New runner

aledbf · aledbf · commit ede1aa4cd166 · 2023-07-29T15:12:29.000Z
diff --git a/.github/workflows/create-vm.yml b/.github/workflows/create-vm.yml
@@ -25,20 +25,23 @@ jobs:
       label: ${{ steps.create-runner.outputs.label }}
       machine-zone: ${{ steps.create-runner.outputs.machine-zone }}
     steps:
-      - uses: actions/checkout@v3
-      - id: auth
-        name: Authenticate to Google Cloud
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Authenticate to Google Cloud
+        id: auth
+        if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name      
         uses: google-github-actions/auth@v1
         with:
           credentials_json: ${{ secrets.gcp_credentials }}
-      - id: gcloud-auth
-        name: gcloud auth activate-service-account
+      - name: Activate GCP service account
+        id: gcloud-auth
+        if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name      
         shell: bash
         run: |
           gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }}
       - id: create-runner
-        uses: gitpod-io/gce-github-runner@secrets
+        uses: gitpod-io/gce-github-runner@delete-secrets
         with:
           runner_token: ${{ secrets.runner_token }}
-          task: ${{ inputs.task }}
-
+          task: ${{ inputs.task }}        
+          gcp_credentials: ${{ secrets.gcp_credentials }}
diff --git a/.github/workflows/delete-vm.yml b/.github/workflows/delete-vm.yml
@@ -17,20 +17,20 @@ on:
 jobs:
   run:
     runs-on: ubuntu-latest
+    name: Cleanup
     steps:
-      - uses: actions/checkout@v3
       - id: auth
         name: Authenticate to Google Cloud
         uses: google-github-actions/auth@v1
         with:
           credentials_json: ${{ secrets.gcp_credentials }}
       - id: gcloud-auth
-        name: gcloud auth activate-service-account
+        name: Destroy GCE VM
         shell: bash
         run: |
-          if [ -z "${{ inputs.runner-label }}" ];then
-            exit 0
-          fi
+          set -x
+
+          echo "Removing GCE VM..."
 
           gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }}
           if [ -z "$(gcloud compute instances list | grep "${{ inputs.runner-label }}")" ]; then
diff --git a/.github/workflows/new-runner.yml b/.github/workflows/new-runner.yml
@@ -0,0 +1,127 @@
+name: "Ephemeral GCE GitHub self-hosted runner"
+
+on:
+  workflow_call:
+    inputs:
+      runner_token:
+        description: >-
+          GitHub auth token, needs `repo`/`public_repo` scope: https://docs.github.com/en/rest/reference/actions#self-hosted-runners.
+        required: true
+        type: string
+      project_id:
+        description: >-
+          ID of the Google Cloud Platform project. If provided, this will configure gcloud to use this project ID.
+        required: false
+        default: public-github-runners
+        type: string
+      machine_zone:
+        description: GCE zone
+        default: "europe-west1-b"
+        required: false
+        type: string
+      machine_type:
+        description: GCE machine type; https://cloud.google.com/compute/docs/machine-types
+        default: "n2d-standard-8"
+        required: true
+        type: string
+      disk_size:
+        description: VM disk size.
+        required: false
+        default: 250GB
+        type: string
+      image_project:
+        description: >
+          The Google Cloud project against which all image and image family references will be resolved.
+        required: false
+        default: public-github-runners
+        type: string
+      image:
+        description: Specifies the name of the image that the disk will be initialized with.
+        required: false
+        default: gh-runner-202307281245
+        type: string
+      image_family:
+        description: The image family for the operating system that the boot disk will be initialized with.
+        required: false
+        type: string
+      scopes:
+        description: Scopes granted to the VM, defaults to full access (cloud-platform).
+        default: cloud-platform
+        required: true
+        type: string
+      shutdown_timeout:
+        description: "Shutdown grace period (in seconds)."
+        default: 30
+        required: true
+        type: string
+      task:
+        description: Additional context about the workflow
+        default: default
+        required: true
+        type: string
+      gcp_credentials:
+        description: GCP JSON credentials
+        required: true
+        type: string
+
+    outputs:
+      label:
+        description: >-
+          Unique runner label. This label can be used to request a specific
+          runner for the workflow job.
+        value: ${{ steps.gce-github-runner-script.outputs.label }}
+      machine-zone:
+        description: >-
+          VM availability zone
+        value: ${{ steps.gce-github-runner-script.outputs.machine-zone }}
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    steps:
+      - id: check-repository
+        if: github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
+        shell: bash
+        run: |
+          echo "❌ Job actions are not allowed to run in forks" >> $GITHUB_STEP_SUMMARY
+          exit 1
+      - uses: actions/checkout@v3
+      - id: auth
+        name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v1
+        with:
+          credentials_json: ${{ inputs.gcp_credentials }}
+      - id: gcloud-auth
+        name: gcloud auth activate-service-account
+        shell: bash
+        run: |
+          gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }}
+      - id: gce-github-runner-script
+        if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
+        uses: pyTooling/Actions/with-post-step@r0
+        with:
+          main: |
+            ${{ github.action_path }}/action.sh
+            --command=start
+            --runner_token=${{ inputs.runner_token }}
+            --project_id=${{ inputs.project_id }}
+            --machine_zone=${{ inputs.machine_zone }}
+            --machine_type=${{ inputs.machine_type }}
+            --disk_size=${{ inputs.disk_size }}
+            --scopes=${{ inputs.scopes }}
+            --shutdown_timeout=${{ inputs.shutdown_timeout }}
+            --image_project=${{ inputs.image_project }}
+            --image=${{ inputs.image }}
+            --image_family=${{ inputs.image_family }}
+            --boot_disk_type=pd-ssd
+            --task=${{ inputs.task }}
+          post: |
+            echo "Removing GCE VM..."
+
+            gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }}
+            if [ -z "$(gcloud compute instances list | grep "${{ inputs.runner-label }}")" ]; then
+              # vm is gone
+              exit 0
+            fi
+
+            gcloud compute instances delete ${{ inputs.runner-label }} --quiet --zone ${{ inputs.machine-zone }}
diff --git a/action.sh b/action.sh
@@ -139,11 +139,12 @@ function start_vm {
 
