diff --git a/automation-repos/config.sh b/automation-repos/config.sh deleted file mode 100755 index 14cc6ba..0000000 --- a/automation-repos/config.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -user_id=`id -u` - -# we want to snapshot the environment of the config user -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run with sudo" - exit 1 -fi - -# Check dotnet Core 6.0 dependencies for Linux -if [[ (`uname` == "Linux") ]] -then - command -v ldd > /dev/null - if [ $? -ne 0 ] - then - echo "Can not find 'ldd'. Please install 'ldd' and try again." - exit 1 - fi - - message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies." - - ldd ./bin/libcoreclr.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - if ! [ -x "$(command -v ldconfig)" ]; then - LDCONFIG_COMMAND="/sbin/ldconfig" - if ! [ -x "$LDCONFIG_COMMAND" ]; then - echo "Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again." - exit 1 - fi - else - LDCONFIG_COMMAND="ldconfig" - fi - - libpath=${LD_LIBRARY_PATH:-} - $LDCONFIG_COMMAND -NXv ${libpath//:/ } 2>&1 | grep libicu >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "Libicu's dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi -fi - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" -cd "$DIR" - -source ./env.sh - -shopt -s nocasematch -if [[ "$1" == "remove" ]]; then - ./bin/Runner.Listener "$@" -else - ./bin/Runner.Listener configure "$@" -fi diff --git a/automation-repos/env.sh b/automation-repos/env.sh deleted file mode 100755 index 641d244..0000000 --- a/automation-repos/env.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -varCheckList=( - 'LANG' - 'JAVA_HOME' - 'ANT_HOME' - 'M2_HOME' - 'ANDROID_HOME' - 'ANDROID_SDK_ROOT' - 'GRADLE_HOME' - 'NVM_BIN' - 'NVM_PATH' - 'LD_LIBRARY_PATH' - 'PERL5LIB' - ) - -envContents="" - -if [ -f ".env" ]; then - envContents=`cat .env` -else - touch .env -fi - -function writeVar() -{ - checkVar="$1" - checkDelim="${1}=" - if test "${envContents#*$checkDelim}" = "$envContents" - then - if [ ! -z "${!checkVar}" ]; then - echo "${checkVar}=${!checkVar}">>.env - fi - fi -} - -echo $PATH>.path - -for var_name in ${varCheckList[@]} -do - writeVar "${var_name}" -done diff --git a/automation-repos/run-helper.cmd.template b/automation-repos/run-helper.cmd.template deleted file mode 100644 index 23e4246..0000000 --- a/automation-repos/run-helper.cmd.template +++ /dev/null @@ -1,53 +0,0 @@ -@echo off -SET UPDATEFILE=update.finished -"%~dp0\bin\Runner.Listener.exe" run %* - -rem using `if %ERRORLEVEL% EQU N` insterad of `if ERRORLEVEL N` -rem `if ERRORLEVEL N` means: error level is N or MORE - -if %ERRORLEVEL% EQU 0 ( - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 1 ( - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 2 ( - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - ping 127.0.0.1 -n 6 -w 1000 >NUL - exit /b 1 -) - -if %ERRORLEVEL% EQU 3 ( - rem Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -if %ERRORLEVEL% EQU 4 ( - rem Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -echo "Exiting after unknown error code: %ERRORLEVEL%" -exit /b 0 \ No newline at end of file diff --git a/automation-repos/run-helper.sh b/automation-repos/run-helper.sh deleted file mode 100755 index 743fd8b..0000000 --- a/automation-repos/run-helper.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/automation-repos/run-helper.sh.template b/automation-repos/run-helper.sh.template deleted file mode 100755 index 743fd8b..0000000 --- a/automation-repos/run-helper.sh.template +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/automation-repos/run.sh b/automation-repos/run.sh deleted file mode 100755 index 6b02ea1..0000000 --- a/automation-repos/run.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -run() { - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - exit 0 - fi - done -} - -runWithManualTrap() { - # Set job control - set -m - - trap 'kill -INT -$PID' INT TERM - - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* & - PID=$! - wait -f $PID - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - # Unregister signal handling before exit - trap - INT TERM - # wait for last parts to be logged - wait $PID - exit $returnCode - fi - done -} - -function updateCerts() { - local sudo_prefix="" - local user_id=`id -u` - - if [ $user_id -ne 0 ]; then - if [[ ! -x "$(command -v sudo)" ]]; then - echo "Warning: failed to update certificate store: sudo is required but not found" - return 1 - else - sudo_prefix="sudo" - fi - fi - - if [[ -x "$(command -v update-ca-certificates)" ]]; then - eval $sudo_prefix "update-ca-certificates" - elif [[ -x "$(command -v update-ca-trust)" ]]; then - eval $sudo_prefix "update-ca-trust" - else - echo "Warning: failed to update certificate store: update-ca-certificates or update-ca-trust not found. This can happen if you're using a different runner base image." - return 1 - fi -} - -if [[ ! -z "$RUNNER_UPDATE_CA_CERTS" ]]; then - updateCerts -fi - -if [[ -z "$RUNNER_MANUALLY_TRAP_SIG" ]]; then - run $* -else - runWithManualTrap $* -fi \ No newline at end of file diff --git a/automation-repos/safe_sleep.sh b/automation-repos/safe_sleep.sh deleted file mode 100755 index 7ba5be3..0000000 --- a/automation-repos/safe_sleep.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -SECONDS=0 -while [[ $SECONDS != $1 ]]; do - : -done diff --git a/automation-repos/svc.sh b/automation-repos/svc.sh deleted file mode 100755 index cec1bdb..0000000 --- a/automation-repos/svc.sh +++ /dev/null @@ -1,179 +0,0 @@ -#!/bin/bash - -SVC_NAME="actions.runner._services.automation-repos.service" -SVC_NAME=${SVC_NAME// /_} -SVC_DESCRIPTION="GitHub Actions Runner (_services.automation-repos)" - -SVC_CMD=$1 -arg_2=${2} - -RUNNER_ROOT=`pwd` - -UNIT_PATH=/etc/systemd/system/${SVC_NAME} -TEMPLATE_PATH=$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE -IS_CUSTOM_TEMPLATE=0 -if [[ -z $TEMPLATE_PATH ]]; then - TEMPLATE_PATH=./bin/actions.runner.service.template -else - IS_CUSTOM_TEMPLATE=1 -fi -TEMP_PATH=./bin/actions.runner.service.temp -CONFIG_PATH=.service - -user_id=`id -u` - -# systemctl must run as sudo -# this script is a convenience wrapper around systemctl -if [ $user_id -ne 0 ]; then - echo "Must run as sudo" - exit 1 -fi - -function failed() -{ - local error=${1:-Undefined error} - echo "Failed: $error" >&2 - exit 1 -} - -if [ ! -f "${TEMPLATE_PATH}" ]; then - if [[ $IS_CUSTOM_TEMPLATE = 0 ]]; then - failed "Must run from runner root or install is corrupt" - else - failed "Service file at '$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE' using GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE env variable is not found" - fi -fi - -#check if we run as root -if [[ $(id -u) != "0" ]]; then - echo "Failed: This script requires to run with sudo." >&2 - exit 1 -fi - -function install() -{ - echo "Creating launch runner in ${UNIT_PATH}" - if [ -f "${UNIT_PATH}" ]; then - failed "error: exists ${UNIT_PATH}" - fi - - if [ -f "${TEMP_PATH}" ]; then - rm "${TEMP_PATH}" || failed "failed to delete ${TEMP_PATH}" - fi - - # can optionally use username supplied - run_as_user=${arg_2:-$SUDO_USER} - echo "Run as user: ${run_as_user}" - - run_as_uid=$(id -u ${run_as_user}) || failed "User does not exist" - echo "Run as uid: ${run_as_uid}" - - run_as_gid=$(id -g ${run_as_user}) || failed "Group not available" - echo "gid: ${run_as_gid}" - - sed "s/{{User}}/${run_as_user}/g; s/{{Description}}/$(echo ${SVC_DESCRIPTION} | sed -e 's/[\/&]/\\&/g')/g; s/{{RunnerRoot}}/$(echo ${RUNNER_ROOT} | sed -e 's/[\/&]/\\&/g')/g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file" - mv "${TEMP_PATH}" "${UNIT_PATH}" || failed "failed to copy unit file" - - # Recent Fedora based Linux (CentOS/Redhat) has SELinux enabled by default - # We need to restore security context on the unit file we added otherwise SystemD have no access to it. - command -v getenforce > /dev/null - if [ $? -eq 0 ] - then - selinuxEnabled=$(getenforce) - if [[ $selinuxEnabled == "Enforcing" ]] - then - # SELinux is enabled, we will need to Restore SELinux Context for the service file - restorecon -r -v "${UNIT_PATH}" || failed "failed to restore SELinux context on ${UNIT_PATH}" - fi - fi - - # unit file should not be executable and world writable - chmod 664 "${UNIT_PATH}" || failed "failed to set permissions on ${UNIT_PATH}" - systemctl daemon-reload || failed "failed to reload daemons" - - # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user. - cp ./bin/runsvc.sh ./runsvc.sh || failed "failed to copy runsvc.sh" - chown ${run_as_uid}:${run_as_gid} ./runsvc.sh || failed "failed to set owner for runsvc.sh" - chmod 755 ./runsvc.sh || failed "failed to set permission for runsvc.sh" - - systemctl enable ${SVC_NAME} || failed "failed to enable ${SVC_NAME}" - - echo "${SVC_NAME}" > ${CONFIG_PATH} || failed "failed to create .service file" - chown ${run_as_uid}:${run_as_gid} ${CONFIG_PATH} || failed "failed to set permission for ${CONFIG_PATH}" -} - -function start() -{ - systemctl start ${SVC_NAME} || failed "failed to start ${SVC_NAME}" - status -} - -function stop() -{ - systemctl stop ${SVC_NAME} || failed "failed to stop ${SVC_NAME}" - status -} - -function uninstall() -{ - if service_exists; then - stop - systemctl disable ${SVC_NAME} || failed "failed to disable ${SVC_NAME}" - rm "${UNIT_PATH}" || failed "failed to delete ${UNIT_PATH}" - else - echo "Service ${SVC_NAME} is not installed" - fi - if [ -f "${CONFIG_PATH}" ]; then - rm "${CONFIG_PATH}" || failed "failed to delete ${CONFIG_PATH}" - fi - systemctl daemon-reload || failed "failed to reload daemons" -} - -function service_exists() { - if [ -f "${UNIT_PATH}" ]; then - return 0 - else - return 1 - fi -} - -function status() -{ - if service_exists; then - echo - echo "${UNIT_PATH}" - else - echo - echo "not installed" - echo - exit 1 - fi - - systemctl --no-pager status ${SVC_NAME} -} - -function usage() -{ - echo - echo Usage: - echo "./svc.sh [install, start, stop, status, uninstall]" - echo "Commands:" - echo " install [user]: Install runner service as Root or specified user." - echo " start: Manually start the runner service." - echo " stop: Manually stop the runner service." - echo " status: Display status of runner service." - echo " uninstall: Uninstall runner service." - echo -} - -case $SVC_CMD in - "install") install;; - "status") status;; - "uninstall") uninstall;; - "start") start;; - "stop") stop;; - "status") status;; - *) usage;; -esac - -exit 0 diff --git a/aws-image-pipeline/config.sh b/aws-image-pipeline/config.sh deleted file mode 100755 index 14cc6ba..0000000 --- a/aws-image-pipeline/config.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -user_id=`id -u` - -# we want to snapshot the environment of the config user -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run with sudo" - exit 1 -fi - -# Check dotnet Core 6.0 dependencies for Linux -if [[ (`uname` == "Linux") ]] -then - command -v ldd > /dev/null - if [ $? -ne 0 ] - then - echo "Can not find 'ldd'. Please install 'ldd' and try again." - exit 1 - fi - - message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies." - - ldd ./bin/libcoreclr.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - if ! [ -x "$(command -v ldconfig)" ]; then - LDCONFIG_COMMAND="/sbin/ldconfig" - if ! [ -x "$LDCONFIG_COMMAND" ]; then - echo "Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again." - exit 1 - fi - else - LDCONFIG_COMMAND="ldconfig" - fi - - libpath=${LD_LIBRARY_PATH:-} - $LDCONFIG_COMMAND -NXv ${libpath//:/ } 2>&1 | grep libicu >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "Libicu's dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi -fi - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" -cd "$DIR" - -source ./env.sh - -shopt -s nocasematch -if [[ "$1" == "remove" ]]; then - ./bin/Runner.Listener "$@" -else - ./bin/Runner.Listener configure "$@" -fi diff --git a/aws-image-pipeline/env.sh b/aws-image-pipeline/env.sh deleted file mode 100755 index 641d244..0000000 --- a/aws-image-pipeline/env.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -varCheckList=( - 'LANG' - 'JAVA_HOME' - 'ANT_HOME' - 'M2_HOME' - 'ANDROID_HOME' - 'ANDROID_SDK_ROOT' - 'GRADLE_HOME' - 'NVM_BIN' - 'NVM_PATH' - 'LD_LIBRARY_PATH' - 'PERL5LIB' - ) - -envContents="" - -if [ -f ".env" ]; then - envContents=`cat .env` -else - touch .env -fi - -function writeVar() -{ - checkVar="$1" - checkDelim="${1}=" - if test "${envContents#*$checkDelim}" = "$envContents" - then - if [ ! -z "${!checkVar}" ]; then - echo "${checkVar}=${!checkVar}">>.env - fi - fi -} - -echo $PATH>.path - -for var_name in ${varCheckList[@]} -do - writeVar "${var_name}" -done diff --git a/aws-image-pipeline/run-helper.cmd.template b/aws-image-pipeline/run-helper.cmd.template deleted file mode 100644 index 23e4246..0000000 --- a/aws-image-pipeline/run-helper.cmd.template +++ /dev/null @@ -1,53 +0,0 @@ -@echo off -SET UPDATEFILE=update.finished -"%~dp0\bin\Runner.Listener.exe" run %* - -rem using `if %ERRORLEVEL% EQU N` insterad of `if ERRORLEVEL N` -rem `if ERRORLEVEL N` means: error level is N or MORE - -if %ERRORLEVEL% EQU 0 ( - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 1 ( - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 2 ( - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - ping 127.0.0.1 -n 6 -w 1000 >NUL - exit /b 1 -) - -if %ERRORLEVEL% EQU 3 ( - rem Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -if %ERRORLEVEL% EQU 4 ( - rem Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -echo "Exiting after unknown error code: %ERRORLEVEL%" -exit /b 0 \ No newline at end of file diff --git a/aws-image-pipeline/run-helper.sh b/aws-image-pipeline/run-helper.sh deleted file mode 100755 index 743fd8b..0000000 --- a/aws-image-pipeline/run-helper.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/aws-image-pipeline/run-helper.sh.template b/aws-image-pipeline/run-helper.sh.template deleted file mode 100755 index 743fd8b..0000000 --- a/aws-image-pipeline/run-helper.sh.template +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/aws-image-pipeline/run.sh b/aws-image-pipeline/run.sh deleted file mode 100755 index 6b02ea1..0000000 --- a/aws-image-pipeline/run.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -run() { - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - exit 0 - fi - done -} - -runWithManualTrap() { - # Set job control - set -m - - trap 'kill -INT -$PID' INT TERM - - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* & - PID=$! - wait -f $PID - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - # Unregister signal handling before exit - trap - INT TERM - # wait for last parts to be logged - wait $PID - exit $returnCode - fi - done -} - -function updateCerts() { - local sudo_prefix="" - local user_id=`id -u` - - if [ $user_id -ne 0 ]; then - if [[ ! -x "$(command -v sudo)" ]]; then - echo "Warning: failed to update certificate store: sudo is required but not found" - return 1 - else - sudo_prefix="sudo" - fi - fi - - if [[ -x "$(command -v update-ca-certificates)" ]]; then - eval $sudo_prefix "update-ca-certificates" - elif [[ -x "$(command -v update-ca-trust)" ]]; then - eval $sudo_prefix "update-ca-trust" - else - echo "Warning: failed to update certificate store: update-ca-certificates or update-ca-trust not found. This can happen if you're using a different runner base image." - return 1 - fi -} - -if [[ ! -z "$RUNNER_UPDATE_CA_CERTS" ]]; then - updateCerts -fi - -if [[ -z "$RUNNER_MANUALLY_TRAP_SIG" ]]; then - run $* -else - runWithManualTrap $* -fi \ No newline at end of file diff --git a/aws-image-pipeline/safe_sleep.sh b/aws-image-pipeline/safe_sleep.sh deleted file mode 100755 index 7ba5be3..0000000 --- a/aws-image-pipeline/safe_sleep.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -SECONDS=0 -while [[ $SECONDS != $1 ]]; do - : -done diff --git a/aws-image-pipeline/svc.sh b/aws-image-pipeline/svc.sh deleted file mode 100755 index bf5c2d4..0000000 --- a/aws-image-pipeline/svc.sh +++ /dev/null @@ -1,179 +0,0 @@ -#!/bin/bash - -SVC_NAME="actions.runner._services.aws-image-pipeline.service" -SVC_NAME=${SVC_NAME// /_} -SVC_DESCRIPTION="GitHub Actions Runner (_services.aws-image-pipeline)" - -SVC_CMD=$1 -arg_2=${2} - -RUNNER_ROOT=`pwd` - -UNIT_PATH=/etc/systemd/system/${SVC_NAME} -TEMPLATE_PATH=$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE -IS_CUSTOM_TEMPLATE=0 -if [[ -z $TEMPLATE_PATH ]]; then - TEMPLATE_PATH=./bin/actions.runner.service.template -else - IS_CUSTOM_TEMPLATE=1 -fi -TEMP_PATH=./bin/actions.runner.service.temp -CONFIG_PATH=.service - -user_id=`id -u` - -# systemctl must run as sudo -# this script is a convenience wrapper around systemctl -if [ $user_id -ne 0 ]; then - echo "Must run as sudo" - exit 1 -fi - -function failed() -{ - local error=${1:-Undefined error} - echo "Failed: $error" >&2 - exit 1 -} - -if [ ! -f "${TEMPLATE_PATH}" ]; then - if [[ $IS_CUSTOM_TEMPLATE = 0 ]]; then - failed "Must run from runner root or install is corrupt" - else - failed "Service file at '$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE' using GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE env variable is not found" - fi -fi - -#check if we run as root -if [[ $(id -u) != "0" ]]; then - echo "Failed: This script requires to run with sudo." >&2 - exit 1 -fi - -function install() -{ - echo "Creating launch runner in ${UNIT_PATH}" - if [ -f "${UNIT_PATH}" ]; then - failed "error: exists ${UNIT_PATH}" - fi - - if [ -f "${TEMP_PATH}" ]; then - rm "${TEMP_PATH}" || failed "failed to delete ${TEMP_PATH}" - fi - - # can optionally use username supplied - run_as_user=${arg_2:-$SUDO_USER} - echo "Run as user: ${run_as_user}" - - run_as_uid=$(id -u ${run_as_user}) || failed "User does not exist" - echo "Run as uid: ${run_as_uid}" - - run_as_gid=$(id -g ${run_as_user}) || failed "Group not available" - echo "gid: ${run_as_gid}" - - sed "s/{{User}}/${run_as_user}/g; s/{{Description}}/$(echo ${SVC_DESCRIPTION} | sed -e 's/[\/&]/\\&/g')/g; s/{{RunnerRoot}}/$(echo ${RUNNER_ROOT} | sed -e 's/[\/&]/\\&/g')/g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file" - mv "${TEMP_PATH}" "${UNIT_PATH}" || failed "failed to copy unit file" - - # Recent Fedora based Linux (CentOS/Redhat) has SELinux enabled by default - # We need to restore security context on the unit file we added otherwise SystemD have no access to it. - command -v getenforce > /dev/null - if [ $? -eq 0 ] - then - selinuxEnabled=$(getenforce) - if [[ $selinuxEnabled == "Enforcing" ]] - then - # SELinux is enabled, we will need to Restore SELinux Context for the service file - restorecon -r -v "${UNIT_PATH}" || failed "failed to restore SELinux context on ${UNIT_PATH}" - fi - fi - - # unit file should not be executable and world writable - chmod 664 "${UNIT_PATH}" || failed "failed to set permissions on ${UNIT_PATH}" - systemctl daemon-reload || failed "failed to reload daemons" - - # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user. - cp ./bin/runsvc.sh ./runsvc.sh || failed "failed to copy runsvc.sh" - chown ${run_as_uid}:${run_as_gid} ./runsvc.sh || failed "failed to set owner for runsvc.sh" - chmod 755 ./runsvc.sh || failed "failed to set permission for runsvc.sh" - - systemctl enable ${SVC_NAME} || failed "failed to enable ${SVC_NAME}" - - echo "${SVC_NAME}" > ${CONFIG_PATH} || failed "failed to create .service file" - chown ${run_as_uid}:${run_as_gid} ${CONFIG_PATH} || failed "failed to set permission for ${CONFIG_PATH}" -} - -function start() -{ - systemctl start ${SVC_NAME} || failed "failed to start ${SVC_NAME}" - status -} - -function stop() -{ - systemctl stop ${SVC_NAME} || failed "failed to stop ${SVC_NAME}" - status -} - -function uninstall() -{ - if service_exists; then - stop - systemctl disable ${SVC_NAME} || failed "failed to disable ${SVC_NAME}" - rm "${UNIT_PATH}" || failed "failed to delete ${UNIT_PATH}" - else - echo "Service ${SVC_NAME} is not installed" - fi - if [ -f "${CONFIG_PATH}" ]; then - rm "${CONFIG_PATH}" || failed "failed to delete ${CONFIG_PATH}" - fi - systemctl daemon-reload || failed "failed to reload daemons" -} - -function service_exists() { - if [ -f "${UNIT_PATH}" ]; then - return 0 - else - return 1 - fi -} - -function status() -{ - if service_exists; then - echo - echo "${UNIT_PATH}" - else - echo - echo "not installed" - echo - exit 1 - fi - - systemctl --no-pager status ${SVC_NAME} -} - -function usage() -{ - echo - echo Usage: - echo "./svc.sh [install, start, stop, status, uninstall]" - echo "Commands:" - echo " install [user]: Install runner service as Root or specified user." - echo " start: Manually start the runner service." - echo " stop: Manually stop the runner service." - echo " status: Display status of runner service." - echo " uninstall: Uninstall runner service." - echo -} - -case $SVC_CMD in - "install") install;; - "status") status;; - "uninstall") uninstall;; - "start") start;; - "stop") stop;; - "status") status;; - *) usage;; -esac - -exit 0 diff --git a/docker-image-pipeline/config.sh b/docker-image-pipeline/config.sh deleted file mode 100755 index 14cc6ba..0000000 --- a/docker-image-pipeline/config.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -user_id=`id -u` - -# we want to snapshot the environment of the config user -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run with sudo" - exit 1 -fi - -# Check dotnet Core 6.0 dependencies for Linux -if [[ (`uname` == "Linux") ]] -then - command -v ldd > /dev/null - if [ $? -ne 0 ] - then - echo "Can not find 'ldd'. Please install 'ldd' and try again." - exit 1 - fi - - message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies." - - ldd ./bin/libcoreclr.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - if ! [ -x "$(command -v ldconfig)" ]; then - LDCONFIG_COMMAND="/sbin/ldconfig" - if ! [ -x "$LDCONFIG_COMMAND" ]; then - echo "Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again." - exit 1 - fi - else - LDCONFIG_COMMAND="ldconfig" - fi - - libpath=${LD_LIBRARY_PATH:-} - $LDCONFIG_COMMAND -NXv ${libpath//:/ } 2>&1 | grep libicu >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "Libicu's dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi -fi - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" -cd "$DIR" - -source ./env.sh - -shopt -s nocasematch -if [[ "$1" == "remove" ]]; then - ./bin/Runner.Listener "$@" -else - ./bin/Runner.Listener configure "$@" -fi diff --git a/docker-image-pipeline/env.sh b/docker-image-pipeline/env.sh deleted file mode 100755 index 641d244..0000000 --- a/docker-image-pipeline/env.