adding setup-python

.github/workflows/terraform_apply.yaml

@@ -0,0 +1,59 @@
+# This is a basic workflow to help you get started with Actions
+name: Terraform Apply
+
+# Controls when the workflow will run
+on:
+  push:
+    branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: [ automation-repos ]
+    env:
+      AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+      AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}"
+      AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}"
+      GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}"
+
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+
+
+      - uses: CSVD/gh-actions-setup-node@v3
+        with:
+           node-version: 16
+
+      - uses: CSVD/gh-actions-setup-terraform@v2
+        with:
+          terraform_wrapper: false
+          terraform_version: ${{ vars.terraform_version }}
+
+      - name: Terraform Format
+        id: fmt
+        run: |
+          terraform fmt -check
+
+      - name: Autoformat Halt
+        if: env.auto_format == 'true'
+        run: exit 1
+
+      - name: Terraform Init
+        id: init
+        run: terraform init -upgrade
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate
+
+      - name: Terraform Apply
+        id: plan
+        run: terraform apply -auto-approve
+        continue-on-error: true

.github/workflows/terraform_plan.yaml

@@ -0,0 +1,120 @@
+# This is a basic workflow to help you get started with Actions
+name: Terraform Plan
+
+# Controls when the workflow will run
+on:
+  pull_request:
+   # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: [ automation-repos ]
+    env:
+      AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+      AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}"
+      AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}"
+      GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}"
+
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: CSVD/gh-actions-checkout@v3
+        with:
+          github-server-url: https://github.e.it.census.gov
+          ref: ${{ github.head_ref }}
+          token: ${{ secrets.GH_TOKEN }}
+
+
+      - uses: CSVD/gh-actions-setup-node@v3
+        with:
+           node-version: 16
+
+      - uses: CSVD/gh-actions-setup-terraform@v2
+        with:
+          terraform_version: ${{ vars.terraform_version }}
+
+      - name: Set output
+        id: vars
+        run: echo ::set-output name=short_ref::${GITHUB_REF#refs/*/}
+
+      - name: Terraform Format
+        id: fmt
+        run: |
+          terraform fmt
+          if ! git diff-index --quiet HEAD; then
+            git config --global user.name '${{ vars.REPO_OWNER }}'
+            git config --global user.email '${{ vars.REPO_OWNER_EMAIL }}'
+            git commit -am "Autoformatting TF Code"
+            git push 
+            echo "auto_format=true" >> $GITHUB_ENV
+          fi
+
+      - name: Autoformat Halt
+        if: env.auto_format == 'true'
+        run: exit 0
+
+      - name: Terraform Init
+        id: init
+        run: terraform init -upgrade
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        if: github.event_name == 'pull_request'
+        run: terraform plan -no-color -out=${{ vars.plan_cache }}/${{ github.sha }}
+        continue-on-error: true
+
+      - name: Terraform Plan
+        if: github.event_name != 'pull_request'
+        run: terraform plan -no-color
+        continue-on-error: true
+
+      - name: Terraform Show plan
+        if: github.event_name == 'pull_request'
+        run: echo ::set-output name=terraform_plan::$(terraform show ${{ vars.plan_cache }}/${{ github.sha }})
+
+      - name: Post Terraform Plan to PR
+        uses: CSVD/gh-actions-github-script@v6
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ env.terraform_plan }}"
+        with:
+          github-token: ${{ secrets.GH_TOKEN }}
+          script: |
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+            <details><summary>Validation Output</summary>
+
+            \`\`\`\n
+            ${{ steps.validate.outputs.stdout }}
+            \`\`\`
+
+            </details>
+
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+
+            <details><summary>Show Plan</summary>
+
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+
+            </details>
+
+            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`;
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })

.gitignore

@@ -50,3 +50,4 @@ aws-image-pipeline/aws-image-pipeline/
 windows-image-pipeline/windows-image-pipeline/
 linux-image-pipeline/linux-image-pipeline/
 automation-repos/automation-repos
+ghe-runners/ghe-runners

backend.tf

@@ -0,0 +1,8 @@
+terraform {
+  backend "s3" {
+    bucket         = "inf-tfstate-229685449397"
+    key            = "csvd-dev-gov/common/apps/ghe-runner"
+    region         = "us-gov-east-1"
+    dynamodb_table = "tf_remote_state"
+  }
+}

external_actions.tf

@@ -16,3 +16,11 @@ module github_checkout {
   repo_org = "CSVD"
 }
 
+module setup_python {
+  source = "HappyPathway/gh-actions/importer"
+  version = "0.0.15"
+  git_repo_url = "https://github.com/actions/setup-python.git"
+  git_repo_path = "/home/a/arnol377/git/gh-actions-setup-python"
+  repo_name = "gh-actions-setup-python"
+  repo_org = "CSVD"
+}

