Merge pull request #15 from wainersm/updates

wainersm · web-flow · commit 02e5c59c2a1d · 2024-08-06T10:49:10.000-03:00
Update docs regarding expired tokens
diff --git a/github/azure-self-hosted-runners/README.md b/github/azure-self-hosted-runners/README.md
@@ -22,19 +22,15 @@ The application is deployed as an [ACI](https://azure.microsoft.com/en-us/produc
 
 ### Deployment
 
-Github tokens (see above) need to be passed to Garm via tf variables, either by creating a `tf/terraform.tfvars` or specifying it on the cli:
+Github tokens (see above) are passed to Garm via Azure Key Vault secrets. So first you should put the tokens as secrets in
+a Key Vault. The Key Vault id is then passed to terraform either by creating a `tf/terraform.tfvars` or specifying it on the cli:
 
 ```hcl
-github_tokens = [
-	{
-		name = "some name"
-		token = "abc123"
-	},
-]
+github_token_key_vault_id = "the vault id"
 ```
 
 ```bash
-terraform apply -var='github_tokens=[{"name":"some name","token":"abc123"}]'
+terraform apply -var='github_token_key_vault_id="the vault id"'
 ```
 
 ## Configuration
@@ -125,3 +121,19 @@ $ az container logs -g garm -n garm-kg1ocu --container-name garm --follow
 }
 127.0.0.1 - - [02/Jun/2023:13:01:21 +0000] "GET /api/v1/metadata/runner-registration-token/ HTTP/1.1" 200 29 "" "curl/7.81.0"
 ```
+
+## Updating expired Github tokens
+
+The Github tokens should be updated in the Garm installation from time-to-time because they expire. You will need to re-generate the expired token(s) first.
+
+Then you will need to update its value on the Key Vault. For example, suppose the new token is "github_pat_xxxxxxxx", to update the "garm" secret in the "garm-github-tokens" vault:
+
+```
+$ az keyvault secret set --value github_pat_xxxxxxxx --name garm --vault-name garm-github-tokens
+```
+
+Finally you will need to re-deploy Garm:
+
+```bash
+$ terraform apply
+```
diff --git a/github/azure-self-hosted-runners/tf/variables.tf b/github/azure-self-hosted-runners/tf/variables.tf
@@ -18,13 +18,13 @@ variable "vm_location" {
 
 variable "garm_image" {
   type        = string
-  default     = "ghcr.io/confidential-containers/garm:main"
+  default     = "ghcr.io/confidential-containers/garm@sha256:c79f9231ef52e8be9141623e3ef67bae0ab373e4ad5b0b6cee78e20fb54f994c"
   description = "Container image for garm"
 }
 
 variable "caddy_image" {
   type        = string
-  default     = "caddy:2.6.4"
+  default     = "ghcr.io/confidential-containers/caddy:2.6.4"
   description = "Container image for caddy"
 }
 

Original file line number	Diff line number	Diff line change
`@@ -18,13 +18,13 @@ variable "vm_location" {`
`18`	`18`
`19`	`19`	`variable "garm_image" {`
`20`	`20`	`type = string`
`21`		`- default = "ghcr.io/confidential-containers/garm:main"`
	`21`	`+ default = "ghcr.io/confidential-containers/garm@sha256:c79f9231ef52e8be9141623e3ef67bae0ab373e4ad5b0b6cee78e20fb54f994c"`
`22`	`22`	`description = "Container image for garm"`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`variable "caddy_image" {`
`26`	`26`	`type = string`
`27`		`- default = "caddy:2.6.4"`
	`27`	`+ default = "ghcr.io/confidential-containers/caddy:2.6.4"`
`28`	`28`	`description = "Container image for caddy"`
`29`	`29`	`}`
`30`	`30`