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -varCheckList=( - 'LANG' - 'JAVA_HOME' - 'ANT_HOME' - 'M2_HOME' - 'ANDROID_HOME' - 'ANDROID_SDK_ROOT' - 'GRADLE_HOME' - 'NVM_BIN' - 'NVM_PATH' - 'LD_LIBRARY_PATH' - 'PERL5LIB' - ) - -envContents="" - -if [ -f ".env" ]; then - envContents=`cat .env` -else - touch .env -fi - -function writeVar() -{ - checkVar="$1" - checkDelim="${1}=" - if test "${envContents#*$checkDelim}" = "$envContents" - then - if [ ! -z "${!checkVar}" ]; then - echo "${checkVar}=${!checkVar}">>.env - fi - fi -} - -echo $PATH>.path - -for var_name in ${varCheckList[@]} -do - writeVar "${var_name}" -done diff --git a/docker-image-pipeline/run-helper.cmd.template b/docker-image-pipeline/run-helper.cmd.template deleted file mode 100644 index 23e4246..0000000 --- a/docker-image-pipeline/run-helper.cmd.template +++ /dev/null @@ -1,53 +0,0 @@ -@echo off -SET UPDATEFILE=update.finished -"%~dp0\bin\Runner.Listener.exe" run %* - -rem using `if %ERRORLEVEL% EQU N` insterad of `if ERRORLEVEL N` -rem `if ERRORLEVEL N` means: error level is N or MORE - -if %ERRORLEVEL% EQU 0 ( - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 1 ( - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 2 ( - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - ping 127.0.0.1 -n 6 -w 1000 >NUL - exit /b 1 -) - -if %ERRORLEVEL% EQU 3 ( - rem Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -if %ERRORLEVEL% EQU 4 ( - rem Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -echo "Exiting after unknown error code: %ERRORLEVEL%" -exit /b 0 \ No newline at end of file diff --git a/docker-image-pipeline/run-helper.sh b/docker-image-pipeline/run-helper.sh deleted file mode 100755 index 743fd8b..0000000 --- a/docker-image-pipeline/run-helper.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/docker-image-pipeline/run-helper.sh.template b/docker-image-pipeline/run-helper.sh.template deleted file mode 100755 index 743fd8b..0000000 --- a/docker-image-pipeline/run-helper.sh.template +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/docker-image-pipeline/run.sh b/docker-image-pipeline/run.sh deleted file mode 100755 index 6b02ea1..0000000 --- a/docker-image-pipeline/run.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -run() { - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - exit 0 - fi - done -} - -runWithManualTrap() { - # Set job control - set -m - - trap 'kill -INT -$PID' INT TERM - - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* & - PID=$! - wait -f $PID - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - # Unregister signal handling before exit - trap - INT TERM - # wait for last parts to be logged - wait $PID - exit $returnCode - fi - done -} - -function updateCerts() { - local sudo_prefix="" - local user_id=`id -u` - - if [ $user_id -ne 0 ]; then - if [[ ! -x "$(command -v sudo)" ]]; then - echo "Warning: failed to update certificate store: sudo is required but not found" - return 1 - else - sudo_prefix="sudo" - fi - fi - - if [[ -x "$(command -v update-ca-certificates)" ]]; then - eval $sudo_prefix "update-ca-certificates" - elif [[ -x "$(command -v update-ca-trust)" ]]; then - eval $sudo_prefix "update-ca-trust" - else - echo "Warning: failed to update certificate store: update-ca-certificates or update-ca-trust not found. This can happen if you're using a different runner base image." - return 1 - fi -} - -if [[ ! -z "$RUNNER_UPDATE_CA_CERTS" ]]; then - updateCerts -fi - -if [[ -z "$RUNNER_MANUALLY_TRAP_SIG" ]]; then - run $* -else - runWithManualTrap $* -fi \ No newline at end of file diff --git a/docker-image-pipeline/safe_sleep.sh b/docker-image-pipeline/safe_sleep.sh deleted file mode 100755 index 7ba5be3..0000000 --- a/docker-image-pipeline/safe_sleep.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -SECONDS=0 -while [[ $SECONDS != $1 ]]; do - : -done diff --git a/docker-image-pipeline/svc.sh b/docker-image-pipeline/svc.sh deleted file mode 100755 index edc720a..0000000 --- a/docker-image-pipeline/svc.sh +++ /dev/null @@ -1,179 +0,0 @@ -#!/bin/bash - -SVC_NAME="actions.runner._services.docker-image-pipeline.service" -SVC_NAME=${SVC_NAME// /_} -SVC_DESCRIPTION="GitHub Actions Runner (_services.docker-image-pipeline)" - -SVC_CMD=$1 -arg_2=${2} - -RUNNER_ROOT=`pwd` - -UNIT_PATH=/etc/systemd/system/${SVC_NAME} -TEMPLATE_PATH=$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE -IS_CUSTOM_TEMPLATE=0 -if [[ -z $TEMPLATE_PATH ]]; then - TEMPLATE_PATH=./bin/actions.runner.service.template -else - IS_CUSTOM_TEMPLATE=1 -fi -TEMP_PATH=./bin/actions.runner.service.temp -CONFIG_PATH=.service - -user_id=`id -u` - -# systemctl must run as sudo -# this script is a convenience wrapper around systemctl -if [ $user_id -ne 0 ]; then - echo "Must run as sudo" - exit 1 -fi - -function failed() -{ - local error=${1:-Undefined error} - echo "Failed: $error" >&2 - exit 1 -} - -if [ ! -f "${TEMPLATE_PATH}" ]; then - if [[ $IS_CUSTOM_TEMPLATE = 0 ]]; then - failed "Must run from runner root or install is corrupt" - else - failed "Service file at '$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE' using GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE env variable is not found" - fi -fi - -#check if we run as root -if [[ $(id -u) != "0" ]]; then - echo "Failed: This script requires to run with sudo." >&2 - exit 1 -fi - -function install() -{ - echo "Creating launch runner in ${UNIT_PATH}" - if [ -f "${UNIT_PATH}" ]; then - failed "error: exists ${UNIT_PATH}" - fi - - if [ -f "${TEMP_PATH}" ]; then - rm "${TEMP_PATH}" || failed "failed to delete ${TEMP_PATH}" - fi - - # can optionally use username supplied - run_as_user=${arg_2:-$SUDO_USER} - echo "Run as user: ${run_as_user}" - - run_as_uid=$(id -u ${run_as_user}) || failed "User does not exist" - echo "Run as uid: ${run_as_uid}" - - run_as_gid=$(id -g ${run_as_user}) || failed "Group not available" - echo "gid: ${run_as_gid}" - - sed "s/{{User}}/${run_as_user}/g; s/{{Description}}/$(echo ${SVC_DESCRIPTION} | sed -e 's/[\/&]/\\&/g')/g; s/{{RunnerRoot}}/$(echo ${RUNNER_ROOT} | sed -e 's/[\/&]/\\&/g')/g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file" - mv "${TEMP_PATH}" "${UNIT_PATH}" || failed "failed to copy unit file" - - # Recent Fedora based Linux (CentOS/Redhat) has SELinux enabled by default - # We need to restore security context on the unit file we added otherwise SystemD have no access to it. - command -v getenforce > /dev/null - if [ $? -eq 0 ] - then - selinuxEnabled=$(getenforce) - if [[ $selinuxEnabled == "Enforcing" ]] - then - # SELinux is enabled, we will need to Restore SELinux Context for the service file - restorecon -r -v "${UNIT_PATH}" || failed "failed to restore SELinux context on ${UNIT_PATH}" - fi - fi - - # unit file should not be executable and world writable - chmod 664 "${UNIT_PATH}" || failed "failed to set permissions on ${UNIT_PATH}" - systemctl daemon-reload || failed "failed to reload daemons" - - # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user. - cp ./bin/runsvc.sh ./runsvc.sh || failed "failed to copy runsvc.sh" - chown ${run_as_uid}:${run_as_gid} ./runsvc.sh || failed "failed to set owner for runsvc.sh" - chmod 755 ./runsvc.sh || failed "failed to set permission for runsvc.sh" - - systemctl enable ${SVC_NAME} || failed "failed to enable ${SVC_NAME}" - - echo "${SVC_NAME}" > ${CONFIG_PATH} || failed "failed to create .service file" - chown ${run_as_uid}:${run_as_gid} ${CONFIG_PATH} || failed "failed to set permission for ${CONFIG_PATH}" -} - -function start() -{ - systemctl start ${SVC_NAME} || failed "failed to start ${SVC_NAME}" - status -} - -function stop() -{ - systemctl stop ${SVC_NAME} || failed "failed to stop ${SVC_NAME}" - status -} - -function uninstall() -{ - if service_exists; then - stop - systemctl disable ${SVC_NAME} || failed "failed to disable ${SVC_NAME}" - rm "${UNIT_PATH}" || failed "failed to delete ${UNIT_PATH}" - else - echo "Service ${SVC_NAME} is not installed" - fi - if [ -f "${CONFIG_PATH}" ]; then - rm "${CONFIG_PATH}" || failed "failed to delete ${CONFIG_PATH}" - fi - systemctl daemon-reload || failed "failed to reload daemons" -} - -function service_exists() { - if [ -f "${UNIT_PATH}" ]; then - return 0 - else - return 1 - fi -} - -function status() -{ - if service_exists; then - echo - echo "${UNIT_PATH}" - else - echo - echo "not installed" - echo - exit 1 - fi - - systemctl --no-pager status ${SVC_NAME} -} - -function usage() -{ - echo - echo Usage: - echo "./svc.sh [install, start, stop, status, uninstall]" - echo "Commands:" - echo " install [user]: Install runner service as Root or specified user." - echo " start: Manually start the runner service." - echo " stop: Manually stop the runner service." - echo " status: Display status of runner service." - echo " uninstall: Uninstall runner service." - echo -} - -case $SVC_CMD in - "install") install;; - "status") status;; - "uninstall") uninstall;; - "start") start;; - "stop") stop;; - "status") status;; - *) usage;; -esac - -exit 0 diff --git a/external_actions.tf b/external_actions.tf index 7210bca..1009f14 100644 --- a/external_actions.tf +++ b/external_actions.tf @@ -1,36 +1,80 @@ + +terraform { + required_providers { + github = { + source = "integrations/github" + version = "6.2.2" + } + } +} + +module "gh_token" { + for_each = toset([ + "GITHUB_ENTERPRISE_TOKEN", + "GITHUB_PUBLIC_TOKEN" + ]) + source = "HappyPathway/var/env" + env_var = each.value +} + + module "github_script" { source = "HappyPathway/gh-actions/importer" - version = "0.0.15" - git_repo_url = "https://github.com/actions/github-script.git" - git_repo_path = "/home/a/arnol377/git/gh-actions-github-script" - repo_name = "gh-actions-github-script" - repo_org = "CSVD" + github_repo_topics = [] + vulnerability_alerts = false + public_repo = { + default_branch = "main" + clone_url = "https://github.com/actions/github-script" + } + internal_repo = { + name = "gh-actions-github-script" + org = "CSVD" + topics = ["github-actions"] + } } module "github_checkout" { source = "HappyPathway/gh-actions/importer" - version = "0.0.15" - git_repo_url = "https://github.com/actions/checkout.git" - git_repo_path = "/home/a/arnol377/git/gh-actions-checkout" - repo_name = "gh-actions-checkout" - repo_org = "CSVD" + github_repo_topics = [] + vulnerability_alerts = false + public_repo = { + default_branch = "main" + clone_url = "https://github.com/actions/checkout" + } + internal_repo = { + name = "gh-actions-checkout" + org = "CSVD" + topics = ["github-actions"] + } } module "setup_python" { source = "HappyPathway/gh-actions/importer" - version = "0.0.15" - git_repo_url = "https://github.com/actions/setup-python.git" - git_repo_path = "/home/a/arnol377/git/gh-actions-setup-python" - repo_name = "gh-actions-setup-python" - repo_org = "CSVD" + github_repo_topics = [] + vulnerability_alerts = false + public_repo = { + default_branch = "main" + clone_url = "https://github.com/actions/setup-python" + } + internal_repo = { + name = "gh-actions-setup-python" + org = "CSVD" + topics = ["github-actions"] + } } module "netbackup_automation_platform" { source = "HappyPathway/gh-actions/importer" - version = "0.0.15" - git_repo_url = "https://github.com/VeritasOS/netbackup-automation-platform" - git_repo_path = "/home/a/arnol377/git/gh-netbackup-automation-platform" - repo_name = "netbackup-automation-platform" - repo_org = "CSVD" + github_repo_topics = [] + vulnerability_alerts = false + public_repo = { + default_branch = "main" + clone_url = "https://github.com/VeritasOS/netbackup-automation-platform.git" + } + internal_repo = { + name = "netbackup-automation-platform" + org = "CSVD" + topics = ["github-actions"] + } } diff --git a/ghe-runners/config.sh b/ghe-runners/config.sh deleted file mode 100755 index 14cc6ba..0000000 --- a/ghe-runners/config.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -user_id=`id -u` - -# we want to snapshot the environment of the config user -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run with sudo" - exit 1 -fi - -# Check dotnet Core 6.0 dependencies for Linux -if [[ (`uname` == "Linux") ]] -then - command -v ldd > /dev/null - if [ $? -ne 0 ] - then - echo "Can not find 'ldd'. Please install 'ldd' and try again." - exit 1 - fi - - message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies." - - ldd ./bin/libcoreclr.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - if ! [ -x "$(command -v ldconfig)" ]; then - LDCONFIG_COMMAND="/sbin/ldconfig" - if ! [ -x "$LDCONFIG_COMMAND" ]; then - echo "Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again." - exit 1 - fi - else - LDCONFIG_COMMAND="ldconfig" - fi - - libpath=${LD_LIBRARY_PATH:-} - $LDCONFIG_COMMAND -NXv ${libpath//:/ } 2>&1 | grep libicu >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "Libicu's dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi -fi - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" -cd "$DIR" - -source ./env.sh - -shopt -s nocasematch -if [[ "$1" == "remove" ]]; then - ./bin/Runner.Listener "$@" -else - ./bin/Runner.Listener configure "$@" -fi diff --git a/ghe-runners/env.sh b/ghe-runners/env.sh deleted file mode 100755 index 641d244..0000000 --- a/ghe-runners/env.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -varCheckList=( - 'LANG' - 'JAVA_HOME' - 'ANT_HOME' - 'M2_HOME' - 'ANDROID_HOME' - 'ANDROID_SDK_ROOT' - 'GRADLE_HOME' - 'NVM_BIN' - 'NVM_PATH' - 'LD_LIBRARY_PATH' - 'PERL5LIB' - ) - -envContents="" - -if [ -f ".env" ]; then - envContents=`cat .env` -else - touch .env -fi - -function writeVar() -{ - checkVar="$1" - checkDelim="${1}=" - if test "${envContents#*$checkDelim}" = "$envContents" - then - if [ ! -z "${!checkVar}" ]; then - echo "${checkVar}=${!checkVar}">>.env - fi - fi -} - -echo $PATH>.path - -for var_name in ${varCheckList[@]} -do - writeVar "${var_name}" -done diff --git a/ghe-runners/run-helper.cmd.template b/ghe-runners/run-helper.cmd.template deleted file mode 100644 index 23e4246..0000000 --- a/ghe-runners/run-helper.cmd.template +++ /dev/null @@ -1,53 +0,0 @@ -@echo off -SET UPDATEFILE=update.finished -"%~dp0\bin\Runner.Listener.exe" run %* - -rem using `if %ERRORLEVEL% EQU N` insterad of `if ERRORLEVEL N` -rem `if ERRORLEVEL N` means: error level is N or MORE - -if %ERRORLEVEL% EQU 0 ( - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 1 ( - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 2 ( - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - ping 127.0.0.1 -n 6 -w 1000 >NUL - exit /b 1 -) - -if %ERRORLEVEL% EQU 3 ( - rem Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -if %ERRORLEVEL% EQU 4 ( - rem Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -echo "Exiting after unknown error code: %ERRORLEVEL%" -exit /b 0 \ No newline at end of file diff --git a/ghe-runners/run-helper.sh b/ghe-runners/run-helper.sh deleted file mode 100755 index 743fd8b..0000000 --- a/ghe-runners/run-helper.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/ghe-runners/run-helper.sh.template b/ghe-runners/run-helper.sh.template deleted file mode 100755 index 743fd8b..0000000 --- a/ghe-runners/run-helper.sh.template +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/ghe-runners/run.sh b/ghe-runners/run.sh deleted file mode 100755 index 6b02ea1..0000000 --- a/ghe-runners/run.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -run() { - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - exit 0 - fi - done -} - -runWithManualTrap() { - # Set job control - set -m - - trap 'kill -INT -$PID' INT TERM - - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* & - PID=$! - wait -f $PID - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - # Unregister signal handling before exit - trap - INT TERM - # wait for last parts to be logged - wait $PID - exit $returnCode - fi - done -} - -function updateCerts() { - local sudo_prefix="" - local user_id=`id -u` - - if [ $user_id -ne 0 ]; then - if [[ ! -x "$(command -v sudo)" ]]; then - echo "Warning: failed to update certificate store: sudo is required but not found" - return 1 - else - sudo_prefix="sudo" - fi - fi - - if [[ -x "$(command -v update-ca-certificates)" ]]; then - eval $sudo_prefix "update-ca-certificates" - elif [[ -x "$(command -v update-ca-trust)" ]]; then - eval $sudo_prefix "update-ca-trust" - else - echo "Warning: failed to update certificate store: update-ca-certificates or update-ca-trust not found. This can happen if you're using a different runner base image." - return 1 - fi -} - -if [[ ! -z "$RUNNER_UPDATE_CA_CERTS" ]]; then - updateCerts -fi - -if [[ -z "$RUNNER_MANUALLY_TRAP_SIG" ]]; then - run $* -else - runWithManualTrap $* -fi \ No newline at end of file diff --git a/ghe-runners/safe_sleep.sh b/ghe-runners/safe_sleep.sh deleted file mode 100755 index 7ba5be3..0000000 --- a/ghe-runners/safe_sleep.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -SECONDS=0 -while [[ $SECONDS != $1 ]]; do - : -done diff --git a/ghe-runners/svc.sh b/ghe-runners/svc.sh deleted file mode 100755 index 9538155..0000000 --- a/ghe-runners/svc.sh +++ /dev/null @@ -1,179 +0,0 @@ -#!/bin/bash - -SVC_NAME="actions.runner._services.ghe-runners.service" -SVC_NAME=${SVC_NAME// /_} -SVC_DESCRIPTION="GitHub Actions Runner (_services.ghe-runners)" - -SVC_CMD=$1 -arg_2=${2} - -RUNNER_ROOT=`pwd` - -UNIT_PATH=/etc/systemd/system/${SVC_NAME} -TEMPLATE_PATH=$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE -IS_CUSTOM_TEMPLATE=0 -if [[ -z $TEMPLATE_PATH ]]; then - TEMPLATE_PATH=./bin/actions.runner.service.template -else - IS_CUSTOM_TEMPLATE=1 -fi -TEMP_PATH=./bin/actions.runner.service.temp -CONFIG_PATH=.service - -user_id=`id -u` - -# systemctl must run as sudo -# this script is a convenience wrapper around systemctl -if [ $user_id -ne 0 ]; then - echo "Must run as sudo" - exit 1 -fi - -function failed() -{ - local error=${1:-Undefined error} - echo "Failed: $error" >&2 - exit 1 -} - -if [ ! -f "${TEMPLATE_PATH}" ]; then - if [[ $IS_CUSTOM_TEMPLATE = 0 ]]; then - failed "Must run from runner root or install is corrupt" - else - failed "Service file at '$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE' using GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE env variable is not found" - fi -fi - -#check if we run as root -if [[ $(id -u) != "0" ]]; then - echo "Failed: This script requires to run with sudo." >&2 - exit 1 -fi - -function install() -{ - echo "Creating launch runner in ${UNIT_PATH}" - if [ -f "${UNIT_PATH}" ]; then - failed "error: exists ${UNIT_PATH}" - fi - - if [ -f "${TEMP_PATH}" ]; then - rm "${TEMP_PATH}" || failed "failed to delete ${TEMP_PATH}" - fi - - # can optionally use username supplied - run_as_user=${arg_2:-$SUDO_USER} - echo "Run as user: ${run_as_user}" - - run_as_uid=$(id -u ${run_as_user}) || failed "User does not exist" - echo "Run as uid: ${run_as_uid}" - - run_as_gid=$(id -g ${run_as_user}) || failed "Group not available" - echo "gid: ${run_as_gid}" - - sed "s/{{User}}/${run_as_user}/g; s/{{Description}}/$(echo ${SVC_DESCRIPTION} | sed -e 's/[\/&]/\\&/g')/g; s/{{RunnerRoot}}/$(echo ${RUNNER_ROOT} | sed -e 's/[\/&]/\\&/g')/g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file" - mv "${TEMP_PATH}" "${UNIT_PATH}" || failed "failed to copy unit file" - - # Recent Fedora based Linux (CentOS/Redhat) has SELinux enabled by default - # We need to restore security context on the unit file we added otherwise SystemD have no access to it. - command -v getenforce > /dev/null - if [ $? -eq 0 ] - then - selinuxEnabled=$(getenforce) - if [[ $selinuxEnabled == "Enforcing" ]] - then - # SELinux is enabled, we will need to Restore SELinux Context for the service file - restorecon -r -v "${UNIT_PATH}" || failed "failed to restore SELinux context on ${UNIT_PATH}" - fi - fi - - # unit file should not be executable and world writable - chmod 664 "${UNIT_PATH}" || failed "failed to set permissions on ${UNIT_PATH}" - systemctl daemon-reload || failed "failed to reload daemons" - - # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user. - cp ./bin/runsvc.sh ./runsvc.sh || failed "failed to copy runsvc.sh" - chown ${run_as_uid}:${run_as_gid} ./runsvc.sh || failed "failed to set owner for runsvc.sh" - chmod 755 ./runsvc.sh || failed "failed to set permission for runsvc.sh" - - systemctl enable ${SVC_NAME} || failed "failed to enable ${SVC_NAME}" - - echo "${SVC_NAME}" > ${CONFIG_PATH} || failed "failed to create .service file" - chown ${run_as_uid}:${run_as_gid} ${CONFIG_PATH} || failed "failed to set permission for ${CONFIG_PATH}" -} - -function start() -{ - systemctl start ${SVC_NAME} || failed "failed to start ${SVC_NAME}" - status -} - -function stop() -{ - systemctl stop ${SVC_NAME} || failed "failed to stop ${SVC_NAME}" - status -} - -function uninstall() -{ - if service_exists; then - stop - systemctl disable ${SVC_NAME} || failed "failed to disable ${SVC_NAME}" - rm "${UNIT_PATH}" || failed "failed to delete ${UNIT_PATH}" - else - echo "Service ${SVC_NAME} is not installed" - fi - if [ -f "${CONFIG_PATH}" ]; then - rm "${CONFIG_PATH}" || failed "failed to delete ${CONFIG_PATH}" - fi - systemctl daemon-reload || failed "failed to reload daemons" -} - -function service_exists() { - if [ -f "${UNIT_PATH}" ]; then - return 0 - else - return 1 - fi -} - -function status() -{ - if service_exists; then - echo - echo "${UNIT_PATH}" - else - echo - echo "not installed" - echo - exit 1 - fi - - systemctl --no-pager status ${SVC_NAME} -} - -function usage() -{ - echo - echo Usage: - echo "./svc.sh [install, start, stop, status, uninstall]" - echo "Commands:" - echo " install [user]: Install runner service as Root or specified user." - echo " start: Manually start the runner service." - echo " stop: Manually stop the runner service." - echo " status: Display status of runner service." - echo " uninstall: Uninstall runner service." - echo -} - -case $SVC_CMD in - "install") install;; - "status") status;; - "uninstall") uninstall;; - "start") start;; - "stop") stop;; - "status") status;; - *) usage;; -esac - -exit 0 diff --git a/image-pipeline-ansible-playbooks/config.sh b/image-pipeline-ansible-playbooks/config.sh deleted file mode 100755 index 14cc6ba..0000000 --- a/image-pipeline-ansible-playbooks/config.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -user_id=`id -u` - -# we want to snapshot the environment of the config user -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run with sudo" - exit 1 -fi - -# Check dotnet Core 6.0 dependencies for Linux -if [[ (`uname` == "Linux") ]] -then - command -v ldd > /dev/null - if [ $? -ne 0 ] - then - echo "Can not find 'ldd'. Please install 'ldd' and try again." - exit 1 - fi - - message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies." - - ldd ./bin/libcoreclr.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - if ! [ -x "$(command -v ldconfig)" ]; then - LDCONFIG_COMMAND="/sbin/ldconfig" - if ! [ -x "$LDCONFIG_COMMAND" ]; then - echo "Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again." - exit 1 - fi - else - LDCONFIG_COMMAND="ldconfig" - fi - - libpath=${LD_LIBRARY_PATH:-} - $LDCONFIG_COMMAND -NXv ${libpath//:/ } 2>&1 | grep libicu >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "Libicu's dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi -fi - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" -cd "$DIR" - -source ./env.sh - -shopt -s nocasematch -if [[ "$1" == "remove" ]]; then - ./bin/Runner.Listener "$@" -else - ./bin/Runner.Listener configure "$@" -fi diff --git a/image-pipeline-ansible-playbooks/env.sh b/image-pipeline-ansible-playbooks/env.sh deleted file mode 100755 index 641d244..0000000 --- a/image-pipeline-ansible-playbooks/env.