feat: add support to fetch github token

Author: rohit-ng

modules/github-runner/README.md

@@ -24,9 +24,10 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ami_id"></a> [ami\_id](#input\_ami\_id) | AMI ID for the private instances | `string` | `"ami-0f58b397bc5c1f2e8"` | no |
-| <a name="input_github_config_token"></a> [github\_config\_token](#input\_github\_config\_token) | Github config token for self-hosted runners | `string` | n/a | yes |
-| <a name="input_github_config_url"></a> [github\_config\_url](#input\_github\_config\_url) | Github config url for self-hosted runners | `string` | n/a | yes |
-| <a name="input_key_name"></a> [key\_name](#input\_key\_name) | The name of the EC2 key pair | `string` | `"runner"` | no |
+| <a name="input_github_org"></a> [github\_org](#input\_github\_org) | The name of github organization | `string` | n/a | yes |
+| <a name="input_github_repo"></a> [github\_repo](#input\_github\_repo) | The name of github repository | `string` | n/a | yes |
+| <a name="input_github_token"></a> [github\_token](#input\_github\_token) | Personal Access Token for github | `string` | n/a | yes |
+| <a name="input_key_name"></a> [key\_name](#input\_key\_name) | The name of the EC2 key pair | `string` | `null` | no |
 | <a name="input_private_subnet_id"></a> [private\_subnet\_id](#input\_private\_subnet\_id) | The ID of the private subnet | `string` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The ID of the VPC | `string` | n/a | yes |
 

modules/github-runner/main.tf

@@ -5,9 +5,15 @@ resource "aws_instance" "github_runner" {
   vpc_security_group_ids = [aws_security_group.github_runner.id]
   key_name               = var.key_name
   user_data = templatefile("${path.module}/scripts/self-hosted-runner.sh", {
-    CONFIG_TOKEN = var.github_config_token
-    CONFIG_URL   = var.github_config_url
+    GITHUB_ORG  = var.github_org
+    GITHUB_REPO = var.github_repo
+    GITHUB_PAT  = var.github_token
   })
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
   tags = {
     Name = local.ubuntu_instance_name
   }

modules/github-runner/scripts/self-hosted-runner.sh

@@ -1,10 +1,5 @@
 #!/bin/bash
 
-# Define multiple runner configurations
-# declare -A RUNNERS=(
-#     ["runner-1"]="https://github.com/actions/runner/releases/download/v2.317.0/actions-runner-linux-x64-2.317.0.tar.gz"
-# )
-
 DEFAULT_USER="githubrunner"
 USER_HOME="/home/$DEFAULT_USER"
 USER_PASSWORD="password"
@@ -73,38 +68,66 @@ download_and_extract_runner() {
     sudo chown -R $DEFAULT_USER:$DEFAULT_USER "$USER_HOME/$RUNNER_NAME/actions-runner" || die "Failed to set ownership for $USER_HOME/$RUNNER_NAME/actions-runner."
 }
 
+# Function to fetch GitHub Actions runner registration token
+fetch_runner_token() {
+    local response
+    response=$(curl -s -X POST -H "Authorization: token ${GITHUB_PAT}" "https://api.github.com/repos/${GITHUB_ORG}/${GITHUB_REPO}/actions/runners/registration-token")
+    echo $(echo "$response" | jq -r .token)
+}
+
 # Function to configure and start the runner
 configure_and_start_runner() {
     local RUNNER_NAME="$1"
+    local RUNNER_TOKEN
+    RUNNER_TOKEN=$(fetch_runner_token) || die "Failed to fetch GitHub Actions runner registration token."
 
     sudo -u $DEFAULT_USER -i <<EOF
     cd "$USER_HOME/$RUNNER_NAME/actions-runner" || exit 1
 
-    ./config.sh --url "${CONFIG_URL}" \
-                --token "${CONFIG_TOKEN}" \
+    ./config.sh --url "https://github.com/${GITHUB_ORG}/${GITHUB_REPO}" \
+                --token "$RUNNER_TOKEN" \
                 --name "$RUNNER_NAME" \
                 --runnergroup "Default" \
                 --work "_work" \
                 --labels "self-hosted,Linux,X64,$RUNNER_NAME" \
                 --unattended \
                 --replace || { echo "Failed to configure GitHub Actions runner"; exit 1; }
 
-    nohup ./run.sh > runner.log 2>&1 &
-    if [ \$? -ne 0 ]; then
-        echo "Failed to start GitHub Actions runner $RUNNER_NAME"
-        exit 1
-    fi
-
     echo "GitHub Actions runner setup for $RUNNER_NAME completed successfully."
     echo "The runner is running in the background. Check runner.log for output."
 EOF
+
+    # Create systemd service
+    sudo tee /etc/systemd/system/github-runner.service >/dev/null <<EOL
+[Unit]
+Description=GitHub Actions Runner
+After=network.target
+
+[Service]
+User=$DEFAULT_USER
+WorkingDirectory=$USER_HOME/$RUNNER_NAME/actions-runner
+ExecStart=$USER_HOME/$RUNNER_NAME/actions-runner/run.sh
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOL
+
+    # Reload systemd and start the service
+    sudo systemctl daemon-reload
+    sudo systemctl enable github-runner
+    sudo systemctl start github-runner
+
+    echo "Systemd service for GitHub Actions runner $RUNNER_NAME created and started."
 }
 
 # Main script
 main() {
-    local RUNNER_NAME="runner"
+    local RUNNER_NAME="deck"
     # Install required packages if not already installed
     command_exists curl || install_packages curl
+    install_packages curl jq
 
     # Ensure default user exists and has necessary permissions (no longer creating new users)
     sudo useradd -m -s /bin/bash $DEFAULT_USER 2>/dev/null || true

modules/github-runner/variables.tf

@@ -17,17 +17,23 @@ variable "private_subnet_id" {
 variable "key_name" {
   description = "The name of the EC2 key pair"
   type        = string
-  default     = "runner"
+  default     = null
 }
 
-variable "github_config_url" {
-  description = "Github config url for self-hosted runners"
+variable "github_org" {
+  description = "The name of github organization"
   type        = string
   sensitive   = true
 }
 
-variable "github_config_token" {
-  description = "Github config token for self-hosted runners"
+variable "github_repo" {
+  description = "The name of github repository"
+  type        = string
+  sensitive   = true
+}
+
+variable "github_token" {
+  description = "Personal Access Token for github"
   type        = string
   sensitive   = true
 }