seed initial modules (#1)

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @morgante @bbaiju @sethvargo @craigdbarber

.gitignore

@@ -28,6 +28,9 @@ Session.vim
 *.tfstate
 *.tfstate.*
 
+# test.out files
+test.out
+
 # Crash log files
 crash.log
 

Makefile

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

README.md

@@ -1,82 +1,96 @@
-# terraform-google-terraform-google-github-actions-runners
+# terraform-google-github-actions-runners
 
-This module was generated from [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template/), which by default generates a module that simply creates a GCS bucket. As the module develops, this README should be updated.
+Using these Terraform modules you can quickly deploy Self Hosted Github Runners for jobs in your GitHub Actions workflows
 
-The resources/services/activations/deletions that this module will create/trigger are:
+## [Self Hosted Runners on GKE](modules/gh-runner-gke/README.md)
 
-- Create a GCS bucket with the provided name
+The `gh-runner-gke` module provisions the resources required to deploy Self Hosted Runners on GCP infrastructure using GKE.
 
-## Usage
+This includes
 
-Basic usage of this module is as follows:
+- Enabling necessary APIs
+- VPC
+- GKE Cluster
+- Kubernetes Secret
 
-```hcl
-module "terraform_google_github_actions_runners" {
-  source  = "terraform-google-modules/terraform-google-github-actions-runners/google"
-  version = "~> 0.1"
+Below are some examples:
 
-  project_id  = "<PROJECT ID>"
-  bucket_name = "gcs-test-bucket"
-}
-```
+### [Self Hosted runners on GKE that support Docker Workflows](examples/gh-runner-gke-dind/README.md)
 
-Functional examples are included in the
-[examples](./examples/) directory.
+This example shows how to deploy Self Hosted Runners on GKE that supports Docker Workflows.
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
+### [Simple Self Hosted Runners on GKE](examples/gh-runner-gke-simple/README.md)
 
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| bucket\_name | The name of the bucket to create | string | n/a | yes |
-| project\_id | The project ID to deploy to | string | n/a | yes |
+This example shows how to deploy a simple GKE Self Hosted Runner.
 
-## Outputs
+More examples of [Self Hosted Runners on GKE/Anthos](https://github.com/github-developer/self-hosted-runners-anthos).
 
-| Name | Description |
-|------|-------------|
-| bucket\_name |  |
+## [Self Hosted Runners on Managed Instance Groups using VMs](modules/gh-runner-mig-vm/README.md)
 
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+The `gh-runner-mig-vm` module provisions the resources required to deploy Self Hosted Runners on GCP infrastructure using Managed Instance Groups.
 
-## Requirements
+This includes
 
-These sections describe requirements for using this module.
+- Enabling necessary APIs
+- VPC
+- NAT & Cloud Router
+- Service Account for MIG
+- MIG Instance Template
+- MIG Instance Manager
+- FW Rules
+- Secret Manager Secret
 
-### Software
+Deployment of Managed Instance Groups requires a [Google VM image](https://cloud.google.com/compute/docs/images) with a startup script that downloads and configures the Runner or a pre-baked image with the runner installed.
 
-The following dependencies must be available:
+Below are some examples:
 
-- [Terraform][terraform] v0.12
-- [Terraform Provider for GCP][terraform-provider-gcp] plugin v2.0
+### [Simple Self Hosted Runner on MIG VMs](examples/gh-runner-mig-native-simple/README.md)
+
+This example shows how to deploy a MIG Self Hosted Runner with startup scripts.
+
+### [Self Hosted Runner on MIG VMs from Packer Image](examples/gh-runner-mig-native-packer/README.md)
+
+This example shows how to deploy a MIG Self Hosted Runner with an image pre-baked using Packer.
+
+## [Self Hosted Runners on Managed Instance Groups using Container VMs](modules/gh-runner-mig-container-vm/README.md)
+
+The `gh-runner-mig-container-vm` module provisions the resources required to deploy Self Hosted Runners on GCP infrastructure using Managed Instance Groups.
 
-### Service Account
+This includes
 
-A service account with the following roles must be used to provision
-the resources of this module:
+- Enabling necessary APIs
+- VPC
+- NAT & Cloud Router
+- MIG Container Instance Template
+- MIG Instance Manager
+- FW Rules
 
-- Storage Admin: `roles/storage.admin`
+Below are some examples:
 
-The [Project Factory module][project-factory-module] and the
-[IAM module][iam-module] may be used in combination to provision a
-service account with the necessary roles applied.
+### [Self Hosted runners on MIG Container VMs that support Docker Workflows](examples/gh-runner-mig-container-vm-dind/README.md)
 
-### APIs
+This example shows how to deploy a Self Hosted Runner that supports Docker Workflows on MIG Container VMs.
 
-A project with the following APIs enabled must be used to host the
-resources of this module:
+### [Simple Self Hosted Runner on MIG Container VMs](examples/gh-runner-mig-container-vm-simple/README.md)
 
-- Google Cloud Storage JSON API: `storage-api.googleapis.com`
+This example shows how to deploy a Self Hosted Runner on MIG Container VMs.
 
-The [Project Factory module][project-factory-module] can be used to
-provision a project with the necessary APIs enabled.
+
+## Requirements
+
+These sections describe requirements for using this module.
+
+### Software
+
+The following dependencies must be available:
+
+- [Terraform][terraform] v0.12
+- [Terraform Provider for GCP][terraform-provider-gcp]
 
 ## Contributing
 
 Refer to the [contribution guidelines](./CONTRIBUTING.md) for
 information on contributing to this module.
 
