search

traderepublic / Cilicon

🛠️ Self-Hosted ephemeral macOS CI on Apple Silicon
MIT License
969 stars 29 forks source link

Support for GIthub Actions Jitconfig API #50

Closed acalejos closed 3 months ago

acalejos commented 8 months ago

First, let me start by saying thank you for this project! I've searched far and wide for a simple solution to this very problem, and had my first successful run using a self-hosted solution with a Mac Mini for my project

Since the newest release supports targeting the /repos endpoint and individual's projects rather than organizations, it might make sense to support the JIT config setup for Github Actions Runners. I ended up using a custom script provision using this endpoint along with ./run.sh --jitconfig {jitconfig} option.

So basically the command would look like:

jitconfig=$(curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <TOKEN with repo scope>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/actions/runners/generate-jitconfig \
  -d '{"name":"{NAME_PARAM}-'$(uuidgen)'","runner_group_id":{RUNNER_GROUP},"labels":LABELS_ARRAY,"work_folder":{WORK_FOLDER}}' \
  | jq -r '.encoded_jit_config') && ~/actions-runner/run.sh --jitconfig $jitconfig

You already have access to most of these with the config options as they are currently. According to the docs, it also works with GitHub apps, so maybe it could even replace the current implementation (not confident on that).

I can try my hand at doing it myself, but wanted to get your opinion on its inclusion first.

Thanks again!

Marcocanc commented 3 months ago

@acalejos Looks interesting. I implemented jitconfig into Cilicon to try it out. My main concern is that there's no "replace" option that could overwrite already existing runners with the same name and will throw an error. One could mitigate this by mixing the name with a uuid, as you did, but I'm concerned about offline runners piling up in runner groups and don't know if they will auto-expire after a while.

Marcocanc commented 3 months ago

@acalejos After testing jitconfig, I have decided to not publish the implementation as I simply don't see the benefit except for being able to use PATs instead of Apps. Please let me know if I'm missing something.