run a github runner for blr.today
Diff
main.tf | 8 ++++++++
secrets.tf | 4 ++++
modules/gh-runner/main.tf | 23 +++++++++++++++++++++++
modules/gh-runner/providers.tf | 7 +++++++
modules/gh-runner/vars.tf | 21 +++++++++++++++++++++
5 files changed, 63 insertions(+)
@@ -110,3 +110,11 @@
module "gh-runner-blr-today" {
source = "./modules/gh-runner"
name = "blr-today"
runner_version = "2.317.0"
token = "${data.pass_password.github-actions-runner-token-blr-today.password}"
url = "https://github.com/blr-today"
}
@@ -194,3 +194,7 @@
data "pass_password" "mastodon-smtp-password" {
path = "Nebula/MASTODON_SMTP_PASSWORD"
}
data "pass_password" "github-actions-runner-token-blr-today" {
path = "blr.today/GITHUB_ACTIONS_RUNNER_TOKEN"
}
@@ -1,0 +1,23 @@
resource "docker_image" "gh-runner" {
name = data.docker_registry_image.runner.name
pull_triggers = [data.docker_registry_image.runner.sha256_digest]
keep_locally = true
}
data "docker_registry_image" "runner" {
name = "ghcr.io/actions/actions-runner:${var.runner_version}"
}
resource "docker_container" "gh-runner" {
name = "gh-runner-${var.name}"
image = docker_image.gh-runner.latest
command = [
"sh",
"-c",
"./config.sh --name ${var.name} --url ${var.url} --replace --token ${var.token} --unattended && ./run.sh"
]
memory = 2048
restart = "always"
destroy_grace_seconds = 10
must_run = true
}
@@ -1,0 +1,7 @@
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
}
}
}
@@ -1,0 +1,21 @@
variable "name" {
type = string
description = "name of the runner, typically the org or the org-repo"
}
variable "url" {
type = string
description = "either https://github.com/org or github.com/org/repo"
}
variable "runner_version" {
type = string
description = "runner version from https://ghcr.io/actions/actions-runner"
default = "2.317.0"
}
variable "token" {
type = string
description = "GitHub Actions Runner Token"
sensitive = true
}