This module shows how to create GitHub action runners using a prebuilt AMI for the runners.
- Configured to run with org level runners.
- GitHub runner binary syncer is not deployed.
Steps for the full setup, such as creating a GitHub app can be found in the root module's README.
Name | Description | Type | Default | Required |
---|---|---|---|---|
ami_filter | The amis to search. Use the default for the provided amazon linux image, github-runner-windows-core-2019-* for the provided Windows image |
string |
github-runner-al2023-x86_64-2023* |
no |
github_app_key_base64 | The base64 encoded private key you downloaded from GitHub when creating the app | string |
yes | |
github_app_id | The id of the app you created on GitHub | string |
yes | |
region | The target aws region | string |
eu-west-1 |
no |
runner_os | The os of the image, either linux or windows |
string |
linux |
no |
You can either download the released lambda code or build them locally yourself.
First download the Lambda releases from GitHub. Ensure you have set the version in lambdas-download/main.tf
for running the example. The version needs to be set to a GitHub release version, see https://github.com/philips-labs/terraform-aws-github-runner/releases
cd lambdas-download
terraform init
terraform apply
cd ..
Alternatively you can build the lambdas locally with Node or Docker, there is a simple build script in <root>/.ci/build.sh
. In the main.tf
you need to specify the build location for all of the zip files.
webhook_lambda_zip = "../../lambda_output/webhook.zip"
runner_binaries_syncer_lambda_zip = "../../lambda_output/runner-binaries-syncer.zip"
runners_lambda_zip = "../../lambda_output/runners.zip"
Before running Terraform, ensure the GitHub app is configured. See the configuration details for more details.
You will need to build your image. This example deployment uses the image example in /images/linux-amz2
. You must build this image with packer in your AWS account first. Once you have built this you need to provider your owner ID as a variable
To use your image in the terraform modules you will need to set some values on the module.
Assuming you have built the linux-al2023
image which has a pre-defined AMI name in the following format github-runner-al2023-x86_64-YYYYMMDDhhmm
you can use the following values.
module "runners" {
...
# set the name of the ami to use
ami_filter = { name = ["github-runner-al2023-x86_64-2023*"], state = ["available"] }
# provide the owner id of
ami_owners = ["<your owner id>"]
enable_userdata = false
...
}
If your owner is the same as the account you are logging into then you can use aws_caller_identity
to retrieve it dynamically.
data "aws_caller_identity" "current" {}
module "runners" {
...
ami_owners = [data.aws_caller_identity.current.account_id]
...
}
You can then deploy the terraform
terraform init
terraform apply
The module will try to update the GitHub App webhook and secret (only linux/mac). You can receive the webhook details by running:
terraform output webhook_secret
Name | Version |
---|---|
terraform | >= 1.3.0 |
aws | ~> 5.2 |
local | ~> 2.0 |
random | ~> 3.0 |
Name | Version |
---|---|
aws | 5.2.0 |
random | 3.5.1 |
Name | Source | Version |
---|---|---|
base | ../base | n/a |
runners | ../../ | n/a |
webhook_github_app | ../../modules/webhook-github-app | n/a |
Name | Type |
---|---|
random_id.random | resource |
aws_caller_identity.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
ami_name_filter | AMI name filter for the action runner AMI. By default amazon linux 2 is used. | string |
"github-runner-al2023-x86_64-*" |
no |
github_app | GitHub for API usages. | object({ |
n/a | yes |
runner_os | The EC2 Operating System type to use for action runner instances (linux,windows). | string |
"linux" |
no |
Name | Description |
---|---|
webhook_endpoint | n/a |
webhook_secret | n/a |