Merge pull request #26 from MonolithProjects/develop

MonolithProjects · web-flow · commit 97b20e7bca12 · 2020-08-13T15:56:08.000+02:00
Change GitHub API authentication method
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -5,6 +5,7 @@ on:
         branches:
             - master
             - develop
+            - feature/*
     schedule:
         - cron: '0 6 * * 0'
 jobs:
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ This role will deploy/redeploy/uninstall and register/unregister local GitHub Ac
 
 * System must have access to the GitHub.
 
-* The role require Personal Access Token for the GitHub user. The token has to be a value of `PERSONAL_ACCESS_TOKEN` variable.
+* The role require Personal Access Token to access the GitHub. The token has to be a value of `PERSONAL_ACCESS_TOKEN` variable.
 Export the token to the local host environment. The token has to have admin rights for the repo.  
 Personal Access Token for GitHub account can be created [here](https://github.com/settings/tokens).  
 **Note:** Never store you personal access token in the GitHub repository. Use [GitHub Secrets](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) or some different secrets service.
@@ -51,13 +51,13 @@ replace_runner: yes
 # Do not show Ansible logs which may contain sensitive data (registration token)
 hide_sensitive_logs: yes
 
-# Personal Access Token for your GitHub account
-access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
-
 # GitHub address
 github_server: "https://github.com"
 
-# GitHub account name
+# Personal Access Token
+access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
+
+# Account used for Runner registration (GitHub Repository user with admin rights or Organization owner)
 # github_account: "youruser"
 
 # Github repository name
@@ -66,7 +66,7 @@ github_server: "https://github.com"
 
 ## Example Playbook
 
-In this example the role will deploy (or redeploy) the GitHub Actions runner service (latest available version) and register the runner for the GitHub repo.
+In this example the Ansible role will deploy (or redeploy) the GitHub Actions runner service (latest available version) and register the runner for the GitHub repo.
 Runner service will run under the same user as the Ansible is using for ssh connection (*ansible*).
 
 ```yaml
@@ -76,13 +76,13 @@ Runner service will run under the same user as the Ansible is using for ssh conn
   user: ansible
   become: yes
   vars:
-    - github_account: my-github-user
+    - github_account: github-access-user
     - github_repo: my_awesome_repo
   roles:
     - role: monolithprojects.github_actions_runner
 ```
 
-In this example the role will deploy (or redeploy) the GitHub Actions runner service (version 2.165.2) and register the runner for the GitHub repo. Runner service will run under the used `runner-user`.
+In this example the Ansible role will deploy (or redeploy) the GitHub Actions runner service (version 2.165.2) and register the runner for the GitHub repo. Runner service will run under the user `runner-user`.
 
 ```yaml
 ---
@@ -92,7 +92,7 @@ In this example the role will deploy (or redeploy) the GitHub Actions runner ser
   vars:
     - runner_version: "2.165.2"
     - runner_user: runner-user
-    - github_account: my-github-user
+    - github_account: github-access-user
     - github_repo: my_awesome_repo
   roles:
     - role: monolithprojects.github_actions_runner
@@ -104,12 +104,10 @@ By using tag `uninstall`, GitHub Actions runner will be removed from the host an
 ansible-playbook playbook.yml --tags uninstall
 ```
 
-License
--------
+## License
 
 MIT
 
-Author Information
-------------------
+## Author Information
 
 Created in 2020 by Michal Muransky
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -14,13 +14,13 @@ replace_runner: yes
 # Do not show Ansible logs which may contain sensitive data (registration token)
 hide_sensitive_logs: yes
 
-# Personal Access Token for your GitHub account
-access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
-
 # GitHub address
 github_server: "https://github.com"
 
-# GitHub account name
+# Personal Access Token for your GitHub account
+access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
+
+# GitHub Repository user or Organization owner used for Runner registration
 # github_account: "youruser"
 
 # Github repository name
diff --git a/tasks/collect_info.yml b/tasks/collect_info.yml
@@ -2,8 +2,9 @@
 - name: Get registration token (RUN ONCE)
   uri:
     url: "https://api.github.com/repos/{{ github_account }}/{{ github_repo }}/actions/runners/registration-token"
-    user: "{{ github_account }}"
-    password: "{{ access_token }}"
+    headers:
+      Authorization: "token {{ access_token }}"
+      Accept: "application/vnd.github.v3+json"
     method: POST
     status_code: 201
     force_basic_auth: yes
@@ -16,8 +17,9 @@
 - name: Check currently registered runners (RUN ONCE)
   uri:
     url: "https://api.github.com/repos/{{ github_account }}/{{ github_repo }}/actions/runners"
-    user: "{{ github_account }}"
-    password: "{{ access_token }}"
+    headers:
+      Authorization: "token {{ access_token }}"
+      Accept: "application/vnd.github.v3+json"
     method: GET
     status_code: 200
     force_basic_auth: yes
@@ -35,7 +37,7 @@
 
 - name: Combine Github account and repo names
   set_fact:
-    svc_name: "{{ github_account }}-{{ github_repo }}"
+    svc_name: "{{ github_owner | default(github_account) }}-{{ github_repo }}"
   tags:
     - install
     - uninstall
diff --git a/tasks/install_runner.yml b/tasks/install_runner.yml
@@ -13,8 +13,9 @@
 - name: Find the latest runner version (RUN ONCE)
   uri:
     url: "https://api.github.com/repos/actions/runner/releases/latest"
-    url_username: "{{ github_account }}"
-    url_password: "{{ access_token }}"
+    headers:
+      Authorization: "token {{ access_token }}"
+      Accept: "application/vnd.github.v3+json"
     method: GET
     force_basic_auth: yes
     return_content: yes
@@ -51,7 +52,7 @@
     - install
 
 - name: Register runner (if new installation)
-  command: "{{ runner_dir }}/./config.sh --url {{ github_server }}/{{ github_account }}/{{ github_repo }} \
+  command: "{{ runner_dir }}/./config.sh --url {{ github_server }}/{{ github_owner | default(github_account) }}/{{ github_repo }} \
             --token {{ registration.json.token }} --unattended"
   args:
     chdir: "{{ runner_dir }}"
@@ -63,7 +64,7 @@
     - install
 
 - name: Replace registered runner
-  command: "{{ runner_dir }}/config.sh --url {{ github_server }}/{{ github_account }}/{{ github_repo }} \
+  command: "{{ runner_dir }}/config.sh --url {{ github_server }}/{{ github_owner | default(github_account) }}/{{ github_repo }} \
             --token {{ registration.json.token }} --unattended --replace"
   args:
     chdir: "{{ runner_dir }}"
