Merge pull request #2 from MonolithProjects/develop

First fully working release

Author: MonolithProjects

.github/workflows/main.yml

@@ -0,0 +1,36 @@
+name: molecule test
+
+on:
+    push:
+        branches:
+            - master
+            - develop
+    schedule:
+        - cron: '0 6 * * 0'
+
+jobs:
+  lint:
+      runs-on: ubuntu-latest
+      steps:
+        - name: checkout
+          uses: actions/checkout@v2
+        - name: molecule
+          uses: robertdebock/molecule-action@2.0.0
+          with:
+            entrypoint: /usr/local/bin/molecule
+            args: lint
+  test:
+    needs:
+      - lint
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+        with:
+          path: "${{ github.repository }}"
+      - name: molecule
+        uses: robertdebock/molecule-action@2.0.0
+        env:
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}

.gitignore

@@ -1 +1 @@
-molecule/default
+actions-runner-linux-*

README.md

@@ -1,32 +1,24 @@
 GitHub Actions Runner
 =========
 
-<a href="https://galaxy.ansible.com/monolithprojects/system_update"><img src="https://img.shields.io/ansible/quality/47118?style=flat&logo=ansible"/></a> 
-<a href="https://galaxy.ansible.com/monolithprojects/system_update"><img src="https://img.shields.io/ansible/role/d/47118"/></a> 
+<a href="https://galaxy.ansible.com/monolithprojects/ansible-github_actions_runner"><img src="https://img.shields.io/ansible/quality/47118?style=flat&logo=ansible"/></a> 
+<a href="https://galaxy.ansible.com/monolithprojects/ansible-github_actions_runner"><img src="https://img.shields.io/ansible/role/d/47118"/></a> 
+<a href="https://galaxy.ansible.com/monolithprojects/github_actions_runner"><img src="https://img.shields.io/github/v/release/MonolithProjects/github_actions_runner"/></a> 
+<a href="https://github.com/MonolithProjects/ansible-github_actions_runner/actions"><img src="https://github.com/MonolithProjects/ansible-github_actions_runner/workflows/molecule%20test/badge.svg?branch=master"/></a>
 <a href="https://github.com/MonolithProjects/ansible-github_actions_runner/blob/master/LICENSE"><img src="https://img.shields.io/github/license/MonolithProjects/ansible-github_actions_runner"/></a>
 
-This role will deploy local GitHub Actions Runner.
+This role will deploy or redeploy or uninstall and register or unregister local GitHub Actions Runner (version you specified).
 
-**Note:**  
-The role is in early development stage.  
-Role is able to:
-- install and cofigure local runner
-- request reistration token
-- register the runner to GitHub
-
-Currently is missing:
-- idempotency
-- runner unregistration
-- automated testing
 
 Requirements
 ------------
 
-System must have access to the packages repository (Internet, Red Hat Satellite, etc.).
+System must have access to the GitHub.
 
 CentOS/Fedora systems require EPEL repository.
 
-`PERSONAL_ACCESS_TOKEN` variable needs to be exported to your environment.
+`PERSONAL_ACCESS_TOKEN` variable needs to be exported to your environment. The token has to have admin rights for the repo.  
+Personal Access Token for your GitHub account can be created [here](https://github.com/settings/tokens).
 
 Role Variables
 --------------
@@ -35,11 +27,17 @@ This is a copy from `defaults/main.yml`
 
 ```yaml
 # Directory where the local runner will be installed
-runner_dir: "/opt/actions-runner"
+runner_dir: /opt/actions-runner
 
 # Version of the GitHub Actions Runner
 runner_version: "2.165.2"
 
+# If found, replace already registered runner
+replace_runner: yes
+
+# Do not show Ansible logs which may contain sensitive data (registration token)
+hide_sensitive_logs: yes
+
 # Personal Access Token for your GitHub account
 access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
 
@@ -53,24 +51,47 @@ github_server: "https://github.com"
 # github_repo: "yourrepo"
 ```
 
+
 Example Playbook
 ----------------
 
-Simple example.
+In this example the role will deploy (or redeploy) the GitHub Actions runner service (default version ins ) and register the runner for the GitHub repo.
+
+```yaml
+---
+- name: GitHub Actions Runner
+  hosts: all
+  become: yes
+  vars:
+    - runner_version: "2.165.2"
+    - runner_user: runner
+    - github_account: myuser
+    - github_repo: my_awesome_repo
+  roles:
+    - role: monolithprojects.github_actions_runner
+```
 
+Here the GitHub Actions runners will be uninstalled, service stopped and unregistered from the GitHub.
 ```yaml
 ---
-- name: Converge
+- name: GitHub Actions Runner
   hosts: all
   become: yes
+  tags:
+    - uninstall
   vars:
+    - runner_version: "2.165.2"
     - runner_user: runner
-    - github_account: example
-    - github_repo: example
+    - github_account: myuser
+    - github_repo: my_awesome_repo
   roles:
-    - role: monolithprojects/github_actions_runner
+    - role: monolithprojects.github_actions_runner
 ```
 
