feat: add network project for svpc, expose cooldown period, default s…

…cripts (#15)

* add network project for svpc, cooldown period for mig autoscaler

* move default scripts into module

* fmt

* add region to template

* read default file

examples/gh-runner-mig-native-simple/main.tf

@@ -15,13 +15,11 @@
  */
 
 module "runner-mig" {
-  source          = "../../modules/gh-runner-mig-vm"
-  create_network  = true
-  project_id      = var.project_id
-  repo_name       = var.repo_name
-  repo_owner      = var.repo_owner
-  repo_url        = var.repo_url
-  gh_token        = var.gh_token
-  startup_script  = file("${path.cwd}/startup.sh")
-  shutdown_script = file("${path.cwd}/shutdown.sh")
+  source         = "../../modules/gh-runner-mig-vm"
+  create_network = true
+  project_id     = var.project_id
+  repo_name      = var.repo_name
+  repo_owner     = var.repo_owner
+  repo_url       = var.repo_url
+  gh_token       = var.gh_token
 }

modules/gh-runner-gke/README.md

@@ -43,6 +43,7 @@ This example shows how to deploy a simple GKE Self Hosted Runner.
 | service\_account | Optional Service Account for the nodes | `string` | `""` | no |
 | subnet\_ip | IP range for the subnet | `string` | `"10.0.0.0/17"` | no |
 | subnet\_name | Name for the subnet | `string` | `"runner-subnet"` | no |
+| subnetwork\_project | The ID of the project in which the subnetwork belongs. If it is not provided, the project\_id is used. | `string` | `""` | no |
 | zones | The GCP zone to deploy gke into | `list(string)` | <pre>[<br>  "us-east4-a"<br>]</pre> | no |
 
 ## Outputs

modules/gh-runner-gke/main.tf

@@ -57,6 +57,7 @@ module "runner-cluster" {
   region                   = var.region
   zones                    = var.zones
   network                  = local.network_name
+  network_project_id       = var.subnetwork_project != "" ? var.subnetwork_project : var.project_id
   subnetwork               = local.subnet_name
   ip_range_pods            = var.ip_range_pods_name
   ip_range_services        = var.ip_range_pods_name

modules/gh-runner-gke/variables.tf

@@ -60,22 +60,31 @@ variable "network_name" {
   description = "Name for the VPC network"
   default     = "runner-network"
 }
+
 variable "subnet_ip" {
   type        = string
   description = "IP range for the subnet"
   default     = "10.0.0.0/17"
 }
+
 variable "subnet_name" {
   type        = string
   description = "Name for the subnet"
   default     = "runner-subnet"
 }
+
 variable "create_network" {
   type        = bool
   description = "When set to true, VPC will be auto created"
   default     = true
 }
 
+variable "subnetwork_project" {
+  type        = string
+  description = "The ID of the project in which the subnetwork belongs. If it is not provided, the project_id is used."
+  default     = ""
+}
+
 variable "machine_type" {
   type        = string
   description = "Machine type for runner node pool"

modules/gh-runner-mig-container-vm/README.md

@@ -27,6 +27,7 @@ This example shows how to deploy a Self Hosted Runner on MIG Container VMs.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | additional\_metadata | Additional metadata to attach to the instance | `map` | `{}` | no |
+| cooldown\_period | The number of seconds that the autoscaler should wait before it starts collecting information from a new instance. | `number` | `60` | no |
 | create\_network | When set to true, VPC,router and NAT will be auto created | `bool` | `true` | no |
 | dind | Flag to determine whether to expose dockersock | `bool` | `false` | no |
 | gh\_token | Github token that is used for generating Self Hosted Runner Token | `string` | n/a | yes |
@@ -43,6 +44,7 @@ This example shows how to deploy a Self Hosted Runner on MIG Container VMs.
 | service\_account | Service account email address | `string` | `""` | no |
 | subnet\_ip | IP range for the subnet | `string` | `"10.10.10.0/24"` | no |
 | subnet\_name | Name for the subnet | `string` | `"gh-runner-subnet"` | no |
+| subnetwork\_project | The ID of the project in which the subnetwork belongs. If it is not provided, the project\_id is used. | `string` | `""` | no |
 | target\_size | The number of runner instances | `number` | `2` | no |
 | zone | The GCP zone to deploy instances into | `string` | `"us-east4-b"` | no |
 

