This is not the first commit message you're looking for

Author: macunha1

LICENSE

@@ -0,0 +1,25 @@
+The MIT License (MIT)
+=====================
+
+Copyright © 2021, Matheus Cunha
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the “Software”), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,16 @@
+<h1 align="center">GitHub Actions self-hosted Runner Ansible role</h1>
+
+Work In Progress.
+
+All-in-all the features of this Ansible role are implemented just not
+documented and well-presented yet. Ansible Galaxy repository import and
+documentation about the variables are on its way.
+
+To-dos:
+
+- [ ] Improve this README with variables + instructions;
+- [ ] Import to Ansible Galaxy;
+- [ ] Add CI using molecule;
+- [ ] Integrate GitHub actions to run the CI;
+- [ ] Add Code lint (YAML lint + ansible lint) on CI;
+- [ ] Include documentation

defaults/main.yaml

@@ -0,0 +1,49 @@
+---
+# Temporary path to download the GitHub Actions runner archive
+tmp_download_path: /tmp
+
+# Whether or not to clean the downloaded package in the temporary path after
+# unpacking/installing it.
+tmp_clear_download: true
+
+# Base URL to fetch the GitHub Actions Runner package with scripts that is used
+# to install and configure the host.
+gh_runner_download_base_url: https://github.com/actions/runner/releases/download
+
+# GitHub Actions runner version to download and install. Multiple parallel
+# versions are supported since every installation+configuration (either
+# repository or organization) has its own path.
+gh_runner_version: 2.285.0
+
+# GitHub Actions runner architecture, used together with the version to compose
+# the complete URL that is used to download the package.
+gh_runner_architecture: linux-x64
+
+# Path to unarchive the GitHub Actions runner package, this will be the prefix
+# with multiple versions inside. Allowing to share the same host with many
+# self-hosted runners regardless of the version.
+gh_runner_installation_path: /usr/local/share/github-actions-runner
+
+# GitHub Actions runner workspace, i.e. path used by job executions to checkout
+# the code, write files from the workflow, and etc.
+gh_runner_workspace_path: /var/cache/github-actions-runner
+
+# Whether or not to remove the GitHub Actions runner, enable to clean and
+# deregister the host. Enable this to remove the host from GitHub Actions and
+# complement with the --tag uninstall
+gh_runner_remove_host: false
+
+## Variables used to set parameters to the `config.sh` script.
+
+# (REQUIRED) GitHub Actions repository URL to register this self-hosted runner.
+# gh_runner_config_url: ""
+
+# (REQUIRED) GitHub Actions self-hosted Runner registration token, used to
+# authenticate the host to GitHub (either to a GitHub repository or to an GitHub
+# organization). Keep this value secure, e.g. using Ansible Vault.
+# Ref: https://docs.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners
+# gh_runner_config_token: ""
+
+# Define the Github Actions Runner tags, this list will be converted to a
+# comma-separated string
+gh_runner_config_labels: ["self-hosted"]

includes/download.yaml

@@ -0,0 +1,56 @@
+---
+- name: GitHub Actions Runner | Create workspace
+  file:
+    path: "{{ gh_runner_workspace_path }}"
+    state: directory
+    mode: 0755
+  become: true
+
+- name: GitHub Actions Runner | Check if versions is already installed
+  stat:
+    path: "{{ gh_runner_path }}"
+  register: unarchived_package
+
+# Download the package only if it isn't found in the installed versions
+- block:
+    - name: GitHub Actions Runner | Download package
+      get_url:
+        url: "{{ gh_runner_download_base_url }}/v{{ gh_runner_version }}/actions-runner-{{ gh_runner_architecture }}-{{ gh_runner_version }}.tar.gz"
+        dest: "{{ tmp_download_path }}/actions-runner-{{ gh_runner_version }}.tar.gz"
+        mode: 0400
+        force: yes
+      become: true
+
+    - name: GitHub Actions Runner | Create installation directory
+      file:
+        path: "{{ gh_runner_path }}"
+        state: directory
+        mode: 0755
+      become: true
+
+    - name: GitHub Actions Runner | Unarchive package
+      unarchive:
+        src: "{{ tmp_download_path }}/actions-runner-{{ gh_runner_version }}.tar.gz"
+        dest: "{{ gh_runner_path }}"
+        remote_src: true
+      register: gh_runner_path_unarchived
+      become: true
+
+    - name: GitHub Actions Runner | Set permissions
+      file:
+        path: "{{ gh_runner_path }}"
+        owner: "{{ ansible_user_id }}"
+        mode: 0755
+        recurse: true
+      become: true
+
+    # Remove the package after extracting the content IF tmp_clear_download is
+    # enabled (default: true).
+    - name: GitHub Actions Runner | Remove archived package
+      file:
+        path: "{{ tmp_download_path }}/actions-runner-{{ gh_runner_version }}.tar.gz"
+        state: absent
+      become: true
+      when: tmp_clear_download
+
+  when: not unarchived_package.stat.exists