+ToDo
+----
+Full Debian/Ubuntu support
+
 License
 -------
 

defaults/main.yml

@@ -1,10 +1,16 @@
 ---
 # Directory where the local runner will be installed
-runner_dir: "/opt/actions-runner"
+runner_dir: /opt/actions-runner
 
 # Version of the GitHub Actions Runner
 runner_version: "2.165.2"
 
+# If found, replace already registered runner
+replace_runner: yes
+
+# Do not show Ansible logs which may contain sensitive data (registration token)
+hide_sensitive_logs: yes
+
 # Personal Access Token for your GitHub account
 access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
 

meta/main.yml

@@ -14,14 +14,14 @@
       - name: Fedora
         versions:
           - all
-      - name: Debian
-        versions:
-          - jessie
-          - stretch
-      - name: Ubuntu
-        versions:
-          - xenial
-          - bionic
+      # - name: Debian
+      #   versions:
+      #     - jessie
+      #     - stretch
+      # - name: Ubuntu
+      #   versions:
+      #     - xenial
+      #     - bionic
     galaxy_tags:
       - github
       - actions
@@ -30,4 +30,4 @@
       - runner
       - cicd
   dependencies:
-    - role: robertdebock.epel
+    - robertdebock.epel

molecule/default/Dockerfile.j2

@@ -0,0 +1,31 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi
+
+ENV ANSIBLE_USER=ansible SUDO_GROUP=wheel DEPLOY_GROUP=deployer
+RUN set -xe \
+  && groupadd -r ${ANSIBLE_USER} \
+  && groupadd -r ${DEPLOY_GROUP} \
+  && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \
+  && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \
+  && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \
+  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers

molecule/default/INSTALL.rst

@@ -0,0 +1,22 @@
+*******
+Docker driver installation guide
+*******
+
+Requirements
+============
+
+* Docker Engine
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule[docker]'

molecule/default/actions-runner-linux.tar.gz

@@ -0,0 +1,24 @@
+---
+- name: Converge
+  user: ansible
+  hosts: all
+  become: yes
+  vars:
+    - runner_user: ansible
+    - github_repo: ansible-github_actions_runner-testrepo
+    - github_account: monolithprojects
+  roles:
+    - role: ansible-github_actions_runner
+
+- name: Uninstall
+  user: ansible
+  hosts: all
+  become: yes
+  tags:
+    - uninstall
+  vars:
+    - runner_user: ansible
+    - github_repo: ansible-github_actions_runner-testrepo
+    - github_account: monolithprojects
+  roles:
+    - role: ansible-github_actions_runner

molecule/default/converge.yml

@@ -0,0 +1,75 @@
+---
+driver:
+  name: docker
+lint: |
+  yamllint .
+platforms:
+  - name: CentOS7
+    image: monolithprojects/systemd-centos7:latest
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: no
+    pre_build_image: yes
+  - name: CentOS8
+    image: monolithprojects/systemd-centos8:latest
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: no
+    pre_build_image: yes
+  # - name: Ubuntu16
+  #   image: monolithprojects/systemd-ubuntu16:latest
+  #   command: /sbin/init
+  #   tmpfs:
+  #     - /run
+  #     - /tmp
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  #   privileged: no
+  #   pre_build_image: yes
+  # - name: Ubuntu18
+  #   image: monolithprojects/systemd-ubuntu18:latest
+  #   command: /sbin/init
+  #   tmpfs:
+  #     - /run
+  #     - /tmp
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  #   privileged: no
+  #   pre_build_image: yes
+provisioner:
+  name: ansible
+  log: false
+  # env: 
+  #   PERSONAL_ACCESS_TOKEN: $PERSONAL_ACCESS_TOKEN
+  inventory:
+    host_vars:
+      CentOS8:
+        ansible_python_interpreter: /usr/bin/python3
+verifier:
+  name: ansible
+dependency:
+  name: galaxy
+  options:
+    ignore-certs: True
+    ignore-errors: True
+scenario:
+  name: default
+  test_sequence:
+    - dependency
+    - lint
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    - cleanup
+    - destroy

molecule/default/molecule.yml

@@ -0,0 +1,3 @@
+---
+- role: robertdebock.epel
+  version: master

molecule/default/requirements.yml

@@ -0,0 +1,15 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']
+).get_hosts('all')
+
+
+def test_hosts_file(host):
+    f = host.file('/etc/hosts')
+
+    assert f.exists
+    assert f.user == 'root'
+    assert f.group == 'root'