-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Marius Boden
committed
Dec 4, 2023
1 parent
2e48d4d
commit 8c6c23f
Showing
20 changed files
with
1,026 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
// For format details, see https://aka.ms/devcontainer.json. For config options, see the | ||
// README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu | ||
{ | ||
"name": "Ubuntu", | ||
// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile | ||
"image": "mcr.microsoft.com/devcontainers/base:jammy", | ||
"features": { | ||
"ghcr.io/devcontainers/features/terraform:1": {}, | ||
"ghcr.io/devcontainers-contrib/features/terraform-docs:1": {}, | ||
"ghcr.io/devcontainers/features/azure-cli:1": {}, | ||
"ghcr.io/devcontainers/features/docker-in-docker:2": {}, | ||
"ghcr.io/devcontainers-contrib/features/kind:1": {}, | ||
"ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {}, | ||
"ghcr.io/dhoeric/features/stern:1": {} | ||
}, | ||
"customizations": { | ||
"vscode": { | ||
"extensions": [ | ||
"github.vscode-github-actions", | ||
"redhat.vscode-yaml" | ||
] | ||
} | ||
} | ||
// Features to add to the dev container. More info: https://containers.dev/features. | ||
// "features": {}, | ||
// Use 'forwardPorts' to make a list of ports inside the container available locally. | ||
// "forwardPorts": [], | ||
// Use 'postCreateCommand' to run commands after the container is created. | ||
// "postCreateCommand": "uname -a", | ||
// Configure tool-specific properties. | ||
// "customizations": {}, | ||
// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. | ||
// "remoteUser": "root" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# To get started with Dependabot version updates, you'll need to specify which | ||
# package ecosystems to update and where the package manifests are located. | ||
# Please see the documentation for all configuration options: | ||
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates | ||
|
||
version: 2 | ||
updates: | ||
- package-ecosystem: "github-actions" | ||
directory: "/" | ||
schedule: | ||
# Check for updates to GitHub Actions every week | ||
interval: "weekly" | ||
reviewers: | ||
- infinite-automations/admins | ||
- package-ecosystem: "terraform" | ||
directory: "/" | ||
schedule: | ||
# Check for updates to terraform every week | ||
interval: "weekly" | ||
reviewers: | ||
- infinite-automations/admins | ||
- package-ecosystem: "terraform" | ||
directory: "examples/full" | ||
schedule: | ||
# Check for updates to terraform every week | ||
interval: "weekly" | ||
reviewers: | ||
- infinite-automations/admins |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,159 @@ | ||
name: Test & Release | ||
|
||
on: | ||
push: | ||
branches: ["main"] | ||
pull_request: | ||
branches: ["main"] | ||
|
||
permissions: | ||
actions: read | ||
contents: write | ||
statuses: read | ||
|
||
env: | ||
TF_VAR_github_app_id: ${{ secrets.GH_APP_ID }} | ||
TF_VAR_github_app_install_id: ${{ secrets.GH_APP_INSTALL_ID }} | ||
TF_VAR_github_app_private_key: ${{ secrets.GH_APP_KEY }} | ||
TF_VAR_labels: '["test", "${{ github.run_id }}"]' | ||
|
||
jobs: | ||
lint: | ||
name: Lint | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
directory: | ||
- "." | ||
- "examples/full" | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Lint Example | ||
uses: "infinite-automations/tflint-all-in-one@v1.0.0" | ||
with: | ||
directory: ${{ matrix.directory }} | ||
|
||
update-docs: | ||
name: Update Docs | ||
needs: | ||
- lint | ||
runs-on: ubuntu-latest | ||
concurrency: | ||
group: ${{ github.ref }}-docs | ||
cancel-in-progress: false | ||
outputs: | ||
changed: ${{ steps.terraform-docs.outputs.num_changed > 0 }} | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
if: ${{ github.event_name == 'push' }} | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