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -varCheckList=( - 'LANG' - 'JAVA_HOME' - 'ANT_HOME' - 'M2_HOME' - 'ANDROID_HOME' - 'ANDROID_SDK_ROOT' - 'GRADLE_HOME' - 'NVM_BIN' - 'NVM_PATH' - 'LD_LIBRARY_PATH' - 'PERL5LIB' - ) - -envContents="" - -if [ -f ".env" ]; then - envContents=`cat .env` -else - touch .env -fi - -function writeVar() -{ - checkVar="$1" - checkDelim="${1}=" - if test "${envContents#*$checkDelim}" = "$envContents" - then - if [ ! -z "${!checkVar}" ]; then - echo "${checkVar}=${!checkVar}">>.env - fi - fi -} - -echo $PATH>.path - -for var_name in ${varCheckList[@]} -do - writeVar "${var_name}" -done diff --git a/image-pipeline-ansible-playbooks/run-helper.cmd.template b/image-pipeline-ansible-playbooks/run-helper.cmd.template deleted file mode 100644 index 23e4246..0000000 --- a/image-pipeline-ansible-playbooks/run-helper.cmd.template +++ /dev/null @@ -1,53 +0,0 @@ -@echo off -SET UPDATEFILE=update.finished -"%~dp0\bin\Runner.Listener.exe" run %* - -rem using `if %ERRORLEVEL% EQU N` insterad of `if ERRORLEVEL N` -rem `if ERRORLEVEL N` means: error level is N or MORE - -if %ERRORLEVEL% EQU 0 ( - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 1 ( - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 2 ( - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - ping 127.0.0.1 -n 6 -w 1000 >NUL - exit /b 1 -) - -if %ERRORLEVEL% EQU 3 ( - rem Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -if %ERRORLEVEL% EQU 4 ( - rem Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -echo "Exiting after unknown error code: %ERRORLEVEL%" -exit /b 0 \ No newline at end of file diff --git a/image-pipeline-ansible-playbooks/run-helper.sh b/image-pipeline-ansible-playbooks/run-helper.sh deleted file mode 100755 index 743fd8b..0000000 --- a/image-pipeline-ansible-playbooks/run-helper.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/image-pipeline-ansible-playbooks/run-helper.sh.template b/image-pipeline-ansible-playbooks/run-helper.sh.template deleted file mode 100755 index 743fd8b..0000000 --- a/image-pipeline-ansible-playbooks/run-helper.sh.template +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/image-pipeline-ansible-playbooks/run.sh b/image-pipeline-ansible-playbooks/run.sh deleted file mode 100755 index 6b02ea1..0000000 --- a/image-pipeline-ansible-playbooks/run.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -run() { - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - exit 0 - fi - done -} - -runWithManualTrap() { - # Set job control - set -m - - trap 'kill -INT -$PID' INT TERM - - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* & - PID=$! - wait -f $PID - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - # Unregister signal handling before exit - trap - INT TERM - # wait for last parts to be logged - wait $PID - exit $returnCode - fi - done -} - -function updateCerts() { - local sudo_prefix="" - local user_id=`id -u` - - if [ $user_id -ne 0 ]; then - if [[ ! -x "$(command -v sudo)" ]]; then - echo "Warning: failed to update certificate store: sudo is required but not found" - return 1 - else - sudo_prefix="sudo" - fi - fi - - if [[ -x "$(command -v update-ca-certificates)" ]]; then - eval $sudo_prefix "update-ca-certificates" - elif [[ -x "$(command -v update-ca-trust)" ]]; then - eval $sudo_prefix "update-ca-trust" - else - echo "Warning: failed to update certificate store: update-ca-certificates or update-ca-trust not found. This can happen if you're using a different runner base image." - return 1 - fi -} - -if [[ ! -z "$RUNNER_UPDATE_CA_CERTS" ]]; then - updateCerts -fi - -if [[ -z "$RUNNER_MANUALLY_TRAP_SIG" ]]; then - run $* -else - runWithManualTrap $* -fi \ No newline at end of file diff --git a/image-pipeline-ansible-playbooks/safe_sleep.sh b/image-pipeline-ansible-playbooks/safe_sleep.sh deleted file mode 100755 index 7ba5be3..0000000 --- a/image-pipeline-ansible-playbooks/safe_sleep.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -SECONDS=0 -while [[ $SECONDS != $1 ]]; do - : -done diff --git a/image-pipeline-ansible-playbooks/svc.sh b/image-pipeline-ansible-playbooks/svc.sh deleted file mode 100755 index 2b1ef58..0000000 --- a/image-pipeline-ansible-playbooks/svc.sh +++ /dev/null @@ -1,179 +0,0 @@ -#!/bin/bash - -SVC_NAME="actions.runner._services.image-pipeline-ansible-playbooks.service" -SVC_NAME=${SVC_NAME// /_} -SVC_DESCRIPTION="GitHub Actions Runner (_services.image-pipeline-ansible-playbooks)" - -SVC_CMD=$1 -arg_2=${2} - -RUNNER_ROOT=`pwd` - -UNIT_PATH=/etc/systemd/system/${SVC_NAME} -TEMPLATE_PATH=$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE -IS_CUSTOM_TEMPLATE=0 -if [[ -z $TEMPLATE_PATH ]]; then - TEMPLATE_PATH=./bin/actions.runner.service.template -else - IS_CUSTOM_TEMPLATE=1 -fi -TEMP_PATH=./bin/actions.runner.service.temp -CONFIG_PATH=.service - -user_id=`id -u` - -# systemctl must run as sudo -# this script is a convenience wrapper around systemctl -if [ $user_id -ne 0 ]; then - echo "Must run as sudo" - exit 1 -fi - -function failed() -{ - local error=${1:-Undefined error} - echo "Failed: $error" >&2 - exit 1 -} - -if [ ! -f "${TEMPLATE_PATH}" ]; then - if [[ $IS_CUSTOM_TEMPLATE = 0 ]]; then - failed "Must run from runner root or install is corrupt" - else - failed "Service file at '$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE' using GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE env variable is not found" - fi -fi - -#check if we run as root -if [[ $(id -u) != "0" ]]; then - echo "Failed: This script requires to run with sudo." >&2 - exit 1 -fi - -function install() -{ - echo "Creating launch runner in ${UNIT_PATH}" - if [ -f "${UNIT_PATH}" ]; then - failed "error: exists ${UNIT_PATH}" - fi - - if [ -f "${TEMP_PATH}" ]; then - rm "${TEMP_PATH}" || failed "failed to delete ${TEMP_PATH}" - fi - - # can optionally use username supplied - run_as_user=${arg_2:-$SUDO_USER} - echo "Run as user: ${run_as_user}" - - run_as_uid=$(id -u ${run_as_user}) || failed "User does not exist" - echo "Run as uid: ${run_as_uid}" - - run_as_gid=$(id -g ${run_as_user}) || failed "Group not available" - echo "gid: ${run_as_gid}" - - sed "s/{{User}}/${run_as_user}/g; s/{{Description}}/$(echo ${SVC_DESCRIPTION} | sed -e 's/[\/&]/\\&/g')/g; s/{{RunnerRoot}}/$(echo ${RUNNER_ROOT} | sed -e 's/[\/&]/\\&/g')/g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file" - mv "${TEMP_PATH}" "${UNIT_PATH}" || failed "failed to copy unit file" - - # Recent Fedora based Linux (CentOS/Redhat) has SELinux enabled by default - # We need to restore security context on the unit file we added otherwise SystemD have no access to it. - command -v getenforce > /dev/null - if [ $? -eq 0 ] - then - selinuxEnabled=$(getenforce) - if [[ $selinuxEnabled == "Enforcing" ]] - then - # SELinux is enabled, we will need to Restore SELinux Context for the service file - restorecon -r -v "${UNIT_PATH}" || failed "failed to restore SELinux context on ${UNIT_PATH}" - fi - fi - - # unit file should not be executable and world writable - chmod 664 "${UNIT_PATH}" || failed "failed to set permissions on ${UNIT_PATH}" - systemctl daemon-reload || failed "failed to reload daemons" - - # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user. - cp ./bin/runsvc.sh ./runsvc.sh || failed "failed to copy runsvc.sh" - chown ${run_as_uid}:${run_as_gid} ./runsvc.sh || failed "failed to set owner for runsvc.sh" - chmod 755 ./runsvc.sh || failed "failed to set permission for runsvc.sh" - - systemctl enable ${SVC_NAME} || failed "failed to enable ${SVC_NAME}" - - echo "${SVC_NAME}" > ${CONFIG_PATH} || failed "failed to create .service file" - chown ${run_as_uid}:${run_as_gid} ${CONFIG_PATH} || failed "failed to set permission for ${CONFIG_PATH}" -} - -function start() -{ - systemctl start ${SVC_NAME} || failed "failed to start ${SVC_NAME}" - status -} - -function stop() -{ - systemctl stop ${SVC_NAME} || failed "failed to stop ${SVC_NAME}" - status -} - -function uninstall() -{ - if service_exists; then - stop - systemctl disable ${SVC_NAME} || failed "failed to disable ${SVC_NAME}" - rm "${UNIT_PATH}" || failed "failed to delete ${UNIT_PATH}" - else - echo "Service ${SVC_NAME} is not installed" - fi - if [ -f "${CONFIG_PATH}" ]; then - rm "${CONFIG_PATH}" || failed "failed to delete ${CONFIG_PATH}" - fi - systemctl daemon-reload || failed "failed to reload daemons" -} - -function service_exists() { - if [ -f "${UNIT_PATH}" ]; then - return 0 - else - return 1 - fi -} - -function status() -{ - if service_exists; then - echo - echo "${UNIT_PATH}" - else - echo - echo "not installed" - echo - exit 1 - fi - - systemctl --no-pager status ${SVC_NAME} -} - -function usage() -{ - echo - echo Usage: - echo "./svc.sh [install, start, stop, status, uninstall]" - echo "Commands:" - echo " install [user]: Install runner service as Root or specified user." - echo " start: Manually start the runner service." - echo " stop: Manually stop the runner service." - echo " status: Display status of runner service." - echo " uninstall: Uninstall runner service." - echo -} - -case $SVC_CMD in - "install") install;; - "status") status;; - "uninstall") uninstall;; - "start") start;; - "stop") stop;; - "status") status;; - *) usage;; -esac - -exit 0 diff --git a/image-pipeline-goss-testing/config.sh b/image-pipeline-goss-testing/config.sh deleted file mode 100755 index 14cc6ba..0000000 --- a/image-pipeline-goss-testing/config.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -user_id=`id -u` - -# we want to snapshot the environment of the config user -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run with sudo" - exit 1 -fi - -# Check dotnet Core 6.0 dependencies for Linux -if [[ (`uname` == "Linux") ]] -then - command -v ldd > /dev/null - if [ $? -ne 0 ] - then - echo "Can not find 'ldd'. Please install 'ldd' and try again." - exit 1 - fi - - message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies." - - ldd ./bin/libcoreclr.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - if ! [ -x "$(command -v ldconfig)" ]; then - LDCONFIG_COMMAND="/sbin/ldconfig" - if ! [ -x "$LDCONFIG_COMMAND" ]; then - echo "Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again." - exit 1 - fi - else - LDCONFIG_COMMAND="ldconfig" - fi - - libpath=${LD_LIBRARY_PATH:-} - $LDCONFIG_COMMAND -NXv ${libpath//:/ } 2>&1 | grep libicu >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "Libicu's dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi -fi - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" -cd "$DIR" - -source ./env.sh - -shopt -s nocasematch -if [[ "$1" == "remove" ]]; then - ./bin/Runner.Listener "$@" -else - ./bin/Runner.Listener configure "$@" -fi diff --git a/image-pipeline-goss-testing/env.sh b/image-pipeline-goss-testing/env.sh deleted file mode 100755 index 641d244..0000000 --- a/image-pipeline-goss-testing/env.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -varCheckList=( - 'LANG' - 'JAVA_HOME' - 'ANT_HOME' - 'M2_HOME' - 'ANDROID_HOME' - 'ANDROID_SDK_ROOT' - 'GRADLE_HOME' - 'NVM_BIN' - 'NVM_PATH' - 'LD_LIBRARY_PATH' - 'PERL5LIB' - ) - -envContents="" - -if [ -f ".env" ]; then - envContents=`cat .env` -else - touch .env -fi - -function writeVar() -{ - checkVar="$1" - checkDelim="${1}=" - if test "${envContents#*$checkDelim}" = "$envContents" - then - if [ ! -z "${!checkVar}" ]; then - echo "${checkVar}=${!checkVar}">>.env - fi - fi -} - -echo $PATH>.path - -for var_name in ${varCheckList[@]} -do - writeVar "${var_name}" -done diff --git a/image-pipeline-goss-testing/run-helper.cmd.template b/image-pipeline-goss-testing/run-helper.cmd.template deleted file mode 100644 index 23e4246..0000000 --- a/image-pipeline-goss-testing/run-helper.cmd.template +++ /dev/null @@ -1,53 +0,0 @@ -@echo off -SET UPDATEFILE=update.finished -"%~dp0\bin\Runner.Listener.exe" run %* - -rem using `if %ERRORLEVEL% EQU N` insterad of `if ERRORLEVEL N` -rem `if ERRORLEVEL N` means: error level is N or MORE - -if %ERRORLEVEL% EQU 0 ( - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 1 ( - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 2 ( - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - ping 127.0.0.1 -n 6 -w 1000 >NUL - exit /b 1 -) - -if %ERRORLEVEL% EQU 3 ( - rem Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -if %ERRORLEVEL% EQU 4 ( - rem Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -echo "Exiting after unknown error code: %ERRORLEVEL%" -exit /b 0 \ No newline at end of file diff --git a/image-pipeline-goss-testing/run-helper.sh b/image-pipeline-goss-testing/run-helper.sh deleted file mode 100755 index 743fd8b..0000000 --- a/image-pipeline-goss-testing/run-helper.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/image-pipeline-goss-testing/run-helper.sh.template b/image-pipeline-goss-testing/run-helper.sh.template deleted file mode 100755 index 743fd8b..0000000 --- a/image-pipeline-goss-testing/run-helper.sh.template +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/image-pipeline-goss-testing/run.sh b/image-pipeline-goss-testing/run.sh deleted file mode 100755 index 6b02ea1..0000000 --- a/image-pipeline-goss-testing/run.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -run() { - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - exit 0 - fi - done -} - -runWithManualTrap() { - # Set job control - set -m - - trap 'kill -INT -$PID' INT TERM - - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* & - PID=$! - wait -f $PID - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - # Unregister signal handling before exit - trap - INT TERM - # wait for last parts to be logged - wait $PID - exit $returnCode - fi - done -} - -function updateCerts() { - local sudo_prefix="" - local user_id=`id -u` - - if [ $user_id -ne 0 ]; then - if [[ ! -x "$(command -v sudo)" ]]; then - echo "Warning: failed to update certificate store: sudo is required but not found" - return 1 - else - sudo_prefix="sudo" - fi - fi - - if [[ -x "$(command -v update-ca-certificates)" ]]; then - eval $sudo_prefix "update-ca-certificates" - elif [[ -x "$(command -v update-ca-trust)" ]]; then - eval $sudo_prefix "update-ca-trust" - else - echo "Warning: failed to update certificate store: update-ca-certificates or update-ca-trust not found. This can happen if you're using a different runner base image." - return 1 - fi -} - -if [[ ! -z "$RUNNER_UPDATE_CA_CERTS" ]]; then - updateCerts -fi - -if [[ -z "$RUNNER_MANUALLY_TRAP_SIG" ]]; then - run $* -else - runWithManualTrap $* -fi \ No newline at end of file diff --git a/image-pipeline-goss-testing/safe_sleep.sh b/image-pipeline-goss-testing/safe_sleep.sh deleted file mode 100755 index 7ba5be3..0000000 --- a/image-pipeline-goss-testing/safe_sleep.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -SECONDS=0 -while [[ $SECONDS != $1 ]]; do - : -done diff --git a/image-pipeline-goss-testing/svc.sh b/image-pipeline-goss-testing/svc.sh deleted file mode 100755 index d59eee2..0000000 --- a/image-pipeline-goss-testing/svc.sh +++ /dev/null @@ -1,179 +0,0 @@ -#!/bin/bash - -SVC_NAME="actions.runner._services.image-pipeline-goss-testing.service" -SVC_NAME=${SVC_NAME// /_} -SVC_DESCRIPTION="GitHub Actions Runner (_services.image-pipeline-goss-testing)" - -SVC_CMD=$1 -arg_2=${2} - -RUNNER_ROOT=`pwd` - -UNIT_PATH=/etc/systemd/system/${SVC_NAME} -TEMPLATE_PATH=$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE -IS_CUSTOM_TEMPLATE=0 -if [[ -z $TEMPLATE_PATH ]]; then - TEMPLATE_PATH=./bin/actions.runner.service.template -else - IS_CUSTOM_TEMPLATE=1 -fi -TEMP_PATH=./bin/actions.runner.service.temp -CONFIG_PATH=.service - -user_id=`id -u` - -# systemctl must run as sudo -# this script is a convenience wrapper around systemctl -if [ $user_id -ne 0 ]; then - echo "Must run as sudo" - exit 1 -fi - -function failed() -{ - local error=${1:-Undefined error} - echo "Failed: $error" >&2 - exit 1 -} - -if [ ! -f "${TEMPLATE_PATH}" ]; then - if [[ $IS_CUSTOM_TEMPLATE = 0 ]]; then - failed "Must run from runner root or install is corrupt" - else - failed "Service file at '$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE' using GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE env variable is not found" - fi -fi - -#check if we run as root -if [[ $(id -u) != "0" ]]; then - echo "Failed: This script requires to run with sudo." >&2 - exit 1 -fi - -function install() -{ - echo "Creating launch runner in ${UNIT_PATH}" - if [ -f "${UNIT_PATH}" ]; then - failed "error: exists ${UNIT_PATH}" - fi - - if [ -f "${TEMP_PATH}" ]; then - rm "${TEMP_PATH}" || failed "failed to delete ${TEMP_PATH}" - fi - - # can optionally use username supplied - run_as_user=${arg_2:-$SUDO_USER} - echo "Run as user: ${run_as_user}" - - run_as_uid=$(id -u ${run_as_user}) || failed "User does not exist" - echo "Run as uid: ${run_as_uid}" - - run_as_gid=$(id -g ${run_as_user}) || failed "Group not available" - echo "gid: ${run_as_gid}" - - sed "s/{{User}}/${run_as_user}/g; s/{{Description}}/$(echo ${SVC_DESCRIPTION} | sed -e 's/[\/&]/\\&/g')/g; s/{{RunnerRoot}}/$(echo ${RUNNER_ROOT} | sed -e 's/[\/&]/\\&/g')/g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file" - mv "${TEMP_PATH}" "${UNIT_PATH}" || failed "failed to copy unit file" - - # Recent Fedora based Linux (CentOS/Redhat) has SELinux enabled by default - # We need to restore security context on the unit file we added otherwise SystemD have no access to it. - command -v getenforce > /dev/null - if [ $? -eq 0 ] - then - selinuxEnabled=$(getenforce) - if [[ $selinuxEnabled == "Enforcing" ]] - then - # SELinux is enabled, we will need to Restore SELinux Context for the service file - restorecon -r -v "${UNIT_PATH}" || failed "failed to restore SELinux context on ${UNIT_PATH}" - fi - fi - - # unit file should not be executable and world writable - chmod 664 "${UNIT_PATH}" || failed "failed to set permissions on ${UNIT_PATH}" - systemctl daemon-reload || failed "failed to reload daemons" - - # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user. - cp ./bin/runsvc.sh ./runsvc.sh || failed "failed to copy runsvc.sh" - chown ${run_as_uid}:${run_as_gid} ./runsvc.sh || failed "failed to set owner for runsvc.sh" - chmod 755 ./runsvc.sh || failed "failed to set permission for runsvc.sh" - - systemctl enable ${SVC_NAME} || failed "failed to enable ${SVC_NAME}" - - echo "${SVC_NAME}" > ${CONFIG_PATH} || failed "failed to create .service file" - chown ${run_as_uid}:${run_as_gid} ${CONFIG_PATH} || failed "failed to set permission for ${CONFIG_PATH}" -} - -function start() -{ - systemctl start ${SVC_NAME} || failed "failed to start ${SVC_NAME}" - status -} - -function stop() -{ - systemctl stop ${SVC_NAME} || failed "failed to stop ${SVC_NAME}" - status -} - -function uninstall() -{ - if service_exists; then - stop - systemctl disable ${SVC_NAME} || failed "failed to disable ${SVC_NAME}" - rm "${UNIT_PATH}" || failed "failed to delete ${UNIT_PATH}" - else - echo "Service ${SVC_NAME} is not installed" - fi - if [ -f "${CONFIG_PATH}" ]; then - rm "${CONFIG_PATH}" || failed "failed to delete ${CONFIG_PATH}" - fi - systemctl daemon-reload || failed "failed to reload daemons" -} - -function service_exists() { - if [ -f "${UNIT_PATH}" ]; then - return 0 - else - return 1 - fi -} - -function status() -{ - if service_exists; then - echo - echo "${UNIT_PATH}" - else - echo - echo "not installed" - echo - exit 1 - fi - - systemctl --no-pager status ${SVC_NAME} -} - -function usage() -{ - echo - echo Usage: - echo "./svc.sh [install, start, stop, status, uninstall]" - echo "Commands:" - echo " install [user]: Install runner service as Root or specified user." - echo " start: Manually start the runner service." - echo " stop: Manually stop the runner service." - echo " status: Display status of runner service." - echo " uninstall: Uninstall runner service." - echo -} - -case $SVC_CMD in - "install") install;; - "status") status;; - "uninstall") uninstall;; - "start") start;; - "stop") stop;; - "status") status;; - *) usage;; -esac - -exit 0 diff --git a/linux-image-pipeline/config.sh b/linux-image-pipeline/config.sh deleted file mode 100755 index 14cc6ba..0000000 --- a/linux-image-pipeline/config.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -user_id=`id -u` - -# we want to snapshot the environment of the config user -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run with sudo" - exit 1 -fi - -# Check dotnet Core 6.0 dependencies for Linux -if [[ (`uname` == "Linux") ]] -then - command -v ldd > /dev/null - if [ $? -ne 0 ] - then - echo "Can not find 'ldd'. Please install 'ldd' and try again." - exit 1 - fi - - message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies." - - ldd ./bin/libcoreclr.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - if ! [ -x "$(command -v ldconfig)" ]; then - LDCONFIG_COMMAND="/sbin/ldconfig" - if ! [ -x "$LDCONFIG_COMMAND" ]; then - echo "Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again." - exit 1 - fi - else - LDCONFIG_COMMAND="ldconfig" - fi - - libpath=${LD_LIBRARY_PATH:-} - $LDCONFIG_COMMAND -NXv ${libpath//:/ } 2>&1 | grep libicu >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "Libicu's dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi -fi - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" -cd "$DIR" - -source ./env.sh - -shopt -s nocasematch -if [[ "$1" == "remove" ]]; then - ./bin/Runner.Listener "$@" -else - ./bin/Runner.Listener configure "$@" -fi diff --git a/linux-image-pipeline/env.sh b/linux-image-pipeline/env.sh deleted file mode 100755 index 641d244..0000000 --- a/linux-image-pipeline/env.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -varCheckList=( - 'LANG' - 'JAVA_HOME' - 'ANT_HOME' - 'M2_HOME' - 'ANDROID_HOME' - 'ANDROID_SDK_ROOT' - 'GRADLE_HOME' - 'NVM_BIN' - 'NVM_PATH' - 'LD_LIBRARY_PATH' - 'PERL5LIB' - ) - -envContents="" - -if [ -f ".env" ]; then - envContents=`cat .env` -else - touch .env -fi - -function writeVar() -{ - checkVar="$1" - checkDelim="${1}=" - if test "${envContents#*$checkDelim}" = "$envContents" - then - if [ ! -z "${!checkVar}" ]; then - echo "${checkVar}=${!checkVar}">>.env - fi - fi -} - -echo $PATH>.path - -for var_name in ${varCheckList[@]} -do - writeVar "${var_name}" -done diff --git a/linux-image-pipeline/run-helper.cmd.template b/linux-image-pipeline/run-helper.cmd.template deleted file mode 100644 index 23e4246..0000000 --- a/linux-image-pipeline/run-helper.cmd.template +++ /dev/null @@ -1,53 +0,0 @@ -@echo off -SET UPDATEFILE=update.finished -"%~dp0\bin\Runner.Listener.exe" run %* - -rem using `if %ERRORLEVEL% EQU N` insterad of `if ERRORLEVEL N` -rem `if ERRORLEVEL N` means: error level is N or MORE - -if %ERRORLEVEL% EQU 0 ( - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 1 ( - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 2 ( - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - ping 127.0.0.1 -n 6 -w 1000 >NUL - exit /b 1 -) - -if %ERRORLEVEL% EQU 3 ( - rem Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -if %ERRORLEVEL% EQU 4 ( - rem Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -echo "Exiting after unknown error code: %ERRORLEVEL%" -exit /b 0 \ No newline at end of file diff --git a/linux-image-pipeline/run-helper.sh b/linux-image-pipeline/run-helper.sh deleted file mode 100755 index 743fd8b..0000000 --- a/linux-image-pipeline/run-helper.