github-aws-runners · npalm · Jul 1, 2025 · Nov 8, 2024 · Nov 13, 2024 · Jul 1, 2025
@@ -3,7 +3,8 @@
 This module shows how to create GitHub action runners with multiple runner configuration together in one deployment. This example has the configurations for the following runner types with the relevant labels supported by them as matchers:
 
 - Linux ARM64 `["self-hosted", "linux", "arm64", "amazon"]`: Amazon Linux ARM64 non ephemeral runner based on module defaults
-- Linux Ubuntu `["self-hosted", "linux", "x64", "ubuntu-latest"]` or `["self-hosted", "linux", "x64", "ubuntu-2204"]`: Ubuntu runners non ephemeral based on a custom start script.
+- Linux Ubuntu 24.04 `["self-hosted", "linux", "x64", "ubuntu-latest"]` or `["self-hosted", "linux", "x64", "ubuntu-2404"]`: Ubuntu runners non ephemeral based on a custom start script.
+- Linux Ubuntu 22.04 `["self-hosted", "linux", "x64", "ubuntu-2204"]`: Ubuntu runners non ephemeral based on a custom start script.
 - Linux X64 `["self-hosted", "linux", "x64", "amazon"]`: Amazon X64 Linux runners ephemeral with retry enabled.
 - Windows X64 `["self-hosted", "windows", "x64", "servercore-2022"]`: Windows X64 Servercore 2022 runners non ephemeral based on a custom start script.
 

@@ -0,0 +1,54 @@
+matcherConfig:
+  exactMatch: true
+  labelMatchers:
+    - [self-hosted, linux, x64, ubuntu-2204]
+fifo: true
+redrive_build_queue:
+  enabled: false
+  maxReceiveCount: null
+runner_config:
+  runner_os: linux
+  runner_architecture: x64
+  runner_run_as: ubuntu
+  runner_name_prefix: ubuntu-2204-x64_
+  enable_ssm_on_runners: true
+  credit_specification: standard
+  instance_types:
+    - t3a.large
+    - m5ad.large
+    - m5a.large
+  runners_maximum_count: 1
+  delay_webhook_event: 0
+  scale_down_schedule_expression: cron(* * * * ? *)
+  userdata_template: ./templates/user-data.sh
+  ami:
+    owners:
+      - "099720109477" # Canonical's Amazon account ID
+    filter:
+      name:
+        - ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*
+      state:
+        - available
+  block_device_mappings:
+    - device_name: /dev/sda1
+      delete_on_termination: true
+      volume_type: gp3
+      volume_size: 30
+      encrypted: true
+      iops: null
+      throughput: null
+      kms_key_id: null
+      snapshot_id: null
+  runner_log_files:
+    - log_group_name: syslog
+      prefix_log_group: true
+      file_path: /var/log/syslog
+      log_stream_name: "{instance_id}"
+    - log_group_name: user_data
+      prefix_log_group: true
+      file_path: /var/log/user-data.log
+      log_stream_name: "{instance_id}/user_data"
+    - log_group_name: runner
+      prefix_log_group: true
+      file_path: /opt/actions-runner/_diag/Runner_**.log
+      log_stream_name: "{instance_id}/runner"
@@ -2,7 +2,7 @@ matcherConfig:
   exactMatch: true
   labelMatchers:
     - [self-hosted, linux, x64, ubuntu-latest]
-    - [self-hosted, linux, x64, ubuntu-2204]
+    - [self-hosted, linux, x64, ubuntu-2404]
 fifo: true
 redrive_build_queue:
   enabled: false
@@ -11,7 +11,7 @@ runner_config:
   runner_os: linux
   runner_architecture: x64
   runner_run_as: ubuntu
-  runner_name_prefix: ubuntu-2204-x64_
+  runner_name_prefix: ubuntu-2404-x64_
   enable_ssm_on_runners: true
   credit_specification: standard
   instance_types:
@@ -27,7 +27,7 @@ runner_config:
       - "099720109477" # Canonical's Amazon account ID
     filter:
       name:
-        - ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*
+        - ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*
       state:
         - available
   block_device_mappings:

@@ -15,67 +15,72 @@ set -x
 ${pre_install}
 
 # Install AWS CLI
-apt-get update
-DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    awscli \
+apt-get -q update
+DEBIAN_FRONTEND=noninteractive apt-get install -q -y \
     build-essential \
+    ca-certificates \
     curl \
     git \
     iptables \
     jq \
+    systemd-container \
     uidmap \
     unzip \
     wget
 