modules/gh-runner-mig-container-vm/main.tf

@@ -149,11 +149,13 @@ module "gce-container" {
 
 
 module "mig_template" {
-  source     = "terraform-google-modules/vm/google//modules/instance_template"
-  version    = "~> 5.0"
-  project_id = var.project_id
-  network    = local.network_name
-  subnetwork = local.subnet_name
+  source             = "terraform-google-modules/vm/google//modules/instance_template"
+  version            = "~> 5.0"
+  project_id         = var.project_id
+  region             = var.region
+  network            = local.network_name
+  subnetwork         = local.subnet_name
+  subnetwork_project = var.subnetwork_project != "" ? var.subnetwork_project : var.project_id
   service_account = {
     email = local.service_account
     scopes = [
@@ -191,34 +193,5 @@ module "mig" {
 
   /* autoscaler */
   autoscaling_enabled = true
-}
-/*****************************************
-  FW
- *****************************************/
-resource "google_compute_firewall" "http-access" {
-  name    = "${local.instance_name}-http"
-  project = var.project_id
-  network = local.network_name
-
-  allow {
-    protocol = "tcp"
-    ports    = ["8080"]
-  }
-
-  source_ranges = ["0.0.0.0/0"]
-  target_tags   = ["gh-runner-vm"]
-}
-
-resource "google_compute_firewall" "ssh-access" {
-  name    = "${local.instance_name}-ssh"
-  project = var.project_id
-  network = local.network_name
-
-  allow {
-    protocol = "tcp"
-    ports    = ["22"]
-  }
-
-  source_ranges = ["0.0.0.0/0"]
-  target_tags   = ["gh-runner-vm"]
+  cooldown_period     = var.cooldown_period
 }

modules/gh-runner-mig-container-vm/variables.tf

@@ -42,6 +42,12 @@ variable "create_network" {
   default     = true
 }
 
+variable "subnetwork_project" {
+  type        = string
+  description = "The ID of the project in which the subnetwork belongs. If it is not provided, the project_id is used."
+  default     = ""
+}
+
 variable "subnet_ip" {
   type        = string
   description = "IP range for the subnet"
@@ -118,3 +124,8 @@ variable "dind" {
   description = "Flag to determine whether to expose dockersock "
   default     = false
 }
+
+variable "cooldown_period" {
+  description = "The number of seconds that the autoscaler should wait before it starts collecting information from a new instance."
+  default     = 60
+}

modules/gh-runner-mig-vm/README.md

@@ -29,6 +29,7 @@ This example shows how to deploy a MIG Self Hosted Runner with an image pre-bake
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | additional\_metadata | Additional metadata to attach to the instance | `map` | `{}` | no |
+| cooldown\_period | The number of seconds that the autoscaler should wait before it starts collecting information from a new instance. | `number` | `60` | no |
 | create\_network | When set to true, VPC,router and NAT will be auto created | `bool` | `true` | no |
 | custom\_metadata | User provided custom metadata | `map` | `{}` | no |
 | gh\_token | Github token that is used for generating Self Hosted Runner Token | `string` | n/a | yes |
@@ -49,6 +50,7 @@ This example shows how to deploy a MIG Self Hosted Runner with an image pre-bake
 | startup\_script | User startup script to run when instances spin up | `string` | `""` | no |
 | subnet\_ip | IP range for the subnet | `string` | `"10.10.10.0/24"` | no |
 | subnet\_name | Name for the subnet | `string` | `"gh-runner-subnet"` | no |
+| subnetwork\_project | The ID of the project in which the subnetwork belongs. If it is not provided, the project\_id is used. | `string` | `""` | no |
 | target\_size | The number of runner instances | `number` | `2` | no |
 | zone | The GCP zone to deploy instances into | `string` | `"us-east4-b"` | no |
 

modules/gh-runner-mig-vm/main.tf

@@ -18,9 +18,8 @@ locals {
   network_name    = var.create_network ? google_compute_network.gh-network[0].self_link : var.network_name
   subnet_name     = var.create_network ? google_compute_subnetwork.gh-subnetwork[0].self_link : var.subnet_name
   service_account = var.service_account == "" ? google_service_account.runner_service_account[0].email : var.service_account
-  shutdown_script = {
-    "shutdown-script" = var.shutdown_script
-  }
+  startup_script  = var.startup_script == "" ? file("${path.module}/scripts/startup.sh") : var.startup_script
+  shutdown_script = var.shutdown_script == "" ? file("${path.module}/scripts/shutdown.sh") : var.shutdown_script
 }
 