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/linux-image-pipeline/run-helper.sh.template b/linux-image-pipeline/run-helper.sh.template deleted file mode 100755 index 743fd8b..0000000 --- a/linux-image-pipeline/run-helper.sh.template +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/linux-image-pipeline/run.sh b/linux-image-pipeline/run.sh deleted file mode 100755 index 6b02ea1..0000000 --- a/linux-image-pipeline/run.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -run() { - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - exit 0 - fi - done -} - -runWithManualTrap() { - # Set job control - set -m - - trap 'kill -INT -$PID' INT TERM - - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* & - PID=$! - wait -f $PID - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - # Unregister signal handling before exit - trap - INT TERM - # wait for last parts to be logged - wait $PID - exit $returnCode - fi - done -} - -function updateCerts() { - local sudo_prefix="" - local user_id=`id -u` - - if [ $user_id -ne 0 ]; then - if [[ ! -x "$(command -v sudo)" ]]; then - echo "Warning: failed to update certificate store: sudo is required but not found" - return 1 - else - sudo_prefix="sudo" - fi - fi - - if [[ -x "$(command -v update-ca-certificates)" ]]; then - eval $sudo_prefix "update-ca-certificates" - elif [[ -x "$(command -v update-ca-trust)" ]]; then - eval $sudo_prefix "update-ca-trust" - else - echo "Warning: failed to update certificate store: update-ca-certificates or update-ca-trust not found. This can happen if you're using a different runner base image." - return 1 - fi -} - -if [[ ! -z "$RUNNER_UPDATE_CA_CERTS" ]]; then - updateCerts -fi - -if [[ -z "$RUNNER_MANUALLY_TRAP_SIG" ]]; then - run $* -else - runWithManualTrap $* -fi \ No newline at end of file diff --git a/linux-image-pipeline/safe_sleep.sh b/linux-image-pipeline/safe_sleep.sh deleted file mode 100755 index 7ba5be3..0000000 --- a/linux-image-pipeline/safe_sleep.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -SECONDS=0 -while [[ $SECONDS != $1 ]]; do - : -done diff --git a/linux-image-pipeline/svc.sh b/linux-image-pipeline/svc.sh deleted file mode 100755 index 436ea05..0000000 --- a/linux-image-pipeline/svc.sh +++ /dev/null @@ -1,179 +0,0 @@ -#!/bin/bash - -SVC_NAME="actions.runner._services.linux-image-pipeline.service" -SVC_NAME=${SVC_NAME// /_} -SVC_DESCRIPTION="GitHub Actions Runner (_services.linux-image-pipeline)" - -SVC_CMD=$1 -arg_2=${2} - -RUNNER_ROOT=`pwd` - -UNIT_PATH=/etc/systemd/system/${SVC_NAME} -TEMPLATE_PATH=$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE -IS_CUSTOM_TEMPLATE=0 -if [[ -z $TEMPLATE_PATH ]]; then - TEMPLATE_PATH=./bin/actions.runner.service.template -else - IS_CUSTOM_TEMPLATE=1 -fi -TEMP_PATH=./bin/actions.runner.service.temp -CONFIG_PATH=.service - -user_id=`id -u` - -# systemctl must run as sudo -# this script is a convenience wrapper around systemctl -if [ $user_id -ne 0 ]; then - echo "Must run as sudo" - exit 1 -fi - -function failed() -{ - local error=${1:-Undefined error} - echo "Failed: $error" >&2 - exit 1 -} - -if [ ! -f "${TEMPLATE_PATH}" ]; then - if [[ $IS_CUSTOM_TEMPLATE = 0 ]]; then - failed "Must run from runner root or install is corrupt" - else - failed "Service file at '$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE' using GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE env variable is not found" - fi -fi - -#check if we run as root -if [[ $(id -u) != "0" ]]; then - echo "Failed: This script requires to run with sudo." >&2 - exit 1 -fi - -function install() -{ - echo "Creating launch runner in ${UNIT_PATH}" - if [ -f "${UNIT_PATH}" ]; then - failed "error: exists ${UNIT_PATH}" - fi - - if [ -f "${TEMP_PATH}" ]; then - rm "${TEMP_PATH}" || failed "failed to delete ${TEMP_PATH}" - fi - - # can optionally use username supplied - run_as_user=${arg_2:-$SUDO_USER} - echo "Run as user: ${run_as_user}" - - run_as_uid=$(id -u ${run_as_user}) || failed "User does not exist" - echo "Run as uid: ${run_as_uid}" - - run_as_gid=$(id -g ${run_as_user}) || failed "Group not available" - echo "gid: ${run_as_gid}" - - sed "s/{{User}}/${run_as_user}/g; s/{{Description}}/$(echo ${SVC_DESCRIPTION} | sed -e 's/[\/&]/\\&/g')/g; s/{{RunnerRoot}}/$(echo ${RUNNER_ROOT} | sed -e 's/[\/&]/\\&/g')/g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file" - mv "${TEMP_PATH}" "${UNIT_PATH}" || failed "failed to copy unit file" - - # Recent Fedora based Linux (CentOS/Redhat) has SELinux enabled by default - # We need to restore security context on the unit file we added otherwise SystemD have no access to it. - command -v getenforce > /dev/null - if [ $? -eq 0 ] - then - selinuxEnabled=$(getenforce) - if [[ $selinuxEnabled == "Enforcing" ]] - then - # SELinux is enabled, we will need to Restore SELinux Context for the service file - restorecon -r -v "${UNIT_PATH}" || failed "failed to restore SELinux context on ${UNIT_PATH}" - fi - fi - - # unit file should not be executable and world writable - chmod 664 "${UNIT_PATH}" || failed "failed to set permissions on ${UNIT_PATH}" - systemctl daemon-reload || failed "failed to reload daemons" - - # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user. - cp ./bin/runsvc.sh ./runsvc.sh || failed "failed to copy runsvc.sh" - chown ${run_as_uid}:${run_as_gid} ./runsvc.sh || failed "failed to set owner for runsvc.sh" - chmod 755 ./runsvc.sh || failed "failed to set permission for runsvc.sh" - - systemctl enable ${SVC_NAME} || failed "failed to enable ${SVC_NAME}" - - echo "${SVC_NAME}" > ${CONFIG_PATH} || failed "failed to create .service file" - chown ${run_as_uid}:${run_as_gid} ${CONFIG_PATH} || failed "failed to set permission for ${CONFIG_PATH}" -} - -function start() -{ - systemctl start ${SVC_NAME} || failed "failed to start ${SVC_NAME}" - status -} - -function stop() -{ - systemctl stop ${SVC_NAME} || failed "failed to stop ${SVC_NAME}" - status -} - -function uninstall() -{ - if service_exists; then - stop - systemctl disable ${SVC_NAME} || failed "failed to disable ${SVC_NAME}" - rm "${UNIT_PATH}" || failed "failed to delete ${UNIT_PATH}" - else - echo "Service ${SVC_NAME} is not installed" - fi - if [ -f "${CONFIG_PATH}" ]; then - rm "${CONFIG_PATH}" || failed "failed to delete ${CONFIG_PATH}" - fi - systemctl daemon-reload || failed "failed to reload daemons" -} - -function service_exists() { - if [ -f "${UNIT_PATH}" ]; then - return 0 - else - return 1 - fi -} - -function status() -{ - if service_exists; then - echo - echo "${UNIT_PATH}" - else - echo - echo "not installed" - echo - exit 1 - fi - - systemctl --no-pager status ${SVC_NAME} -} - -function usage() -{ - echo - echo Usage: - echo "./svc.sh [install, start, stop, status, uninstall]" - echo "Commands:" - echo " install [user]: Install runner service as Root or specified user." - echo " start: Manually start the runner service." - echo " stop: Manually stop the runner service." - echo " status: Display status of runner service." - echo " uninstall: Uninstall runner service." - echo -} - -case $SVC_CMD in - "install") install;; - "status") status;; - "uninstall") uninstall;; - "start") start;; - "stop") stop;; - "status") status;; - *) usage;; -esac - -exit 0 diff --git a/main.tf b/main.tf index be2bbb0..89214de 100644 --- a/main.tf +++ b/main.tf @@ -17,15 +17,15 @@ locals { local.workspace_repos ) secrets = [ - "AWS_SECRET_ACCESS_KEY", - "AWS_SESSION_TOKEN", - "AWS_ACCESS_KEY_ID", - "GITHUB_TOKEN" + #"AWS_SECRET_ACCESS_KEY", + #"AWS_SESSION_TOKEN", + #"AWS_ACCESS_KEY_ID", + #"GITHUB_TOKEN" ] } -resource "aws_ecs_cluster" "github-runner" { - name = var.ecs_cluster_name +data "aws_ecs_cluster" "github-runner" { + cluster_name = var.ecs_cluster_name } data "aws_caller_identity" "current" {} @@ -50,7 +50,7 @@ resource "aws_vpc_endpoint" "ecr" { } resource "aws_ecs_cluster_capacity_providers" "fargate" { - cluster_name = aws_ecs_cluster.github-runner.name + cluster_name = data.aws_ecs_cluster.github-runner.cluster_name capacity_providers = ["FARGATE"] @@ -72,7 +72,7 @@ locals { module "github-runner" { for_each = toset([for repo in local.all_repos : repo]) source = "HappyPathway/github-runner/ecs" - ecs_cluster = aws_ecs_cluster.github-runner.name + ecs_cluster = data.aws_ecs_cluster.github-runner.cluster_name hostname = each.value image = "229685449397.dkr.ecr.us-gov-west-1.amazonaws.com/docker-image-pipeline/${var.image_name}:${var.image_version}" repo_org = var.repo_org @@ -95,9 +95,6 @@ module "github-runner" { assign_public_ip = var.assign_public_ip } tag = "github-runner" - depends_on = [ - aws_ecs_cluster.github-runner - ] } module "env_var" { @@ -106,24 +103,23 @@ module "env_var" { env_var = each.value } -module "repo_secrets" { - source = "HappyPathway/vars/repo" - for_each = toset(local.all_repos) - repo = { - name = each.value - } - secrets = [ - for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] : - { - name = replace(secret, "GITHUB", "GH") - value = lookup(module.env_var, secret).value - } - ] - vars = [ - { - name = "AWS_ACCESS_KEY_ID" - value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value - } - ] - -} +#module "repo_secrets" { +# source = "HappyPathway/vars/repo" +# for_each = toset(local.all_repos) +# repo = { +# name = each.value +# } +# secrets = [ +# for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] : +# { +# name = replace(secret, "GITHUB", "GH") +# value = lookup(module.env_var, secret).value +# } +# ] +# vars = [ +# { +# name = "AWS_ACCESS_KEY_ID" +# value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value +# } +# ] +#} diff --git a/supervisor/automation-repos.conf b/supervisor/automation-repos.conf deleted file mode 100755 index 25d3fff..0000000 --- a/supervisor/automation-repos.conf +++ /dev/null @@ -1,16 +0,0 @@ -[program:automation-repos] -directory=/apps/terraform/workspaces/arnol377/git/ghe-runner/automation-repos ; directory to cwd to before exec (def no cwd) -command=/apps/terraform/workspaces/arnol377/git/ghe-runner/automation-repos/run.sh -;numprocs=1 ; number of processes copies to start (def 1) -autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -startretries=3 ; max # of serial start failures when starting (default 3) -autorestart=false -stdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/automation-repos/runner.log ; stdout log path, NONE for none; default AUTO -stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) -stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -stderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/automation-repos/runner_error.log ; stderr log path, NONE for none; default AUTO -stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) -stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) diff --git a/supervisor/aws-image-pipeline.conf b/supervisor/aws-image-pipeline.conf deleted file mode 100755 index 899a710..0000000 --- a/supervisor/aws-image-pipeline.conf +++ /dev/null @@ -1,16 +0,0 @@ -[program:aws-image-pipeline] -directory=/apps/terraform/workspaces/arnol377/git/ghe-runner/aws-image-pipeline ; directory to cwd to before exec (def no cwd) -command=/apps/terraform/workspaces/arnol377/git/ghe-runner/aws-image-pipeline/run.sh -;numprocs=1 ; number of processes copies to start (def 1) -autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -startretries=3 ; max # of serial start failures when starting (default 3) -autorestart=false -stdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/aws-image-pipeline/runner.log ; stdout log path, NONE for none; default AUTO -stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) -stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -stderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/aws-image-pipeline/runner_error.log ; stderr log path, NONE for none; default AUTO -stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) -stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) diff --git a/supervisor/docker-image-pipeline.conf b/supervisor/docker-image-pipeline.conf deleted file mode 100755 index df173bb..0000000 --- a/supervisor/docker-image-pipeline.conf +++ /dev/null @@ -1,16 +0,0 @@ -[program:docker-image-pipeline] -directory=/apps/terraform/workspaces/arnol377/git/ghe-runner/docker-image-pipeline ; directory to cwd to before exec (def no cwd) -command=/apps/terraform/workspaces/arnol377/git/ghe-runner/docker-image-pipeline/run.sh -;numprocs=1 ; number of processes copies to start (def 1) -autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -startretries=3 ; max # of serial start failures when starting (default 3) -autorestart=false -stdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/docker-image-pipeline/runner.log ; stdout log path, NONE for none; default AUTO -stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) -stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -stderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/docker-image-pipeline/runner_error.log ; stderr log path, NONE for none; default AUTO -stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) -stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) diff --git a/supervisor/ghe-runners.conf b/supervisor/ghe-runners.conf deleted file mode 100755 index 1de6323..0000000 --- a/supervisor/ghe-runners.conf +++ /dev/null @@ -1,16 +0,0 @@ -[program:ghe-runners] -directory=/apps/terraform/workspaces/arnol377/git/ghe-runner/ghe-runners ; directory to cwd to before exec (def no cwd) -command=/apps/terraform/workspaces/arnol377/git/ghe-runner/ghe-runners/run.sh -;numprocs=1 ; number of processes copies to start (def 1) -autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -startretries=3 ; max # of serial start failures when starting (default 3) -autorestart=false -stdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/ghe-runners/runner.log ; stdout log path, NONE for none; default AUTO -stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) -stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -stderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/ghe-runners/runner_error.log ; stderr log path, NONE for none; default AUTO -stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) -stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) diff --git a/supervisor/image-pipeline-ansible-playbooks.conf b/supervisor/image-pipeline-ansible-playbooks.conf deleted file mode 100755 index 0aba901..0000000 --- a/supervisor/image-pipeline-ansible-playbooks.conf +++ /dev/null @@ -1,16 +0,0 @@ -[program:image-pipeline-ansible-playbooks] -directory=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-ansible-playbooks ; directory to cwd to before exec (def no cwd) -command=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-ansible-playbooks/run.sh -;numprocs=1 ; number of processes copies to start (def 1) -autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -startretries=3 ; max # of serial start failures when starting (default 3) -autorestart=false -stdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-ansible-playbooks/runner.log ; stdout log path, NONE for none; default AUTO -stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) -stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -stderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-ansible-playbooks/runner_error.log ; stderr log path, NONE for none; default AUTO -stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) -stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) diff --git a/supervisor/image-pipeline-goss-testing.conf b/supervisor/image-pipeline-goss-testing.conf deleted file mode 100755 index dd9d1e1..0000000 --- a/supervisor/image-pipeline-goss-testing.conf +++ /dev/null @@ -1,16 +0,0 @@ -[program:image-pipeline-goss-testing] -directory=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-goss-testing ; directory to cwd to before exec (def no cwd) -command=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-goss-testing/run.sh -;numprocs=1 ; number of processes copies to start (def 1) -autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -startretries=3 ; max # of serial start failures when starting (default 3) -autorestart=false -stdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-goss-testing/runner.log ; stdout log path, NONE for none; default AUTO -stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) -stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -stderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-goss-testing/runner_error.log ; stderr log path, NONE for none; default AUTO -stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) -stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) diff --git a/supervisor/linux-image-pipeline.conf b/supervisor/linux-image-pipeline.conf deleted file mode 100755 index 2c96555..0000000 --- a/supervisor/linux-image-pipeline.conf +++ /dev/null @@ -1,16 +0,0 @@ -[program:linux-image-pipeline] -directory=/apps/terraform/workspaces/arnol377/git/ghe-runner/linux-image-pipeline ; directory to cwd to before exec (def no cwd) -command=/apps/terraform/workspaces/arnol377/git/ghe-runner/linux-image-pipeline/run.sh -;numprocs=1 ; number of processes copies to start (def 1) -autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -startretries=3 ; max # of serial start failures when starting (default 3) -autorestart=false -stdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/linux-image-pipeline/runner.log ; stdout log path, NONE for none; default AUTO -stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) -stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -stderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/linux-image-pipeline/runner_error.log ; stderr log path, NONE for none; default AUTO -stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) -stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) diff --git a/supervisor/windows-image-pipeline.conf b/supervisor/windows-image-pipeline.conf deleted file mode 100755 index ecdb0e2..0000000 --- a/supervisor/windows-image-pipeline.conf +++ /dev/null @@ -1,16 +0,0 @@ -[program:windows-image-pipeline] -directory=/apps/terraform/workspaces/arnol377/git/ghe-runner/windows-image-pipeline ; directory to cwd to before exec (def no cwd) -command=/apps/terraform/workspaces/arnol377/git/ghe-runner/windows-image-pipeline/run.sh -;numprocs=1 ; number of processes copies to start (def 1) -autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -startretries=3 ; max # of serial start failures when starting (default 3) -autorestart=false -stdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/windows-image-pipeline/runner.log ; stdout log path, NONE for none; default AUTO -stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) -stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -stderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/windows-image-pipeline/runner_error.log ; stderr log path, NONE for none; default AUTO -stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) -stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) diff --git a/terraform.tfstate.backup b/terraform.tfstate.backup deleted file mode 100644 index 04bbc13..0000000 --- a/terraform.tfstate.backup +++ /dev/null @@ -1,2946 +0,0 @@ -{ - "version": 4, - "terraform_version": "1.9.4", - "serial": 672, - "lineage": "e78a4e10-cf81-43c7-3669-9d54a726a442", - "outputs": { - "secrets": { - "value": { - "AWS_ACCESS_KEY_ID": { - "set": true, - "value": "ASIATK6SR2K27JMKCZWF" - }, - "AWS_SECRET_ACCESS_KEY": { - "set": true, - "value": "etnJvcdI2du8loIBxfUfMhZSNofkkco7RAj/rvor" - }, - "AWS_SESSION_TOKEN": { - "set": true, - "value": "IQoJb3JpZ2luX2VjENH//////////wEaDXVzLWdvdi1lYXN0LTEiRzBFAiA1bXzDtUaBLN5c7y0DU79ZPwEM0E4X0+EsNEkZZmeYXwIhAISKrI7b1rCjPkzwjyBPMaSDzS3L4W4ty+od/ubhAojGKqADCO7//////////wEQABoMMjI5Njg1NDQ5Mzk3Igwmc2r9x6ZCLaA7/MEq9AIn8ArKVhts60a/S1MLFUyRP51IOkdolpyA7zc9S94I/unEmMFaFPiU7M1idu9dV6bXIUOM+gOiK+dAivKOPy9/OdqCnzA08RCbCpK15MPd+mb+jFNJizk6tU+ycyMtWrp7XeanqcQu64OWUi35zROZG2x/x7OAXv2jAMM4/NyAqg+PxM8coqkybWLNsjyb5SgD7PkXv0uj6vaXYzKuQGI3PRifAr6pwPe+PN7KX/P7A0PKWXKGBjKQTU+AMgJTcgyJLVleqfqlEwNr4eji+zbBn7zTOVVmwjMqPrYM4XuxEiNYyJTKpHAsk3j2KT//+Kmq51k1piaZa4t1IuHp5SGKHHKU0HXwDiKYtNXM6ayDrdUbp5TTCxWnrCklRiXVvAjOQ2PAcMEPIgOn1pNTbnmuMka965F/iQH4ccg8bjzSZrRN8qQfRtMxGh/1h9FfqcGrEWXQ5WtlT539I3G7gBclRCbn3owJfNvAY3cRkA6ZKlR86iMw/u/9tQY6pgFKYCO+WJ8W+csYeLNQEcWy2DMSUNEkO373V6iMwt8WZ6BjZbWbbYH/624tSxca6zvTN8GjkUIykgWgHagHsSQlHm4qDiDsPsEQvOGA3A6UA/q3x8s4n7VSMRDiSNDlCAPbnx12H3t6Zsga2RnfDAWZ5cdnFJPxwZTI2dLpOCUKkcOcSHNXCpB1mqGFAXEk+etEgInN2urj6+Gt4Ad38TCiLCJ16dB8" - }, - "GITHUB_TOKEN": { - "set": true, - "value": "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" - } - }, - "type": [ - "object", - { - "AWS_ACCESS_KEY_ID": [ - "object", - { - "set": "bool", - "value": "string" - } - ], - "AWS_SECRET_ACCESS_KEY": [ - "object", - { - "set": "bool", - "value": "string" - } - ], - "AWS_SESSION_TOKEN": [ - "object", - { - "set": "bool", - "value": "string" - } - ], - "GITHUB_TOKEN": [ - "object", - { - "set": "bool", - "value": "string" - } - ] - } - ] - } - }, - "resources": [ - { - "module": "module.env_var[\"AWS_ACCESS_KEY_ID\"]", - "mode": "data", - "type": "external", - "name": "var", - "provider": "provider[\"registry.terraform.io/hashicorp/external\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "-", - "program": [ - "python", - ".terraform/modules/env_var/env-var.py" - ], - "query": { - "nonce": "Y0C1xpRh1PYQNUE9", - "var": "AWS_ACCESS_KEY_ID" - }, - "result": { - "value": "ASIATK6SR2K27JMKCZWF", - "varset": "set" - }, - "working_dir": null - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.env_var[\"AWS_ACCESS_KEY_ID\"]", - "mode": "managed", - "type": "random_string", - "name": "random", - "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", - "instances": [ - { - "schema_version": 2, - "attributes": { - "id": "Y0C1xpRh1PYQNUE9", - "keepers": null, - "length": 16, - "lower": true, - "min_lower": 0, - "min_numeric": 0, - "min_special": 0, - "min_upper": 0, - "number": true, - "numeric": true, - "override_special": "/@£$", - "result": "Y0C1xpRh1PYQNUE9", - "special": true, - "upper": true - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.env_var[\"AWS_SECRET_ACCESS_KEY\"]", - "mode": "data", - "type": "external", - "name": "var", - "provider": "provider[\"registry.terraform.io/hashicorp/external\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "-", - "program": [ - "python", - ".terraform/modules/env_var/env-var.py" - ], - "query": { - "nonce": "ormbyBD�p9Uz6Xmu", - "var": "AWS_SECRET_ACCESS_KEY" - }, - "result": { - "value": "etnJvcdI2du8loIBxfUfMhZSNofkkco7RAj/rvor", - "varset": "set" - }, - "working_dir": null - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.env_var[\"AWS_SECRET_ACCESS_KEY\"]", - "mode": "managed", - "type": "random_string", - "name": "random", - "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", - "instances": [ - { - "schema_version": 2, - "attributes": { - "id": "ormbyBD�p9Uz6Xmu", - "keepers": null, - "length": 16, - "lower": true, - "min_lower": 0, - "min_numeric": 0, - "min_special": 