Merge pull request #37 from MonolithProjects/develop

MonolithProjects · web-flow · commit b961f5f1e27d · 2020-10-31T20:09:42.000+01:00
Add support for organization runner
diff --git a/.github/workflows/lifecycle.yml b/.github/workflows/lifecycle.yml
@@ -18,7 +18,7 @@ jobs:
         with:
           path: "${{ github.repository }}"
       - name: Molecule for Ansible - lint
-        uses: MonolithProjects/action-molecule@v1.3.0
+        uses: MonolithProjects/action-molecule@v1.4.0
         with:
           molecule_command: lint    
 
@@ -33,15 +33,31 @@ jobs:
         with:
           path: "${{ github.repository }}"
       - name: Molecule for Ansible - converge Default
-        uses: MonolithProjects/action-molecule@v1.3.0
+        uses: MonolithProjects/action-molecule@v1.4.0
         env:
           PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
         with:
           molecule_command: converge
       - name: Molecule for Ansible - converge tag uninstall
-        uses: MonolithProjects/action-molecule@v1.3.0
+        uses: MonolithProjects/action-molecule@v1.4.0
         env:
           PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
         with:
           molecule_command: converge
+          converge_extra_args: '-e "uninstall_runner=yes" --tags uninstall'
+
+      - name: Molecule for Ansible - converge organizations
+        uses: MonolithProjects/action-molecule@v1.4.0
+        env:
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+        with:
+          molecule_command: converge
+          scenario: organization
+      - name: Molecule for Ansible - converge organizations tag uninstall
+        uses: MonolithProjects/action-molecule@v1.4.0
+        env:
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+        with:
+          molecule_command: converge
+          scenario: organization
           converge_extra_args: '-e "uninstall_runner=yes" --tags uninstall'
diff --git a/README.md b/README.md
@@ -60,6 +60,9 @@ github_server: "https://github.com"
 # Personal Access Token
 access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
 
+# Is it runner for organization or not
+runner_org: no
+
 # Account used for Runner registration (GitHub Repository user with admin rights or Organization owner)
 # github_account: "youruser"
 
@@ -85,6 +88,21 @@ Runner service will run under the same user as the Ansible is using for ssh conn
     - role: monolithprojects.github_actions_runner
 ```
 
+Same example, but runner will be added to an organization
+
+```yaml
+---
+- name: GitHub Actions Runner
+  hosts: all
+  user: ansible
+  become: yes
+  vars:
+    - github_account: my_awesome_org
+    - runner_org: true
+  roles:
+    - role: monolithprojects.github_actions_runner
+```
+
 In this example the Ansible role will deploy (or redeploy) the GitHub Actions runner service (version 2.165.2) and register the runner for the GitHub repo. Runner service will run under the user `runner-user`.
 
 ```yaml
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -23,6 +23,9 @@ github_server: "https://github.com"
 # Personal Access Token for your GitHub account
 access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
 
+# Is it runner for organization or not
+runner_org: no
+
 # GitHub Repository user or Organization owner used for Runner registration
 # github_account: "youruser"
 
