Merge pull request #222 from MonolithProjects/develop

Develop to Master

Author: MonolithProjects

.github/workflows/lint.yml

@@ -16,7 +16,7 @@ jobs:
       SUITE: default
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: ${{ env.ANSIBLE_ROLE }}
 

.github/workflows/tests.yml

@@ -2,13 +2,9 @@ name: molecule test
 
 on:
   push:
-    branches:
-      - develop
-  pull_request:
     branches:
       - master
-      - main
-    types: [opened, synchronize, reopened]
+      - develop
     paths:
       - 'defaults/**'
       - 'handlers/**'
@@ -86,7 +82,7 @@ jobs:
           - os: "rockylinux9"
     steps:
       - name: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: "${{ github.repository }}"
 

README.md

@@ -10,15 +10,23 @@
 This role will deploy/redeploy/uninstall and register/unregister local GitHub Actions Runner on Linux and macOS Systems (see [compatibility list](#supported-operating-systems) ).
 It supports Enterprise, Organization and Repository Runners.
 
-## Role Installation
-
-**requirements.yml**  
-```yml
-roles:
-  - name: monolithprojects.github_actions_runner
-    version: 1.21.1
-    src: https://github.com/MonolithProjects/ansible-github_actions_runner
-```
+> [!IMPORTANT]  
+> My Galaxy account is currently broken. Please use Github for installation source.  
+>
+> **CLI:**
+>
+>```yml
+>ansible-galaxy role install git+https://github.com/MonolithProjects/ansible-github_actions_runner.git,1.21.1
+>```
+>
+>**requirements.yml:**  
+>
+>```yml
+>roles:
+>  - name: monolithprojects.github_actions_runner
+>    version: 1.21.1
+>    src: https://github.com/MonolithProjects/ansible-github_actions_runner
+>```
 
 ## Requirements
 
@@ -47,13 +55,14 @@ Personal Access Token for GitHub account can be created [here](https://github.co
 
 ## Supported Operating Systems
 
-* Red Hat Enterprise Linux 7
-* CentOS 7
+* Red Hat Enterprise Linux 7+
+* CentOS 7+
 * Rocky Linux 8+
 * Fedora 29+
 * Debian 9+
-* Ubuntu 16.04+
+* Ubuntu 18.04+
 * MacOS High Sierra +
+* Windows
 
 ## Weekly tested on:
 
@@ -72,7 +81,7 @@ This is a copy from `defaults/main.yml`
 runner_user: "{{ lookup('env', 'USER') }}"
 
 # Directory where the local runner will be installed
-runner_dir: /opt/actions-runner
+runner_dir: "{{ 'C:\\actions-runner' if ansible_facts.system == 'Win32NT' else '/opt/actions-runner' }}"
 
 # Version of the GitHub Actions Runner
 runner_version: "latest"
@@ -111,7 +120,7 @@ runner_group: ""
 runner_download_repository: "actions/runner"
 
 # Extra arguments to pass to `config.sh`.
-# Several arguments muste be set as one string (i.e. "--ephemeral --my_special_fork")
+# Several arguments must be set as one string (i.e. "--ephemeral --my_special_fork")
 runner_extra_config_args: ""
 
 # Name to assign to this runner in GitHub (System hostname as default)
@@ -132,6 +141,9 @@ all_runners_in_same_repo: true
 # GitHub Enterprise name
 # github_enterprise: "yourenterprise"
 
+# Runner user Windows password - the logon password for the service user when running on windows.
+# runner_user_win_password: "{{ lookup('env', 'PASS') }}"
+
 # Configuring a custom .env file
 # custom_env: |
 # http_proxy=YOUR_URL_HERE

defaults/main.yml

@@ -3,7 +3,7 @@
 runner_user: "{{ lookup('env', 'USER') }}"
 
 # Directory where the local runner will be installed
-runner_dir: /opt/actions-runner
+runner_dir: "{{ 'C:\\actions-runner' if ansible_facts.system == 'Win32NT' else '/opt/actions-runner' }}"
 
 # Version of the GitHub Actions Runner
 runner_version: "latest"
@@ -42,7 +42,7 @@ runner_group: ""
 runner_download_repository: "actions/runner"
 
 # Extra arguments to pass to `config.sh`.
-# Several arguments muste be set as one string (i.e. "--ephemeral --my_special_fork")
+# Several arguments must be set as one string (i.e. "--ephemeral --my_special_fork")
 runner_extra_config_args: ""
 