0, - "min_upper": 0, - "number": true, - "numeric": true, - "override_special": "/@£$", - "result": "ormbyBD�p9Uz6Xmu", - "special": true, - "upper": true - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.env_var[\"AWS_SESSION_TOKEN\"]", - "mode": "data", - "type": "external", - "name": "var", - "provider": "provider[\"registry.terraform.io/hashicorp/external\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "-", - "program": [ - "python", - ".terraform/modules/env_var/env-var.py" - ], - "query": { - "nonce": "UyZS3NU1oQ4Z6W�a", - "var": "AWS_SESSION_TOKEN" - }, - "result": { - "value": "IQoJb3JpZ2luX2VjENH//////////wEaDXVzLWdvdi1lYXN0LTEiRzBFAiA1bXzDtUaBLN5c7y0DU79ZPwEM0E4X0+EsNEkZZmeYXwIhAISKrI7b1rCjPkzwjyBPMaSDzS3L4W4ty+od/ubhAojGKqADCO7//////////wEQABoMMjI5Njg1NDQ5Mzk3Igwmc2r9x6ZCLaA7/MEq9AIn8ArKVhts60a/S1MLFUyRP51IOkdolpyA7zc9S94I/unEmMFaFPiU7M1idu9dV6bXIUOM+gOiK+dAivKOPy9/OdqCnzA08RCbCpK15MPd+mb+jFNJizk6tU+ycyMtWrp7XeanqcQu64OWUi35zROZG2x/x7OAXv2jAMM4/NyAqg+PxM8coqkybWLNsjyb5SgD7PkXv0uj6vaXYzKuQGI3PRifAr6pwPe+PN7KX/P7A0PKWXKGBjKQTU+AMgJTcgyJLVleqfqlEwNr4eji+zbBn7zTOVVmwjMqPrYM4XuxEiNYyJTKpHAsk3j2KT//+Kmq51k1piaZa4t1IuHp5SGKHHKU0HXwDiKYtNXM6ayDrdUbp5TTCxWnrCklRiXVvAjOQ2PAcMEPIgOn1pNTbnmuMka965F/iQH4ccg8bjzSZrRN8qQfRtMxGh/1h9FfqcGrEWXQ5WtlT539I3G7gBclRCbn3owJfNvAY3cRkA6ZKlR86iMw/u/9tQY6pgFKYCO+WJ8W+csYeLNQEcWy2DMSUNEkO373V6iMwt8WZ6BjZbWbbYH/624tSxca6zvTN8GjkUIykgWgHagHsSQlHm4qDiDsPsEQvOGA3A6UA/q3x8s4n7VSMRDiSNDlCAPbnx12H3t6Zsga2RnfDAWZ5cdnFJPxwZTI2dLpOCUKkcOcSHNXCpB1mqGFAXEk+etEgInN2urj6+Gt4Ad38TCiLCJ16dB8", - "varset": "set" - }, - "working_dir": null - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.env_var[\"AWS_SESSION_TOKEN\"]", - "mode": "managed", - "type": "random_string", - "name": "random", - "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", - "instances": [ - { - "schema_version": 2, - "attributes": { - "id": "UyZS3NU1oQ4Z6W�a", - "keepers": null, - "length": 16, - "lower": true, - "min_lower": 0, - "min_numeric": 0, - "min_special": 0, - "min_upper": 0, - "number": true, - "numeric": true, - "override_special": "/@£$", - "result": "UyZS3NU1oQ4Z6W�a", - "special": true, - "upper": true - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.env_var[\"GITHUB_TOKEN\"]", - "mode": "data", - "type": "external", - "name": "var", - "provider": "provider[\"registry.terraform.io/hashicorp/external\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "-", - "program": [ - "python", - ".terraform/modules/env_var/env-var.py" - ], - "query": { - "nonce": "J8DJ8wCKnWpL�td9", - "var": "GITHUB_TOKEN" - }, - "result": { - "value": "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", - "varset": "set" - }, - "working_dir": null - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.env_var[\"GITHUB_TOKEN\"]", - "mode": "managed", - "type": "random_string", - "name": "random", - "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", - "instances": [ - { - "schema_version": 2, - "attributes": { - "id": "J8DJ8wCKnWpL�td9", - "keepers": null, - "length": 16, - "lower": true, - "min_lower": 0, - "min_numeric": 0, - "min_special": 0, - "min_upper": 0, - "number": true, - "numeric": true, - "override_special": "/@£$", - "result": "J8DJ8wCKnWpL�td9", - "special": true, - "upper": true - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.github_checkout", - "mode": "managed", - "type": "null_resource", - "name": "git_clone", - "provider": "provider[\"registry.terraform.io/hashicorp/null\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "8897704676140641730", - "triggers": null - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.github_checkout", - "mode": "managed", - "type": "null_resource", - "name": "git_clone_new_repo", - "provider": "provider[\"registry.terraform.io/hashicorp/null\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "6698714341156138565", - "triggers": null - }, - "sensitive_attributes": [], - "dependencies": [ - "module.github_checkout.module.internal_github_actions.data.github_organization_teams.root_teams", - "module.github_checkout.module.internal_github_actions.data.github_ref.ref", - "module.github_checkout.module.internal_github_actions.data.github_repository.template_repo", - "module.github_checkout.module.internal_github_actions.data.github_user.pull_request_bypassers", - "module.github_checkout.module.internal_github_actions.github_actions_secret.secret", - "module.github_checkout.module.internal_github_actions.github_actions_variable.variable", - "module.github_checkout.module.internal_github_actions.github_branch.branch", - "module.github_checkout.module.internal_github_actions.github_branch_default.default_main_branch", - "module.github_checkout.module.internal_github_actions.github_branch_protection.main", - "module.github_checkout.module.internal_github_actions.github_repository.repo", - "module.github_checkout.module.internal_github_actions.github_repository_collaborator.collaborators", - "module.github_checkout.module.internal_github_actions.github_repository_file.codeowners", - "module.github_checkout.module.internal_github_actions.github_repository_file.extra_files", - "module.github_checkout.module.internal_github_actions.github_repository_file.managed_extra_files", - "module.github_checkout.module.internal_github_actions.github_team_repository.admin", - "module.github_checkout.null_resource.git_clone" - ] - } - ] - }, - { - "module": "module.github_checkout.module.internal_github_actions", - "mode": "data", - "type": "github_organization_teams", - "name": "root_teams", - "provider": "provider[\"registry.terraform.io/integrations/github\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "id": "MDEyOk9yZ2FuaXphdGlvbjM1", - "results_per_page": 100, - "root_teams_only": false, - "summary_only": false, - "teams": [ - { - "description": "", - "id": 2, - "members": [ - "winge001", - "pinto005", - "garri325", - "tanyi001", - "desai018", - "sivil001" - ], - "name": "CSVD_Admins", - "node_id": "MDQ6VGVhbTI=", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [], - "slug": "csvd_admins" - }, - { - "description": "", - "id": 3, - "members": [ - "gogel001", - "lange309", - "dodd0306", - "onyek002", - "raybi001", - "cf-user", - "csvd-openshift", - "svc-ansible", - "garre343", - "schic001", - "garri325", - "carro356", - "davis323", - "mille441", - "harpe341", - "quatt008", - "akapo001", - "bell0402", - "agbo0001", - "zunig011", - "bouvi301", - "aravi001", - "niang001", - "shaik005", - "pazou001", - "dwara001", - "kalat002", - "zulfi001", - "nform001", - "cymer001", - "jacks404", - "ullah302", - "kalep001", - "andra315", - "lawso358", - "owens397", - "jezes001", - "brow0041", - "alade001", - "rehma003", - "McCoy371", - "patel385", - "arnol377", - "sivil001", - "naray007", - "lolli001", - "roger367" - ], - "name": "CSVD_Users", - "node_id": "MDQ6VGVhbTM=", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [ - "Legacy-Ansible-Applications", - "Legacy-Ansible-Operations", - "Legacy-Ansible-SAS", - "Configuration-Novell-LDAP-CSVD", - "Legacy-tools-for-tools", - "Operation-Redhat-RHEL-CSVD-sudo", - "Operation-AWS-CSVD-instance_tagging", - "Operation-VMware-CSVD-custom_attributes", - "Application-ClamAV-ClamAV-CSVD", - "Operation-Amazon-CSVD-provision_ec2", - "Operation-Ansible-CSVD-build_vars", - "Operation-Ansible-CSVD-workflow-application_catalog", - "Operation-Ansible-CSVD-workflow-checks", - "Operation-Ansible-CSVD-workflow-convergence-check", - "Operation-Ansible-CSVD-workflow-notification", - "Operation-BMC-Atrium_Core-CSVD", - "Operation-Cloudforms-CSVD-workflow-callbacks", - "Operation-Redhat-CloudForms-CSVD-CICD-order", - "Operation-Redhat-RHEL7-aws-mount-ephemeral", - "Operation-Redhat-RHEL7-CSVD-audit", - "Operation-Redhat-RHEL-CSVD-chrony", - "Operation-Redhat-RHEL-CSVD-mount_disk", - "Operation-VMware-CSVD-provision_vm", - "Operation-Windows-OS-CSVD-mount_disk", - "Report-Tenable-SecurityCenter-CSVD", - "Legacy-atx-win-applications", - "Legacy-atx-win-build", - "Operation-Cisco-UCS-Profiles", - "Application-Veritas-NetBackup-CSVD", - "Legacy-atx-win-playbooks", - "Splunk-SC4S-gomplate", - "Operation-Red_Hat-RHEL8-CSVD-Baseline", - "product-test-s3-bucket" - ], - "slug": "csvd_users" - }, - { - "description": "Best Team Ever!", - "id": 4, - "members": [ - "youss001", - "pavul001", - "rainw303", - "winge001", - "pinto005", - "gogel001", - "lange309", - "dodd0306", - "onyek002", - "raybi001", - "garri325", - "vidab001", - "conte015", - "cymer001", - "ullah302", - "owens397", - "basil307" - ], - "name": "csvd_test_team", - "node_id": "MDQ6VGVhbTQ=", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [], - "slug": "csvd_test_team" - }, - { - "description": "IEB Automation team is under IEB Org", - "id": 5, - "members": [ - "winge001", - "dodd0306", - "onyek002", - "raybi001", - "garri325", - "gomez385" - ], - "name": "IEB Automation", - "node_id": "MDQ6VGVhbTU=", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [ - "Operation-Windows-OS-AD-Actions", - "Operation-Ansible-CSVD-workflow-winbuild-vmw", - "CloudForms-SERVICE_DIALOGS", - "CloudForms-REPORTS", - "CloudForms-ROLES", - "CloudForms-Email", - "CloudForms-CSVD", - "CloudForms-CSVD_Variables", - "CloudForms-BUTTONS", - "CloudForms-TAGS", - "Operation-Redhat-RHEL7-CSVD-banners", - "Ansible-Windows-Build-AZR", - "Ansible-Windows-Build-Ops", - "Ansible-Windows-Build-VMW", - "Ansible-Windows-Image-Ops", - "Ansible-Windows-Retirement-Ops", - "Operation-Redhat-RHEL7-CSVD-logrotate", - "Operation-Red_Hat-Satellite-CSVD", - "Ansible-Windows-Development", - "Ansible_Inventory_Setup", - "Operation-Redhat-RHEL7-CSVD-sshd", - "Operation-Redhat-RHEL7-CSVD-grub2", - "Operation-CSVD-podman", - "Operation-Redhat-RHEL7-CSVD-sendmail", - "Operation-Red_Hat-Ansible_Tower-CSVD", - "Operation-Redhat-RHEL7-CSVD-svc_account", - "Operations_RHEL_OS_Configurations", - "Operations-RHEL-Ansible", - "Collection-Red_Hat-RHEL_Baseline-CSVD", - "Application-Red_Hat-Ansible_Automation_Platform-CSVD", - "Operation-Redhat-RHEL7-CSVD-systemctl", - "Application-Splunk-Splunk_Universal_Forwarder-CSVD", - "Operation-Amazon-CSVD-provision_services", - "Operation-Amazon-AWS-CSVD-RHEL_AMI", - "Operation-Red_Hat-Insights-CSVD", - "Operation-GitHub-GitHub_Enterprise-CSVD", - "Ansible-Windows-Build-AZR-LAB", - "SAT6_cert_renew_PROD", - "Application-Redhat-Satellite-CSVD-certificate-renew", - "Operation-Microsoft-MDE_Linux", - "Operation-Microsoft-Azure_Connected_Machine_agent", - "Ansible-Windows-Build-AWS", - "Application-HCL-BigFix-CSVD", - "Application-Morpheus_Data-Morpheus-CSVD", - "AAP-Windows-Build-AWS", - "Ansible-Windows-Build-AWS-LAB" - ], - "slug": "ieb-automation" - }, - { - "description": "", - "id": 62, - "members": [ - "ojimi001", - "short343" - ], - "name": "Spunk Admin", - "node_id": "MDQ6VGVhbTYy", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [ - "splunk-connect-for-syslog", - "Splunk-SC4S-gomplate" - ], - "slug": "spunk-admin" - }, - { - "description": "", - "id": 716, - "members": [], - "name": "csvd-automation", - "node_id": "MDQ6VGVhbTcxNg==", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [], - "slug": "csvd-automation" - } - ] - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.github_checkout.module.internal_github_actions", - "mode": "managed", - "type": "github_repository", - "name": "repo", - "provider": "provider[\"registry.terraform.io/integrations/github\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "allow_auto_merge": false, - "allow_merge_commit": false, - "allow_rebase_merge": false, - "allow_squash_merge": true, - "allow_update_branch": false, - "archive_on_destroy": true, - "archived": false, - "auto_init": true, - "default_branch": "main", - "delete_branch_on_merge": true, - "description": "Imported External Github Actions Repository", - "etag": "W/\"76ffc347af83201a93efffd0c85c896a351c1c1c12f0e4eb5c85bc94074a4624\"", - "full_name": "CSVD/gh-actions-checkout", - "git_clone_url": "git://github.e.it.census.gov/CSVD/gh-actions-checkout.git", - "gitignore_template": "Terraform", - "has_discussions": false, - "has_downloads": false, - "has_issues": false, - "has_projects": true, - "has_wiki": true, - "homepage_url": "", - "html_url": "https://github.e.it.census.gov/CSVD/gh-actions-checkout", - "http_clone_url": "https://github.e.it.census.gov/CSVD/gh-actions-checkout.git", - "id": "gh-actions-checkout", - "ignore_vulnerability_alerts_during_read": null, - "is_template": false, - "license_template": null, - "merge_commit_message": "PR_TITLE", - "merge_commit_title": "MERGE_MESSAGE", - "name": "gh-actions-checkout", - "node_id": "MDEwOlJlcG9zaXRvcnkxMDA5", - "pages": [], - "primary_language": "", - "private": false, - "repo_id": 1009, - "security_and_analysis": [ - { - "advanced_security": [ - { - "status": "disabled" - } - ], - "secret_scanning": [ - { - "status": "disabled" - } - ], - "secret_scanning_push_protection": [ - { - "status": "disabled" - } - ] - } - ], - "squash_merge_commit_message": "COMMIT_MESSAGES", - "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", - "ssh_clone_url": "git@github.e.it.census.gov:CSVD/gh-actions-checkout.git", - "svn_url": "https://github.e.it.census.gov/CSVD/gh-actions-checkout", - "template": [], - "topics": [ - "github-actions" - ], - "visibility": "public", - "vulnerability_alerts": false, - "web_commit_signoff_required": false - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.github_script", - "mode": "managed", - "type": "null_resource", - "name": "git_clone", - "provider": "provider[\"registry.terraform.io/hashicorp/null\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "1223174279697704692", - "triggers": null - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.github_script", - "mode": "managed", - "type": "null_resource", - "name": "git_clone_new_repo", - "provider": "provider[\"registry.terraform.io/hashicorp/null\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "4614869244027441992", - "triggers": null - }, - "sensitive_attributes": [], - "dependencies": [ - "module.github_script.module.internal_github_actions.data.github_organization_teams.root_teams", - "module.github_script.module.internal_github_actions.data.github_ref.ref", - "module.github_script.module.internal_github_actions.data.github_repository.template_repo", - "module.github_script.module.internal_github_actions.data.github_user.pull_request_bypassers", - "module.github_script.module.internal_github_actions.github_actions_secret.secret", - "module.github_script.module.internal_github_actions.github_actions_variable.variable", - "module.github_script.module.internal_github_actions.github_branch.branch", - "module.github_script.module.internal_github_actions.github_branch_default.default_main_branch", - "module.github_script.module.internal_github_actions.github_branch_protection.main", - "module.github_script.module.internal_github_actions.github_repository.repo", - "module.github_script.module.internal_github_actions.github_repository_collaborator.collaborators", - "module.github_script.module.internal_github_actions.github_repository_file.codeowners", - "module.github_script.module.internal_github_actions.github_repository_file.extra_files", - "module.github_script.module.internal_github_actions.github_repository_file.managed_extra_files", - "module.github_script.module.internal_github_actions.github_team_repository.admin", - "module.github_script.null_resource.git_clone" - ] - } - ] - }, - { - "module": "module.github_script.module.internal_github_actions", - "mode": "data", - "type": "github_organization_teams", - "name": "root_teams", - "provider": "provider[\"registry.terraform.io/integrations/github\"]", - "instances": [ - { - "index_key": 0, - "schema_version": 0, - "attributes": { - "id": "MDEyOk9yZ2FuaXphdGlvbjM1", - "results_per_page": 100, - "root_teams_only": false, - "summary_only": false, - "teams": [ - { - "description": "", - "id": 2, - "members": [ - "winge001", - "pinto005", - "garri325", - "tanyi001", - "desai018", - "sivil001" - ], - "name": "CSVD_Admins", - "node_id": "MDQ6VGVhbTI=", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [], - "slug": "csvd_admins" - }, - { - "description": "", - "id": 3, - "members": [ - "gogel001", - "lange309", - "dodd0306", - "onyek002", - "raybi001", - "cf-user", - "csvd-openshift", - "svc-ansible", - "garre343", - "schic001", - "garri325", - "carro356", - "davis323", - "mille441", - "harpe341", - "quatt008", - "akapo001", - "bell0402", - "agbo0001", - "zunig011", - "bouvi301", - "aravi001", - "niang001", - "shaik005", - "pazou001", - "dwara001", - "kalat002", - "zulfi001", - "nform001", - "cymer001", - "jacks404", - "ullah302", - "kalep001", - "andra315", - "lawso358", - "owens397", - "jezes001", - "brow0041", - "alade001", - "rehma003", - "McCoy371", - "patel385", - "arnol377", - "sivil001", - "naray007", - "lolli001", - "roger367" - ], - "name": "CSVD_Users", - "node_id": "MDQ6VGVhbTM=", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [ - "Legacy-Ansible-Applications", - "Legacy-Ansible-Operations", - "Legacy-Ansible-SAS", - "Configuration-Novell-LDAP-CSVD", - "Legacy-tools-for-tools", - "Operation-Redhat-RHEL-CSVD-sudo", - "Operation-AWS-CSVD-instance_tagging", - "Operation-VMware-CSVD-custom_attributes", - "Application-ClamAV-ClamAV-CSVD", - "Operation-Amazon-CSVD-provision_ec2", - "Operation-Ansible-CSVD-build_vars", - "Operation-Ansible-CSVD-workflow-application_catalog", - "Operation-Ansible-CSVD-workflow-checks", - "Operation-Ansible-CSVD-workflow-convergence-check", - "Operation-Ansible-CSVD-workflow-notification", - "Operation-BMC-Atrium_Core-CSVD", - "Operation-Cloudforms-CSVD-workflow-callbacks", - "Operation-Redhat-CloudForms-CSVD-CICD-order", - "Operation-Redhat-RHEL7-aws-mount-ephemeral", - "Operation-Redhat-RHEL7-CSVD-audit", - "Operation-Redhat-RHEL-CSVD-chrony", - "Operation-Redhat-RHEL-CSVD-mount_disk", - "Operation-VMware-CSVD-provision_vm", - "Operation-Windows-OS-CSVD-mount_disk", - "Report-Tenable-SecurityCenter-CSVD", - "Legacy-atx-win-applications", - "Legacy-atx-win-build", - "Operation-Cisco-UCS-Profiles", - "Application-Veritas-NetBackup-CSVD", - "Legacy-atx-win-playbooks", - "Splunk-SC4S-gomplate", - "Operation-Red_Hat-RHEL8-CSVD-Baseline", - "product-test-s3-bucket" - ], - "slug": "csvd_users" - }, - { - "description": "Best Team Ever!", - "id": 4, - "members": [ - "youss001", - "pavul001", - "rainw303", - "winge001", - "pinto005", - "gogel001", - "lange309", - "dodd0306", - "onyek002", - "raybi001", - "garri325", - "vidab001", - "conte015", - "cymer001", - "ullah302", - "owens397", - "basil307" - ], - "name": "csvd_test_team", - "node_id": "MDQ6VGVhbTQ=", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [], - "slug": "csvd_test_team" - }, - { - "description": "IEB Automation team is under IEB Org", - "id": 5, - "members": [ - "winge001", - "dodd0306", - "onyek002", - "raybi001", - "garri325", - "gomez385" - ], - "name": "IEB Automation", - "node_id": "MDQ6VGVhbTU=", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [ - "Operation-Windows-OS-AD-Actions", - "Operation-Ansible-CSVD-workflow-winbuild-vmw", - "CloudForms-SERVICE_DIALOGS", - "CloudForms-REPORTS", - "CloudForms-ROLES", - "CloudForms-Email", - "CloudForms-CSVD", - "CloudForms-CSVD_Variables", - "CloudForms-BUTTONS", - "CloudForms-TAGS", - "Operation-Redhat-RHEL7-CSVD-banners", - "Ansible-Windows-Build-AZR", - "Ansible-Windows-Build-Ops", - "Ansible-Windows-Build-VMW", - "Ansible-Windows-Image-Ops", - "Ansible-Windows-Retirement-Ops", - "Operation-Redhat-RHEL7-CSVD-logrotate", - "Operation-Red_Hat-Satellite-CSVD", - "Ansible-Windows-Development", - "Ansible_Inventory_Setup", - "Operation-Redhat-RHEL7-CSVD-sshd", - "Operation-Redhat-RHEL7-CSVD-grub2", - "Operation-CSVD-podman", - "Operation-Redhat-RHEL7-CSVD-sendmail", - "Operation-Red_Hat-Ansible_Tower-CSVD", - "Operation-Redhat-RHEL7-CSVD-svc_account", - "Operations_RHEL_OS_Configurations", - "Operations-RHEL-Ansible", - "Collection-Red_Hat-RHEL_Baseline-CSVD", - "Application-Red_Hat-Ansible_Automation_Platform-CSVD", - "Operation-Redhat-RHEL7-CSVD-systemctl", - "Application-Splunk-Splunk_Universal_Forwarder-CSVD", - "Operation-Amazon-CSVD-provision_services", - "Operation-Amazon-AWS-CSVD-RHEL_AMI", - "Operation-Red_Hat-Insights-CSVD", - "Operation-GitHub-GitHub_Enterprise-CSVD", - "Ansible-Windows-Build-AZR-LAB", - "SAT6_cert_renew_PROD", - "Application-Redhat-Satellite-CSVD-certificate-renew", - "Operation-Microsoft-MDE_Linux", - "Operation-Microsoft-Azure_Connected_Machine_agent", - "Ansible-Windows-Build-AWS", - "Application-HCL-BigFix-CSVD", - "Application-Morpheus_Data-Morpheus-CSVD", - "AAP-Windows-Build-AWS", - "Ansible-Windows-Build-AWS-LAB" - ], - "slug": "ieb-automation" - }, - { - "description": "", - "id": 62, - "members": [ - "ojimi001", - "short343" - ], - "name": "Spunk Admin", - "node_id": "MDQ6VGVhbTYy", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [ - "splunk-connect-for-syslog", - "Splunk-SC4S-gomplate" - ], - "slug": "spunk-admin" - }, - { - "description": "", - "id": 716, - "members": [], - "name": "csvd-automation", - "node_id": "MDQ6VGVhbTcxNg==", - "parent": { - "id": "", - "name": "", - "slug": "" - }, - "privacy": "VISIBLE", - "repositories": [], - "slug": "csvd-automation" - } - ] - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.github_script.module.internal_github_actions", - "mode": "managed", - "type": "github_repository", - "name": "repo", - "provider": "provider[\"registry.terraform.io/integrations/github\"]", - "instances": [ - { - "schema_version": 1, - "attributes": { - "allow_auto_merge": false, - "allow_merge_commit": false, - "allow_rebase_merge": false, - "allow_squash_merge": true, - "allow_update_branch": false, - "archive_on_destroy": true, - "archived": false, - "auto_init": true, - "default_branch": "main", - "delete_branch_on_merge": true, - "description": "Imported External Github Actions Repository", - "etag": "W/\"173e1ef79d94b634e9f8e6f27f5e0ca8cc7ee3e1f6a6fc4de0a45f04a57bfeb6\"", - "full_name": "CSVD/gh-actions-github-script", - "git_clone_url": "git://github.e.it.census.gov/CSVD/gh-actions-github-script.git", - "gitignore_template": "Terraform", - "has_discussions": false, - "has_downloads": false, - "has_issues": false, - "has_projects": true, - "has_wiki": true, - "homepage_url": "", - "html_url": "https://github.e.it.census.gov/CSVD/gh-actions-github-script", - "http_clone_url": "https://github.e.it.census.gov/CSVD/gh-actions-github-script.git", - "id": "gh-actions-github-script", - "ignore_vulnerability_alerts_during_read": null, - "is_template": false, - "license_template": null, - "merge_commit_message": "PR_TITLE", - "merge_commit_title": "MERGE_MESSAGE", - "name": "gh-actions-github-script", - "node_id": "MDEwOlJlcG9zaXRvcnkxMDA2", - "pages": [], - "primary_language": "", - "private": false, - "repo_id": 1006, - "security_and_analysis": [ - { - "advanced_security": [ - { - "status": "disabled" - } - ], - "secret_scanning": [ - { - "status": "disabled" - } - ], - "secret_scanning_push_protection": [ - { - "status": "disabled" - } - ] - } - ], - "squash_merge_commit_message": "COMMIT_MESSAGES", - "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", - "ssh_clone_url": "git@github.e.it.census.gov:CSVD/gh-actions-github-script.git", - "svn_url": "https://github.e.it.census.gov/CSVD/gh-actions-github-script", - "template": [], - "topics": [ - "github-actions" - ], - "visibility": "public", - "vulnerability_alerts": false, - "web_commit_signoff_required": false - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" - } - ] - }, - { - "module": "module.repo_secrets[\"automation-repos\"]", - "mode": "managed", - "type": "github_actions_secret", - "name": "secret", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_SECRET_ACCESS_KEY", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:23 +0000 UTC", - "encrypted_value": "", - "id": "automation-repos:AWS_SECRET_ACCESS_KEY", - "plaintext_value": "etnJvcdI2du8loIBxfUfMhZSNofkkco7RAj/rvor", - "repository": "automation-repos", - "secret_name": "AWS_SECRET_ACCESS_KEY", - "updated_at": "2024-08-16 16:03:23 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "AWS_SESSION_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:12 +0000 UTC", - "encrypted_value": "", - "id": "automation-repos:AWS_SESSION_TOKEN", - "plaintext_value": "IQoJb3JpZ2luX2VjENH//////////wEaDXVzLWdvdi1lYXN0LTEiRzBFAiA1bXzDtUaBLN5c7y0DU79ZPwEM0E4X0+EsNEkZZmeYXwIhAISKrI7b1rCjPkzwjyBPMaSDzS3L4W4ty+od/ubhAojGKqADCO7//////////wEQABoMMjI5Njg1NDQ5Mzk3Igwmc2r9x6ZCLaA7/MEq9AIn8ArKVhts60a/S1MLFUyRP51IOkdolpyA7zc9S94I/unEmMFaFPiU7M1idu9dV6bXIUOM+gOiK+dAivKOPy9/OdqCnzA08RCbCpK15MPd+mb+jFNJizk6tU+ycyMtWrp7XeanqcQu64OWUi35zROZG2x/x7OAXv2jAMM4/NyAqg+PxM8coqkybWLNsjyb5SgD7PkXv0uj6vaXYzKuQGI3PRifAr6pwPe+PN7KX/P7A0PKWXKGBjKQTU+AMgJTcgyJLVleqfqlEwNr4eji+zbBn7zTOVVmwjMqPrYM4XuxEiNYyJTKpHAsk3j2KT//+Kmq51k1piaZa4t1IuHp5SGKHHKU0HXwDiKYtNXM6ayDrdUbp5TTCxWnrCklRiXVvAjOQ2PAcMEPIgOn1pNTbnmuMka965F/iQH4ccg8bjzSZrRN8qQfRtMxGh/1h9FfqcGrEWXQ5WtlT539I3G7gBclRCbn3owJfNvAY3cRkA6ZKlR86iMw/u/9tQY6pgFKYCO+WJ8W+csYeLNQEcWy2DMSUNEkO373V6iMwt8WZ6BjZbWbbYH/624tSxca6zvTN8GjkUIykgWgHagHsSQlHm4qDiDsPsEQvOGA3A6UA/q3x8s4n7VSMRDiSNDlCAPbnx12H3t6Zsga2RnfDAWZ5cdnFJPxwZTI2dLpOCUKkcOcSHNXCpB1mqGFAXEk+etEgInN2urj6+Gt4Ad38TCiLCJ16dB8", - "repository": "automation-repos", - "secret_name": "AWS_SESSION_TOKEN", - "updated_at": "2024-08-16 16:03:12 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ], - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "GH_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-09 19:55:08 +0000 UTC", - "encrypted_value": "", - "id": "automation-repos:GH_TOKEN", - "plaintext_value": "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", - "repository": "automation-repos", - "secret_name": "GH_TOKEN", - "updated_at": "2024-08-09 19:55:08 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.repo_secrets[\"automation-repos\"]", - "mode": "managed", - "type": "github_actions_variable", - "name": "variable", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_ACCESS_KEY_ID", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-13 15:58:54 +0000 UTC", - "id": "automation-repos:AWS_ACCESS_KEY_ID", - "repository": "automation-repos", - "updated_at": "2024-08-16 16:03:07 +0000 UTC", - "value": "ASIATK6SR2K27JMKCZWF", - "variable_name": "AWS_ACCESS_KEY_ID" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.repo_secrets[\"aws-image-pipeline\"]", - "mode": "managed", - "type": "github_actions_secret", - "name": "secret", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_SECRET_ACCESS_KEY", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:26 +0000 UTC", - "encrypted_value": "", - "id": "aws-image-pipeline:AWS_SECRET_ACCESS_KEY", - "plaintext_value": "etnJvcdI2du8loIBxfUfMhZSNofkkco7RAj/rvor", - "repository": "aws-image-pipeline", - "secret_name": "AWS_SECRET_ACCESS_KEY", - "updated_at": "2024-08-16 16:03:26 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "AWS_SESSION_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:19 +0000 UTC", - "encrypted_value": "", - "id": "aws-image-pipeline:AWS_SESSION_TOKEN", - "plaintext_value": "IQoJb3JpZ2luX2VjENH//////////wEaDXVzLWdvdi1lYXN0LTEiRzBFAiA1bXzDtUaBLN5c7y0DU79ZPwEM0E4X0+EsNEkZZmeYXwIhAISKrI7b1rCjPkzwjyBPMaSDzS3L4W4ty+od/ubhAojGKqADCO7//////////wEQABoMMjI5Njg1NDQ5Mzk3Igwmc2r9x6ZCLaA7/MEq9AIn8ArKVhts60a/S1MLFUyRP51IOkdolpyA7zc9S94I/unEmMFaFPiU7M1idu9dV6bXIUOM+gOiK+dAivKOPy9/OdqCnzA08RCbCpK15MPd+mb+jFNJizk6tU+ycyMtWrp7XeanqcQu64OWUi35zROZG2x/x7OAXv2jAMM4/NyAqg+PxM8coqkybWLNsjyb5SgD7PkXv0uj6vaXYzKuQGI3PRifAr6pwPe+PN7KX/P7A0PKWXKGBjKQTU+AMgJTcgyJLVleqfqlEwNr4eji+zbBn7zTOVVmwjMqPrYM4XuxEiNYyJTKpHAsk3j2KT//+Kmq51k1piaZa4t1IuHp5SGKHHKU0HXwDiKYtNXM6ayDrdUbp5TTCxWnrCklRiXVvAjOQ2PAcMEPIgOn1pNTbnmuMka965F/iQH4ccg8bjzSZrRN8qQfRtMxGh/1h9FfqcGrEWXQ5WtlT539I3G7gBclRCbn3owJfNvAY3cRkA6ZKlR86iMw/u/9tQY6pgFKYCO+WJ8W+csYeLNQEcWy2DMSUNEkO373V6iMwt8WZ6BjZbWbbYH/624tSxca6zvTN8GjkUIykgWgHagHsSQlHm4qDiDsPsEQvOGA3A6UA/q3x8s4n7VSMRDiSNDlCAPbnx12H3t6Zsga2RnfDAWZ5cdnFJPxwZTI2dLpOCUKkcOcSHNXCpB1mqGFAXEk+etEgInN2urj6+Gt4Ad38TCiLCJ16dB8", - "repository": "aws-image-pipeline", - "secret_name": "AWS_SESSION_TOKEN", - "updated_at": "2024-08-16 16:03:19 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "GH_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-09 19:55:11 +0000 UTC", - "encrypted_value": "", - "id": "aws-image-pipeline:GH_TOKEN", - "plaintext_value": "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", - "repository": "aws-image-pipeline", - "secret_name": "GH_TOKEN", - "updated_at": "2024-08-09 19:55:11 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.repo_secrets[\"aws-image-pipeline\"]", - "mode": "managed", - "type": "github_actions_variable", - "name": "variable", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_ACCESS_KEY_ID", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-13 15:59:56 +0000 UTC", - "id": "aws-image-pipeline:AWS_ACCESS_KEY_ID", - "repository": "aws-image-pipeline", - "updated_at": "2024-08-16 16:03:04 +0000 UTC", - "value": "ASIATK6SR2K27JMKCZWF", - "variable_name": "AWS_ACCESS_KEY_ID" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.repo_secrets[\"image-pipeline-ansible-playbooks\"]", - "mode": "managed", - "type": "github_actions_secret", - "name": "secret", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_SECRET_ACCESS_KEY", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:11 +0000 UTC", - "encrypted_value": "", - "id": "image-pipeline-ansible-playbooks:AWS_SECRET_ACCESS_KEY", - "plaintext_value": "etnJvcdI2du8loIBxfUfMhZSNofkkco7RAj/rvor", - "repository": "image-pipeline-ansible-playbooks", - "secret_name": "AWS_SECRET_ACCESS_KEY", - "updated_at": "2024-08-16 16:03:11 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "AWS_SESSION_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:22 +0000 UTC", - "encrypted_value": "", - "id": "image-pipeline-ansible-playbooks:AWS_SESSION_TOKEN", - "plaintext_value": "IQoJb3JpZ2luX2VjENH//////////wEaDXVzLWdvdi1lYXN0LTEiRzBFAiA1bXzDtUaBLN5c7y0DU79ZPwEM0E4X0+EsNEkZZmeYXwIhAISKrI7b1rCjPkzwjyBPMaSDzS3L4W4ty+od/ubhAojGKqADCO7//////////wEQABoMMjI5Njg1NDQ5Mzk3Igwmc2r9x6ZCLaA7/MEq9AIn8ArKVhts60a/S1MLFUyRP51IOkdolpyA7zc9S94I/unEmMFaFPiU7M1idu9dV6bXIUOM+gOiK+dAivKOPy9/OdqCnzA08RCbCpK15MPd+mb+jFNJizk6tU+ycyMtWrp7XeanqcQu64OWUi35zROZG2x/x7OAXv2jAMM4/NyAqg+PxM8coqkybWLNsjyb5SgD7PkXv0uj6vaXYzKuQGI3PRifAr6pwPe+PN7KX/P7A0PKWXKGBjKQTU+AMgJTcgyJLVleqfqlEwNr4eji+zbBn7zTOVVmwjMqPrYM4XuxEiNYyJTKpHAsk3j2KT//+Kmq51k1piaZa4t1IuHp5SGKHHKU0HXwDiKYtNXM6ayDrdUbp5TTCxWnrCklRiXVvAjOQ2PAcMEPIgOn1pNTbnmuMka965F/iQH4ccg8bjzSZrRN8qQfRtMxGh/1h9FfqcGrEWXQ5WtlT539I3G7gBclRCbn3owJfNvAY3cRkA6ZKlR86iMw/u/9tQY6pgFKYCO+WJ8W+csYeLNQEcWy2DMSUNEkO373V6iMwt8WZ6BjZbWbbYH/624tSxca6zvTN8GjkUIykgWgHagHsSQlHm4qDiDsPsEQvOGA3A6UA/q3x8s4n7VSMRDiSNDlCAPbnx12H3t6Zsga2RnfDAWZ5cdnFJPxwZTI2dLpOCUKkcOcSHNXCpB1mqGFAXEk+etEgInN2urj6+Gt4Ad38TCiLCJ16dB8", - "repository": "image-pipeline-ansible-playbooks", - "secret_name": "AWS_SESSION_TOKEN", - "updated_at": "2024-08-16 16:03:22 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ], - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "GH_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-09 19:55:02 +0000 UTC", - "encrypted_value": "", - "id": "image-pipeline-ansible-playbooks:GH_TOKEN", - "plaintext_value": "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", - "repository": "image-pipeline-ansible-playbooks", - "secret_name": "GH_TOKEN", - "updated_at": "2024-08-09 19:55:02 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.repo_secrets[\"image-pipeline-ansible-playbooks\"]", - "mode": "managed", - "type": "github_actions_variable", - "name": "variable", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_ACCESS_KEY_ID", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-13 15:58:50 +0000 UTC", - "id": "image-pipeline-ansible-playbooks:AWS_ACCESS_KEY_ID", - "repository": "image-pipeline-ansible-playbooks", - "updated_at": "2024-08-16 16:03:09 +0000 UTC", - "value": "ASIATK6SR2K27JMKCZWF", - "variable_name": "AWS_ACCESS_KEY_ID" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.repo_secrets[\"image-pipeline-goss-testing\"]", - "mode": "managed", - "type": "github_actions_secret", - "name": "secret", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_SECRET_ACCESS_KEY", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:18 +0000 UTC", - "encrypted_value": "", - "id": "image-pipeline-goss-testing:AWS_SECRET_ACCESS_KEY", - "plaintext_value": "etnJvcdI2du8loIBxfUfMhZSNofkkco7RAj/rvor", - "repository": "image-pipeline-goss-testing", - "secret_name": "AWS_SECRET_ACCESS_KEY", - "updated_at": "2024-08-16 16:03:18 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ], - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "AWS_SESSION_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:20 +0000 UTC", - "encrypted_value": "", - "id": "image-pipeline-goss-testing:AWS_SESSION_TOKEN", - "plaintext_value": "IQoJb3JpZ2luX2VjENH//////////wEaDXVzLWdvdi1lYXN0LTEiRzBFAiA1bXzDtUaBLN5c7y0DU79ZPwEM0E4X0+EsNEkZZmeYXwIhAISKrI7b1rCjPkzwjyBPMaSDzS3L4W4ty+od/ubhAojGKqADCO7//////////wEQABoMMjI5Njg1NDQ5Mzk3Igwmc2r9x6ZCLaA7/MEq9AIn8ArKVhts60a/S1MLFUyRP51IOkdolpyA7zc9S94I/unEmMFaFPiU7M1idu9dV6bXIUOM+gOiK+dAivKOPy9/OdqCnzA08RCbCpK15MPd+mb+jFNJizk6tU+ycyMtWrp7XeanqcQu64OWUi35zROZG2x/x7OAXv2jAMM4/NyAqg+PxM8coqkybWLNsjyb5SgD7PkXv0uj6vaXYzKuQGI3PRifAr6pwPe+PN7KX/P7A0PKWXKGBjKQTU+AMgJTcgyJLVleqfqlEwNr4eji+zbBn7zTOVVmwjMqPrYM4XuxEiNYyJTKpHAsk3j2KT//+Kmq51k1piaZa4t1IuHp5SGKHHKU0HXwDiKYtNXM6ayDrdUbp5TTCxWnrCklRiXVvAjOQ2PAcMEPIgOn1pNTbnmuMka965F/iQH4ccg8bjzSZrRN8qQfRtMxGh/1h9FfqcGrEWXQ5WtlT539I3G7gBclRCbn3owJfNvAY3cRkA6ZKlR86iMw/u/9tQY6pgFKYCO+WJ8W+csYeLNQEcWy2DMSUNEkO373V6iMwt8WZ6BjZbWbbYH/624tSxca6zvTN8GjkUIykgWgHagHsSQlHm4qDiDsPsEQvOGA3A6UA/q3x8s4n7VSMRDiSNDlCAPbnx12H3t6Zsga2RnfDAWZ5cdnFJPxwZTI2dLpOCUKkcOcSHNXCpB1mqGFAXEk+etEgInN2urj6+Gt4Ad38TCiLCJ16dB8", - "repository": "image-pipeline-goss-testing", - "secret_name": "AWS_SESSION_TOKEN", - "updated_at": "2024-08-16 16:03:20 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "GH_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-09 19:55:22 +0000 UTC", - "encrypted_value": "", - "id": "image-pipeline-goss-testing:GH_TOKEN", - "plaintext_value": "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", - "repository": "image-pipeline-goss-testing", - "secret_name": "GH_TOKEN", - "updated_at": "2024-08-09 19:55:22 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ], - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.repo_secrets[\"image-pipeline-goss-testing\"]", - "mode": "managed", - "type": "github_actions_variable", - "name": "variable", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_ACCESS_KEY_ID", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-13 15:58:55 +0000 UTC", - "id": "image-pipeline-goss-testing:AWS_ACCESS_KEY_ID", - "repository": "image-pipeline-goss-testing", - "updated_at": "2024-08-16 16:03:06 +0000 UTC", - "value": "ASIATK6SR2K27JMKCZWF", - "variable_name": "AWS_ACCESS_KEY_ID" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.repo_secrets[\"linux-image-pipeline\"]", - "mode": "managed", - "type": "github_actions_secret", - "name": "secret", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_SECRET_ACCESS_KEY", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:25 +0000 UTC", - "encrypted_value": "", - "id": "linux-image-pipeline:AWS_SECRET_ACCESS_KEY", - "plaintext_value": "etnJvcdI2du8loIBxfUfMhZSNofkkco7RAj/rvor", - "repository": "linux-image-pipeline", - "secret_name": "AWS_SECRET_ACCESS_KEY", - "updated_at": "2024-08-16 16:03:25 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "AWS_SESSION_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:13 +0000 UTC", - "encrypted_value": "", - "id": "linux-image-pipeline:AWS_SESSION_TOKEN", - "plaintext_value": "IQoJb3JpZ2luX2VjENH//////////wEaDXVzLWdvdi1lYXN0LTEiRzBFAiA1bXzDtUaBLN5c7y0DU79ZPwEM0E4X0+EsNEkZZmeYXwIhAISKrI7b1rCjPkzwjyBPMaSDzS3L4W4ty+od/ubhAojGKqADCO7//////////wEQABoMMjI5Njg1NDQ5Mzk3Igwmc2r9x6ZCLaA7/MEq9AIn8ArKVhts60a/S1MLFUyRP51IOkdolpyA7zc9S94I/unEmMFaFPiU7M1idu9dV6bXIUOM+gOiK+dAivKOPy9/OdqCnzA08RCbCpK15MPd+mb+jFNJizk6tU+ycyMtWrp7XeanqcQu64OWUi35zROZG2x/x7OAXv2jAMM4/NyAqg+PxM8coqkybWLNsjyb5SgD7PkXv0uj6vaXYzKuQGI3PRifAr6pwPe+PN7KX/P7A0PKWXKGBjKQTU+AMgJTcgyJLVleqfqlEwNr4eji+zbBn7zTOVVmwjMqPrYM4XuxEiNYyJTKpHAsk3j2KT//+Kmq51k1piaZa4t1IuHp5SGKHHKU0HXwDiKYtNXM6ayDrdUbp5TTCxWnrCklRiXVvAjOQ2PAcMEPIgOn1pNTbnmuMka965F/iQH4ccg8bjzSZrRN8qQfRtMxGh/1h9FfqcGrEWXQ5WtlT539I3G7gBclRCbn3owJfNvAY3cRkA6ZKlR86iMw/u/9tQY6pgFKYCO+WJ8W+csYeLNQEcWy2DMSUNEkO373V6iMwt8WZ6BjZbWbbYH/624tSxca6zvTN8GjkUIykgWgHagHsSQlHm4qDiDsPsEQvOGA3A6UA/q3x8s4n7VSMRDiSNDlCAPbnx12H3t6Zsga2RnfDAWZ5cdnFJPxwZTI2dLpOCUKkcOcSHNXCpB1mqGFAXEk+etEgInN2urj6+Gt4Ad38TCiLCJ16dB8", - "repository": "linux-image-pipeline", - "secret_name": "AWS_SESSION_TOKEN", - "updated_at": "2024-08-16 16:03:13 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "GH_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-09 19:55:24 +0000 UTC", - "encrypted_value": "", - "id": "linux-image-pipeline:GH_TOKEN", - "plaintext_value": "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", - "repository": "linux-image-pipeline", - "secret_name": "GH_TOKEN", - "updated_at": "2024-08-09 19:55:24 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ], - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.repo_secrets[\"linux-image-pipeline\"]", - "mode": "managed", - "type": "github_actions_variable", - "name": "variable", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_ACCESS_KEY_ID", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-13 15:58:56 +0000 UTC", - "id": "linux-image-pipeline:AWS_ACCESS_KEY_ID", - "repository": "linux-image-pipeline", - "updated_at": "2024-08-16 16:03:05 +0000 UTC", - "value": "ASIATK6SR2K27JMKCZWF", - "variable_name": "AWS_ACCESS_KEY_ID" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.repo_secrets[\"windows-image-pipeline\"]", - "mode": "managed", - "type": "github_actions_secret", - "name": "secret", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_SECRET_ACCESS_KEY", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:17 +0000 UTC", - "encrypted_value": "", - "id": "windows-image-pipeline:AWS_SECRET_ACCESS_KEY", - "plaintext_value": "etnJvcdI2du8loIBxfUfMhZSNofkkco7RAj/rvor", - "repository": "windows-image-pipeline", - "secret_name": "AWS_SECRET_ACCESS_KEY", - "updated_at": "2024-08-16 16:03:17 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "AWS_SESSION_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-16 16:03:15 +0000 UTC", - "encrypted_value": "", - "id": "windows-image-pipeline:AWS_SESSION_TOKEN", - "plaintext_value": "IQoJb3JpZ2luX2VjENH//////////wEaDXVzLWdvdi1lYXN0LTEiRzBFAiA1bXzDtUaBLN5c7y0DU79ZPwEM0E4X0+EsNEkZZmeYXwIhAISKrI7b1rCjPkzwjyBPMaSDzS3L4W4ty+od/ubhAojGKqADCO7//////////wEQABoMMjI5Njg1NDQ5Mzk3Igwmc2r9x6ZCLaA7/MEq9AIn8ArKVhts60a/S1MLFUyRP51IOkdolpyA7zc9S94I/unEmMFaFPiU7M1idu9dV6bXIUOM+gOiK+dAivKOPy9/OdqCnzA08RCbCpK15MPd+mb+jFNJizk6tU+ycyMtWrp7XeanqcQu64OWUi35zROZG2x/x7OAXv2jAMM4/NyAqg+PxM8coqkybWLNsjyb5SgD7PkXv0uj6vaXYzKuQGI3PRifAr6pwPe+PN7KX/P7A0PKWXKGBjKQTU+AMgJTcgyJLVleqfqlEwNr4eji+zbBn7zTOVVmwjMqPrYM4XuxEiNYyJTKpHAsk3j2KT//+Kmq51k1piaZa4t1IuHp5SGKHHKU0HXwDiKYtNXM6ayDrdUbp5TTCxWnrCklRiXVvAjOQ2PAcMEPIgOn1pNTbnmuMka965F/iQH4ccg8bjzSZrRN8qQfRtMxGh/1h9FfqcGrEWXQ5WtlT539I3G7gBclRCbn3owJfNvAY3cRkA6ZKlR86iMw/u/9tQY6pgFKYCO+WJ8W+csYeLNQEcWy2DMSUNEkO373V6iMwt8WZ6BjZbWbbYH/624tSxca6zvTN8GjkUIykgWgHagHsSQlHm4qDiDsPsEQvOGA3A6UA/q3x8s4n7VSMRDiSNDlCAPbnx12H3t6Zsga2RnfDAWZ5cdnFJPxwZTI2dLpOCUKkcOcSHNXCpB1mqGFAXEk+etEgInN2urj6+Gt4Ad38TCiLCJ16dB8", - "repository": "windows-image-pipeline", - "secret_name": "AWS_SESSION_TOKEN", - "updated_at": "2024-08-16 16:03:15 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ], - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - }, - { - "index_key": "GH_TOKEN", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-09 19:54:56 +0000 UTC", - "encrypted_value": "", - "id": "windows-image-pipeline:GH_TOKEN", - "plaintext_value": "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", - "repository": "windows-image-pipeline", - "secret_name": "GH_TOKEN", - "updated_at": "2024-08-09 19:54:56 +0000 UTC" - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "plaintext_value" - } - ], - [ - { - "type": "get_attr", - "value": "encrypted_value" - } - ] - ], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.repo_secrets[\"windows-image-pipeline\"]", - "mode": "managed", - "type": "github_actions_variable", - "name": "variable", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "AWS_ACCESS_KEY_ID", - "schema_version": 0, - "attributes": { - "created_at": "2024-08-13 15:58:51 +0000 UTC", - "id": "windows-image-pipeline:AWS_ACCESS_KEY_ID", - "repository": "windows-image-pipeline", - "updated_at": "2024-08-16 16:03:03 +0000 UTC", - "value": "ASIATK6SR2K27JMKCZWF", - "variable_name": "AWS_ACCESS_KEY_ID" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "module.env_var.data.external.var", - "module.env_var.random_string.random" - ] - } - ] - }, - { - "module": "module.runner", - "mode": "data", - "type": "github_actions_registration_token", - "name": "token", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "aws-image-pipeline", - "schema_version": 0, - "attributes": { - "expires_at": 1723827734, - "id": "CSVD/aws-image-pipeline", - "repository": "aws-image-pipeline", - "token": "AAAAEJLQS2QBDH3RIUVJWADGX6DBM" - }, - "sensitive_attributes": [] - }, - { - "index_key": "image-pipeline-ansible-playbooks", - "schema_version": 0, - "attributes": { - "expires_at": 1723827733, - "id": "CSVD/image-pipeline-ansible-playbooks", - "repository": "image-pipeline-ansible-playbooks", - "token": "AAAAEJNF5CVBHLRTCBD267TGX6DBK" - }, - "sensitive_attributes": [] - }, - { - "index_key": "image-pipeline-goss-testing", - "schema_version": 0, - "attributes": { - "expires_at": 1723827737, - "id": "CSVD/image-pipeline-goss-testing", - "repository": "image-pipeline-goss-testing", - "token": "AAAAEJOGZJWTM3F4AOCOIRTGX6DBS" - }, - "sensitive_attributes": [] - }, - { - "index_key": "linux-image-pipeline", - "schema_version": 0, - "attributes": { - "expires_at": 1723827740, - "id": "CSVD/linux-image-pipeline", - "repository": "linux-image-pipeline", - "token": "AAAAEJOAQQJ2BQ7UGNNYEU3GX6DBY" - }, - "sensitive_attributes": [] - }, - { - "index_key": "windows-image-pipeline", - "schema_version": 0, - "attributes": { - "expires_at": 1723827738, - "id": "CSVD/windows-image-pipeline", - "repository": "windows-image-pipeline", - "token": "AAAAEJJGZGXS4AZ7NEJJ4LLGX6DBU" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.runner", - "mode": "data", - "type": "github_repository", - "name": "repository", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "aws-image-pipeline", - "schema_version": 0, - "attributes": { - "allow_auto_merge": false, - "allow_merge_commit": false, - "allow_rebase_merge": false, - "allow_squash_merge": true, - "archived": false, - "default_branch": "main", - "description": "Terraform Workspace for creating and managing AWS Image Pipelines", - "fork": false, - "full_name": "CSVD/aws-image-pipeline", - "git_clone_url": "git://github.e.it.census.gov/CSVD/aws-image-pipeline.git", - "has_discussions": false, - "has_downloads": false, - "has_issues": false, - "has_projects": true, - "has_wiki": true, - "homepage_url": "", - "html_url": "https://github.e.it.census.gov/CSVD/aws-image-pipeline", - "http_clone_url": "https://github.e.it.census.gov/CSVD/aws-image-pipeline.git", - "id": "aws-image-pipeline", - "is_template": false, - "merge_commit_message": "PR_TITLE", - "merge_commit_title": "MERGE_MESSAGE", - "name": "aws-image-pipeline", - "node_id": "MDEwOlJlcG9zaXRvcnk5MjY=", - "pages": [], - "primary_language": "HCL", - "private": true, - "repo_id": 926, - "repository_license": [], - "squash_merge_commit_message": "COMMIT_MESSAGES", - "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", - "ssh_clone_url": "git@github.e.it.census.gov:CSVD/aws-image-pipeline.git", - "svn_url": "https://github.e.it.census.gov/CSVD/aws-image-pipeline", - "template": [], - "topics": [ - "terraform" - ], - "visibility": "private" - }, - "sensitive_attributes": [] - }, - { - "index_key": "image-pipeline-ansible-playbooks", - "schema_version": 0, - "attributes": { - "allow_auto_merge": false, - "allow_merge_commit": false, - "allow_rebase_merge": false, - "allow_squash_merge": true, - "archived": false, - "default_branch": "main", - "description": "Template repo for windows image pipelines", - "fork": false, - "full_name": "CSVD/image-pipeline-ansible-playbooks", - "git_clone_url": "git://github.e.it.census.gov/CSVD/image-pipeline-ansible-playbooks.git", - "has_discussions": false, - "has_downloads": false, - "has_issues": false, - "has_projects": true, - "has_wiki": true, - "homepage_url": "", - "html_url": "https://github.e.it.census.gov/CSVD/image-pipeline-ansible-playbooks", - "http_clone_url": "https://github.e.it.census.gov/CSVD/image-pipeline-ansible-playbooks.git", - "id": "image-pipeline-ansible-playbooks", - "is_template": false, - "merge_commit_message": "PR_TITLE", - "merge_commit_title": "MERGE_MESSAGE", - "name": "image-pipeline-ansible-playbooks", - "node_id": "MDEwOlJlcG9zaXRvcnk5ODM=", - "pages": [], - "primary_language": "", - "private": true, - "repo_id": 983, - "repository_license": [], - "squash_merge_commit_message": "COMMIT_MESSAGES", - "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", - "ssh_clone_url": "git@github.e.it.census.gov:CSVD/image-pipeline-ansible-playbooks.git", - "svn_url": "https://github.e.it.census.gov/CSVD/image-pipeline-ansible-playbooks", - "template": [], - "topics": [ - "terraform" - ], - "visibility": "private" - }, - "sensitive_attributes": [] - }, - { - "index_key": "image-pipeline-goss-testing", - "schema_version": 0, - "attributes": { - "allow_auto_merge": false, - "allow_merge_commit": false, - "allow_rebase_merge": false, - "allow_squash_merge": true, - "archived": false, - "default_branch": "main", - "description": "Template repo for windows image