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,2 +1,6 @@
 ---
 # handlers file for ansible-github_actions_runner
+- name: Restart runner service
+  service:
+   name: "{{ runner_service }}"
+   state: restarted
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -25,16 +25,6 @@ platforms:
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
     privileged: yes
-    pre_build_image: yes  
-  - name: Fedora31
-    image: monolithprojects/systemd-fedora31:latest
-    command: /sbin/init
-    tmpfs:
-      - /run
-      - /tmp
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    privileged: yes
     pre_build_image: yes
   - name: Fedora32
     image: monolithprojects/systemd-fedora32:latest
@@ -132,5 +122,6 @@ scenario:
     - create
     - prepare
     - converge
+    - idempotence
     - cleanup
     - destroy
diff --git a/molecule/organization/converge.yml b/molecule/organization/converge.yml
@@ -0,0 +1,13 @@
+---
+- name: Converge
+  user: ansible
+  hosts: all
+  become: yes
+  vars:
+    - runner_user: ansible
+    - github_repo: ansible-github_actions_runner-testrepo
+    - github_account: monolithprojects-testorg
+    - runner_org: yes
+  roles:
+    - robertdebock.epel
+    - ansible-github_actions_runner
diff --git a/molecule/organization/molecule.yml b/molecule/organization/molecule.yml
@@ -0,0 +1,127 @@
+---
+driver:
+  name: docker
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
+platforms:
+  - name: CentOS7
+    image: monolithprojects/systemd-centos7:latest
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: yes
+    pre_build_image: yes
+  - name: CentOS8
+    image: monolithprojects/systemd-centos8:latest
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: yes
+    pre_build_image: yes
+  - name: Fedora32
+    image: monolithprojects/systemd-fedora32:latest
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: yes
+    pre_build_image: yes
+  - name: Ubuntu16
+    image: monolithprojects/systemd-ubuntu16:latest
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: yes
+    pre_build_image: yes
+  - name: Ubuntu18
+    image: monolithprojects/systemd-ubuntu18:latest
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: yes
+    pre_build_image: yes
+  - name: Ubuntu20
+    image: monolithprojects/systemd-ubuntu20:latest
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: yes
+    pre_build_image: yes
+  - name: Debian9
+    image: monolithprojects/systemd-debian9:latest
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: yes
+    pre_build_image: yes
+  - name: Debian10
+    image: monolithprojects/systemd-debian10:latest
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: yes
+    pre_build_image: yes
+provisioner:
+  name: ansible
+  playbooks:
+    converge: converge.yml
+    cleanup: cleanup.yml 
+  log: false
+  inventory:
+    host_vars:
+      CentOS8:
+        ansible_python_interpreter: /usr/bin/python3      
+      Debian9:
+        ansible_python_interpreter: /usr/bin/python3
+      Debian10:
+        ansible_python_interpreter: /usr/bin/python3
+      Ubuntu18:
+        ansible_python_interpreter: /usr/bin/python3
+      Ubuntu20:
+        ansible_python_interpreter: /usr/bin/python3
+verifier:
+  name: ansible
+dependency:
+  name: galaxy
+  options:
+    ignore-certs: True
+    ignore-errors: True
+scenario:
+  name: organization
+  test_sequence:
+    - dependency
+    - lint
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - cleanup
+    - destroy
diff --git a/molecule/organization/requirements.yml b/molecule/organization/requirements.yml
@@ -0,0 +1,5 @@
+---
+- role: robertdebock.epel
+  version: master
+# - role: monolithprojects.user_management
+#   version: master
diff --git a/molecule/organization/verify.yml b/molecule/organization/verify.yml
@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Example assertion
+    assert:
+      that: true
diff --git a/tasks/collect_info_org.yml b/tasks/collect_info_org.yml
@@ -0,0 +1,43 @@
+---
+- name: Get registration token (RUN ONCE)
+  uri:
+    url: "https://api.github.com/orgs/{{ github_account }}/actions/runners/registration-token"
+    headers:
+      Authorization: "token {{ access_token }}"
+      Accept: "application/vnd.github.v3+json"
+    method: POST
+    status_code: 201
+    force_basic_auth: yes
+  register: registration
+  run_once: yes
+  tags:
+    - install
+    - uninstall
+
+- name: Check currently registered runners (RUN ONCE)
+  uri:
+    url: "https://api.github.com/orgs/{{ github_account }}/actions/runners"
+    headers:
+      Authorization: "token {{ access_token }}"
+      Accept: "application/vnd.github.v3+json"
+    method: GET
+    status_code: 200
+    force_basic_auth: yes
+  register: registered_runners
+  run_once: yes
+  tags:
+    - install
+    - uninstall
+
+- name: Check service facts
+  service_facts:
+  tags:
+    - install
+    - uninstall
+
+- name: Build service name
+  set_fact:
+    runner_service: "actions.runner.{{ github_account[:45] }}.{{ ansible_hostname }}.service"
+  tags:
+    - install
+    - uninstall
diff --git a/tasks/collect_info_repo.yml b/tasks/collect_info_repo.yml
diff --git a/tasks/install_runner.yml b/tasks/install_runner.yml
@@ -72,30 +72,56 @@
     owner: "{{ runner_user }}"
     mode: 0755
   when: runner_version not in runner_installed.stdout
+  notify:
+    - Restart runner service
   tags:
     - install
 
-- name: Register runner (if new installation)
+- name: Register runner (if new installation) for repo
   command: "{{ runner_dir }}/./config.sh --url {{ github_server }}/{{ github_owner | default(github_account) }}/{{ github_repo }} \
             --token {{ registration.json.token }} --unattended"
   args:
     chdir: "{{ runner_dir }}"
   become: yes
   become_user: "{{ runner_user }}"
   no_log: "{{ hide_sensitive_logs | bool }}"
-  when: ansible_hostname not in registered_runners.json.runners|map(attribute='name')|list
+  when: ansible_hostname not in registered_runners.json.runners|map(attribute='name')|list and not runner_org
   tags:
     - install
 
-- name: Replace registered runner
+- name: Register runner (if new installation) for organization
+  command: "{{ runner_dir }}/./config.sh --url {{ github_server }}/{{ github_owner | default(github_account) }} \
+            --token {{ registration.json.token }} --unattended"
+  args:
+    chdir: "{{ runner_dir }}"
+  become: yes
+  become_user: "{{ runner_user }}"
+  no_log: "{{ hide_sensitive_logs | bool }}"
+  when: ansible_hostname not in registered_runners.json.runners|map(attribute='name')|list and runner_org
+  tags:
+    - install
+
+- name: Replace registered runner for repo
   command: "{{ runner_dir }}/config.sh --url {{ github_server }}/{{ github_owner | default(github_account) }}/{{ github_repo }} \
             --token {{ registration.json.token }} --unattended --replace"
   args:
     chdir: "{{ runner_dir }}"
   become: yes
   become_user: "{{ runner_user }}"
   no_log: "{{ hide_sensitive_logs | bool }}"
-  when: replace_runner and ansible_hostname in registered_runners.json.runners|map(attribute='name')|list
+  when: replace_runner and ansible_hostname in registered_runners.json.runners|map(attribute='name')|list and not runner_org
+  tags:
+    - install
+
+- name: Replace registered runner for organization
+  command: "{{ runner_dir }}/config.sh --url {{ github_server }}/{{ github_owner | default(github_account) }} \
+            --token {{ registration.json.token }} --unattended --replace"
+  args:
+    chdir: "{{ runner_dir }}"
+  become: yes
+  become_user: "{{ runner_user }}"
+  no_log: "{{ hide_sensitive_logs | bool }}"
+  when: replace_runner and ansible_hostname in registered_runners.json.runners|map(attribute='name')|list and runner_org
   tags:
     - install
 
diff --git a/tasks/main.yml b/tasks/main.yml