if: ${{ github.event_name == 'pull_request' }} | ||
with: | ||
ref: ${{ github.event.pull_request.head.ref }} | ||
- name: Render terraform docs inside the README.md | ||
id: terraform-docs | ||
uses: terraform-docs/gh-actions@v1.0.0 | ||
with: | ||
working-dir: .,examples/full | ||
output-file: README.md | ||
output-method: inject | ||
git-push: ${{ github.event_name == 'pull_request' }} | ||
git-commit-message: "docs(terraform): update README.md" | ||
- name: Cache Docs | ||
if: ${{ github.event_name == 'push' }} | ||
uses: actions/cache@v3 | ||
with: | ||
path: | | ||
README.md | ||
examples/full/README.md | ||
key: ${{ runner.os }}-docs-${{ github.sha }} | ||
|
||
setup-runner: | ||
name: Setup Runner | ||
needs: | ||
- lint | ||
- update-docs | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Create k8s Kind Cluster | ||
uses: helm/kind-action@v1.8.0 | ||
with: | ||
wait: "120s" | ||
- name: Create Runners | ||
uses: infinite-automations/terraform-all-in-one@v1.2.0 | ||
id: apply-example | ||
with: | ||
directory: "examples/full" | ||
apply: true | ||
destroy: false | ||
- name: Wait For Test | ||
uses: yogeshlonkar/wait-for-jobs@v0 | ||
with: | ||
gh-token: ${{ secrets.GITHUB_TOKEN }} | ||
jobs: "Test" | ||
prefix: true | ||
ttl: "10" | ||
- name: Destroy Runners | ||
uses: infinite-automations/terraform-all-in-one@v1.2.0 | ||
with: | ||
directory: "examples/full" | ||
apply: false | ||
destroy: true | ||
|
||
test-runner: | ||
name: Test | ||
needs: | ||
- lint | ||
- update-docs | ||
runs-on: | ||
- self-hosted | ||
- test | ||
- ${{ github.run_id }} | ||
strategy: | ||
matrix: | ||
image: | ||
- alpine:latest | ||
- ubuntu:latest | ||
- debian:latest | ||
container: | ||
image: ${{ matrix.image }} | ||
steps: | ||
- name: Print Environment Information | ||
run: | | ||
echo "Operating System: $OSTYPE" | ||
echo "Hostname: $(hostname)" | ||
echo "CPU Architecture: $(uname -m)" | ||
echo "Kernel Version: $(uname -r)" | ||
echo | ||
cat /etc/os-release | ||
release: | ||
name: Release | ||
needs: | ||
- update-docs | ||
- test-runner | ||
concurrency: | ||
group: ${{ github.ref }}-release | ||
cancel-in-progress: false | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Restore Cached Docs | ||
if: ${{ github.event_name == 'push' }} | ||
uses: actions/cache@v3 | ||
with: | ||
path: README.md | ||
key: ${{ runner.os }}-docs-${{ github.sha }} | ||
- name: Semantic Release | ||
uses: cycjimmy/semantic-release-action@v4 | ||
with: | ||
dry_run: ${{ github.event_name == 'pull_request' }} | ||
ci: true | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
# local dev | ||
/dev | ||
|
||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
# .terraform-docs.yml | ||
formatter: "markdown table" | ||
|
||
sections: | ||
show: | ||
- header | ||
- requirements | ||
- providers | ||
- resources | ||
- inputs | ||
- outputs | ||
- footer | ||
|
||
content: |- | ||
{{ .Header }} | ||
## Module Usage | ||
```hcl | ||
{{ include "examples/full/main.tf" }} | ||
``` | ||
{{ .Requirements }} | ||
{{ .Providers }} | ||
{{ .Resources }} | ||
{{ .Inputs }} | ||
{{ .Outputs }} | ||
{{ .Footer }} | ||
sort: | ||
enabled: true | ||
by: required | ||
|
||
settings: | ||
anchor: true | ||
default: true | ||
required: true | ||
type: true | ||
hide-empty: true | ||
indent: 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,80 @@ | ||
# terraform-helm-github-actions-runner-controller | ||
Setup the GitHub Actions Runner Controller (ARC) in an existing kubernetes cluster | ||
|
||
<!-- BEGIN_TF_DOCS --> | ||
|
||
|
||
## Module Usage | ||
|
||
```hcl | ||
# setup actions-runner-controller | ||
module "actions-runner-controller" { | ||
source = "../.." | ||
namespace = "github-actions-runner-controller" | ||
create_namespace = true | ||