pipelines", - "fork": false, - "full_name": "CSVD/image-pipeline-goss-testing", - "git_clone_url": "git://github.e.it.census.gov/CSVD/image-pipeline-goss-testing.git", - "has_discussions": false, - "has_downloads": false, - "has_issues": false, - "has_projects": true, - "has_wiki": true, - "homepage_url": "", - "html_url": "https://github.e.it.census.gov/CSVD/image-pipeline-goss-testing", - "http_clone_url": "https://github.e.it.census.gov/CSVD/image-pipeline-goss-testing.git", - "id": "image-pipeline-goss-testing", - "is_template": false, - "merge_commit_message": "PR_TITLE", - "merge_commit_title": "MERGE_MESSAGE", - "name": "image-pipeline-goss-testing", - "node_id": "MDEwOlJlcG9zaXRvcnk5NDI=", - "pages": [], - "primary_language": "HCL", - "private": true, - "repo_id": 942, - "repository_license": [], - "squash_merge_commit_message": "COMMIT_MESSAGES", - "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", - "ssh_clone_url": "git@github.e.it.census.gov:CSVD/image-pipeline-goss-testing.git", - "svn_url": "https://github.e.it.census.gov/CSVD/image-pipeline-goss-testing", - "template": [], - "topics": [ - "terraform" - ], - "visibility": "private" - }, - "sensitive_attributes": [] - }, - { - "index_key": "linux-image-pipeline", - "schema_version": 0, - "attributes": { - "allow_auto_merge": false, - "allow_merge_commit": false, - "allow_rebase_merge": false, - "allow_squash_merge": true, - "archived": false, - "default_branch": "main", - "description": "Template repo for windows image pipelines", - "fork": false, - "full_name": "CSVD/linux-image-pipeline", - "git_clone_url": "git://github.e.it.census.gov/CSVD/linux-image-pipeline.git", - "has_discussions": false, - "has_downloads": false, - "has_issues": false, - "has_projects": true, - "has_wiki": true, - "homepage_url": "", - "html_url": "https://github.e.it.census.gov/CSVD/linux-image-pipeline", - "http_clone_url": "https://github.e.it.census.gov/CSVD/linux-image-pipeline.git", - "id": "linux-image-pipeline", - "is_template": false, - "merge_commit_message": "PR_TITLE", - "merge_commit_title": "MERGE_MESSAGE", - "name": "linux-image-pipeline", - "node_id": "MDEwOlJlcG9zaXRvcnk5OTU=", - "pages": [], - "primary_language": "HCL", - "private": true, - "repo_id": 995, - "repository_license": [], - "squash_merge_commit_message": "COMMIT_MESSAGES", - "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", - "ssh_clone_url": "git@github.e.it.census.gov:CSVD/linux-image-pipeline.git", - "svn_url": "https://github.e.it.census.gov/CSVD/linux-image-pipeline", - "template": [], - "topics": [ - "terraform" - ], - "visibility": "private" - }, - "sensitive_attributes": [] - }, - { - "index_key": "windows-image-pipeline", - "schema_version": 0, - "attributes": { - "allow_auto_merge": false, - "allow_merge_commit": false, - "allow_rebase_merge": false, - "allow_squash_merge": true, - "archived": false, - "default_branch": "main", - "description": "Template repo for windows image pipelines", - "fork": false, - "full_name": "CSVD/windows-image-pipeline", - "git_clone_url": "git://github.e.it.census.gov/CSVD/windows-image-pipeline.git", - "has_discussions": false, - "has_downloads": false, - "has_issues": false, - "has_projects": true, - "has_wiki": true, - "homepage_url": "", - "html_url": "https://github.e.it.census.gov/CSVD/windows-image-pipeline", - "http_clone_url": "https://github.e.it.census.gov/CSVD/windows-image-pipeline.git", - "id": "windows-image-pipeline", - "is_template": false, - "merge_commit_message": "PR_TITLE", - "merge_commit_title": "MERGE_MESSAGE", - "name": "windows-image-pipeline", - "node_id": "MDEwOlJlcG9zaXRvcnk5NzY=", - "pages": [], - "primary_language": "PowerShell", - "private": true, - "repo_id": 976, - "repository_license": [], - "squash_merge_commit_message": "COMMIT_MESSAGES", - "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", - "ssh_clone_url": "git@github.e.it.census.gov:CSVD/windows-image-pipeline.git", - "svn_url": "https://github.e.it.census.gov/CSVD/windows-image-pipeline", - "template": [], - "topics": [ - "terraform" - ], - "visibility": "private" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.runner", - "mode": "managed", - "type": "local_file", - "name": "env", - "provider": "provider[\"registry.terraform.io/hashicorp/local\"]", - "instances": [ - { - "index_key": "aws-image-pipeline", - "schema_version": 0, - "attributes": { - "content": "NODE_TLS_REJECT_UNAUTHORIZED=0\nLANG=en_US.UTF-8", - "content_base64": null, - "content_base64sha256": "hjukrj+7PjBRu4QVzbayQxRmCLJfjkX8Kw8DWfGzpYU=", - "content_base64sha512": "SbU6liwc37tOavPIjF2dp104aoJIKQHB6f72wA0reAb+QPyNgkRRQe33WiV/A9A4WLkb+bTK/NycUdhHXE2viw==", - "content_md5": "571d647ad4e7189b47c950353f725050", - "content_sha1": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "content_sha256": "863ba4ae3fbb3e3051bb8415cdb6b243146608b25f8e45fc2b0f0359f1b3a585", - "content_sha512": "49b53a962c1cdfbb4e6af3c88c5d9da75d386a82482901c1e9fef6c00d2b7806fe40fc8d82445141edf75a257f03d03858b91bf9b4cafcdc9c51d8475c4daf8b", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "/apps/terraform/workspaces/arnol377/git/ghe-runner/aws-image-pipeline/.env", - "id": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - }, - { - "index_key": "image-pipeline-ansible-playbooks", - "schema_version": 0, - "attributes": { - "content": "NODE_TLS_REJECT_UNAUTHORIZED=0\nLANG=en_US.UTF-8", - "content_base64": null, - "content_base64sha256": "hjukrj+7PjBRu4QVzbayQxRmCLJfjkX8Kw8DWfGzpYU=", - "content_base64sha512": "SbU6liwc37tOavPIjF2dp104aoJIKQHB6f72wA0reAb+QPyNgkRRQe33WiV/A9A4WLkb+bTK/NycUdhHXE2viw==", - "content_md5": "571d647ad4e7189b47c950353f725050", - "content_sha1": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "content_sha256": "863ba4ae3fbb3e3051bb8415cdb6b243146608b25f8e45fc2b0f0359f1b3a585", - "content_sha512": "49b53a962c1cdfbb4e6af3c88c5d9da75d386a82482901c1e9fef6c00d2b7806fe40fc8d82445141edf75a257f03d03858b91bf9b4cafcdc9c51d8475c4daf8b", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-ansible-playbooks/.env", - "id": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - }, - { - "index_key": "image-pipeline-goss-testing", - "schema_version": 0, - "attributes": { - "content": "NODE_TLS_REJECT_UNAUTHORIZED=0\nLANG=en_US.UTF-8", - "content_base64": null, - "content_base64sha256": "hjukrj+7PjBRu4QVzbayQxRmCLJfjkX8Kw8DWfGzpYU=", - "content_base64sha512": "SbU6liwc37tOavPIjF2dp104aoJIKQHB6f72wA0reAb+QPyNgkRRQe33WiV/A9A4WLkb+bTK/NycUdhHXE2viw==", - "content_md5": "571d647ad4e7189b47c950353f725050", - "content_sha1": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "content_sha256": "863ba4ae3fbb3e3051bb8415cdb6b243146608b25f8e45fc2b0f0359f1b3a585", - "content_sha512": "49b53a962c1cdfbb4e6af3c88c5d9da75d386a82482901c1e9fef6c00d2b7806fe40fc8d82445141edf75a257f03d03858b91bf9b4cafcdc9c51d8475c4daf8b", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-goss-testing/.env", - "id": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - }, - { - "index_key": "linux-image-pipeline", - "schema_version": 0, - "attributes": { - "content": "NODE_TLS_REJECT_UNAUTHORIZED=0\nLANG=en_US.UTF-8", - "content_base64": null, - "content_base64sha256": "hjukrj+7PjBRu4QVzbayQxRmCLJfjkX8Kw8DWfGzpYU=", - "content_base64sha512": "SbU6liwc37tOavPIjF2dp104aoJIKQHB6f72wA0reAb+QPyNgkRRQe33WiV/A9A4WLkb+bTK/NycUdhHXE2viw==", - "content_md5": "571d647ad4e7189b47c950353f725050", - "content_sha1": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "content_sha256": "863ba4ae3fbb3e3051bb8415cdb6b243146608b25f8e45fc2b0f0359f1b3a585", - "content_sha512": "49b53a962c1cdfbb4e6af3c88c5d9da75d386a82482901c1e9fef6c00d2b7806fe40fc8d82445141edf75a257f03d03858b91bf9b4cafcdc9c51d8475c4daf8b", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "/apps/terraform/workspaces/arnol377/git/ghe-runner/linux-image-pipeline/.env", - "id": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - }, - { - "index_key": "windows-image-pipeline", - "schema_version": 0, - "attributes": { - "content": "NODE_TLS_REJECT_UNAUTHORIZED=0\nLANG=en_US.UTF-8", - "content_base64": null, - "content_base64sha256": "hjukrj+7PjBRu4QVzbayQxRmCLJfjkX8Kw8DWfGzpYU=", - "content_base64sha512": "SbU6liwc37tOavPIjF2dp104aoJIKQHB6f72wA0reAb+QPyNgkRRQe33WiV/A9A4WLkb+bTK/NycUdhHXE2viw==", - "content_md5": "571d647ad4e7189b47c950353f725050", - "content_sha1": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "content_sha256": "863ba4ae3fbb3e3051bb8415cdb6b243146608b25f8e45fc2b0f0359f1b3a585", - "content_sha512": "49b53a962c1cdfbb4e6af3c88c5d9da75d386a82482901c1e9fef6c00d2b7806fe40fc8d82445141edf75a257f03d03858b91bf9b4cafcdc9c51d8475c4daf8b", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "/apps/terraform/workspaces/arnol377/git/ghe-runner/windows-image-pipeline/.env", - "id": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - } - ] - }, - { - "module": "module.runner", - "mode": "managed", - "type": "local_file", - "name": "supervisorctl", - "provider": "provider[\"registry.terraform.io/hashicorp/local\"]", - "instances": [ - { - "index_key": "aws-image-pipeline", - "schema_version": 0, - "attributes": { - "content": "[program:aws-image-pipeline]\ndirectory=/apps/terraform/workspaces/arnol377/git/ghe-runner/aws-image-pipeline ; directory to cwd to before exec (def no cwd)\ncommand=/apps/terraform/workspaces/arnol377/git/ghe-runner/aws-image-pipeline/run.sh\n;numprocs=1 ; number of processes copies to start (def 1)\nautostart=true ; start at supervisord start (default: true)\n;startsecs=1 ; # of secs prog must stay up to be running (def. 1)\nstartretries=3 ; max # of serial start failures when starting (default 3)\nautorestart=true\nstdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/aws-image-pipeline/runner.log ; stdout log path, NONE for none; default AUTO\nstdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10)\nstdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)\nstderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/aws-image-pipeline/runner_error.log ; stderr log path, NONE for none; default AUTO\nstderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10)\nstderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)", - "content_base64": null, - "content_base64sha256": "goKqhad13qLKcO/zTPtlAtwiIYwPoZVKSWD4vLoZVyI=", - "content_base64sha512": "J3bbhrIjipzmKZMqlVsMmoSeJY/pcNPay2Vj0eLHSmqvpYb8vRW5nYa/Y5BgL8v+0jdaEkzBWO2ElQk7XM8G4A==", - "content_md5": "63f4fcbc7871dcaf800df45240394590", - "content_sha1": "b229058e47aed45386fc120477bb64f2282dcb95", - "content_sha256": "8282aa85a775dea2ca70eff34cfb6502dc22218c0fa1954a4960f8bcba195722", - "content_sha512": "2776db86b2238a9ce629932a955b0c9a849e258fe970d3dacb6563d1e2c74a6aafa586fcbd15b99d86bf6390602fcbfed2375a124cc158ed8495093b5ccf06e0", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "./supervisor/aws-image-pipeline.conf", - "id": "b229058e47aed45386fc120477bb64f2282dcb95", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - }, - { - "index_key": "image-pipeline-ansible-playbooks", - "schema_version": 0, - "attributes": { - "content": "[program:image-pipeline-ansible-playbooks]\ndirectory=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-ansible-playbooks ; directory to cwd to before exec (def no cwd)\ncommand=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-ansible-playbooks/run.sh\n;numprocs=1 ; number of processes copies to start (def 1)\nautostart=true ; start at supervisord start (default: true)\n;startsecs=1 ; # of secs prog must stay up to be running (def. 1)\nstartretries=3 ; max # of serial start failures when starting (default 3)\nautorestart=true\nstdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-ansible-playbooks/runner.log ; stdout log path, NONE for none; default AUTO\nstdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10)\nstdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)\nstderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-ansible-playbooks/runner_error.log ; stderr log path, NONE for none; default AUTO\nstderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10)\nstderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)", - "content_base64": null, - "content_base64sha256": "cmCeaFP3EIZRLhmkKID8csVONazdzxV4oTNk9QwM83c=", - "content_base64sha512": "f2+V1fXzy7kfRi1PsqhDw00l9szUCbVaYuu7hRfFc8qs17B4njeTO+G7D9LMxAB6bjkPfFs8Gg+3LdxE3cJqfg==", - "content_md5": "fc6190dde467eeb11b1398d0796cecf6", - "content_sha1": "2a416c4d5f3666392d90fb7e75948a9b891c8a1c", - "content_sha256": "72609e6853f71086512e19a42880fc72c54e35acddcf1578a13364f50c0cf377", - "content_sha512": "7f6f95d5f5f3cbb91f462d4fb2a843c34d25f6ccd409b55a62ebbb8517c573caacd7b0789e37933be1bb0fd2ccc4007a6e390f7c5b3c1a0fb72ddc44ddc26a7e", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "./supervisor/image-pipeline-ansible-playbooks.conf", - "id": "2a416c4d5f3666392d90fb7e75948a9b891c8a1c", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - }, - { - "index_key": "image-pipeline-goss-testing", - "schema_version": 0, - "attributes": { - "content": "[program:image-pipeline-goss-testing]\ndirectory=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-goss-testing ; directory to cwd to before exec (def no cwd)\ncommand=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-goss-testing/run.sh\n;numprocs=1 ; number of processes copies to start (def 1)\nautostart=true ; start at supervisord start (default: true)\n;startsecs=1 ; # of secs prog must stay up to be running (def. 1)\nstartretries=3 ; max # of serial start failures when starting (default 3)\nautorestart=true\nstdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-goss-testing/runner.log ; stdout log path, NONE for none; default AUTO\nstdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10)\nstdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)\nstderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/image-pipeline-goss-testing/runner_error.log ; stderr log path, NONE for none; default AUTO\nstderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10)\nstderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)", - "content_base64": null, - "content_base64sha256": "TF9TyUoheXICZ8Ln6QbeEdJsAKA0zojhr7JzVVCDprE=", - "content_base64sha512": "NFo3X/mO/geWs36p/+lKXU9yOQcmvf4dMp/7bXr6CFaYGwSfOABvgVXgvyKuctBaac4U8PfSvFCtLH9G04/YZg==", - "content_md5": "5c05e2b496296cc9c59d655fb89cdd01", - "content_sha1": "9cc53fa7963b9d7464fb22f7bb84eed064a790c9", - "content_sha256": "4c5f53c94a2179720267c2e7e906de11d26c00a034ce88e1afb273555083a6b1", - "content_sha512": "345a375ff98efe0796b37ea9ffe94a5d4f72390726bdfe1d329ffb6d7afa0856981b049f38006f8155e0bf22ae72d05a69ce14f0f7d2bc50ad2c7f46d38fd866", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "./supervisor/image-pipeline-goss-testing.conf", - "id": "9cc53fa7963b9d7464fb22f7bb84eed064a790c9", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - }, - { - "index_key": "linux-image-pipeline", - "schema_version": 0, - "attributes": { - "content": "[program:linux-image-pipeline]\ndirectory=/apps/terraform/workspaces/arnol377/git/ghe-runner/linux-image-pipeline ; directory to cwd to before exec (def no cwd)\ncommand=/apps/terraform/workspaces/arnol377/git/ghe-runner/linux-image-pipeline/run.sh\n;numprocs=1 ; number of processes copies to start (def 1)\nautostart=true ; start at supervisord start (default: true)\n;startsecs=1 ; # of secs prog must stay up to be running (def. 1)\nstartretries=3 ; max # of serial start failures when starting (default 3)\nautorestart=true\nstdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/linux-image-pipeline/runner.log ; stdout log path, NONE for none; default AUTO\nstdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10)\nstdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)\nstderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/linux-image-pipeline/runner_error.log ; stderr log path, NONE for none; default AUTO\nstderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10)\nstderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)", - "content_base64": null, - "content_base64sha256": "jIB51lPAa2/pDtd8YQojmDAfypuT3T1v3MOgzwaiaWs=", - "content_base64sha512": "55z+hu6PhT9pJpSW4g7mWdB/ezb54qGQJbTiuHpuSos0Rx9+45UqASetnzOUhH7UFuWopMebCw037n3L3SQIjg==", - "content_md5": "4f3f24cdcffb3856268aeb722672a4ab", - "content_sha1": "5f016f99cab492f889226d48bf1c12eab03c2d29", - "content_sha256": "8c8079d653c06b6fe90ed77c610a2398301fca9b93dd3d6fdcc3a0cf06a2696b", - "content_sha512": "e79cfe86ee8f853f69269496e20ee659d07f7b36f9e2a19025b4e2b87a6e4a8b34471f7ee3952a0127ad9f3394847ed416e5a8a4c79b0b0d37ee7dcbdd24088e", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "./supervisor/linux-image-pipeline.conf", - "id": "5f016f99cab492f889226d48bf1c12eab03c2d29", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - }, - { - "index_key": "windows-image-pipeline", - "schema_version": 0, - "attributes": { - "content": "[program:windows-image-pipeline]\ndirectory=/apps/terraform/workspaces/arnol377/git/ghe-runner/windows-image-pipeline ; directory to cwd to before exec (def no cwd)\ncommand=/apps/terraform/workspaces/arnol377/git/ghe-runner/windows-image-pipeline/run.sh\n;numprocs=1 ; number of processes copies to start (def 1)\nautostart=true ; start at supervisord start (default: true)\n;startsecs=1 ; # of secs prog must stay up to be running (def. 1)\nstartretries=3 ; max # of serial start failures when starting (default 3)\nautorestart=true\nstdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/windows-image-pipeline/runner.log ; stdout log path, NONE for none; default AUTO\nstdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10)\nstdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)\nstderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/windows-image-pipeline/runner_error.log ; stderr log path, NONE for none; default AUTO\nstderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10)\nstderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)", - "content_base64": null, - "content_base64sha256": "ciwCZUaTe1bvgtKM5lL0NxB+Gh4OHEvKXYQ/mFrFLtc=", - "content_base64sha512": "sZB4Gm3RumgecmDeFvKGxHL+ZEhuymUL0d/WN9MD6Wr/i+geXK/PSBOvaYv3nsh84uJCSrxl/76Py8G+/qts3g==", - "content_md5": "8a73337b5e245bcbbdf1aa814b8f3d85", - "content_sha1": "de1d1e9b9dd707ed356e63480d6a0c2477cb2f77", - "content_sha256": "722c026546937b56ef82d28ce652f437107e1a1e0e1c4bca5d843f985ac52ed7", - "content_sha512": "b190781a6dd1ba681e7260de16f286c472fe64486eca650bd1dfd637d303e96aff8be81e5cafcf4813af698bf79ec87ce2e2424abc65ffbe8fcbc1befeab6cde", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "./supervisor/windows-image-pipeline.conf", - "id": "de1d1e9b9dd707ed356e63480d6a0c2477cb2f77", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - } - ] - }, - { - "module": "module.runner", - "mode": "managed", - "type": "null_resource", - "name": "install_runner", - "provider": "provider[\"registry.terraform.io/hashicorp/null\"]", - "instances": [ - { - "index_key": "aws-image-pipeline", - "schema_version": 0, - "attributes": { - "id": "167377063895277739", - "triggers": { - "repos": "aws-image-pipeline,linux-image-pipeline,windows-image-pipeline,image-pipeline-goss-testing,image-pipeline-ansible-playbooks" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.runner.local_file.supervisorctl" - ] - }, - { - "index_key": "image-pipeline-ansible-playbooks", - "schema_version": 0, - "attributes": { - "id": "8444992136404658959", - "triggers": { - "repos": "aws-image-pipeline,linux-image-pipeline,windows-image-pipeline,image-pipeline-goss-testing,image-pipeline-ansible-playbooks" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.runner.local_file.supervisorctl" - ] - }, - { - "index_key": "image-pipeline-goss-testing", - "schema_version": 0, - "attributes": { - "id": "8916824004276529952", - "triggers": { - "repos": "aws-image-pipeline,linux-image-pipeline,windows-image-pipeline,image-pipeline-goss-testing,image-pipeline-ansible-playbooks" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.runner.local_file.supervisorctl" - ] - }, - { - "index_key": "linux-image-pipeline", - "schema_version": 0, - "attributes": { - "id": "5098658504687988707", - "triggers": { - "repos": "aws-image-pipeline,linux-image-pipeline,windows-image-pipeline,image-pipeline-goss-testing,image-pipeline-ansible-playbooks" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.runner.local_file.supervisorctl" - ] - }, - { - "index_key": "windows-image-pipeline", - "schema_version": 0, - "attributes": { - "id": "4709777514127541133", - "triggers": { - "repos": "aws-image-pipeline,linux-image-pipeline,windows-image-pipeline,image-pipeline-goss-testing,image-pipeline-ansible-playbooks" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.runner.local_file.supervisorctl" - ] - } - ] - }, - { - "module": "module.runner", - "mode": "managed", - "type": "null_resource", - "name": "register_runner", - "provider": "provider[\"registry.terraform.io/hashicorp/null\"]", - "instances": [ - { - "index_key": "aws-image-pipeline", - "schema_version": 0, - "attributes": { - "id": "1187637572805030232", - "triggers": { - "repos": "aws-image-pipeline,linux-image-pipeline,windows-image-pipeline,image-pipeline-goss-testing,image-pipeline-ansible-playbooks" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.runner.data.github_actions_registration_token.token", - "module.runner.data.github_repository.repository", - "module.runner.github_actions_runner_group.rg", - "module.runner.local_file.env", - "module.runner.local_file.supervisorctl", - "module.runner.null_resource.install_runner" - ] - }, - { - "index_key": "image-pipeline-ansible-playbooks", - "schema_version": 0, - "attributes": { - "id": "1179195919023235710", - "triggers": { - "repos": "aws-image-pipeline,linux-image-pipeline,windows-image-pipeline,image-pipeline-goss-testing,image-pipeline-ansible-playbooks" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.runner.data.github_actions_registration_token.token", - "module.runner.data.github_repository.repository", - "module.runner.github_actions_runner_group.rg", - "module.runner.local_file.env", - "module.runner.local_file.supervisorctl", - "module.runner.null_resource.install_runner" - ] - }, - { - "index_key": "image-pipeline-goss-testing", - "schema_version": 0, - "attributes": { - "id": "8277050170472805959", - "triggers": { - "repos": "aws-image-pipeline,linux-image-pipeline,windows-image-pipeline,image-pipeline-goss-testing,image-pipeline-ansible-playbooks" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.runner.data.github_actions_registration_token.token", - "module.runner.data.github_repository.repository", - "module.runner.github_actions_runner_group.rg", - "module.runner.local_file.env", - "module.runner.local_file.supervisorctl", - "module.runner.null_resource.install_runner" - ] - }, - { - "index_key": "linux-image-pipeline", - "schema_version": 0, - "attributes": { - "id": "3118937862415230253", - "triggers": { - "repos": "aws-image-pipeline,linux-image-pipeline,windows-image-pipeline,image-pipeline-goss-testing,image-pipeline-ansible-playbooks" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.runner.data.github_actions_registration_token.token", - "module.runner.data.github_repository.repository", - "module.runner.github_actions_runner_group.rg", - "module.runner.local_file.env", - "module.runner.local_file.supervisorctl", - "module.runner.null_resource.install_runner" - ] - }, - { - "index_key": "windows-image-pipeline", - "schema_version": 