 # Name to assign to this runner in GitHub (System hostname as default)
@@ -63,6 +63,9 @@ all_runners_in_same_repo: true
 # GitHub Enterprise name
 # github_enterprise: "yourenterprise"
 
+# Runner user Windows password - the logon password for the service user when running on windows.
+# runner_user_win_password: "{{ lookup('env', 'PASS') }}"
+
 # Configuring a custom .env file
 # custom_env: |
 # http_proxy=YOUR_URL_HERE

tasks/assert.yml

@@ -31,3 +31,11 @@
     fail_msg: "github_repo was not found or is using an invalid format."
   run_once: true
   when: not runner_org and github_enterprise is not defined
+
+- name: Check runner_user_win_password (RUN ONCE)
+  ansible.builtin.assert:
+    that:
+      - runner_user_win_password is defined
+    fail_msg: "runner_user_win_password was not defined, but it is required on a windows system"
+  run_once: true
+  when: github_actions_system == "win"

tasks/collect_info.yml

@@ -27,6 +27,8 @@
         status_code: 201
         force_basic_auth: true
       register: registration
+      delegate_to: localhost
+      become: false
       run_once: true
 
     - name: "Check currently registered runners for repo {{ '(RUN ONCE)' if all_runners_in_same_repo else '' }}"
@@ -42,21 +44,21 @@
         status_code: 200
         force_basic_auth: true
       register: registered_runners
+      delegate_to: localhost
+      become: false
       run_once: "{{ all_runners_in_same_repo }}"
 
     - name: Get Runner User IDs
       ansible.builtin.command: id -u "{{ runner_user }}"
       changed_when: false
       register: runner_user_id
+      when: github_actions_system != "win"
 
     - name: Get Runner Group IDs
       ansible.builtin.command: id -g "{{ runner_user }}"
       changed_when: false
       register: runner_user_group_id
-
-    - name: Set runner_system variable
-      ansible.builtin.set_fact:
-        runner_system: "{{ 'osx' if ansible_facts.system == 'Darwin' else 'linux' }}"
+      when: github_actions_system != "win"
 
     - name: Find the latest runner version (RUN ONCE)
       ansible.builtin.uri:
@@ -77,4 +79,4 @@
     - name: Get systemd service facts
       ansible.builtin.service_facts:
       register: service_facts
-      when: ansible_facts.system  == "Linux"
+      when: github_actions_system == "linux"

tasks/install_runner.yml tasks/install_runner_unix.yml

@@ -22,7 +22,7 @@
 - name: Unarchive runner package
   ansible.builtin.unarchive:
     src: "https://github.com/{{ runner_download_repository }}/releases/download/v{{ runner_version }}/\
-          actions-runner-{{ runner_system }}-{{ github_actions_architecture }}-{{ runner_version }}.tar.gz"
+          actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.tar.gz"
     dest: "{{ runner_dir }}/"
     owner: "{{ runner_user_id.stdout }}"
     group: "{{ runner_user_group_id.stdout }}"

