Tweak Actions Runner config

dennisameling · Dec 20, 2022 · 515ad82 · 515ad82
1 parent bd42084
commit 515ad82
Show file tree

Hide file tree

Showing 3 changed files with 154 additions and 9 deletions.
diff --git a/.github/workflows/create-azure-vm-runners.yml b/.github/workflows/create-azure-vm-runners.yml
@@ -6,14 +6,26 @@ on:
       amount_of_runners:
         description: 'Amount of runners to set up'
         required: true
-      post_deployment_script:
-        description: 'Path to the post-deployment script'
+      runner_scope:
+        type: choice
+        required: true
+        description: Scope of the runner. On personal accounts, only "repo-level" works
+        options:
+        - org-level
+        - repo-level
+      runner_org:
+        type: string
+        required: true
+        description: Organization or personal account to deploy the runner to
+      runner_repo:
+        type: string
         required: false
+        description: Repo to deploy the runner to. Only needed if runner_scope is set to "repo-level"
 
 env:
-  # Repository to set up the Runner in.
-  ACTIONS_RUNNER_ORG: dennisameling
-  ACTIONS_RUNNER_REPO: azure-arm64-gh-actions-runner
+  ACTIONS_RUNNER_ORG: "${{ github.event.inputs.runner_org }}"
+  ACTIONS_RUNNER_REPO: "${{ github.event.inputs.runner_repo }}"
+  POST_DEPLOYMENT_SCRIPT_URL: https://raw.githubusercontent.com/dennisameling/azure-arm64-gh-actions-runner/main/post-deployment-script.ps1
 
 # The following secrets are required for this workflow to run:
 # GH_API_PAT - PAT to create a runner registration token using GitHub's API
@@ -57,7 +69,7 @@ jobs:
 
     # We can't use the octokit/request-action as we can't properly mask the runner token with it
     # https://github.com/actions/runner/issues/475
-    - name: Generate Actions Runner token
+    - name: Generate Actions Runner token and registration URL
       run: |
         ACTIONS_RUNNER_TOKEN=$(curl \
           -X POST \
@@ -68,6 +80,18 @@ jobs:
           | jq --raw-output .token)
         echo "::add-mask::$ACTIONS_RUNNER_TOKEN"
         echo ACTIONS_RUNNER_TOKEN=$ACTIONS_RUNNER_TOKEN >> $GITHUB_ENV
+
+        case "${{ inputs.runner-scope }}" in
+          "org-level")
+            echo ACTIONS_RUNNER_REGISTRATION_URL="https://github.com/${{ env.ACTIONS_RUNNER_ORG }}" >> $GITHUB_ENV
+            ;;
+          "repo-level")
+            echo ACTIONS_RUNNER_REGISTRATION_URL="https://github.com/${{ env.ACTIONS_RUNNER_ORG }}/${{ env.ACTIONS_RUNNER_REPO }}" >> $GITHUB_ENV
+            ;;
+          *)
+            die "Unsupported runner scope: ${{ inputs.runner-scope }}"
+            ;;
+        esac
         