0, - "attributes": { - "id": "6729366528579288901", - "triggers": { - "repos": "aws-image-pipeline,linux-image-pipeline,windows-image-pipeline,image-pipeline-goss-testing,image-pipeline-ansible-playbooks" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.runner.data.github_actions_registration_token.token", - "module.runner.data.github_repository.repository", - "module.runner.github_actions_runner_group.rg", - "module.runner.local_file.env", - "module.runner.local_file.supervisorctl", - "module.runner.null_resource.install_runner" - ] - } - ] - }, - { - "module": "module.runner", - "mode": "managed", - "type": "null_resource", - "name": "supervisorctl_reload", - "provider": "provider[\"registry.terraform.io/hashicorp/null\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "8944391168438319500", - "triggers": { - "repos": "aws-image-pipeline,linux-image-pipeline,windows-image-pipeline,image-pipeline-goss-testing,image-pipeline-ansible-playbooks" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.runner.data.github_actions_registration_token.token", - "module.runner.data.github_repository.repository", - "module.runner.github_actions_runner_group.rg", - "module.runner.local_file.env", - "module.runner.local_file.supervisorctl", - "module.runner.null_resource.install_runner", - "module.runner.null_resource.register_runner" - ] - } - ] - }, - { - "module": "module.tf_workspace_runners", - "mode": "data", - "type": "github_actions_registration_token", - "name": "token", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "automation-repos", - "schema_version": 0, - "attributes": { - "expires_at": 1723827735, - "id": "CSVD/automation-repos", - "repository": "automation-repos", - "token": "AAAAEJPEUN6NU5LOFENWNQTGX6DBO" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.tf_workspace_runners", - "mode": "data", - "type": "github_repository", - "name": "repository", - "provider": "provider[\"registry.terraform.io/hashicorp/github\"]", - "instances": [ - { - "index_key": "automation-repos", - "schema_version": 0, - "attributes": { - "allow_auto_merge": false, - "allow_merge_commit": false, - "allow_rebase_merge": false, - "allow_squash_merge": true, - "archived": false, - "default_branch": "main", - "description": "Automation Repos for Morpheus POC", - "fork": false, - "full_name": "CSVD/automation-repos", - "git_clone_url": "git://github.e.it.census.gov/CSVD/automation-repos.git", - "has_discussions": false, - "has_downloads": false, - "has_issues": true, - "has_projects": true, - "has_wiki": true, - "homepage_url": "", - "html_url": "https://github.e.it.census.gov/CSVD/automation-repos", - "http_clone_url": "https://github.e.it.census.gov/CSVD/automation-repos.git", - "id": "automation-repos", - "is_template": false, - "merge_commit_message": "PR_TITLE", - "merge_commit_title": "MERGE_MESSAGE", - "name": "automation-repos", - "node_id": "MDEwOlJlcG9zaXRvcnk5ODE=", - "pages": [], - "primary_language": "HCL", - "private": true, - "repo_id": 981, - "repository_license": [], - "squash_merge_commit_message": "COMMIT_MESSAGES", - "squash_merge_commit_title": "COMMIT_OR_PR_TITLE", - "ssh_clone_url": "git@github.e.it.census.gov:CSVD/automation-repos.git", - "svn_url": "https://github.e.it.census.gov/CSVD/automation-repos", - "template": [], - "topics": [ - "terraform" - ], - "visibility": "private" - }, - "sensitive_attributes": [] - } - ] - }, - { - "module": "module.tf_workspace_runners", - "mode": "managed", - "type": "local_file", - "name": "env", - "provider": "provider[\"registry.terraform.io/hashicorp/local\"]", - "instances": [ - { - "index_key": "automation-repos", - "schema_version": 0, - "attributes": { - "content": "NODE_TLS_REJECT_UNAUTHORIZED=0\nLANG=en_US.UTF-8", - "content_base64": null, - "content_base64sha256": "hjukrj+7PjBRu4QVzbayQxRmCLJfjkX8Kw8DWfGzpYU=", - "content_base64sha512": "SbU6liwc37tOavPIjF2dp104aoJIKQHB6f72wA0reAb+QPyNgkRRQe33WiV/A9A4WLkb+bTK/NycUdhHXE2viw==", - "content_md5": "571d647ad4e7189b47c950353f725050", - "content_sha1": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "content_sha256": "863ba4ae3fbb3e3051bb8415cdb6b243146608b25f8e45fc2b0f0359f1b3a585", - "content_sha512": "49b53a962c1cdfbb4e6af3c88c5d9da75d386a82482901c1e9fef6c00d2b7806fe40fc8d82445141edf75a257f03d03858b91bf9b4cafcdc9c51d8475c4daf8b", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "/apps/terraform/workspaces/arnol377/git/ghe-runner/automation-repos/.env", - "id": "0992362ec0c2ec12c1eeef49b680cad8f0d8670a", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - } - ] - }, - { - "module": "module.tf_workspace_runners", - "mode": "managed", - "type": "local_file", - "name": "supervisorctl", - "provider": "provider[\"registry.terraform.io/hashicorp/local\"]", - "instances": [ - { - "index_key": "automation-repos", - "schema_version": 0, - "attributes": { - "content": "[program:automation-repos]\ndirectory=/apps/terraform/workspaces/arnol377/git/ghe-runner/automation-repos ; directory to cwd to before exec (def no cwd)\ncommand=/apps/terraform/workspaces/arnol377/git/ghe-runner/automation-repos/run.sh\n;numprocs=1 ; number of processes copies to start (def 1)\nautostart=true ; start at supervisord start (default: true)\n;startsecs=1 ; # of secs prog must stay up to be running (def. 1)\nstartretries=3 ; max # of serial start failures when starting (default 3)\nautorestart=true\nstdout_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/automation-repos/runner.log ; stdout log path, NONE for none; default AUTO\nstdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10)\nstdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)\nstderr_logfile=/apps/terraform/workspaces/arnol377/git/ghe-runner/automation-repos/runner_error.log ; stderr log path, NONE for none; default AUTO\nstderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)\nstderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10)\nstderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)", - "content_base64": null, - "content_base64sha256": "jSviPBeKLUwT9Q+3zVyhdSFeDqjAH2Mt3CL2a1yibpU=", - "content_base64sha512": "ZZLCmARxk52QxgaisSAVfltt8QdKHqMRFrFza1ULkjdA5KhwbnKynUET7i2ikd2Fsc7mG/G0De6gU56zod48hA==", - "content_md5": "f71d0d222b953987e7739f79ca0cc106", - "content_sha1": "65eb0d24b79d343b913922137d0505bca429c654", - "content_sha256": "8d2be23c178a2d4c13f50fb7cd5ca175215e0ea8c01f632ddc22f66b5ca26e95", - "content_sha512": "6592c2980471939d90c606a2b120157e5b6df1074a1ea31116b1736b550b923740e4a8706e72b29d4113ee2da291dd85b1cee61bf1b40deea0539eb3a1de3c84", - "directory_permission": "0777", - "file_permission": "0777", - "filename": "./supervisor/automation-repos.conf", - "id": "65eb0d24b79d343b913922137d0505bca429c654", - "sensitive_content": null, - "source": null - }, - "sensitive_attributes": [ - [ - { - "type": "get_attr", - "value": "sensitive_content" - } - ] - ] - } - ] - }, - { - "module": "module.tf_workspace_runners", - "mode": "managed", - "type": "null_resource", - "name": "install_runner", - "provider": "provider[\"registry.terraform.io/hashicorp/null\"]", - "instances": [ - { - "index_key": "automation-repos", - "schema_version": 0, - "attributes": { - "id": "3548973422666814197", - "triggers": { - "repos": "automation-repos" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.tf_workspace_runners.local_file.supervisorctl" - ] - } - ] - }, - { - "module": "module.tf_workspace_runners", - "mode": "managed", - "type": "null_resource", - "name": "register_runner", - "provider": "provider[\"registry.terraform.io/hashicorp/null\"]", - "instances": [ - { - "index_key": "automation-repos", - "schema_version": 0, - "attributes": { - "id": "4622048817907345114", - "triggers": { - "repos": "automation-repos" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.tf_workspace_runners.data.github_actions_registration_token.token", - "module.tf_workspace_runners.data.github_repository.repository", - "module.tf_workspace_runners.github_actions_runner_group.rg", - "module.tf_workspace_runners.local_file.env", - "module.tf_workspace_runners.local_file.supervisorctl", - "module.tf_workspace_runners.null_resource.install_runner" - ] - } - ] - }, - { - "module": "module.tf_workspace_runners", - "mode": "managed", - "type": "null_resource", - "name": "supervisorctl_reload", - "provider": "provider[\"registry.terraform.io/hashicorp/null\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "id": "3192770779385682437", - "triggers": { - "repos": "automation-repos" - } - }, - "sensitive_attributes": [], - "dependencies": [ - "module.tf_workspace_runners.data.github_actions_registration_token.token", - "module.tf_workspace_runners.data.github_repository.repository", - "module.tf_workspace_runners.github_actions_runner_group.rg", - "module.tf_workspace_runners.local_file.env", - "module.tf_workspace_runners.local_file.supervisorctl", - "module.tf_workspace_runners.null_resource.install_runner", - "module.tf_workspace_runners.null_resource.register_runner" - ] - } - ] - } - ], - "check_results": null -} diff --git a/varfiles/automation-repos.tfvar b/varfiles/automation-repos.tfvar deleted file mode 100644 index d4129b1..0000000 --- a/varfiles/automation-repos.tfvar +++ /dev/null @@ -1,23 +0,0 @@ -# The name of the ECS cluster -image_name = "github-runner" -image_version = "1.23.0" - -ecs_cluster_name = "automation-repo-runners" -vpc_id = "vpc-00576a396ec570b94" - -namespace = "csvd-ghe-runner" -repo_org = "CSVD" - -subnets = [ - "subnet-04b80d7ce5199f82b" -] - -security_groups = [ - # "sg-0d828d223df9834a6" - "sg-0641c697588b9aa6b" -] - -certs = { - bucket = "image-pipeline-assets" - key = "katello-server-ca.pem" -} diff --git a/windows-image-pipeline/config.sh b/windows-image-pipeline/config.sh deleted file mode 100755 index 14cc6ba..0000000 --- a/windows-image-pipeline/config.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -user_id=`id -u` - -# we want to snapshot the environment of the config user -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run with sudo" - exit 1 -fi - -# Check dotnet Core 6.0 dependencies for Linux -if [[ (`uname` == "Linux") ]] -then - command -v ldd > /dev/null - if [ $? -ne 0 ] - then - echo "Can not find 'ldd'. Please install 'ldd' and try again." - exit 1 - fi - - message="Execute sudo ./bin/installdependencies.sh to install any missing Dotnet Core 6.0 dependencies." - - ldd ./bin/libcoreclr.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.Security.Cryptography.Native.OpenSsl.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - ldd ./bin/libSystem.IO.Compression.Native.so | grep 'not found' - if [ $? -eq 0 ]; then - echo "Dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi - - if ! [ -x "$(command -v ldconfig)" ]; then - LDCONFIG_COMMAND="/sbin/ldconfig" - if ! [ -x "$LDCONFIG_COMMAND" ]; then - echo "Can not find 'ldconfig' in PATH and '/sbin/ldconfig' doesn't exists either. Please install 'ldconfig' and try again." - exit 1 - fi - else - LDCONFIG_COMMAND="ldconfig" - fi - - libpath=${LD_LIBRARY_PATH:-} - $LDCONFIG_COMMAND -NXv ${libpath//:/ } 2>&1 | grep libicu >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "Libicu's dependencies is missing for Dotnet Core 6.0" - echo $message - exit 1 - fi -fi - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" -cd "$DIR" - -source ./env.sh - -shopt -s nocasematch -if [[ "$1" == "remove" ]]; then - ./bin/Runner.Listener "$@" -else - ./bin/Runner.Listener configure "$@" -fi diff --git a/windows-image-pipeline/env.sh b/windows-image-pipeline/env.sh deleted file mode 100755 index 641d244..0000000 --- a/windows-image-pipeline/env.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -varCheckList=( - 'LANG' - 'JAVA_HOME' - 'ANT_HOME' - 'M2_HOME' - 'ANDROID_HOME' - 'ANDROID_SDK_ROOT' - 'GRADLE_HOME' - 'NVM_BIN' - 'NVM_PATH' - 'LD_LIBRARY_PATH' - 'PERL5LIB' - ) - -envContents="" - -if [ -f ".env" ]; then - envContents=`cat .env` -else - touch .env -fi - -function writeVar() -{ - checkVar="$1" - checkDelim="${1}=" - if test "${envContents#*$checkDelim}" = "$envContents" - then - if [ ! -z "${!checkVar}" ]; then - echo "${checkVar}=${!checkVar}">>.env - fi - fi -} - -echo $PATH>.path - -for var_name in ${varCheckList[@]} -do - writeVar "${var_name}" -done diff --git a/windows-image-pipeline/run-helper.cmd.template b/windows-image-pipeline/run-helper.cmd.template deleted file mode 100644 index 23e4246..0000000 --- a/windows-image-pipeline/run-helper.cmd.template +++ /dev/null @@ -1,53 +0,0 @@ -@echo off -SET UPDATEFILE=update.finished -"%~dp0\bin\Runner.Listener.exe" run %* - -rem using `if %ERRORLEVEL% EQU N` insterad of `if ERRORLEVEL N` -rem `if ERRORLEVEL N` means: error level is N or MORE - -if %ERRORLEVEL% EQU 0 ( - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 1 ( - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit /b 0 -) - -if %ERRORLEVEL% EQU 2 ( - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - ping 127.0.0.1 -n 6 -w 1000 >NUL - exit /b 1 -) - -if %ERRORLEVEL% EQU 3 ( - rem Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -if %ERRORLEVEL% EQU 4 ( - rem Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - FOR /L %%G IN (1,1,30) DO ( - IF EXIST %UPDATEFILE% ( - echo "Update finished successfully." - del %FILE% - exit /b 1 - ) - ping 127.0.0.1 -n 2 -w 1000 >NUL - ) - exit /b 1 -) - -echo "Exiting after unknown error code: %ERRORLEVEL%" -exit /b 0 \ No newline at end of file diff --git a/windows-image-pipeline/run-helper.sh b/windows-image-pipeline/run-helper.sh deleted file mode 100755 index 743fd8b..0000000 --- a/windows-image-pipeline/run-helper.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/windows-image-pipeline/run-helper.sh.template b/windows-image-pipeline/run-helper.sh.template deleted file mode 100755 index 743fd8b..0000000 --- a/windows-image-pipeline/run-helper.sh.template +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Validate not sudo -user_id=`id -u` -if [ $user_id -eq 0 -a -z "$RUNNER_ALLOW_RUNASROOT" ]; then - echo "Must not run interactively with sudo" - exit 1 -fi - -# Run -shopt -s nocasematch - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -# Wait for docker to start -if [ ! -z "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" ]; then - if [ "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS" -gt 0 ]; then - echo "Waiting for docker to be ready." - for i in $(seq "$RUNNER_WAIT_FOR_DOCKER_IN_SECONDS"); do - if docker ps > /dev/null 2>&1; then - echo "Docker is ready." - break - fi - "$DIR"/safe_sleep.sh 1 - done - fi -fi - -updateFile="update.finished" -"$DIR"/bin/Runner.Listener run $* - -returnCode=$? -if [[ $returnCode == 0 ]]; then - echo "Runner listener exit with 0 return code, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 1 ]]; then - echo "Runner listener exit with terminated error, stop the service, no retry needed." - exit 0 -elif [[ $returnCode == 2 ]]; then - echo "Runner listener exit with retryable error, re-launch runner in 5 seconds." - "$DIR"/safe_sleep.sh 5 - exit 2 -elif [[ $returnCode == 3 ]]; then - # Wait for 30 seconds or for flag file to exists for the runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -elif [[ $returnCode == 4 ]]; then - # Wait for 30 seconds or for flag file to exists for the ephemeral runner update process finish - echo "Runner listener exit because of updating, re-launch runner after successful update" - for i in {0..30}; do - if test -f "$updateFile"; then - echo "Update finished successfully." - rm "$updateFile" - break - fi - "$DIR"/safe_sleep.sh 1 - done - exit 2 -else - echo "Exiting with unknown error code: ${returnCode}" - exit 0 -fi diff --git a/windows-image-pipeline/run.sh b/windows-image-pipeline/run.sh deleted file mode 100755 index 6b02ea1..0000000 --- a/windows-image-pipeline/run.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -# Change directory to the script root directory -# https://stackoverflow.com/questions/59895/getting-the-source-directory-of-a-bash-script-from-within -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -run() { - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - exit 0 - fi - done -} - -runWithManualTrap() { - # Set job control - set -m - - trap 'kill -INT -$PID' INT TERM - - # run the helper process which keep the listener alive - while :; - do - cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh - "$DIR"/run-helper.sh $* & - PID=$! - wait -f $PID - returnCode=$? - if [[ $returnCode -eq 2 ]]; then - echo "Restarting runner..." - else - echo "Exiting runner..." - # Unregister signal handling before exit - trap - INT TERM - # wait for last parts to be logged - wait $PID - exit $returnCode - fi - done -} - -function updateCerts() { - local sudo_prefix="" - local user_id=`id -u` - - if [ $user_id -ne 0 ]; then - if [[ ! -x "$(command -v sudo)" ]]; then - echo "Warning: failed to update certificate store: sudo is required but not found" - return 1 - else - sudo_prefix="sudo" - fi - fi - - if [[ -x "$(command -v update-ca-certificates)" ]]; then - eval $sudo_prefix "update-ca-certificates" - elif [[ -x "$(command -v update-ca-trust)" ]]; then - eval $sudo_prefix "update-ca-trust" - else - echo "Warning: failed to update certificate store: update-ca-certificates or update-ca-trust not found. This can happen if you're using a different runner base image." - return 1 - fi -} - -if [[ ! -z "$RUNNER_UPDATE_CA_CERTS" ]]; then - updateCerts -fi - -if [[ -z "$RUNNER_MANUALLY_TRAP_SIG" ]]; then - run $* -else - runWithManualTrap $* -fi \ No newline at end of file diff --git a/windows-image-pipeline/safe_sleep.sh b/windows-image-pipeline/safe_sleep.sh deleted file mode 100755 index 7ba5be3..0000000 --- a/windows-image-pipeline/safe_sleep.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -SECONDS=0 -while [[ $SECONDS != $1 ]]; do - : -done diff --git a/windows-image-pipeline/svc.sh b/windows-image-pipeline/svc.sh deleted file mode 100755 index 5efd832..0000000 --- a/windows-image-pipeline/svc.sh +++ /dev/null @@ -1,179 +0,0 @@ -#!/bin/bash - -SVC_NAME="actions.runner._services.windows-image-pipeline.service" -SVC_NAME=${SVC_NAME// /_} -SVC_DESCRIPTION="GitHub Actions Runner (_services.windows-image-pipeline)" - -SVC_CMD=$1 -arg_2=${2} - -RUNNER_ROOT=`pwd` - -UNIT_PATH=/etc/systemd/system/${SVC_NAME} -TEMPLATE_PATH=$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE -IS_CUSTOM_TEMPLATE=0 -if [[ -z $TEMPLATE_PATH ]]; then - TEMPLATE_PATH=./bin/actions.runner.service.template -else - IS_CUSTOM_TEMPLATE=1 -fi -TEMP_PATH=./bin/actions.runner.service.temp -CONFIG_PATH=.service - -user_id=`id -u` - -# systemctl must run as sudo -# this script is a convenience wrapper around systemctl -if [ $user_id -ne 0 ]; then - echo "Must run as sudo" - exit 1 -fi - -function failed() -{ - local error=${1:-Undefined error} - echo "Failed: $error" >&2 - exit 1 -} - -if [ ! -f "${TEMPLATE_PATH}" ]; then - if [[ $IS_CUSTOM_TEMPLATE = 0 ]]; then - failed "Must run from runner root or install is corrupt" - else - failed "Service file at '$GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE' using GITHUB_ACTIONS_RUNNER_SERVICE_TEMPLATE env variable is not found" - fi -fi - -#check if we run as root -if [[ $(id -u) != "0" ]]; then - echo "Failed: This script requires to run with sudo." >&2 - exit 1 -fi - -function install() -{ - echo "Creating launch runner in ${UNIT_PATH}" - if [ -f "${UNIT_PATH}" ]; then - failed "error: exists ${UNIT_PATH}" - fi - - if [ -f "${TEMP_PATH}" ]; then - rm "${TEMP_PATH}" || failed "failed to delete ${TEMP_PATH}" - fi - - # can optionally use username supplied - run_as_user=${arg_2:-$SUDO_USER} - echo "Run as user: ${run_as_user}" - - run_as_uid=$(id -u ${run_as_user}) || failed "User does not exist" - echo "Run as uid: ${run_as_uid}" - - run_as_gid=$(id -g ${run_as_user}) || failed "Group not available" - echo "gid: ${run_as_gid}" - - sed "s/{{User}}/${run_as_user}/g; s/{{Description}}/$(echo ${SVC_DESCRIPTION} | sed -e 's/[\/&]/\\&/g')/g; s/{{RunnerRoot}}/$(echo ${RUNNER_ROOT} | sed -e 's/[\/&]/\\&/g')/g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file" - mv "${TEMP_PATH}" "${UNIT_PATH}" || failed "failed to copy unit file" - - # Recent Fedora based Linux (CentOS/Redhat) has SELinux enabled by default - # We need to restore security context on the unit file we added otherwise SystemD have no access to it. - command -v getenforce > /dev/null - if [ $? -eq 0 ] - then - selinuxEnabled=$(getenforce) - if [[ $selinuxEnabled == "Enforcing" ]] - then - # SELinux is enabled, we will need to Restore SELinux Context for the service file - restorecon -r -v "${UNIT_PATH}" || failed "failed to restore SELinux context on ${UNIT_PATH}" - fi - fi - - # unit file should not be executable and world writable - chmod 664 "${UNIT_PATH}" || failed "failed to set permissions on ${UNIT_PATH}" - systemctl daemon-reload || failed "failed to reload daemons" - - # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user. - cp ./bin/runsvc.sh ./runsvc.sh || failed "failed to copy runsvc.sh" - chown ${run_as_uid}:${run_as_gid} ./runsvc.sh || failed "failed to set owner for runsvc.sh" - chmod 755 ./runsvc.sh || failed "failed to set permission for runsvc.sh" - - systemctl enable ${SVC_NAME} || failed "failed to enable ${SVC_NAME}" - - echo "${SVC_NAME}" > ${CONFIG_PATH} || failed "failed to create .service file" - chown ${run_as_uid}:${run_as_gid} ${CONFIG_PATH} || failed "failed to set permission for ${CONFIG_PATH}" -} - -function start() -{ - systemctl start ${SVC_NAME} || failed "failed to start ${SVC_NAME}" - status -} - -function stop() -{ - systemctl stop ${SVC_NAME} || failed "failed to stop ${SVC_NAME}" - status -} - -function uninstall() -{ - if service_exists; then - stop - systemctl disable ${SVC_NAME} || failed "failed to disable ${SVC_NAME}" - rm "${UNIT_PATH}" || failed "failed to delete ${UNIT_PATH}" - else - echo "Service ${SVC_NAME} is not installed" - fi - if [ -f "${CONFIG_PATH}" ]; then - rm "${CONFIG_PATH}" || failed "failed to delete ${CONFIG_PATH}" - fi - systemctl daemon-reload || failed "failed to reload daemons" -} - -function service_exists() { - if [ -f "${UNIT_PATH}" ]; then - return 0 - else - return 1 - fi -} - -function status() -{ - if service_exists; then - echo - echo "${UNIT_PATH}" - else - echo - echo "not installed" - echo - exit 1 - fi - - systemctl --no-pager status ${SVC_NAME} -} - -function usage() -{ - echo - echo Usage: - echo "./svc.sh [install, start, stop, status, uninstall]" - echo "Commands:" - echo " install [user]: Install runner service as Root or specified user." - echo " start: Manually start the runner service." - echo " stop: Manually stop the runner service." - echo " status: Display status of runner service." - echo " uninstall: Uninstall runner service." - echo -} - -case $SVC_CMD in - "install") install;; - "status") status;; - "uninstall") uninstall;; - "start") start;; - "stop") stop;; - "status") status;; - *) usage;; -esac - -exit 0