ghe-runners/config.sh

@@ -0,0 +1,81 @@
+#!/bin/bash
+
+user_id=`id -u`
+
+# we want to snapshot the environment of the config user
+if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then
+    echo "Must not run with sudo"
+    exit 1
+fi
+
+# Check dotnet Core 6.0 dependencies for Linux
+if [[ (`uname` == "Linux") ]]
+then
+    command -v ldd > /dev/null
+    if [ $? -ne 0 ]
+    then
+        echo "Can not find 'ldd'. Please install 'ldd' and try again."
+        exit 1
+    fi
+
+    message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies."
+
+    ldd ./bin/libcoreclr.so | grep 'not found'
+    if [ $? -eq 0 ]; then
+        echo "Dependencies is missing for Dotnet Core 6.0"
+        echo $message
+        exit 1
+    fi
+
+    ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found'
+    if [ $? -eq 0 ]; then
+        echo "Dependencies is missing for Dotnet Core 6.0"
+        echo $message
+        exit 1
+    fi
+
+    ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found'
+    if [ $? -eq 0 ]; then
+        echo "Dependencies is missing for Dotnet Core 6.0"
+        echo $message
+        exit 1
+    fi
+
+    if ! [ -x "$(command -v ldconfig)" ]; then
+        LDCONFIG_COMMAND="/sbin/ldconfig"
+        if ! [ -x "$LDCONFIG_COMMAND" ]; then
+            echo "Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again."
+            exit 1
+        fi
+    else
+        LDCONFIG_COMMAND="ldconfig"
+    fi
+
+    libpath=${LD_LIBRARY_PATH:-}
+    $LDCONFIG_COMMAND -NXv ${libpath//:/ } 2>&1 | grep libicu >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        echo "Libicu's dependencies is missing for Dotnet Core 6.0"
+        echo $message
+        exit 1
+    fi
+fi
+
+# Change directory to the script root directory
+# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+cd "$DIR"
+
+source ./env.sh
+
+shopt -s nocasematch
+if [[ "$1" == "remove" ]]; then
+    ./bin/Runner.Listener "$@"
+else
+    ./bin/Runner.Listener configure "$@"
+fi

ghe-runners/env.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+varCheckList=(
+    'LANG' 
+    'JAVA_HOME' 
+    'ANT_HOME' 
+    'M2_HOME' 
+    'ANDROID_HOME' 
+    'ANDROID_SDK_ROOT'
+    'GRADLE_HOME' 
+    'NVM_BIN' 
+    'NVM_PATH'
+    'LD_LIBRARY_PATH'
+    'PERL5LIB'
+    )
+
+envContents=""
+
+if [ -f ".env" ]; then
+    envContents=`cat .env`
+else
+    touch .env
+fi
+
+function writeVar()
+{
+    checkVar="$1"
+    checkDelim="${1}="
+    if test "${envContents#*$checkDelim}" = "$envContents"
+    then
+        if [ ! -z "${!checkVar}" ]; then
+            echo "${checkVar}=${!checkVar}">>.env
+        fi
+    fi 
+}
+
+echo $PATH>.path
+
+for var_name in ${varCheckList[@]}
+do
+    writeVar "${var_name}"
+done

ghe-runners/run-helper.cmd.template

@@ -0,0 +1,53 @@
+@echo off
+SET UPDATEFILE=update.finished
+"%~dp0\bin\Runner.Listener.exe" run %*
+
+rem using `if %ERRORLEVEL% EQU N` insterad of `if ERRORLEVEL N`
+rem `if ERRORLEVEL N` means: error level is N or MORE
+
+if %ERRORLEVEL% EQU 0 (
+  echo "Runner listener exit with 0 return code, stop the service, no retry needed."
+  exit /b 0
+)
+
+if %ERRORLEVEL% EQU 1 (
+  echo "Runner listener exit with terminated error, stop the service, no retry needed."
+  exit /b 0
+)
+
+if %ERRORLEVEL% EQU 2 (
+  echo "Runner listener exit with retryable error, re-launch runner in 5 seconds."
+  ping 127.0.0.1 -n 6 -w 1000 >NUL
+  exit /b 1
+)
+
+if %ERRORLEVEL% EQU 3 (
+  rem Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish
+  echo "Runner listener exit because of updating, re-launch runner after successful update"
+  FOR /L %%G IN (1,1,30) DO (
+    IF EXIST %UPDATEFILE% (
+      echo "Update finished successfully."
+      del %FILE%
+      exit /b 1
+    )
+    ping 127.0.0.1 -n 2 -w 1000 >NUL
+  )
+  exit /b 1
+)
+
+if %ERRORLEVEL% EQU 4 (
+  rem Wait for 30 seconds or for flag file to exists for the runner update process finish
+  echo "Runner listener exit because of updating, re-launch runner after successful update"
+  FOR /L %%G IN (1,1,30) DO (
+    IF EXIST %UPDATEFILE% (
+      echo "Update finished successfully."
+      del %FILE%
+      exit /b 1
+    )
+    ping 127.0.0.1 -n 2 -w 1000 >NUL
+  )
+  exit /b 1
+)
+
+echo "Exiting after unknown error code: %ERRORLEVEL%"
+exit /b 0