Merge pull request #166 from danielefranceschi/main

support for enterprise self-hosted runners

Author: MonolithProjects

.github/workflows/lint.yml

@@ -5,6 +5,7 @@ on:
   push:
     branches:
       - master
+      - main
 
 jobs:
   lint:

.github/workflows/tests.yml

@@ -4,6 +4,7 @@ on:
   pull_request:
     branches:
         - master
+        - main
     types: [opened, synchronize, reopened]
     paths:
       - 'defaults/**'

.pre-commit-config.yaml

@@ -1,23 +1,23 @@
 repos:
-    - repo: https://github.com/pre-commit/pre-commit-hooks
-      rev: v4.0.1
-      hooks:
-        - id: check-yaml
-          args: [--allow-multiple-documents]
-        - id: end-of-file-fixer
-        - id: trailing-whitespace
-          args: [--markdown-linebreak-ext=md]
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.0.1
+    hooks:
+      - id: check-yaml
+        args: [--allow-multiple-documents]
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
 
-    - repo: https://github.com/adrienverge/yamllint
-      rev: v1.26.3
-      hooks:
-        - id: yamllint
-          args: [-c=.yamllint]
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.26.3
+    hooks:
+      - id: yamllint
+        args: [-c=.yamllint]
 
-    - repo: https://github.com/robertdebock/pre-commit
-      rev: v1.2.3
-      hooks:
-        - id: ansible_role_find_unused_variable
-        - id: ansible_role_find_empty_files
-        - id: ansible_role_find_empty_directories
-        - id: ansible_role_fix_readability
+  - repo: https://github.com/robertdebock/pre-commit
+    rev: v1.2.3
+    hooks:
+      - id: ansible_role_find_unused_variable
+      - id: ansible_role_find_empty_files
+      - id: ansible_role_find_empty_directories
+      - id: ansible_role_fix_readability

README.md

@@ -9,7 +9,7 @@
 
 
 This role will deploy/redeploy/uninstall and register/unregister local GitHub Actions Runner on Linux and macOS Systems (see [compatibility list](#supported-operating-systems) ).
-It supports both, Organization and Repository Runners.
+It supports Enterprise, Organization and Repository Runners.
 
 ## Requirements
 
@@ -18,7 +18,8 @@ It supports both, Organization and Repository Runners.
 * The role require Personal Access Token to access the GitHub. The token can be set as `PERSONAL_ACCESS_TOKEN` environment variable.
 
 > **Note**  
-> The token must have the `repo` scope (when creating a repo runner) or the `admin:org` scope (when creating a runner for an organization).
+> The token must have the `repo` scope (when creating a repo runner), the `admin:org` scope (when creating a runner for an organization),
+> the `manage_runners:enterprise` scope (when creating a enterprise runner).
 Personal Access Token for GitHub account can be created [here](https://github.com/settings/tokens).
 
 > **Warning**  
@@ -112,6 +113,9 @@ runner_name: "{{ ansible_hostname }}"
 # Github repository name
 # github_repo: "yourrepo"
 
+# GitHub Enterprise name
+# github_enterprise: "yourenterprise"
+
 # Configuring a custom .env file
 # custom_env: |
 # http_proxy=YOUR_URL_HERE
@@ -122,7 +126,7 @@ runner_name: "{{ ansible_hostname }}"
 # HTTP_PROXY=
 ```
 
-## Example Playbook
+## Example Playbooks
 
 In this example the Ansible role will install (or update) the GitHub Actions Runner service (latest available version). The runner will be registered for *my_awesome_repo* GitHub repo.
 Runner service will be stated and will run under the same user as the Ansible is using for ssh connection (*ansible*).
@@ -156,6 +160,20 @@ Same example as above, but runner will be added to an organization and deployed
     - role: monolithprojects.github_actions_runner
 ```
 
+If you have a Github Enterprise Cloud license and you want to manage all the self-hosted runners from the enterprise:
+```yaml
+---
+- name: Install GitHub Actions Runner
+  hosts: all
+  user: automation
+  become: yes
+  vars:
+    - github_enterprise: my_awesome_enterprise
+    - runner_org: no
+  roles:
+    - role: monolithprojects.github_actions_runner
+```
+
 In this example the Ansible role will deploy (or update) the GitHub Actions runner service (version 2.165.2) and register the runner for the GitHub repo. Runner service will run under the user `runner-user`. Runner will be registered with two labels.
 The runner service will be *stopped* and disabled. Runner will use custom environment variables (from file named `.env` in the self-hosted runner application directory).
 