 /*****************************************
@@ -123,11 +122,13 @@ locals {
 
 
 module "mig_template" {
-  source     = "terraform-google-modules/vm/google//modules/instance_template"
-  version    = "~> 5.0"
-  project_id = var.project_id
-  network    = local.network_name
-  subnetwork = local.subnet_name
+  source             = "terraform-google-modules/vm/google//modules/instance_template"
+  version            = "~> 5.0"
+  project_id         = var.project_id
+  network            = local.network_name
+  subnetwork         = local.subnet_name
+  region             = var.region
+  subnetwork_project = var.subnetwork_project != "" ? var.subnetwork_project : var.project_id
   service_account = {
     email = local.service_account
     scopes = [
@@ -140,11 +141,13 @@ module "mig_template" {
   name_prefix          = "gh-runner"
   source_image_family  = var.source_image_family
   source_image_project = var.source_image_project
-  startup_script       = var.startup_script
+  startup_script       = local.startup_script
   source_image         = var.source_image
   metadata = merge({
     "secret-id" = google_secret_manager_secret_version.gh-secret-version.name
-  }, local.shutdown_script, var.custom_metadata)
+    }, {
+    "shutdown-script" = local.shutdown_script
+  }, var.custom_metadata)
   tags = [
     "gh-runner-vm"
   ]
@@ -164,34 +167,5 @@ module "mig" {
 
   /* autoscaler */
   autoscaling_enabled = true
-}
-/*****************************************
-  FW
- *****************************************/
-resource "google_compute_firewall" "http-access" {
-  name    = "${local.instance_name}-http"
-  project = var.project_id
-  network = local.network_name
-
-  allow {
-    protocol = "tcp"
-    ports    = ["8080"]
-  }
-
-  source_ranges = ["0.0.0.0/0"]
-  target_tags   = ["gh-runner-vm"]
-}
-
-resource "google_compute_firewall" "ssh-access" {
-  name    = "${local.instance_name}-ssh"
-  project = var.project_id
-  network = local.network_name
-
-  allow {
-    protocol = "tcp"
-    ports    = ["22"]
-  }
-
-  source_ranges = ["0.0.0.0/0"]
-  target_tags   = ["gh-runner-vm"]
+  cooldown_period     = var.cooldown_period
 }

examples/gh-runner-mig-native-simple/shutdown.sh → modules/gh-runner-mig-vm/scripts/shutdown.sh

@@ -32,4 +32,3 @@ cd /runner || exit
 ./svc.sh uninstall
 #remove the runner configuration
 RUNNER_ALLOW_RUNASROOT=1  /runner/config.sh remove --unattended --token "$(curl -sS --request POST --url "https://api.github.com/repos/${REPO_OWNER}/${REPO_NAME}/actions/runners/remove-token" --header "authorization: Bearer ${GITHUB_TOKEN}"  --header "content-type: application/json" | jq -r .token)"
-

examples/gh-runner-mig-native-simple/startup.sh → modules/gh-runner-mig-vm/scripts/startup.sh

@@ -31,7 +31,7 @@ secrets=$(gcloud secrets versions access "$SECRET_VERSION" --secret="$SECRET_NAM
 # we want to use wordsplitting
 export $(echo "$secrets" | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]")
 #github runner version
-GH_RUNNER_VERSION="2.169.0"
+GH_RUNNER_VERSION="2.274.2"
 #get actions binary
 curl -o actions.tar.gz --location "https://github.com/actions/runner/releases/download/v${GH_RUNNER_VERSION}/actions-runner-linux-x64-${GH_RUNNER_VERSION}.tar.gz"
 mkdir /runner

modules/gh-runner-mig-vm/variables.tf

@@ -42,6 +42,12 @@ variable "create_network" {
   default     = true
 }
 
+variable "subnetwork_project" {
+  type        = string
+  description = "The ID of the project in which the subnetwork belongs. If it is not provided, the project_id is used."
+  default     = ""
+}
+
 variable "subnet_ip" {
   type        = string
   description = "IP range for the subnet"
@@ -143,3 +149,8 @@ variable "custom_metadata" {
   description = "User provided custom metadata"
   default     = {}
 }
+
+variable "cooldown_period" {
+  description = "The number of seconds that the autoscaler should wait before it starts collecting information from a new instance."
+  default     = 60
+}