     - name: Azure Login
       uses: azure/login@v1
@@ -81,4 +105,4 @@ jobs:
       with:
         resourceGroupName: ${{ secrets.AZURE_RESOURCE_GROUP }}
         template: ./azure-arm-template.json
-        parameters: ./azure-arm-template-example-parameters.json githubActionsRunnerRepo="https://github.com/$ACTIONS_RUNNER_ORG/$ACTIONS_RUNNER_REPO" githubActionsRunnerToken="${{ env.ACTIONS_RUNNER_TOKEN }}" postDeploymentPsScriptUrl="https://raw.githubusercontent.com/dennisameling/azure-arm64-templates/main/post-deployment-script.ps1" virtualMachineName=${{ steps.generate-vm-name.outputs.vm_name }} virtualMachineSize=Standard_D8pls_v5 publicIpAddressName1=${{ steps.generate-vm-name.outputs.vm_name }}-ip adminUsername=${{ secrets.AZURE_VM_USERNAME }} adminPassword=${{ secrets.AZURE_VM_PASSWORD }}
+        parameters: ./azure-arm-template-example-parameters.json githubActionsRunnerRegistrationUrl="${{ env.ACTIONS_RUNNER_REGISTRATION_URL }}" githubActionsRunnerToken="${{ env.ACTIONS_RUNNER_TOKEN }}" postDeploymentPsScriptUrl="${{ env.POST_DEPLOYMENT_SCRIPT_URL }}" virtualMachineName=${{ steps.generate-vm-name.outputs.vm_name }} virtualMachineSize=Standard_D8pls_v5 publicIpAddressName1=${{ steps.generate-vm-name.outputs.vm_name }}-ip adminUsername=${{ secrets.AZURE_VM_USERNAME }} adminPassword=${{ secrets.AZURE_VM_PASSWORD }}
diff --git a/azure-arm-template.json b/azure-arm-template.json
@@ -2,7 +2,7 @@
     "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
     "contentVersion": "1.0.0.0",
     "parameters": {
-        "githubActionsRunnerRepo": {
+        "githubActionsRunnerRegistrationUrl": {
             "type": "string",
             "minLength": 6,
             "metadata": {
@@ -258,7 +258,7 @@
                         "value": "[parameters('location')]"
                     },
                     "arguments": {
-                        "value": "[concat('-GitHubActionsRunnerToken ', parameters('githubActionsRunnerToken'), ' -GitHubActionsRunnerRepo ', parameters('githubActionsRunnerRepo'))]"
+                        "value": "[concat('-GitHubActionsRunnerToken ', parameters('githubActionsRunnerToken'), ' -GithubActionsRunnerRegistrationUrl ', parameters('githubActionsRunnerRegistrationUrl'), ' -GithubActionsRunnerName ', parameters('virtualMachineName'))]"
                     }
                 }
             },