defaults/main.yml

@@ -12,10 +12,10 @@ runner_version: "latest"
 runner_state: "started"
 
 # If found on the server, delete already existing runner service and install it again
-reinstall_runner: no
+reinstall_runner: false
 
 # Do not show Ansible logs which may contain sensitive data (registration token)
-hide_sensitive_logs: yes
+hide_sensitive_logs: true
 
 # GitHub address
 github_url: "https://github.com"
@@ -27,7 +27,7 @@ github_api_url: "https://api.github.com"
 access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
 
 # Is it the runner for organization or not?
-runner_org: no
+runner_org: false
 
 # Labels to apply to the runner
 runner_labels: []
@@ -54,6 +54,9 @@ runner_name: "{{ ansible_hostname }}"
 # Github repository name
 # github_repo: "yourrepo"
 
+# GitHub Enterprise name
+# github_enterprise: "yourenterprise"
+
 # Configuring a custom .env file
 # custom_env: |
 # http_proxy=YOUR_URL_HERE

tasks/assert.yml

@@ -5,6 +5,7 @@
       - github_account is defined
     fail_msg: "github_account is not defined"
   run_once: true
+  when: not github_enterprise
 
 - name: Check access_token variable (RUN ONCE)
   ansible.builtin.assert:
@@ -20,6 +21,7 @@
       - runner_org | bool == True or runner_org == False
     fail_msg: "runner_org should be a boolean value"
   run_once: true
+  when: not github_enterprise
 
 - name: Check github_repo variable (RUN ONCE)
   ansible.builtin.assert:
@@ -28,4 +30,4 @@
       - github_repo | length > 0
     fail_msg: "github_repo was not found or is using an invalid format."
   run_once: true
-  when: not runner_org
+  when: not runner_org and not github_enterprise

tasks/collect_info.yml

@@ -2,71 +2,76 @@
 - name: Info collections
   check_mode: false
   block:
-  - name: Set complete API url for repo runner
-    ansible.builtin.set_fact:
-      github_full_api_url: "{{ github_api_url }}/repos/{{ github_owner | default(github_account) }}/{{ github_repo }}/actions/runners"
-    when: not runner_org
+    - name: Set complete API url for repo runner
+      ansible.builtin.set_fact:
+        github_full_api_url: "{{ github_api_url }}/repos/{{ github_owner | default(github_account) }}/{{ github_repo }}/actions/runners"
+      when: not runner_org and not github_enterprise
 
-  - name: Set complete API url for org runner
-    ansible.builtin.set_fact:
-      github_full_api_url: "{{ github_api_url }}/orgs/{{ github_owner | default(github_account) }}/actions/runners"
-    when: runner_org | bool
+    - name: Set complete API url for org runner
+      ansible.builtin.set_fact:
+        github_full_api_url: "{{ github_api_url }}/orgs/{{ github_owner | default(github_account) }}/actions/runners"
+      when: runner_org | bool and not github_enterprise
 
-  - name: Get registration token (RUN ONCE)
-    ansible.builtin.uri:
-      url: "{{ github_full_api_url }}/registration-token"
-      headers:
-        Authorization: "token {{ access_token }}"
-        Accept: "application/vnd.github.v3+json"
-      method: POST
-      status_code: 201
-      force_basic_auth: yes
-    register: registration
-    run_once: true
+    - name: Set complete API url for enterprise runner
+      ansible.builtin.set_fact:
+        github_full_api_url: "{{ github_api_url }}/enterprises/{{ github_enterprise }}/actions/runners"
+      when: github_enterprise
 
-  - name: Check currently registered runners for repo (RUN ONCE)
-    ansible.builtin.uri:
-      url: "{{ github_full_api_url }}"
-      headers:
-        Authorization: "token {{ access_token }}"
-        Accept: "application/vnd.github.v3+json"
-      method: GET
-      status_code: 200
-      force_basic_auth: yes
-    register: registered_runners
-    run_once: true
+    - name: Get registration token (RUN ONCE)
+      ansible.builtin.uri:
+        url: "{{ github_full_api_url }}/registration-token"
+        headers:
+          Authorization: "token {{ access_token }}"
+          Accept: "application/vnd.github.v3+json"
+        method: POST
+        status_code: 201
+        force_basic_auth: true
+      register: registration
+      run_once: true
 
