diff --git a/README.md b/README.md index 2cfe111..d38d02b 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,10 @@ This repository contains ansible deployment scripts for deploying a variety of R _**macOS notes: On macOS, add `export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES` to your `zshrc`, as ansible have a process forking bug: https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#running-on-macos-as-a-control-node. Also, make sure your `tar` command is `GNU tar`. On macOS, install it by executing `brew install gnu-tar`._ +## Initial playbook runs + +For DigitalOcean Droplets, use `ansible_user=root` in the inventory or CLI until the common playbook is not applied. Once it is done, remove the parameter. + ## Working with Ansible Vault Before inlining any encrypted passwords, carefully consider whether it's truly necessary. Ansible Vault allows you to encrypt strings or files directly within Ansible without needing additional installations. diff --git a/group_vars/private_github_runner.yml b/group_vars/private_github_runner.yml new file mode 100644 index 0000000..a1142e1 --- /dev/null +++ b/group_vars/private_github_runner.yml @@ -0,0 +1,5 @@ +--- +COMMON_SSH_KEY_GITHUB_USERS: + - gabor-boros + - srh + diff --git a/inventory.ini b/inventory.ini index bd80ea3..d6d40da 100644 --- a/inventory.ini +++ b/inventory.ini @@ -3,3 +3,5 @@ download.rethinkdb.com [update_checker] update.rethinkdb.com + +[github_runner] diff --git a/playbooks/private-github-runner.yml b/playbooks/private-github-runner.yml new file mode 100644 index 0000000..2019f03 --- /dev/null +++ b/playbooks/private-github-runner.yml @@ -0,0 +1,12 @@ +--- +- name: Set up private GitHub runner + hosts: github_runner + become: true + roles: + - role: common + tags: + - common + + - role: github-runner + tags: + - github-runner diff --git a/playbooks/roles/github-runner/defaults/main.yml b/playbooks/roles/github-runner/defaults/main.yml new file mode 100644 index 0000000..d7e7e10 --- /dev/null +++ b/playbooks/roles/github-runner/defaults/main.yml @@ -0,0 +1,8 @@ +--- +GITHUB_RUNNER_TOKEN: "{{ lookup('env', 'GITHUB_ACCESS_TOKEN') }}" +GITHUB_RUNNER_VERSION: "latest" +GITHUB_RUNNER_USER: runner +GITHUB_RUNNER_DIRECTORY: "{{ 'C:\\actions-runner' if ansible_facts.system == 'Win32NT' else '/opt/actions-runner' }}" +GITHUB_RUNNER_LABELS: + - "pre-release" + - "rethinkdb-{{ ansible_facts.architecture }}" diff --git a/playbooks/roles/github-runner/tasks/main.yml b/playbooks/roles/github-runner/tasks/main.yml new file mode 100644 index 0000000..9173a76 --- /dev/null +++ b/playbooks/roles/github-runner/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: "Ensure {{ GITHUB_RUNNER_USER }} user exists" + user: + name: "{{ GITHUB_RUNNER_USER }}" + shell: /bin/bash + state: present + +- name: "Ensure {{ GITHUB_RUNNER_DIRECTORY }} exists and owned" + file: + path: "{{ GITHUB_RUNNER_DIRECTORY }}" + state: directory + owner: "{{ GITHUB_RUNNER_USER }}" + +- name: "Install GitHub runner" + import_role: + name: monolithprojects.github_actions_runner + vars: + github_account: rethinkdb + github_repo: rethinkdb + access_token: "{{ GITHUB_RUNNER_TOKEN }}" + runner_name: "rethinkdb-runner-{{ ansible_facts.architecture }}" + runner_version: "{{ GITHUB_RUNNER_VERSION }}" + runner_user: "{{ GITHUB_RUNNER_USER }}" + runner_dir: "{{ GITHUB_RUNNER_DIRECTORY }}" + runner_labels: "{{ GITHUB_RUNNER_LABELS }}" diff --git a/requirements.yml b/requirements.yml index 253c0cd..c18cea8 100644 --- a/requirements.yml +++ b/requirements.yml @@ -15,3 +15,8 @@ roles: src: https://github.com/geerlingguy/ansible-role-certbot.git version: 3b3cc546d123c06b294182c747cacaab83174fca scm: git + + - name: monolithprojects.github_actions_runner + src: https://github.com/MonolithProjects/ansible-github_actions_runner.git + version: ed4b47a28940824d5b25822df41c638e5eba96a5 + scm: git