runners.json.runners.0.status == "offline" + - registered_runners.json.runners.0.status == "online" quiet: true + + - name: Set fact - current labels + ansible.builtin.set_fact: + current_labels: "{{ registered_runners.json.runners.0 | json_query('labels[*].name') | list }}" + + - name: Check Labels (skipped if labels are OK) + ansible.builtin.assert: + that: + - current_labels == ['testlabel1', 'testlabel2'] + fail_msg: "Expected only the custom labels 'testlabel1' and 'testlabel2', but got {{ current_labels }}" diff --git a/molecule/repo/cleanup.yml b/molecule/repo/cleanup.yml index 8969cf2..abd82fd 100644 --- a/molecule/repo/cleanup.yml +++ b/molecule/repo/cleanup.yml @@ -1,10 +1,9 @@ --- - name: Cleanup - user: ansible hosts: all become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_state: absent diff --git a/molecule/repo/converge.yml b/molecule/repo/converge.yml index c6f1704..858a8e4 100644 --- a/molecule/repo/converge.yml +++ b/molecule/repo/converge.yml @@ -1,36 +1,35 @@ --- - name: Install Repo runner - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" - runner_version: "latest" + runner_version: "2.329.0" runner_labels: - - label1 - - repo-runner + - label1 + - repo-runner roles: - robertdebock.epel - - monolithprojects.github_actions_runner + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}" -# Run the playbook again with different labels to test +# Run the playbook again with different labels and version to test - name: Update Repo runner - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" runner_version: "latest" + hide_sensitive_logs: false runner_labels: - - label1 - - repo-runner - - label2 + - label1 + - repo-runner + - label2 roles: - robertdebock.epel - - monolithprojects.github_actions_runner + - role: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}" diff --git a/molecule/repo/molecule.yml b/molecule/repo/molecule.yml index be81883..6132715 100644 --- a/molecule/repo/molecule.yml +++ b/molecule/repo/molecule.yml @@ -1,23 +1,25 @@ --- provisioner: name: ansible + config_options: + defaults: + verbosity: 0 playbooks: - converge: converge.yml - cleanup: cleanup.yml - verify: verify.yml + converge: converge.yml + cleanup: cleanup.yml + verify: verify.yml dependency: name: galaxy -lint: | - yamllint . - ansible-lint . + options: + ignore-errors: true driver: name: docker platforms: - - name: "${MOLECULE_IMAGE:-ubuntu22}-latest" - image: "${namespace:-monolithprojects}/systemd-${MOLECULE_IMAGE:-ubuntu22}:latest" + - name: "${MOLECULE_DISTRO:-ubuntu2404}-latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2404}-ansible:latest" volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2 - cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2 + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host command: ${MOLECULE_DOCKER_COMMAND:-""} privileged: true pre_build_image: true @@ -32,7 +34,7 @@ scenario: - create - prepare - converge - - idempotence + # - idempotence # Converge is testing two different versions of the runner - side_effect - verify - cleanup diff --git a/molecule/repo/prepare.yml b/molecule/repo/prepare.yml new file mode 100644 index 0000000..5c3ee04 --- /dev/null +++ b/molecule/repo/prepare.yml @@ -0,0 +1,12 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + + tasks: + - name: Workaround for RockyLinux + when: ansible_distribution == 'Rocky' + # Bug in some upstream distros, /etc/shadow has no file perms in container image + ansible.builtin.file: + path: /etc/shadow + mode: "400" diff --git a/molecule/repo/requirements.yml b/molecule/repo/requirements.yml index ee41ee4..72e6697 100644 --- a/molecule/repo/requirements.yml +++ b/molecule/repo/requirements.yml @@ -1,5 +1,4 @@ --- - roles: -- name: robertdebock.epel - version: 3.0.1 + - name: robertdebock.epel + version: 4.1.7 diff --git a/molecule/repo/verify.yml b/molecule/repo/verify.yml index b948f85..d5746b4 100644 --- a/molecule/repo/verify.yml +++ b/molecule/repo/verify.yml @@ -1,11 +1,10 @@ --- - name: Validate Repo runners - user: ansible hosts: all gather_facts: yes become: yes vars: - runner_user: ansible + runner_user: root github_repo: "{{ lookup('env', 'GITHUB_REPO') }}" github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}" github_api_url: "https://api.github.com" diff --git a/tasks/assert.yml b/tasks/assert.yml index 888528a..3c2b9aa 100644 --- a/tasks/assert.yml +++ b/tasks/assert.yml @@ -45,4 +45,4 @@ that: - not (runner_no_default_labels | bool) or (runner_labels is defined and runner_labels | length > 0) fail_msg: "runner_labels must be set and not empty when runner_no_default_labels is true." - run_once: true \ No newline at end of file + run_once: true diff --git a/tasks/install_deps.yml b/tasks/install_deps.yml index 2d2f827..32b9882 100644 --- a/tasks/install_deps.yml +++ b/tasks/install_deps.yml @@ -137,7 +137,7 @@ become: true when: (ansible_facts.distribution == "Ubuntu" and ansible_facts.distribution_major_version == "24") -- name: Install dependencies on RHEL/CentOS/Fedora systems +- name: Install dependencies on RHEL/RockyLinux/CentOS/Fedora systems ansible.builtin.package: name: - lttng-ust @@ -149,6 +149,6 @@ update_cache: true become: true when: (ansible_facts.distribution == "RedHat") or - (ansible_facts.distribution == "CentOS") or - (ansible_facts.distribution == "Fedora") or - (ansible_facts.distribution == "Rocky") + (ansible_facts.distribution == "CentOS") or + (ansible_facts.distribution == "Fedora") or + (ansible_facts.distribution == "Rocky") diff --git a/tasks/install_runner_unix.yml b/tasks/install_runner_unix.yml index 3355c56..f23cac5 100644 --- a/tasks/install_runner_unix.yml +++ b/tasks/install_runner_unix.yml @@ -20,7 +20,7 @@ changed_when: false ignore_errors: true -- name: Force reinstall if runner {{ runner_name }} in registered_runners is offline (meaning the self-hosted runner is not tied to the Github runner) +- name: Force reinstall if runner in registered_runners is offline (not tied to Github runner) - {{ runner_name }} ansible.builtin.set_fact: reinstall_runner: true when: @@ -28,10 +28,11 @@ - runner_name in (registered_runners.json.runners | map(attribute='name') | list) - (registered_runners.json.runners | selectattr('name', 'equalto', runner_name) | first).status == 'offline' -- name: Unarchive runner package +- name: Unarchive GitHub Actions Runner package version {{ runner_version }} ansible.builtin.unarchive: - src: "https://github.com/{{ runner_download_repository }}/releases/download/v{{ runner_version }}/\ - actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.tar.gz" + src: + "https://github.com/{{ runner_download_repository }}/releases/download/v{{ runner_version }}/\ + actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.tar.gz" dest: "{{ runner_dir }}/" owner: "{{ runner_user_id.stdout }}" group: "{{ runner_user_group_id.stdout }}" @@ -74,12 +75,11 @@ github_full_url: "{{ github_url }}/enterprises/{{ github_enterprise }}" when: github_enterprise is defined -- name: Register runner # noqa no-changed-when +- name: Register runner # noqa no-changed-when environment: RUNNER_ALLOW_RUNASROOT: "1" ACTIONS_RUNNER_INPUT_TOKEN: "{{ registration.json.token }}" - ansible.builtin.command: - "{{ runner_dir }}/./config.sh \ + ansible.builtin.command: "{{ runner_dir }}/./config.sh \ --url {{ github_full_url }} \ --name '{{ runner_name }}' \ --labels {{ runner_labels | join(',') }} \ @@ -110,16 +110,15 @@ when: - runner_name in registered_runners.json.runners|map(attribute='name')|list - (runner_labels | sort) != (registered_runners.json.runners | selectattr('name', 'equalto', runner_name) | first).labels | - selectattr('type', 'equalto', 'custom') | - map(attribute='name') | - list + selectattr('type', 'equalto', 'custom') | + map(attribute='name') | + list -- name: Replace registered runner # noqa no-changed-when +- name: Replace registered runner # noqa no-changed-when environment: RUNNER_ALLOW_RUNASROOT: "1" ACTIONS_RUNNER_INPUT_TOKEN: "{{ registration.json.token }}" - ansible.builtin.command: - "{{ runner_dir }}/config.sh \ + ansible.builtin.command: "{{ runner_dir }}/config.sh \ --url {{ github_full_url }} \ --name '{{ runner_name }}' \ --labels {{ runner_labels | join(',') }} \ @@ -137,7 +136,7 @@ runner_name in registered_runners.json.runners|map(attribute='name')|list and reinstall_runner -- name: Install service # noqa no-changed-when +- name: Install service # noqa no-changed-when ansible.builtin.command: "./svc.sh install {{ runner_user }}" args: chdir: "{{ runner_dir }}" @@ -150,7 +149,7 @@ src: "{{ runner_dir }}/.service" register: runner_service -- name: START and enable Github Actions Runner service (Linux) # noqa no-changed-when +- name: START and enable Github Actions Runner service on Linux # noqa no-changed-when ansible.builtin.command: "./svc.sh start" args: chdir: "{{ runner_dir }}" @@ -163,8 +162,8 @@ runner_state|lower == "started" and ansible_facts.services[(runner_service.content | b64decode) | trim ]['state'] | default('stopped') != 'running' -- name: START and enable Github Actions Runner service (macOS) # TODO: Idempotence - ansible.builtin.command: "./svc.sh start" # noqa no-changed-when +- name: START and enable Github Actions Runner service on MacOS # TODO: Idempotence + ansible.builtin.command: "./svc.sh start" # noqa no-changed-when args: chdir: "{{ runner_dir }}" become: false @@ -173,7 +172,7 @@ changed_when: true when: ansible_facts.system == 'Darwin' and runner_state|lower -- name: STOP and disable Github Actions Runner service # noqa no-changed-when +- name: STOP and disable Github Actions Runner service # noqa no-changed-when ansible.builtin.command: "./svc.sh stop" args: chdir: "{{ runner_dir }}" diff --git a/tasks/main.yml b/tasks/main.yml index b546592..f74a664 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -22,31 +22,31 @@ - name: Include tasks to uninstall runner (UNIX-like) ansible.builtin.include_tasks: uninstall_runner_unix.yml when: - - reinstall_runner or runner_state|lower == "absent" - - github_actions_system == "linux" or github_actions_system == "osx" + - reinstall_runner or runner_state|lower == "absent" + - github_actions_system == "linux" or github_actions_system == "osx" tags: - uninstall - name: Include tasks to uninstall runner (Windows) ansible.builtin.include_tasks: uninstall_runner_win.yml when: - - reinstall_runner or runner_state|lower == "absent" - - github_actions_system == "win" + - reinstall_runner or runner_state|lower == "absent" + - github_actions_system == "win" tags: - uninstall - name: Include tasks to install runner (UNIX-like) ansible.builtin.include_tasks: install_runner_unix.yml when: - - runner_state|lower == "started" or runner_state|lower == "stopped" - - github_actions_system == "linux" or github_actions_system == "osx" + - runner_state|lower == "started" or runner_state|lower == "stopped" + - github_actions_system == "linux" or github_actions_system == "osx" tags: - install - name: Include tasks to install runner (Windows) ansible.builtin.include_tasks: install_runner_win.yml when: - - runner_state|lower == "started" or runner_state|lower == "stopped" - - github_actions_system == "win" + - runner_state|lower == "started" or runner_state|lower == "stopped" + - github_actions_system == "win" tags: - install