diff --git a/post-deployment-script.ps1 b/post-deployment-script.ps1
@@ -0,0 +1,121 @@
+param (
+    # GitHub Actions Runner registration token. Note that these tokens are only valid for one hour after creation, so we always expect the user to provide one.
+    # https://docs.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners
+    [Parameter(Mandatory=$true)]
+    [string]$GitHubActionsRunnerToken,
+
+    # GitHub Actions Runner repository. E.g. "https://github.com/MY_ORG" (org-level) or "https://github.com/MY_ORG/MY_REPO" (repo-level)
+    # https://docs.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners
+    [Parameter(Mandatory=$true)]
+    [string]$GithubActionsRunnerRegistrationUrl,
+
+    # Actions Runner name. Needs to be unique in the org/repo
+    [Parameter(Mandatory=$true)]
+    [string]$GithubActionsRunnerName
+)
+
+Write-Output "Starting post-deployment script."
+
+# =================================
+# TOOL VERSIONS AND OTHER VARIABLES
+# =================================
+
+$GitForWindowsVersion = "2.39.0"
+$GitForWindowsTag = "2.39.0.windows.1"
+$GitForWindowsHash = "2eaba567e17784654be77ba997329742d87845c6f15e33c9620f9a331c69a976"
+# Note that the GitHub Actions Runner auto-updates itself by default, but do try to reference a relatively new version here.
+$GitHubActionsRunnerVersion = "2.300.2"
+$GithubActionsRunnerArch = "arm64"
+$GithubActionsRunnerHash = "9409e50d9ad33d8031355ed079b8f56cf3699f35cf5d0ca51e54deed432758ef"
+$GithubActionsRunnerLabels = "self-hosted,Windows,ARM64"
+# Keep this path short to prevent Long Path issues
+$GitHubActionsRunnerPath = "C:\actions-runner"
+
+# ======================
+# WINDOWS DEVELOPER MODE
+# ======================
+
+# Needed for symlink support
+Write-Output "Enabling Windows Developer Mode..."
+Start-Process -Wait "reg" 'add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" /t REG_DWORD /f /v "AllowDevelopmentWithoutDevLicense" /d "1"'
+Write-Output "Enabled Windows developer mode."
+
+# =============================
+# MICROSOFT DEFENDER EXCLUSIONS
+# =============================
+
+Write-Output "Adding Microsoft Defender Exclusions..."
+Add-MpPreference -ExclusionPath "C:\"
+Write-Output "Finished adding Microsoft Defender Exclusions."
+
+# ======================
+# GIT FOR WINDOWS
+# ======================
+
+Write-Output "Downloading Git for Windows..."
+$GitForWindowsOutputFile = "./git-for-windows-installer.exe"
+$ProgressPreference = 'SilentlyContinue'
+Invoke-WebRequest -UseBasicParsing -Uri "https://github.com/git-for-windows/git/releases/download/v${GitForWindowsTag}/Git-${GitForWindowsVersion}-64-bit.exe" -OutFile $GitForWindowsOutputFile
+$ProgressPreference = 'Continue'
+
+if((Get-FileHash -Path $GitForWindowsOutputFile -Algorithm SHA256).Hash.ToUpper() -ne $GitForWindowsHash.ToUpper()){ throw 'Computed checksum did not match' }
+
+Write-Output "Installing Git for Windows..."
+@"
+[Setup]
+Lang=default
+Dir=C:\Program Files\Git
+Group=Git
+NoIcons=0
+SetupType=default
+Components=gitlfs,windowsterminal
+Tasks=
+EditorOption=VIM
+CustomEditorPath=
+DefaultBranchOption= 
+PathOption=CmdTools
+SSHOption=OpenSSH
+TortoiseOption=false
+CURLOption=WinSSL
+CRLFOption=CRLFAlways
+BashTerminalOption=ConHost
+GitPullBehaviorOption=FFOnly
+UseCredentialManager=Core
+PerformanceTweaksFSCache=Enabled
+EnableSymlinks=Disabled
+EnablePseudoConsoleSupport=Disabled
+EnableFSMonitor=Disabled
+"@ | Out-File -FilePath "./git-installer-config.inf"
+
+Start-Process -Wait $GitForWindowsOutputFile '/VERYSILENT /NORESTART /NOCANCEL /SP- /CLOSEAPPLICATIONS /RESTARTAPPLICATIONS /LOADINF="./git-installer-config.inf"'
+
+Write-Output "Finished installing Git for Windows."
+
+# ======================
+# GITHUB ACTIONS RUNNER
+# ======================
+
+Write-Output "Downloading GitHub Actions runner..."
+
+mkdir $GitHubActionsRunnerPath | Out-Null
+$ProgressPreference = 'SilentlyContinue'
+Invoke-WebRequest -UseBasicParsing -Uri https://github.com/actions/runner/releases/download/v${GitHubActionsRunnerVersion}/actions-runner-win-${GithubActionsRunnerArch}-${GitHubActionsRunnerVersion}.zip -OutFile ${GitHubActionsRunnerPath}\actions-runner-win-${GithubActionsRunnerArch}-${GitHubActionsRunnerVersion}.zip
+$ProgressPreference = 'Continue'
+if((Get-FileHash -Path ${GitHubActionsRunnerPath}\actions-runner-win-${GithubActionsRunnerArch}-${GitHubActionsRunnerVersion}.zip -Algorithm SHA256).Hash.ToUpper() -ne $GithubActionsRunnerHash.ToUpper()){ throw 'Computed checksum did not match' }
+
+Write-Output "Installing GitHub Actions runner ${GitHubActionsRunnerVersion} as a Windows service with labels ${GithubActionsRunnerLabels}..."
+
+Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory("${GitHubActionsRunnerPath}\actions-runner-win-${GithubActionsRunnerArch}-${GitHubActionsRunnerVersion}.zip", $GitHubActionsRunnerPath)
+cmd.exe /c "${GitHubActionsRunnerPath}\config.cmd" --unattended --ephemeral --name ${GithubActionsRunnerName} --runasservice --labels ${GithubActionsRunnerLabels} --url ${GithubActionsRunnerRegistrationUrl} --token ${GitHubActionsRunnerToken}
+
+# Ensure that the service was created. If not, exit with error code.
+$MatchedServices = Get-Service -Name "actions.runner.*"
+if ($MatchedServices.count -eq 0) {
+    Write-Error "GitHub Actions service not found (should start with actions.runner). Check the logs in ${GitHubActionsRunnerPath}\_diag for more details."
+    exit 1
+}
+
+# Immediately stop the service as we want to leave the VM in a deallocated state for later use. The service will automatically be started when Windows starts.
+Stop-Service -Name "actions.runner.*" -Verbose
+
+Write-Output "Finished installing GitHub Actions runner."