allow_granting_container_mode_permissions = false | ||
github_app_id = var.github_app_id | ||
github_app_install_id = var.github_app_install_id | ||
github_app_private_key = var.github_app_private_key | ||
kubernetes_secret_name = "github-auth-secret" | ||
helm_deployment_name = "actions-runner-controller" | ||
helm_chart_version = "0.23.5" | ||
replicas = 1 | ||
atomic = true | ||
timeout = 600 | ||
depends_on = [ | ||
helm_release.cert_manager | ||
] | ||
} | ||
``` | ||
|
||
## Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 | | ||
| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0 | | ||
| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.23.0 | | ||
|
||
## Providers | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="provider_helm"></a> [helm](#provider\_helm) | >= 2.11.0 | | ||
| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | >= 2.23.0 | | ||
|
||
## Resources | ||
|
||
| Name | Type | | ||
|------|------| | ||
| [helm_release.this](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | ||
| [kubernetes_namespace.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | ||
| [kubernetes_secret.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret) | resource | | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_github_app_id"></a> [github\_app\_id](#input\_github\_app\_id) | GitHub App ID | `string` | n/a | yes | | ||
| <a name="input_github_app_install_id"></a> [github\_app\_install\_id](#input\_github\_app\_install\_id) | GitHub App Install ID | `string` | n/a | yes | | ||
| <a name="input_github_app_private_key"></a> [github\_app\_private\_key](#input\_github\_app\_private\_key) | GitHub App Private Key | `string` | n/a | yes | | ||
| <a name="input_allow_granting_container_mode_permissions"></a> [allow\_granting\_container\_mode\_permissions](#input\_allow\_granting\_container\_mode\_permissions) | If true, the runner controller will be allowed to grant container mode permissions | `bool` | `false` | no | | ||
| <a name="input_atomic"></a> [atomic](#input\_atomic) | If true, installation process purges chart on fail. If false, installation process deletes resources created by chart, but not purge them | `bool` | `true` | no | | ||
| <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | If true, the namespace will be created | `bool` | `true` | no | | ||
| <a name="input_helm_chart_version"></a> [helm\_chart\_version](#input\_helm\_chart\_version) | The version of the helm chart to deploy | `string` | `"0.23.5"` | no | | ||
| <a name="input_helm_deployment_name"></a> [helm\_deployment\_name](#input\_helm\_deployment\_name) | The name of the helm deployment | `string` | `"actions-runner-controller"` | no | | ||
| <a name="input_kubernetes_secret_name"></a> [kubernetes\_secret\_name](#input\_kubernetes\_secret\_name) | The name of the secret to create | `string` | `"github-auth-secret"` | no | | ||
| <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to deploy the runner controller into | `string` | `"github-actions-runner-controller"` | no | | ||
| <a name="input_replicas"></a> [replicas](#input\_replicas) | The number of replicas for the runner controller | `number` | `3` | no | | ||
| <a name="input_timeout"></a> [timeout](#input\_timeout) | Time in seconds to wait for helm deployment operation (like Jobs for hooks) | `number` | `600` | no | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| <a name="output_helm_deployment_name"></a> [helm\_deployment\_name](#output\_helm\_deployment\_name) | The name of the helm deployment | | ||
| <a name="output_namespace"></a> [namespace](#output\_namespace) | The namespace runner controller was deployed into | | ||
| <a name="output_secret_name"></a> [secret\_name](#output\_secret\_name) | The name of the secret created | | ||
|
||
|
||
<!-- END_TF_DOCS --> |
Oops, something went wrong.