Skip to content

Latest commit

 

History

History
50 lines (30 loc) · 2.66 KB

File metadata and controls

50 lines (30 loc) · 2.66 KB

Self-hosted GitHub Action Runners

This service is based on the echo template. Please view the README for details about the dev loop and how it works.

Architecture

We use the GitHub-Runner-Provisioner to serve a webhook to GitHub Actions. GitHub will send any Actions events to the GRP running in Skunkworks, which will parse those events looking for workflows that request special labels in their runs-on property.

Using the GitHub Self-Hosted Runner binaries we then spin up the custom runners in one of our supported runner providers - currently AWS only. Supported runners are configured in runner.go.

AWS

AWS runners are created in EC2 using the AWS SDK. See the aws_runners package for details on the implementation.

Testing

Integration Tests

Note: Before running tests, make sure you run the application with environment variable WEBHOOK_TOKEN=FAKE_TOKEN.

You will also need to set GITHUB_TOKEN to a PAT for the D6E Automaton. These values can all be found in the github-runner-provisioner-secrets.yaml file in Keybase - you will need to base64 decode them before use. If only running dry-runs only AWS and GitHub authentication is required.

To test the application we use targets in the Makefile. The make go-unit-tests target will run the unit tests, and make test-runners will run the integration tests against the dry-run endpoints.

Testing AWS ubuntu-arm64:

GITHUB_TOKEN=<pat> go run main.go --dry-run
make test-runners

Note: You can send requests to the production client using make run-<runner tag> Be careful when sending requests to production using an HTTP client, since the dry-run request parameter defaults to true. This is necessary because we have no way to set GitHub to send this parameter.

Unit Tests

Some unit tests use mocks generated by gomock. If the interface being mocked is updated, you may have to re-generate the mocks by running:

make update-go-mocks

Env Vars

The runner provisioner requires the following variables to be configured:

  • GITHUB_TOKEN - a personal access token with admin access to the repo configuring the runners. We use the D6E-Automaton's token in production.
  • WEBHOOK_TOKEN - the secret used to configure the webhook in GitHub. We use the token stored at /Keybase/team/datawireio/infra/github-runner-provisioner-secrets
  • AWS auth can be configured with AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY or by using the AWS CLI