Convert project to deploy org runners (#18)

ministryofjustice · Jan 16, 2025 · 56ddb59 · 56ddb59
1 parent 115db12
commit 56ddb59
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 42 deletions.
diff --git a/.github/actions/cloud-platform-deploy/action.yml b/.github/actions/cloud-platform-deploy/action.yml
@@ -26,11 +26,14 @@ inputs:
   gh_auth_token:
     description: Auth token for Github
     required: true
-  github_repository:
-    description: The repository in which the runners are deployed
+  github_org:
+    description: The github org in which the runners are deployed
     required: true
-  runner_labels:
+  runner_label:
     description: The labels for the runners
+    required: true
+  runner_group:
+    description: The runner group for the runners
     required: true  
 
 runs:
@@ -72,6 +75,7 @@ runs:
           --values 'helm_deploy/${{ steps.env.outputs.values-file }}' \
           --wait \
           --set generic-service.env.GH_AUTH_TOKEN="${{ inputs.gh_auth_token }}" \
-          --set generic-service.env.RUNNER_LABELS="${{ inputs.runner_labels }}" \
-          --set generic-service.env.GITHUB_REPOSITORY="${{ inputs.github_repository }}" 
+          --set generic-service.env.RUNNER_LABEL="${{ inputs.runner_label }}" \
+          --set generic-service.env.RUNNER_GROUP="${{ inputs.runner_group }}" \
+          --set generic-service.env.GH_ORG="${{ inputs.github_org }}" 
           
diff --git a/.github/actions/runner-cleanup/action.yml b/.github/actions/runner-cleanup/action.yml
@@ -6,8 +6,11 @@ inputs:
   qty_runners:
     description: 'Number of expected runners'
     default: '1'
-  github_repository:
-    description: 'The repository in which the runners are deployed'
+  github_org:
+    description: 'The github org in which the runners are deployed'
+  runner_label:
+    description: The labels for the runners
+    required: true
 
 runs:
   using: "composite"
@@ -21,37 +24,69 @@ runs:
     shell: python {0} 
     id: cleanup-runners
     run: |
-      from github import Auth
-      from github import Github
-      from github import GithubException
+      import requests
       import os
       from time import sleep
       # Attempts to remove any offline runners - giving time for old ones to expire
       def main():
-        expected_number_of_runners=os.getenv('qty_runners',1)
-        github_repository=os.getenv('github_repository')
-        auth = Auth.Token(os.getenv('gh_auth_token'))
-        print(f'Repo name is: {github_repository}')
-        g = Github(auth=auth)
-        repo = g.get_repo(github_repository)
-        offline_deleted=False
-        qty_runners=retry_count=0
-        while qty_runners!=expected_number_of_runners and retry_count < 10:
+        github_org = os.getenv('github_org')
+        auth_token = os.getenv('gh_auth_token')
+        runner_label = os.getenv('runner_label')
+        retry_count=0
+        headers = {
+          "Authorization": f"Bearer {auth_token}",
+          "Accept": "application/vnd.github+json"
+        }
+        while retry_count < 10:
+          print(f'Attempt {retry_count+1}/10 ...')
           try:
-            runners = repo.get_self_hosted_runners() 
-            qty_runners=runners.totalCount
-            print(f'Attempt to clean up offline runners: {retry_count} - found {qty_runners} runners')
-            for each_runner in runners:
-              print(f'Checking runner {each_runner.name} with status {each_runner.status}')
-              if each_runner.status == 'offline':
-                success=repo.remove_self_hosted_runner(each_runner.id)
-          except:
-            print(f'Failed because {GithubException.message}')
+            # Calling unsupported PyGithub API endpoint
+            url = f"https://api.github.com/orgs/{github_org}/actions/runners"
+            response = requests.get(url, headers=headers)
+            if response.status_code == 200:
+              print("Successfully called GET /orgs/{github_org}/actions/runners runners endpoint")
+              data = response.json()
+
+              # Filter runners with the runner_label
+              filtered_runners = [
+                  runner for runner in data['runners']
+                  if any(label['name'] == runner_label for label in runner['labels'])
+              ]
+
+              offline_runners = [
+                  runner for runner in filtered_runners
+                  if runner['status'] == 'offline'
+              ]
+
+              qty_runners=len(offline_runners)
+              print(f'Found {qty_runners} offline runners with label "{runner_label}".')
+
+              for runner in offline_runners:
+                print(f'Trying to delete runner {runner['name']}...')
+                # Calling unsupported PyGithub API endpoint
+                url = f"https://api.github.com/orgs/{github_org}/actions/runners/{runner['id']}"
+                response = requests.delete(url, headers=headers)
+                print(response.status_code)
+                if response.status_code == 204:
+                  print(f"Successfully deleted offline runner {runner['name']}.")
+                else:
+                  print(f"Failed to delete offline runner {runner['name']}.")
+            else:
+                print(f"Failed to call GET /orgs/{github_org}/actions/runners endpoint: {response.status_code} - {response.text}")
+          
+          except Exception as e:
+            print(f'Failed because {e}')
+          
           retry_count+=1
-          sleep(10)
+          sleep_time=20
+          print(f'Sleeping for {sleep_time} seconds... and then checking again.')
+          sleep(sleep_time)
+
       if __name__ == '__main__':
         main()
     
