Convert runners to be org runners

ministryofjustice · Jan 9, 2025 · 32fb0fa · 32fb0fa
1 parent 115db12
commit 32fb0fa
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 19 deletions.
diff --git a/.github/actions/cloud-platform-deploy/action.yml b/.github/actions/cloud-platform-deploy/action.yml
@@ -26,8 +26,8 @@ inputs:
   gh_auth_token:
     description: Auth token for Github
     required: true
-  github_repository:
-    description: The repository in which the runners are deployed
+  github_org:
+    description: The github org in which the runners are deployed
     required: true
   runner_labels:
     description: The labels for the runners
@@ -73,5 +73,5 @@ runs:
           --wait \
           --set generic-service.env.GH_AUTH_TOKEN="${{ inputs.gh_auth_token }}" \
           --set generic-service.env.RUNNER_LABELS="${{ inputs.runner_labels }}" \
-          --set generic-service.env.GITHUB_REPOSITORY="${{ inputs.github_repository }}" 
+          --set generic-service.env.GH_ORG="${{ inputs.github_org }}" 
           
diff --git a/.github/actions/runner-cleanup/action.yml b/.github/actions/runner-cleanup/action.yml
@@ -6,8 +6,8 @@ inputs:
   qty_runners:
     description: 'Number of expected runners'
     default: '1'
-  github_repository:
-    description: 'The repository in which the runners are deployed'
+  github_org:
+    description: 'The github org in which the runners are deployed'
 
 runs:
   using: "composite"
@@ -29,11 +29,11 @@ runs:
       # Attempts to remove any offline runners - giving time for old ones to expire
       def main():
         expected_number_of_runners=os.getenv('qty_runners',1)
-        github_repository=os.getenv('github_repository')
+        github_org=os.getenv('github_org')
         auth = Auth.Token(os.getenv('gh_auth_token'))
-        print(f'Repo name is: {github_repository}')
+        print(f'Repo name is: {github_org}')
         g = Github(auth=auth)
-        repo = g.get_repo(github_repository)
+        repo = g.get_repo(github_org)
         offline_deleted=False
         qty_runners=retry_count=0
         while qty_runners!=expected_number_of_runners and retry_count < 10:
@@ -53,5 +53,5 @@ runs:
         main()
     
     env:
-      github_repository: ${{ inputs.github_repository }}
+      github_org: ${{ inputs.github_org }}
       gh_auth_token: ${{ inputs.gh_auth_token }}
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -58,12 +58,12 @@ jobs:
           namespace: ${{ secrets.KUBE_NAMESPACE }}
           token: ${{ secrets.KUBE_TOKEN }}   
           gh_auth_token: ${{ steps.generate-github-app-tokens.outputs.access-token }}
-          github_repository: ${{ vars.GH_REPOSITORY }}
+          github_org: ${{ github.repository_owner }}
           runner_labels: ${{ vars.RUNNER_LABELS }}
 
       - name: Remove offline runners
         uses: ./.github/actions/runner-cleanup
         with:
           gh_auth_token: ${{ steps.generate-github-app-tokens.outputs.access-token }}
-          github_repository: ${{ vars.GH_REPOSITORY }}
+          github_org: ${{ github.repository_owner }}
 
diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -38,7 +38,7 @@ jobs:
 
   # Only need to deploy to production nowadays
   deploy_to_prod:
-    if : github.ref == 'refs/heads/main'
+    #if : github.ref == 'refs/heads/main'
     name: Deploy to prod
     uses: ./.github/workflows/deploy.yml
     needs:

diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # hmpps-github-actions-runner
-This deploys a self-hosted Github Runner to a single repository named in the repository variables.
+This deploys a self-hosted Github Runner to the organisation.
 
 Documentation about it is [here](https://tech-docs.hmpps.service.justice.gov.uk/sreinternaldocs) 
 
@@ -22,5 +22,5 @@ It's deployed to Cloud Platforms, using Helm.
 ### Repo environment variables
 
 - GH_APP_ID - the corresponding AppId for the Github App
-- GH_REPOSITORY - the repo to which the runner should be registered
+- GH_ORG - the org to which the runner should be registered
 - RUNNER_LABELS - the label by which the runner is invoked
diff --git a/src/usr/local/bin/entrypoint.sh b/src/usr/local/bin/entrypoint.sh
@@ -6,7 +6,7 @@ ACTIONS_RUNNER_DIRECTORY="/actions-runner"
 EPHEMERAL="${EPHEMERAL:-"false"}"
 
 echo "Runner parameters:"
-echo "  Repository: ${GITHUB_REPOSITORY}"
+echo "  GitHub org: ${GH_ORG}"
 echo "  Runner Name: $(hostname)"
 echo "  Runner Labels: ${RUNNER_LABELS}"
 
@@ -16,9 +16,10 @@ getRegistrationToken=$(
     --silent \
     --location \
     --request "POST" \
+    --header "Accept: application/vnd.github+json" \
     --header "X-GitHub-Api-Version: 2022-11-28" \
     --header "Authorization: Bearer ${GH_AUTH_TOKEN}" \
-    https://api.github.com/repos/"${GITHUB_REPOSITORY}"/actions/runners/registration-token | jq -r '.token'
+    https://api.github.com/orgs/${GH_ORG}"/actions/runners/registration-token | jq -r '.token'
 )
 export getRegistrationToken
 
@@ -39,16 +40,17 @@ else
 fi
 
 echo "Checking the runner"
-bash "${ACTIONS_RUNNER_DIRECTORY}/config.sh" --check --url "https://github.com/${GITHUB_REPOSITORY}" --pat ${GH_AUTH_TOKEN}
+bash "${ACTIONS_RUNNER_DIRECTORY}/config.sh" --check --url "https://github.com/${GH_ORG}"" --pat ${GH_AUTH_TOKEN}
 
 echo "Configuring runner"
 bash "${ACTIONS_RUNNER_DIRECTORY}/config.sh" ${EPHEMERAL_FLAG} \
   --unattended \
   --disableupdate \
-  --url "https://github.com/${GITHUB_REPOSITORY}" \
+  --url "https://github.com/${GH_ORG}"" \
   --token "${REPO_TOKEN}" \
   --name "$(hostname)" \
-  --labels "${RUNNER_LABELS}"
+  --labels "${RUNNER_LABELS}" \
+  --runnergroup "hmpps-runners-restricted"
 
 echo "Setting the 'ready' flag for Kubernetes liveness probe"
 touch /tmp/runner.ready