Test EC2 Instance Provisioning #29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Create EC2 Instance | |
| on: | |
| # Note: Remove "push:" before merge | |
| workflow_dispatch: | |
| push: | |
| env: | |
| # All vars except "INSTANCE_TYPE" will be converted to repo-level vars. | |
| # This is just for testing... | |
| INSTANCE_TYPE: "g6e.xlarge" | |
| DATA_PROCESSING_ROLE: "data-processing-ec2-github-runner-role" #Instance profile is the same name | |
| AMI_ID: "ami-0187589f1bb84edbf" | |
| SUBNET_ID: "subnet-0c2ce22cb1f685511" #us-east-2a | |
| SG_ID: "sg-07c80f095e1317c9f" #us-east-2 | |
| # We don't need anything other than Bash for our shell.. | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| launch-ec2-runner: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # This is required for OIDC | |
| contents: read | |
| outputs: | |
| instance-id: ${{ steps.launch_ec2.outputs.instance_id }} | |
| runner-label: ${{ steps.launch_ec2.outputs.runner_label }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 | |
| with: | |
| role-to-assume: "arn:aws:iam::851725220677:role/${{ env.DATA_PROCESSING_ROLE }}" | |
| aws-region: us-east-2 | |
| role-session-name: odh-data-processing # For tracking in CloudTrail | |
| - name: Get GitHub Runner Registration Token | |
| id: get_token | |
| # Use the workflow's built-in GITHUB_TOKEN. More secure than a GitHub PAT | |
| run: | | |
| TOKEN=$(curl -sS -X POST \ | |
| -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "https://api.github.com/repos/${{ github.repository }}/actions/runners/registration-token" \ | |
| | jq -r .token) | |
| echo "token=$TOKEN" >> $GITHUB_OUTPUT | |
| # Avoid using the "machulav/ec2-github-runner@v2" GH action because it requires too many org-level perms | |
| - name: Launch EC2 Instance with User Data | |
| id: launch_ec2 | |
| run: | | |
| # Unique label so no other GH workflow grabs it by mistake. | |
| RUNNER_LABEL="dp-gha-runner-${{ github.run_id }}" | |
| USER_DATA=$(cat <<EOF | |
| #!/bin/bash -ex | |
| exec > /var/log/user-data.log 2>&1 | |
| echo "--- Starting User-Data Script ---" | |
| echo "Installing dependencies: curl, tar, libicu..." | |
| dnf -y install curl tar libicu | |
| echo "Dependencies installed." | |
| echo "Creating /actions-runner directory..." | |
| mkdir /actions-runner && cd /actions-runner | |
| echo "Directory created." | |
| echo "Downloading runner package..." | |
| curl -o actions-runner-linux-x64-2.317.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.317.0/actions-runner-linux-x64-2.317.0.tar.gz | |
| echo "Download complete." | |
| echo "Extracting runner..." | |
| tar xzf ./actions-runner-linux-x64-2.317.0.tar.gz | |
| echo "Extraction complete." | |
| echo "Configuring the runner..." | |
| ./config.sh --url https://github.com/${{ github.repository }} \ | |
| --token ${{ steps.get_token.outputs.token }} \ | |
| --unattended \ | |
| --name "ci-runner-for-${{ github.run_id }}" \ | |
| --labels "$RUNNER_LABEL" | |
| echo "Configuration complete." | |
| echo "Starting the runner service..." | |
| ./svc.sh install | |
| ./svc.sh start | |
| echo "--- User-Data Script Finished ---" | |
| EOF | |
| ) | |
| # Launch instance w/ aws cli. | |
| INSTANCE_ID=$(aws ec2 run-instances \ | |
| --image-id ${{ env.AMI_ID }} \ | |
| --instance-type ${{ env.INSTANCE_TYPE }} \ | |
| --subnet-id ${{ env.SUBNET_ID }} \ | |
| --security-group-ids ${{ env.SG_ID }} \ | |
| --iam-instance-profile Name="${{ env.DATA_PROCESSING_ROLE }}" \ | |
| --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=dp-gha-runner-${{ github.run_id }}}]" \ | |
| --user-data "$USER_DATA" \ | |
| --query "Instances[0].InstanceId" \ | |
| --key-name github-runner-debug-key | |
| --output text) | |
| echo "Successfully launched instance '$INSTANCE_ID'" | |
| echo "instance_id=$INSTANCE_ID" >> $GITHUB_OUTPUT | |
| echo "runner_label=$RUNNER_LABEL" >> $GITHUB_OUTPUT | |
| # Run some workload on the EC2 runner we just launched | |
| run-some-workload: | |
| runs-on: ${{ needs.launch-ec2-runner.outputs.runner-label }} | |
| needs: launch-ec2-runner | |
| steps: | |
| - name: Do data-processing stuff | |
| run: | | |
| echo "hello. i'm running from inside of EC2 instance ${{ needs.launch-ec2-runner.outputs.instance-id }}" | |
| # Print the hostname to validate we're actually running from inside an EC2 instnace | |
| hostname | |
| stop-ec2-runner: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # This is required for OIDC | |
| contents: read | |
| if: always() # set to "always()" so that we kill the runner whether the job passes or fails | |
| needs: [launch-ec2-runner, run-some-workload] | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 | |
| with: | |
| role-to-assume: "arn:aws:iam::851725220677:role/${{ env.DATA_PROCESSING_ROLE }}" | |
| aws-region: us-east-2 | |
| role-session-name: odh-data-processing # For tracking in CloudTrail | |
| - name: Terminate EC2 Instance | |
| run: | | |
| INSTANCE_ID="${{ needs.launch-ec2-runner.outputs.instance-id }}" | |
| echo "Terminating instance '$INSTANCE_ID'..." | |
| aws ec2 terminate-instances --instance-ids $INSTANCE_ID |