-  - name: Get Runner User IDs
-    ansible.builtin.command: id -u "{{ runner_user }}"
-    changed_when: false
-    register: runner_user_id
+    - name: Check currently registered runners (RUN ONCE)
+      ansible.builtin.uri:
+        url: "{{ github_full_api_url }}"
+        headers:
+          Authorization: "token {{ access_token }}"
+          Accept: "application/vnd.github.v3+json"
+        method: GET
+        status_code: 200
+        force_basic_auth: true
+      register: registered_runners
+      run_once: true
 
-  - name: Get Runner Group IDs
-    ansible.builtin.command: id -g "{{ runner_user }}"
-    changed_when: false
-    register: runner_user_group_id
+    - name: Get Runner User IDs
+      ansible.builtin.command: id -u "{{ runner_user }}"
+      changed_when: false
+      register: runner_user_id
 
-  - name: Set runner_system variable
-    ansible.builtin.set_fact:
-      runner_system: "{{ 'osx' if ansible_system == 'Darwin' else 'linux' }}"
+    - name: Get Runner Group IDs
+      ansible.builtin.command: id -g "{{ runner_user }}"
+      changed_when: false
+      register: runner_user_group_id
 
-  - name: Find the latest runner version (RUN ONCE)
-    ansible.builtin.uri:
-      url: "https://api.github.com/repos/{{ runner_download_repository }}/releases/latest"
-      headers:
-        Content-Type: "application/json"
-      method: GET
-      return_content: yes
-      status_code: 200
-      body_format: json
-    check_mode: false
-    register: api_response
-    run_once: true
-    become: false
-    delegate_to: localhost
-    when: runner_version == "latest"
+    - name: Set runner_system variable
+      ansible.builtin.set_fact:
+        runner_system: "{{ 'osx' if ansible_system == 'Darwin' else 'linux' }}"
 
-  - name: Get systemd service facts
-    ansible.builtin.service_facts:
-    register: service_facts
-    when: ansible_system == "Linux"
+    - name: Find the latest runner version (RUN ONCE)
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/{{ runner_download_repository }}/releases/latest"
+        headers:
+          Content-Type: "application/json"
+        method: GET
+        return_content: true
+        status_code: 200
+        body_format: json
+      check_mode: false
+      register: api_response
+      run_once: true
+      become: false
+      delegate_to: localhost
+      when: runner_version == "latest"
+
+    - name: Get systemd service facts
+      ansible.builtin.service_facts:
+      register: service_facts
+      when: ansible_system == "Linux"

tasks/install_deps.yml

@@ -10,7 +10,7 @@
       - libssl1.1
       - libicu57
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "9")
 
 - name: Install dependencies on Debian Buster
@@ -23,7 +23,7 @@
       - libssl1.1
       - libicu63
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "10")
 
 - name: Install dependencies on Debian Bullseye
@@ -36,7 +36,7 @@
       - libssl1.1
       - libicu67
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "11")
 
 - name: Install dependencies on Debian Bookworm
@@ -49,7 +49,7 @@
       - libssl3
       - libicu72
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "12")
 
 - name: Install dependencies on Ubuntu Xenial systems
@@ -62,7 +62,7 @@
       - libssl1.0.0
       - libicu55
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "16")
 
 - name: Install dependencies on Ubuntu Bionic systems
@@ -75,7 +75,7 @@
       - libssl1.1
       - libicu60
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "18")
 
 - name: Install dependencies on Ubuntu Focal systems
@@ -88,7 +88,7 @@
       - libssl1.1
       - libicu66
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "20")
 
 - name: Install dependencies on Ubuntu Jammy systems
@@ -100,7 +100,7 @@
       - zlib1g
       - libicu70
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "22")
 
 - name: Install dependencies on RHEL/CentOS/Fedora systems
@@ -112,7 +112,7 @@
       - zlib
       - libicu
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "RedHat") or
         (ansible_distribution == "CentOS") or
         (ansible_distribution == "Fedora") or