Skip to content

Commit

Permalink
Refactor GitHub runner module and add ECS cluster resource
Browse files Browse the repository at this point in the history
  • Loading branch information
Dave Arnold committed Sep 18, 2024
1 parent 6401be6 commit 8635cf3
Show file tree
Hide file tree
Showing 3 changed files with 175 additions and 33 deletions.
71 changes: 38 additions & 33 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,27 +24,47 @@ locals {
]
}

module "runner" {
source = "HappyPathway/runner/ghe"
github_base_url = "https://github.e.it.census.gov"
github_owner = "CSVD"
runner_basedir = "/apps/terraform/workspaces/arnol377/git/ghe-runner"
runner_tarball = "/apps/terraform/workspaces/arnol377/actions-runner-linux-x64-2.304.0.tar.gz"
repos = local.pipeline_repos
runner_labels = [
"image-pipeline"
]
resource "aws_ecs_cluster" "github-runner" {
name = var.ecs_cluster_name
}

module "tf_workspace_runners" {
source = "HappyPathway/runner/ghe"
github_base_url = "https://github.e.it.census.gov"
github_owner = "CSVD"
runner_basedir = "/apps/terraform/workspaces/arnol377/git/ghe-runner"
runner_tarball = "/apps/terraform/workspaces/arnol377/actions-runner-linux-x64-2.304.0.tar.gz"
repos = local.workspace_repos
data "aws_region" "current" {}


module "github-runner" {
for_each = toset([for repo in local.all_repos : repo])
source = "HappyPathway/github-runner/ecs"
ecs_cluster = aws_ecs_cluster.github-runner.name
hostname = each.value.hostname
image = "229685449397.dkr.ecr.us-gov-west-1.amazonaws.com/docker-image-pipeline/${var.image_name}:${var.image_version}"
repo_org = var.repo_org
repo_name = each.value
namespace = "${terraform.workspace}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
log_group = aws_cloudwatch_log_group.function_log_group.name
runner_group = each.value.runner_group
server_url = var.server_url
runner_labels = [
"terraform-workspaces"
each.value.hostname,
"${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}",
data.aws_caller_identity.current.account_id,
data.aws_region.current.name,
"ecs-github-runner"
]
certs = var.certs
network_configuration = {
subnets = coalescelist(
lookup(each.value, "subnets", var.subnets),
var.subnets
)
security_groups = coalescelist(
lookup(each.value, "security_groups", var.security_groups),
var.security_groups
)
assign_public_ip = lookup(each.value, "assign_public_ip", var.assign_public_ip)
}
tag = lookup(each.value, "tag", "github-runner")
depends_on = [
aws_ecs_cluster.github-runner
]
}

Expand Down Expand Up @@ -75,18 +95,3 @@ module "repo_secrets" {
]

}

output "secrets" {
value = module.env_var
}


resource "null_resource" "gitignore" {
for_each = toset(formatlist("%s/%s", local.all_repos, local.all_repos))
triggers = {
repo = each.value
}
provisioner "local-exec" {
command = "grep -q ${each.value} .gitignore || echo ${each.value} >> .gitignore"
}
}
23 changes: 23 additions & 0 deletions varfiles/automation-repos.tfvar
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# The name of the ECS cluster
image_name = "github-runner"
image_version = "1.23.0"

ecs_cluster_name = "automation-repo-runners"
vpc_id = "vpc-00576a396ec570b94"

namespace = "csvd-ghe-runner"
repo_org = "CSVD"

subnets = [
"subnet-04b80d7ce5199f82b"
]

security_groups = [
# "sg-0d828d223df9834a6"
"sg-0641c697588b9aa6b"
]

certs = {
bucket = "image-pipeline-assets"
key = "katello-server-ca.pem"
}
114 changes: 114 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
variable "ecs_cluster_name" {
description = "The name of the ECS cluster"
type = string

validation {
condition = length(var.ecs_cluster_name) > 0
error_message = "The ECS cluster name must not be empty."
}
}

variable "github_runners" {
description = "A list of GitHub runners"
type = list(object({
hostname = string
namespace = optional(string, null)
repo_name = optional(string, null)
labels = optional(list(string))
subnets = optional(list(string))
tag = optional(string)

network_configuration = optional(object({
subnets = optional(list(string), []),
security_groups = optional(list(string), []),
assign_public_ip = optional(bool, false)
}), {}
)

runner_group = optional(object({
name = optional(string)
visibility = optional(string, "selected")
selected_workflows = optional(list(string), [])
selected_repository_ids = optional(list(string), [])
allows_public_repositories = optional(bool, false)
create = optional(bool, false)
}), { create = false })
# end of variable definition
}))

validation {
condition = length(var.github_runners) > 0
error_message = "The list of GitHub runners must not be empty."
}
}

variable "repo_org" {
description = "The GitHub organization"
type = string

validation {
condition = length(var.repo_org) > 0
error_message = "The GitHub organization must not be empty."
}
}

variable "namespace" {
description = "The namespace for the resources"
type = string

validation {
condition = length(var.namespace) > 0
error_message = "The namespace must not be empty."
}
}

variable "subnets" {
description = "A list of subnets"
type = list(string)
default = []
validation {
condition = length(var.subnets) >= 0
error_message = "The list of subnets must not be empty."
}
}

variable "security_groups" {
description = "A list of security groups"
type = list(string)
default = []
validation {
condition = length(var.security_groups) >= 0
error_message = "The list of security groups must not be empty."
}
}

variable "assign_public_ip" {
default = false
type = bool
}

variable "cluster_size" {
default = 3
}

variable "vpc_id" {}

variable "create_vpc_endpoint" {
type = bool
default = false
}

variable "image_name" {}
variable "image_version" {}

variable "server_url" {
default = ""
}

variable "certs" {
type = object({
bucket = string
key = string
})
default = null
}

0 comments on commit 8635cf3

Please sign in to comment.