tasks/install_runner_win.yml

@@ -0,0 +1,142 @@
+---
+- name: Create directory
+  ansible.windows.win_file:
+    path: "{{ runner_dir }}"
+    state: directory
+
+- name: Set owner of directory
+  ansible.windows.win_owner:
+    path: "{{ runner_dir }}"
+    user: "{{ runner_user }}"
+
+- name: Set runner_version variable (If latest)
+  ansible.builtin.set_fact:
+    runner_version: "{{ api_response.json.tag_name | regex_replace('^v', '') }}"
+  when: runner_version == "latest"
+
+- name: Check if desired version already installed
+  ansible.windows.win_command: "grep -i {{ runner_version }} {{ runner_dir }}\\bin\\Runner.Listener.deps.json"
+  register: runner_installed
+  check_mode: false
+  changed_when: false
+  ignore_errors: true
+
+- name: Download runner package
+  ansible.windows.win_get_url:
+    url: "https://github.com/{{ runner_download_repository }}/releases/download/v{{ runner_version }}/\
+          actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.zip"
+    dest: "%TEMP%\\actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.zip"
+  when: runner_version not in runner_installed.stdout or reinstall_runner
+
+- name: Unarchive runner package
+  community.windows.win_unzip:
+    src: "%TEMP%\\actions-runner-{{ github_actions_system }}-{{ github_actions_architecture }}-{{ runner_version }}.zip"
+    dest: "{{ runner_dir }}\\"
+    delete_archive: yes
+  when: runner_version not in runner_installed.stdout or reinstall_runner
+
+- name: Configure custom env file if required
+  randrej.windows.win_blockinfile:
+    path: "{{ runner_dir }}\\.env"
+    block: "{{ custom_env }}"
+    create: true
+    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+    marker_begin: BEGIN
+    marker_end: END
+  when: custom_env is defined
+
+- name: Check if runner service name file exist
+  ansible.windows.win_stat:
+    path: "{{ runner_dir }}/.service"
+  register: runner_service_file_path
+
+- name: Set complete GitHub url for repo runner
+  ansible.builtin.set_fact:
+    github_full_url: "{{ github_url }}/{{ github_owner | default(github_account) }}/{{ github_repo }}"
+  when: not runner_org and github_enterprise is not defined
+
+- name: Set complete GitHub url for org runner
+  ansible.builtin.set_fact:
+    github_full_url: "{{ github_url }}/{{ github_owner | default(github_account) }}"
+  when: runner_org | bool and github_enterprise is not defined
+
+- name: Set complete GitHub url for enterprise runner
+  ansible.builtin.set_fact:
+    github_full_url: "{{ github_url }}/enterprises/{{ github_enterprise }}"
+  when: github_enterprise is defined
+
+- name: Register runner  # noqa no-changed-when
+  environment:
+    RUNNER_ALLOW_RUNASROOT: "1"
+  ansible.windows.win_command:
+    "{{ runner_dir }}\\config.cmd \
+    --url {{ github_full_url }} \
+    --token {{ registration.json.token }} \
+    --name {{ runner_name }} \
+    --labels {{ runner_labels | join(',') }} \
+    --runnergroup {{ runner_group }} \
+    --runasservice \
+    --windowslogonaccount {{ runner_user }} \
+    --windowslogonpassword {{ runner_user_win_password }} \
+    --unattended \
+    {{ runner_extra_config_args }}"
+  args:
+    chdir: "{{ runner_dir }}"
+  changed_when: true
+  become_method: ansible.builtin.runas
+  become_user: "{{ runner_user }}"
+  become: true
+  no_log: "{{ hide_sensitive_logs | bool }}"
+  when: runner_name not in registered_runners.json.runners|map(attribute='name')|list
+
+- name: Replace registered runner  # noqa no-changed-when
+  environment:
+    RUNNER_ALLOW_RUNASROOT: "1"
+  ansible.windows.win_command:
+    "{{ runner_dir }}\\config.cmd \
+    --url {{ github_full_url }} \
+    --token {{ registration.json.token }} \
+    --name {{ runner_name }} \
+    --labels {{ runner_labels | join(',') }} \
+    --runasservice \
+    --windowslogonaccount {{ runner_user }} \
+    --windowslogonpassword {{ runner_user_win_password }} \
+    --unattended \
+    {{ runner_extra_config_args }} \
+    --replace"
+  args:
+    chdir: "{{ runner_dir }}"
+  changed_when: true
+  become_method: ansible.builtin.runas
+  become_user: "{{ runner_user }}"
+  become: true
+  no_log: "{{ hide_sensitive_logs | bool }}"
+  when: >
+    runner_name in registered_runners.json.runners|map(attribute='name')|list and
+    reinstall_runner
+
+- name: Read service name from file
+  ansible.windows.win_command: "cat {{ runner_dir }}\\.service"
+  register: runner_service
+  changed_when: false
+
+- name: START and enable Github Actions Runner service
+  ansible.windows.win_service:
+    name: "{{ runner_service.stdout }}"
+    start_mode: auto
+    state: started
+  when: runner_state|lower == "started"
+
+- name: STOP and disable Github Actions Runner service
+  ansible.windows.win_service:
+    name: "{{ runner_service.stdout }}"
+    start_mode: manual
+    state: stopped
+  when: runner_state|lower == "stopped"
+
+- name: Version changed - RESTART Github Actions Runner service
+  ansible.windows.win_service:
+    name: "{{ runner_service.stdout }}"
+    start_mode: auto
+    state: restarted
+  when: runner_version not in runner_installed.stdout and not runner_state|lower == "stopped"