     env:
-      github_repository: ${{ inputs.github_repository }}
+      github_org: ${{ inputs.github_org }}
       gh_auth_token: ${{ inputs.gh_auth_token }}
+      runner_label: ${{ inputs.runner_label }}
+      PYTHONUNBUFFERED: "1"
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -58,12 +58,14 @@ jobs:
           namespace: ${{ secrets.KUBE_NAMESPACE }}
           token: ${{ secrets.KUBE_TOKEN }}   
           gh_auth_token: ${{ steps.generate-github-app-tokens.outputs.access-token }}
-          github_repository: ${{ vars.GH_REPOSITORY }}
-          runner_labels: ${{ vars.RUNNER_LABELS }}
+          github_org: ${{ github.repository_owner }}
+          runner_label: ${{ vars.RUNNER_LABEL }}
+          runner_group: ${{ vars.RUNNER_GROUP }}
 
       - name: Remove offline runners
         uses: ./.github/actions/runner-cleanup
         with:
           gh_auth_token: ${{ steps.generate-github-app-tokens.outputs.access-token }}
-          github_repository: ${{ vars.GH_REPOSITORY }}
+          github_org: ${{ github.repository_owner }}
+          runner_label: ${{ vars.RUNNER_LABEL }}
 
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # hmpps-github-actions-runner
-This deploys a self-hosted Github Runner to a single repository named in the repository variables.
+This deploys a self-hosted Github Runner to the github organisation.
 
 Documentation about it is [here](https://tech-docs.hmpps.service.justice.gov.uk/sreinternaldocs) 
 
@@ -22,5 +22,5 @@ It's deployed to Cloud Platforms, using Helm.
 ### Repo environment variables
 
 - GH_APP_ID - the corresponding AppId for the Github App
-- GH_REPOSITORY - the repo to which the runner should be registered
-- RUNNER_LABELS - the label by which the runner is invoked
+- RUNNER_LABEL - the label by which the runner is invoked
+- RUNNER_GROUP - the runner group to assign the new runners to.
diff --git a/src/usr/local/bin/entrypoint.sh b/src/usr/local/bin/entrypoint.sh
@@ -6,19 +6,21 @@ ACTIONS_RUNNER_DIRECTORY="/actions-runner"
 EPHEMERAL="${EPHEMERAL:-"false"}"
 
 echo "Runner parameters:"
-echo "  Repository: ${GITHUB_REPOSITORY}"
+echo "  GitHub org: ${GH_ORG}"
 echo "  Runner Name: $(hostname)"
-echo "  Runner Labels: ${RUNNER_LABELS}"
+echo "  Runner Labels: ${RUNNER_LABEL}"
+echo "  Runner group: ${RUNNER_GROUP}"
 
 echo "Obtaining registration token"
 getRegistrationToken=$(
   curl \
     --silent \
     --location \
     --request "POST" \
+    --header "Accept: application/vnd.github+json" \
     --header "X-GitHub-Api-Version: 2022-11-28" \
     --header "Authorization: Bearer ${GH_AUTH_TOKEN}" \
-    https://api.github.com/repos/"${GITHUB_REPOSITORY}"/actions/runners/registration-token | jq -r '.token'
+    "https://api.github.com/orgs/${GH_ORG}/actions/runners/registration-token" | jq -r '.token'
 )
 export getRegistrationToken
 
@@ -39,16 +41,17 @@ else
 fi
 
 echo "Checking the runner"
-bash "${ACTIONS_RUNNER_DIRECTORY}/config.sh" --check --url "https://github.com/${GITHUB_REPOSITORY}" --pat ${GH_AUTH_TOKEN}
+bash "${ACTIONS_RUNNER_DIRECTORY}/config.sh" --check --url "https://github.com/${GH_ORG}" --pat ${GH_AUTH_TOKEN}
 
 echo "Configuring runner"
 bash "${ACTIONS_RUNNER_DIRECTORY}/config.sh" ${EPHEMERAL_FLAG} \
   --unattended \
   --disableupdate \
-  --url "https://github.com/${GITHUB_REPOSITORY}" \
+  --url "https://github.com/${GH_ORG}" \
   --token "${REPO_TOKEN}" \
   --name "$(hostname)" \
-  --labels "${RUNNER_LABELS}"
+  --labels "${RUNNER_LABEL}" \
+  --runnergroup "${RUNNER_GROUP}"
 
 echo "Setting the 'ready' flag for Kubernetes liveness probe"
 touch /tmp/runner.ready