diff --git a/main.tf b/main.tf index f2ff814..eb41e30 100644 --- a/main.tf +++ b/main.tf @@ -24,27 +24,47 @@ locals { ] } -module "runner" { - source = "HappyPathway/runner/ghe" - github_base_url = "https://github.e.it.census.gov" - github_owner = "CSVD" - runner_basedir = "/apps/terraform/workspaces/arnol377/git/ghe-runner" - runner_tarball = "/apps/terraform/workspaces/arnol377/actions-runner-linux-x64-2.304.0.tar.gz" - repos = local.pipeline_repos - runner_labels = [ - "image-pipeline" - ] +resource "aws_ecs_cluster" "github-runner" { + name = var.ecs_cluster_name } -module "tf_workspace_runners" { - source = "HappyPathway/runner/ghe" - github_base_url = "https://github.e.it.census.gov" - github_owner = "CSVD" - runner_basedir = "/apps/terraform/workspaces/arnol377/git/ghe-runner" - runner_tarball = "/apps/terraform/workspaces/arnol377/actions-runner-linux-x64-2.304.0.tar.gz" - repos = local.workspace_repos +data "aws_region" "current" {} + + +module "github-runner" { + for_each = toset([for repo in local.all_repos : repo]) + source = "HappyPathway/github-runner/ecs" + ecs_cluster = aws_ecs_cluster.github-runner.name + hostname = each.value.hostname + image = "229685449397.dkr.ecr.us-gov-west-1.amazonaws.com/docker-image-pipeline/${var.image_name}:${var.image_version}" + repo_org = var.repo_org + repo_name = each.value + namespace = "${terraform.workspace}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}" + log_group = aws_cloudwatch_log_group.function_log_group.name + runner_group = each.value.runner_group + server_url = var.server_url runner_labels = [ - "terraform-workspaces" + each.value.hostname, + "${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}", + data.aws_caller_identity.current.account_id, + data.aws_region.current.name, + "ecs-github-runner" + ] + certs = var.certs + network_configuration = { + subnets = coalescelist( + lookup(each.value, "subnets", var.subnets), + var.subnets + ) + security_groups = coalescelist( + lookup(each.value, "security_groups", var.security_groups), + var.security_groups + ) + assign_public_ip = lookup(each.value, "assign_public_ip", var.assign_public_ip) + } + tag = lookup(each.value, "tag", "github-runner") + depends_on = [ + aws_ecs_cluster.github-runner ] } @@ -75,18 +95,3 @@ module "repo_secrets" { ] } - -output "secrets" { - value = module.env_var -} - - -resource "null_resource" "gitignore" { - for_each = toset(formatlist("%s/%s", local.all_repos, local.all_repos)) - triggers = { - repo = each.value - } - provisioner "local-exec" { - command = "grep -q ${each.value} .gitignore || echo ${each.value} >> .gitignore" - } -} diff --git a/varfiles/automation-repos.tfvar b/varfiles/automation-repos.tfvar new file mode 100644 index 0000000..d4129b1 --- /dev/null +++ b/varfiles/automation-repos.tfvar @@ -0,0 +1,23 @@ +# The name of the ECS cluster +image_name = "github-runner" +image_version = "1.23.0" + +ecs_cluster_name = "automation-repo-runners" +vpc_id = "vpc-00576a396ec570b94" + +namespace = "csvd-ghe-runner" +repo_org = "CSVD" + +subnets = [ + "subnet-04b80d7ce5199f82b" +] + +security_groups = [ + # "sg-0d828d223df9834a6" + "sg-0641c697588b9aa6b" +] + +certs = { + bucket = "image-pipeline-assets" + key = "katello-server-ca.pem" +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..150c477 --- /dev/null +++ b/variables.tf @@ -0,0 +1,114 @@ +variable "ecs_cluster_name" { + description = "The name of the ECS cluster" + type = string + + validation { + condition = length(var.ecs_cluster_name) > 0 + error_message = "The ECS cluster name must not be empty." + } +} + +variable "github_runners" { + description = "A list of GitHub runners" + type = list(object({ + hostname = string + namespace = optional(string, null) + repo_name = optional(string, null) + labels = optional(list(string)) + subnets = optional(list(string)) + tag = optional(string) + + network_configuration = optional(object({ + subnets = optional(list(string), []), + security_groups = optional(list(string), []), + assign_public_ip = optional(bool, false) + }), {} + ) + + runner_group = optional(object({ + name = optional(string) + visibility = optional(string, "selected") + selected_workflows = optional(list(string), []) + selected_repository_ids = optional(list(string), []) + allows_public_repositories = optional(bool, false) + create = optional(bool, false) + }), { create = false }) + # end of variable definition + })) + + validation { + condition = length(var.github_runners) > 0 + error_message = "The list of GitHub runners must not be empty." + } +} + +variable "repo_org" { + description = "The GitHub organization" + type = string + + validation { + condition = length(var.repo_org) > 0 + error_message = "The GitHub organization must not be empty." + } +} + +variable "namespace" { + description = "The namespace for the resources" + type = string + + validation { + condition = length(var.namespace) > 0 + error_message = "The namespace must not be empty." + } +} + +variable "subnets" { + description = "A list of subnets" + type = list(string) + default = [] + validation { + condition = length(var.subnets) >= 0 + error_message = "The list of subnets must not be empty." + } +} + +variable "security_groups" { + description = "A list of security groups" + type = list(string) + default = [] + validation { + condition = length(var.security_groups) >= 0 + error_message = "The list of security groups must not be empty." + } +} + +variable "assign_public_ip" { + default = false + type = bool +} + +variable "cluster_size" { + default = 3 +} + +variable "vpc_id" {} + +variable "create_vpc_endpoint" { + type = bool + default = false +} + +variable "image_name" {} +variable "image_version" {} + +variable "server_url" { + default = "" +} + +variable "certs" { + type = object({ + bucket = string + key = string + }) + default = null +}