Add proxy support in github runner instance

Proxy settings can be defined per instance and also globally for all
instances through the class parameters in init.pp

Added tests about proxy settings in systemd unit

Author: mrodm

README.md

@@ -60,6 +60,26 @@ github_actions_runner::instances:
     personal_access_token: other_secret
 ```
 
+In case you need to set proxy in one instance:
+```yaml
+github_actions_runner::ensure: present
+github_actions_runner::base_dir_name: '/data/actions-runner'
+github_actions_runner::package_name: 'actions-runner-linux-x64'
+github_actions_runner::package_ensure: '2.272.0'
+github_actions_runner::repository_url: 'https://github.com/actions/runner/releases/download'
+github_actions_runner::org_name: 'github_org'
+github_actions_runner::personal_access_token: 'PAT'
+github_actions_runner::user: 'root'
+github_actions_runner::group: 'root'
+github_actions_runner::instances:
+  first_instance:
+    use_proxy: true
+    http_proxy: http://proxy.local
+    https_proxy: http://proxy.local
+    no_proxy: example.com
+    labels:
+      - self-hosted-custom1
+```
 
 ## Limitations
 

manifests/init.pp

@@ -34,6 +34,18 @@
 # * group
 # String, Group to be used in Service and directories.
 #
+# * instances
+# Hash[String, Hash], Github Runner Instances to be managed.
+#
+# * http_proxy
+# Optional[String], Proxy URL for HTTP traffic. More information at https://docs.github.com/en/actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners.
+#
+# * https_proxy
+# Optional[String], Proxy URL for HTTPS traffic. More information at https://docs.github.com/en/actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners
+#
+# * no_proxy
+# Optional[String], Comma separated list of hosts that shoudl not use a proxy. More information at https://docs.github.com/en/actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners
+#
 
 class github_actions_runner (
   Enum['present', 'absent'] $ensure,
@@ -46,6 +58,9 @@
   String                    $user,
   String                    $group,
   Hash[String, Hash]        $instances,
+  Optional[String]          $http_proxy = undef,
+  Optional[String]          $https_proxy = undef,
+  Optional[String]          $no_proxy = undef,
 ) {
 
   $root_dir = "${github_actions_runner::base_dir_name}-${github_actions_runner::package_ensure}"

manifests/instance.pp

@@ -23,6 +23,15 @@
 # * instance_name
 # String, The instance name as part of the instances Hash.
 #
+# * http_proxy
+# Optional[String], Proxy URL for HTTP traffic. More information at https://docs.github.com/en/actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners.
+#
+# * https_proxy
+# Optional[String], Proxy URL for HTTPS traffic. More information at https://docs.github.com/en/actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners
+#
+# * no_proxy
+# Optional[String], Comma separated list of hosts that shoudl not use a proxy. More information at https://docs.github.com/en/actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners
+#
 # * repo_name
 # Optional[String], actions runner repository name.
 #
@@ -38,6 +47,9 @@
   String                    $group                 = $github_actions_runner::group,
   String                    $hostname              = $::facts['hostname'],
   String                    $instance_name         = $title,
+  Optional[String]          $http_proxy            = $github_actions_runner::http_proxy,
+  Optional[String]          $https_proxy           = $github_actions_runner::https_proxy,
+  Optional[String]          $no_proxy              = $github_actions_runner::no_proxy,
   Optional[Array[String]]   $labels                = undef,
   Optional[String]          $repo_name             = undef,
 
@@ -110,7 +122,7 @@
 
   exec { "${instance_name}-ownership":
     user        => $user,
-    cwd         => "${github_actions_runner::root_dir}",
+    cwd         => $github_actions_runner::root_dir,
     command     => "/bin/chown -R ${user}:${group} ${github_actions_runner::root_dir}/${instance_name}",
     refreshonly => true,
     path        => "/tmp/${instance_name}-${archive_name}",
@@ -131,6 +143,9 @@
       root_dir      => $github_actions_runner::root_dir,
       user          => $user,
       group         => $group,
+      http_proxy    => $http_proxy,
+      https_proxy   => $https_proxy,
+      no_proxy      => $no_proxy,
     }),
     require => [File["${github_actions_runner::root_dir}/${instance_name}/configure_install_runner.sh"],
                 Exec["${instance_name}-run_configure_install_runner.sh"]],

spec/classes/github_actions_runner_spec.rb

@@ -194,6 +194,90 @@