 	echo "The new GCE VM will be ${VM_ID}"
 
+	RUNNER_ID="${VM_ID}-$(date +%s)"
+
 	cat <<FILE_EOF >/tmp/startup-script.sh
 #!/bin/bash
 
 set -e
-set -x
 
 # leeway temporal directories
 chmod 777 /var/tmp
@@ -172,7 +173,6 @@ EOF
 
 chmod +x /etc/systemd/system/shutdown.sh
 
-RUNNER_ID=${VM_ID}-$(date +%s)
 su -s /bin/bash -c "cd /actions-runner-1/;/actions-runner-1/config.sh --url https://github.com/${GITHUB_REPOSITORY} --token ${RUNNER_TOKEN} --name ${RUNNER_ID}-1 --labels ${VM_ID} --unattended --disableupdate" runner
 su -s /bin/bash -c "cd /actions-runner-2/;/actions-runner-2/config.sh --url https://github.com/${GITHUB_REPOSITORY} --token ${RUNNER_TOKEN} --name ${RUNNER_ID}-2 --labels ${VM_ID} --unattended --disableupdate" runner
 
@@ -187,7 +187,6 @@ FILE_EOF
 #!/bin/bash
 
 set -e
-set -x
 
 pushd /actions-runner || exit 0
 
diff --git a/action.yml b/action.yml
@@ -68,49 +68,47 @@ outputs:
 runs:
   using: "composite"
   steps:
-    - id: check-repository
+    - name: Check if we are allowed to run
+      id: check-repository
       if: github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
       shell: bash
       run: |
         echo "❌ Job actions are not allowed to run in forks" >> $GITHUB_STEP_SUMMARY
         exit 1
-    - uses: actions/checkout@v3
-    - id: auth
-      name: Authenticate to Google Cloud
+    - name: Checkout repository
+      uses: actions/checkout@v3
+    - name: Authenticate to Google Cloud
+      id: auth
+      if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
       uses: google-github-actions/auth@v1
       with:
         credentials_json: ${{ inputs.gcp_credentials }}
-    - id: gcloud-auth
-      name: gcloud auth activate-service-account
+        export_environment_variables: true
+        cleanup_credentials: false
+    - name: Activate GCP service account
+      id: gcloud-auth
+      if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name      
       shell: bash
       run: |
         gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }}
-    - id: gce-github-runner-script
+    - name: Create GCE VM
+      id: gce-github-runner-script
       if: github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
-      uses: pyTooling/Actions/with-post-step@r0
-      with:
-        main: |
-          ${{ github.action_path }}/action.sh
-          --command=start
-          --runner_token=${{ inputs.runner_token }}
-          --project_id=${{ inputs.project_id }}
-          --machine_zone=${{ inputs.machine_zone }}
-          --machine_type=${{ inputs.machine_type }}
-          --disk_size=${{ inputs.disk_size }}
-          --scopes=${{ inputs.scopes }}
-          --shutdown_timeout=${{ inputs.shutdown_timeout }}
-          --image_project=${{ inputs.image_project }}
-          --image=${{ inputs.image }}
-          --image_family=${{ inputs.image_family }}
-          --boot_disk_type=pd-ssd
-          --task=${{ inputs.task }}
-        post: |
-          echo "Removing GCE VM..."
-
-          gcloud auth activate-service-account --key-file ${{ steps.auth.outputs.credentials_file_path }}
-          if [ -z "$(gcloud compute instances list | grep "${{ inputs.runner-label }}")" ]; then
-            # vm is gone
-            exit 0
-          fi
+      shell: bash
+      run: |
+        set -x
 
-          gcloud compute instances delete ${{ inputs.runner-label }} --quiet --zone ${{ inputs.machine-zone }}
+        ${{ github.action_path }}/action.sh \
+          --command=start \
+          --runner_token=${{ inputs.runner_token }} \
+          --project_id=${{ inputs.project_id }} \
+          --machine_zone=${{ inputs.machine_zone }} \
+          --machine_type=${{ inputs.machine_type }} \
+          --disk_size=${{ inputs.disk_size }} \
+          --scopes=${{ inputs.scopes }} \
+          --shutdown_timeout=${{ inputs.shutdown_timeout }} \
+          --image_project=${{ inputs.image_project }} \
+          --image=${{ inputs.image }} \
+          --image_family=${{ inputs.image_family }} \
+          --boot_disk_type=pd-ssd \
+          --task=${{ inputs.task }}