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" > /etc/apt/sources.list.d/docker.list
+apt-get -q update
+apt-get -q -y install docker-ce docker-ce-cli containerd.io docker-ce-rootless-extras docker-buildx-plugin docker-compose-plugin
+systemctl disable --now docker.socket docker.service
+
+# avoid /tmp, might be mounted no-exec
+curl -fsSL -o "awscliv2.zip" "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"
+unzip -q awscliv2.zip
+aws/install
+rm -rf aws awscliv2.zip
+
 user_name=ubuntu
 user_id=$(id -ru $user_name)
 
 # install and configure cloudwatch logging agent
-wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
-dpkg -i -E ./amazon-cloudwatch-agent.deb
-amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c ssm:${ssm_key_cloudwatch_agent_config}
+curl -fsSL -o "/tmp/amazon-cloudwatch-agent.deb" https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
+dpkg -i -E /tmp/amazon-cloudwatch-agent.deb
+rm -f /tmp/amazon-cloudwatch-agent.deb
+amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c "ssm:${ssm_key_cloudwatch_agent_config}"
 
 # configure systemd for running service in users accounts
-cat >/etc/systemd/[email protected] <<-EOF
-
-[Unit]
-Description=User Manager for UID %i
-After=user-runtime-dir@%i.service
-Wants=user-runtime-dir@%i.service
-
-[Service]
-LimitNOFILE=infinity
-LimitNPROC=infinity
-User=%i
-PAMName=systemd-user
-Type=notify
-
-[Install]
-WantedBy=default.target
-
+mkdir -p /etc/systemd/system/user-$user_id.slice.d
+cat > /etc/systemd/system/user-$user_id.slice.d/resources.conf <<- EOF
+[Slice]
+TasksMax=infinity
 EOF
-
-echo export XDG_RUNTIME_DIR=/run/user/$user_id >>/home/$user_name/.bashrc
+mkdir -p /home/$user_name/.config/systemd/
+cat > /home/$user_name/.config/systemd/user.conf <<- EOF
+[Manager]
+DefaultLimitNOFILE=infinity
+DefaultLimitNPROC=infinity
+EOF
+chown $user_name:$user_name /home/$user_name/.config/systemd/user.conf /home/$user_name/.config/systemd /home/$user_name/.config/
 
 systemctl daemon-reload
-systemctl enable [email protected]
-systemctl start [email protected]
 
-curl -fsSL https://get.docker.com/rootless >>/opt/rootless.sh && chmod 755 /opt/rootless.sh
-su -l $user_name -c /opt/rootless.sh
-echo export DOCKER_HOST=unix:///run/user/$user_id/docker.sock >>/home/$user_name/.bashrc
-echo export PATH=/home/$user_name/bin:$PATH >>/home/$user_name/.bashrc
+echo export XDG_RUNTIME_DIR="/run/user/$user_id" >> "/home/$user_name/.bashrc"
 
 # Run docker service by default
 loginctl enable-linger $user_name
-su -l $user_name -c "systemctl --user enable docker"
+machinectl shell "[email protected]" /usr/bin/dockerd-rootless-setuptool.sh install
+echo export DOCKER_HOST="unix:///run/user/$user_id/docker.sock" >> "/home/$user_name/.bashrc"
+echo export PATH="/home/$user_name/bin:$PATH" >> "/home/$user_name/.bashrc"
 
 ${install_runner}
 
 # config runner for rootless docker
 cd /opt/actions-runner/
-echo DOCKER_HOST=unix:///run/user/$user_id/docker.sock >>.env
-echo PATH=/home/$user_name/bin:$PATH >>.env
+echo DOCKER_HOST="unix:///run/user/$user_id/docker.sock" >> .env
+echo PATH="/home/$user_name/bin:$PATH" >> .env
 
 ${post_install}
 

@@ -42,7 +42,7 @@ tar xzf ./$file_name
 echo "Delete tar file"
 rm -rf $file_name
 
-os_id=$(awk -F= '/^ID/{print $2}' /etc/os-release)
+os_id=$(awk -F= '/^ID=/{print $2}' /etc/os-release)
 echo OS: $os_id
 
 # Install libicu on non-ubuntu