From d47e9fc306958402d7267ac04a7094246f68b63e Mon Sep 17 00:00:00 2001
From: Nemo <commits@captnemo.in>
Date: Mon, 19 Aug 2024 11:58:42 +0530
Subject: [PATCH] run a github runner for blr.today

---
 main.tf                        |  8 ++++++++
 secrets.tf                     |  4 ++++
 modules/gh-runner/main.tf      | 23 +++++++++++++++++++++++
 modules/gh-runner/providers.tf |  7 +++++++
 modules/gh-runner/vars.tf      | 21 +++++++++++++++++++++
 5 files changed, 63 insertions(+)

diff --git a/main.tf b/main.tf
index 47e18b6..7e3e2e5 100644
--- a/main.tf
+++ a/main.tf
@@ -110,3 +110,11 @@
 #   source = "./tinyproxy"
 #   ips    = "${var.ips}"
 # }
+
+module "gh-runner-blr-today" {
+  source = "./modules/gh-runner"
+  name = "blr-today"
+  runner_version = "2.317.0"
+  token = "${data.pass_password.github-actions-runner-token-blr-today.password}"
+  url = "https://github.com/blr-today"
+}
diff --git a/secrets.tf b/secrets.tf
index 44d2f20..1b5afe4 100644
--- a/secrets.tf
+++ a/secrets.tf
@@ -194,3 +194,7 @@
 data "pass_password" "mastodon-smtp-password" {
   path = "Nebula/MASTODON_SMTP_PASSWORD"
 }
+
+data "pass_password" "github-actions-runner-token-blr-today" {
+  path = "blr.today/GITHUB_ACTIONS_RUNNER_TOKEN"
+}
diff --git a/modules/gh-runner/main.tf b/modules/gh-runner/main.tf
new file mode 100644
index 0000000..b270f36 100644
--- /dev/null
+++ a/modules/gh-runner/main.tf
@@ -1,0 +1,23 @@
+resource "docker_image" "gh-runner" {
+  name          = data.docker_registry_image.runner.name
+  pull_triggers = [data.docker_registry_image.runner.sha256_digest]
+  keep_locally  = true
+}
+
+data "docker_registry_image" "runner" {
+  name = "ghcr.io/actions/actions-runner:${var.runner_version}"
+}
+
+resource "docker_container" "gh-runner" {
+  name  = "gh-runner-${var.name}"
+  image = docker_image.gh-runner.latest
+  command = [
+    "sh",
+    "-c",
+    "./config.sh --name ${var.name} --url ${var.url} --replace --token ${var.token} --unattended && ./run.sh"
+  ]
+  memory                = 2048
+  restart               = "always"
+  destroy_grace_seconds = 10
+  must_run              = true
+}
diff --git a/modules/gh-runner/providers.tf b/modules/gh-runner/providers.tf
new file mode 100644
index 0000000..ed370db 100644
--- /dev/null
+++ a/modules/gh-runner/providers.tf
@@ -1,0 +1,7 @@
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+    }
+  }
+}
diff --git a/modules/gh-runner/vars.tf b/modules/gh-runner/vars.tf
new file mode 100644
index 0000000..53c7123 100644
--- /dev/null
+++ a/modules/gh-runner/vars.tf
@@ -1,0 +1,21 @@
+variable "name" {
+  type = string
+  description = "name of the runner, typically the org or the org-repo"
+}
+
+variable "url" {
+  type = string
+  description = "either https://github.com/org or github.com/org/repo"
+}
+
+variable "runner_version" {
+  type = string
+  description = "runner version from https://ghcr.io/actions/actions-runner"
+  default = "2.317.0"
+}
+
+variable "token" {
+  type = string
+  description = "GitHub Actions Runner Token"
+  sensitive = true
+}
--
rgit 0.1.5