           is_expected.to contain_file('/some_dir/actions-runner-2.272.0/first_runner/configure_install_runner.sh').with_content(/authorization: token test_PAT/)
         end
       end
+
+      context 'is expected to create a github_actions_runner installation with proxy settings in systemd globally in init.pp' do
+        let(:params) do
+          super().merge(
+             'http_proxy' => 'http://proxy.local',
+             'https_proxy' => 'http://proxy.local',
+             'no_proxy' => 'example.com',
+             'instances' => {
+               'first_runner' => {
+                 'labels' => ['test_label1'],
+                 'repo_name' => 'test_repo',
+               },
+             },
+          )
+        end
+
+        it do
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').with_content(%r{Environment="http_proxy=http://proxy.local"})
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').with_content(%r{Environment="https_proxy=http://proxy.local"})
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').with_content(%r{Environment="no_proxy=example.com"})
+        end
+      end
+
+      context 'is expected to create a github_actions_runner installation with proxy settings in systemd globally in init.pp overwriting in a instance' do
+        let(:params) do
+          super().merge(
+             'http_proxy' => 'http://proxy.local',
+             'https_proxy' => 'http://proxy.local',
+             'no_proxy' => 'example.com',
+             'instances' => {
+               'first_runner' => {
+                 'labels' => ['test_label1'],
+                 'repo_name' => 'test_repo',
+                 'http_proxy' => 'http://newproxy.local',
+               },
+             },
+          )
+        end
+
+        it do
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').with_content(%r{Environment="http_proxy=http://newproxy.local"})
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').with_content(%r{Environment="https_proxy=http://proxy.local"})
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').with_content(%r{Environment="no_proxy=example.com"})
+        end
+      end
+
+      context 'is expected to create a github_actions_runner installation with proxy settings in systemd' do
+        let(:params) do
+          super().merge(
+             'instances' => {
+               'first_runner' => {
+                 'labels' => ['test_label1'],
+                 'repo_name' => 'test_repo',
+                 'http_proxy' => 'http://proxy.local',
+                 'https_proxy' => 'http://proxy.local',
+                 'no_proxy' => 'example.com'},
+               },
+          )
+        end
+
+        it do
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').with_content(%r{Environment="http_proxy=http://proxy.local"})
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').with_content(%r{Environment="https_proxy=http://proxy.local"})
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').with_content(%r{Environment="no_proxy=example.com"})
+        end
+      end
+
+      context 'is expected to create a github_actions_runner installation without proxy settings in systemd' do
+        let(:params) do
+          super().merge(
+             'instances' => {
+               'first_runner' => {
+                 'labels' => ['test_label1'],
+                 'repo_name' => 'test_repo'},
+               },
+          )
+        end
+
+        it do
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').without_content(%r{Environment="http_proxy=http://proxy.local"})
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').without_content(%r{Environment="https_proxy=http://proxy.local"})
+          is_expected.to contain_systemd__unit_file('github-actions-runner.first_runner.service').without_content(%r{Environment="no_proxy=example.com"})
+        end
+      end
     end
   end
 end

templates/github-actions-runner.service.epp

@@ -2,12 +2,24 @@
       Stdlib::Absolutepath $root_dir,
       String $user,
       String $group,
+      Optional[String] $http_proxy = undef,
+      Optional[String] $https_proxy = undef,
+      Optional[String] $no_proxy = undef
 | -%>
 [Unit]
 Description=github-actions-runner-<%= $instance_name %>
 After=network.target
 
 [Service]
+<% if $http_proxy { -%>
+Environment="http_proxy=<%= $http_proxy %>"
+<% } -%>
+<% if $https_proxy { -%>
+Environment="https_proxy=<%= $https_proxy %>"
+<% } -%>
+<% if $no_proxy { -%>
+Environment="no_proxy=<%= $no_proxy %>"
+<% } -%>
 ExecStart=<%= $root_dir %>/<%= $instance_name %>/runsvc.sh
 WorkingDirectory=<%= $root_dir %>/<%= $instance_name %>
 KillMode=process