includes/install.yaml

@@ -0,0 +1,122 @@
+---
+- name: GitHub Actions Runner | Install dependencies
+  shell:
+    cmd: "{{ gh_runner_path }}/bin/installdependencies.sh"
+    chdir: "{{ gh_runner_path }}"
+  become: true
+  when:
+    # Only install dependencies if the installation directory contains changes,
+    # which is indicated in this case by the `unarchive` task.
+    - gh_runner_path_unarchived is defined
+    - gh_runner_path_unarchived.changed
+  tags:
+    - install
+
+# Check if the registration token was used before. config.sh executions aren't
+# idempotent, if called twice with the very same token and URL it will fail
+# asking to remove the host before configuring it.
+#
+# ["Cannot configure the runner because it is already configured. To
+# reconfigure the runner, run 'config.cmd remove' or './config.sh remove' first."]
+- name: GitHub Actions Runner | Check if this host+URL was already registered
+  stat:
+    path: "{{ gh_runner_path }}/hosts/{{ gh_runner_config_token | hash('sha256') }}"
+  register: is_this_host_registered
+  tags:
+    - configure
+
+- name: GitHub Actions Runner | Search for abandoned credentials
+  stat:
+    path: "{{ gh_runner_path }}/.credentials"
+  register: abandoned_credentials
+
+  # Search only if the host is not registered, which is a clear indicator that
+  # any credentials inside that path are from previous executions, since the
+  # registration token is not matching any state file.
+  when: not is_this_host_registered.stat.exists
+
+- name: GitHub Actions Runner | Remove previous configuration before proceeding
+  shell:
+    cmd: >-
+      {{ gh_runner_path }}/config.sh remove \
+        --token {{ gh_runner_config_token }}
+    chdir: "{{ gh_runner_path }}"
+
+  when:
+    # So, if abandoned credentials are found AND this host is not registered, we
+    # need to remove it before proceeding, otherwise the `config.sh` command to
+    # register the node will fail asking to remove it (which we are proactively
+    # doing here).
+    - not is_this_host_registered.stat.exists
+    - abandoned_credentials is defined
+    - abandoned_credentials.stat.exists
+
+  tags:
+    - configure
+
+- name: GitHub Actions Runner | Configure Runner
+  shell:
+    cmd: >-
+      {{ gh_runner_path }}/config.sh \
+        --unattended --replace \
+        --url {{ gh_runner_config_url }} \
+        --token {{ gh_runner_config_token }} \
+        --name {{ ansible_hostname }} \
+        --work {{ gh_runner_workspace_path }} \
+        --labels {{ gh_runner_config_labels | join(',') }}
+    chdir: "{{ gh_runner_path }}"
+  register: config_host_command
+
+  when: not is_this_host_registered.stat.exists
+  tags:
+    - configure
+
+- name: GitHub Actions Runner | Check if path for state files exists
+  stat:
+    path: "{{ gh_runner_path }}/hosts"
+  register: registered_hosts_path
+  tags:
+    - configure
+
+- name: GitHub Actions Runner | Create hosts directory
+  file:
+    path: "{{ gh_runner_path }}/hosts"
+    state: directory
+    owner: "{{ ansible_user_id }}"
+    mode: 0755
+  become: true
+  when: not registered_hosts_path.stat.exists
+  tags:
+    - configure
+
+# Create a state file to notify next Ansible executions that a given
+# registration token was already used. i.e. the is_this_host_registered variable
+# registered and used in the credential above.
+- name: GitHub Actions Runner | Create state file
+  file:
+    path: "{{ gh_runner_path }}/hosts/{{ gh_runner_config_token | hash('sha256') }}"
+    state: touch
+    mode: 0400
+  when:
+    - config_host_command is defined
+    - config_host_command is success
+  become: true
+  tags:
+    - configure
+
+- name: GitHub Actions Runner | Install service
+  shell:
+    cmd: "{{ gh_runner_path }}/svc.sh install"
+    chdir: "{{ gh_runner_path }}"
+  become: true
+  when: not is_this_host_registered.stat.exists
+  tags:
+    - install
+
+- name: GitHub Actions Runner | Start service
+  shell:
+    cmd: "{{ gh_runner_path }}/svc.sh start"
+    chdir: "{{ gh_runner_path }}"
+  become: true
+  tags:
+    - configure

includes/uninstall.yaml

@@ -0,0 +1,23 @@
+---
+- name: GitHub Actions Runner [!!] DESTROY! | De-register Runner
+  shell:
+    cmd: >-
+      {{ gh_runner_path }}/config.sh \
+        remove --token "{{ gh_runner_config_token }}"
+    chdir: "{{ gh_runner_path }}"
+  become: true
+
+- name: GitHub Actions Runner [!!] DESTROY! | Stop service
+  shell:
+    cmd: "{{ gh_runner_path }}/svc.sh uninstall"
+    chdir: "{{ gh_runner_path }}"
+  become: true
+
+- name: GitHub Actions Runner [!!] DESTROY! | Delete workspace and installations
+  file:
+    state: absent
+    path: "{{ item }}"
+  with_items:
+    - "{{ gh_runner_installation_path }}/"
+    - "{{ gh_runner_workspace_path }}/"
+  become: true

tasks/main.yaml

@@ -0,0 +1,39 @@
+---
+- name: Variables | Check mandatory
+  assert:
+    that:
+      - gh_runner_config_url is defined
+      - gh_runner_config_token is defined
+
+- name: Variables | Set installation path
+  set_fact:
+    # Set a exclusive path for the GitHub Actions Runner in order to support
+    # multiple repository or organizations configured inside the same host.
+    #
+    # WHY? `config.sh` when registering the host will write some credentials and
+    # files to the path in order to identify the host, although inoffensive,
+    # this approach make it complicated to share the same host among multiple
+    # GitHub Actions Runners (even though it is possible).
+    #
+    # Therefore, each GitHub repository or organization URL will be hashed to
+    # compose the GitHub Actions Runner path.
+    gh_runner_path: "{{ gh_runner_installation_path }}/{{ gh_runner_version }}/{{ gh_runner_config_url | hash('sha256') }}"
+
+  tags:
+    - install
+    - configure
+    - uninstall
+
+- import_tasks: "../includes/download.yaml"
+  tags:
+    - install
+
+- import_tasks: "../includes/install.yaml"
+  tags:
+    - install
+    - configure
+
+- import_tasks: "../includes/uninstall.yaml"
+  when: gh_runner_remove_host
+  tags:
+    - uninstall