-[iam-module]: https://registry.terraform.io/modules/terraform-google-modules/iam/google
-[project-factory-module]: https://registry.terraform.io/modules/terraform-google-modules/project-factory/google
 [terraform-provider-gcp]: https://www.terraform.io/docs/providers/google/index.html
 [terraform]: https://www.terraform.io/downloads.html

build/int.cloudbuild.yaml

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

build/lint.cloudbuild.yaml

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

examples/gh-runner-gke-dind/.dockerignore

@@ -0,0 +1,3 @@
+.terraform
+*.tf*
+*.tfvars

examples/gh-runner-gke-dind/.gcloudignore

@@ -0,0 +1,5 @@
+.terraform
+*.tfstate
+*.tf
+*.out
+sample-manifests

examples/gh-runner-gke-dind/Dockerfile

@@ -0,0 +1,43 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# Download and verify the integrity of the download first
+
+FROM ubuntu:18.04
+RUN apt-get update && \
+    apt-get -y install apt-transport-https \
+    ca-certificates \
+    curl \
+    tar \
+    jq \
+    build-essential \
+    gnupg2 \
+    iputils-ping \
+    software-properties-common
+
+RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \
+    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" && \
+    apt-get update && \
+    apt-get -y install docker-ce
+
+ARG GH_RUNNER_VERSION="2.169.0"
+WORKDIR /runner
+RUN curl -o actions.tar.gz --location "https://github.com/actions/runner/releases/download/v${GH_RUNNER_VERSION}/actions-runner-linux-x64-${GH_RUNNER_VERSION}.tar.gz" && \
+    tar -zxf actions.tar.gz && \
+    rm -f actions.tar.gz && \
+    ./bin/installdependencies.sh
+
+COPY entrypoint.sh .
+ENV RUNNER_ALLOW_RUNASROOT=1
+RUN chmod +x entrypoint.sh
+ENTRYPOINT ["/runner/entrypoint.sh"]

examples/gh-runner-gke-dind/README.md

@@ -0,0 +1,78 @@
+# Self Hosted runners on GKE that support Docker Workflows
+
+## Overview
+
+This example shows how to deploy runners that support Docker Workflows on GKE.
+
+More examples of [Self Hosted Runners on GKE/Anthos](https://github.com/github-developer/self-hosted-runners-anthos).
+
+## Steps to deploy this example
+
+- Step 1: Create terraform.tfvars file with the necessary values.
+
+Access tokens require repo scope for private repos and public_repo scope for public repos. GitHub Apps must have the administration permission to use this API. Authenticated users must have admin access to the repository to use this API.
+
+More info can be found [here](https://developer.github.com/v3/actions/self_hosted_runners/).
+
+```tf
+project_id = "your-project-id"
+gh_token   = "your-github-token"
+repo_url   = "https://github.com/owner/your-repo-name"
+repo_name  = "your-repo-name"
+repo_owner = "owner"
+```
+
+- Step 2: Create the infrastructure.
+
+```sh
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+- Step 3: Build the example runner image using Google Cloud Build. Alternatively, you can also use a prebuilt image or build using a local docker daemon.
+
+```sh
+$ gcloud config set project $PROJECT_ID
+$ gcloud services enable cloudbuild.googleapis.com
+$ gcloud builds submit --config=cloudbuild.yaml
+```
+
+- Step 4: Replace image in [sample k8s deployment manifest](./sample-manifests/deployment.yaml).
+
+```sh
+$ kustomize edit set image gcr.io/PROJECT_ID/runner:latest=gcr.io/$PROJECT_ID/runner:latest
+```
+
+- Step 5: Generate kubeconfig and apply the manifests for Deployment and HorizontalPodAutoscaler.
+
+```sh
+$ gcloud container clusters get-credentials your-cluster-name --zone=your-cluster-zone
+$ kustomize build . | kubectl apply -f -
+```
+
+- Step 6: Your runners should become active at https://github.com/owner/your-repo-name/settings/actions.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| gh\_token | Github token that is used for generating Self Hosted Runner Token | string | n/a | yes |
+| project\_id | The project id to deploy Github Runner MIG | string | n/a | yes |
+| repo\_name | Name of the repo for the Github Action | string | n/a | yes |
+| repo\_owner | Owner of the repo for the Github Action | string | n/a | yes |
+| repo\_url | Repo URL for the Github Action | string | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ca\_certificate | The cluster ca certificate (base64 encoded) |
+| client\_token | The bearer token for auth |
+| cluster\_name | Cluster name |
+| kubernetes\_endpoint | The cluster endpoint |
+| location | Cluster location |
+| service\_account | The default service account used for running nodes. |
+
+ <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

test/integration/simple_example/controls/gcloud.rb → examples/gh-runner-gke-dind/cloudbuild.yaml

@@ -1,4 +1,4 @@
-# Copyright 2018 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,12 +12,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-control "gcloud" do
-  title "gcloud"
-
-  describe command("gcloud --project=#{attribute("project_id")} services list --enabled") do
-    its(:exit_status) { should eq 0 }
-    its(:stderr) { should eq "" }
-    its(:stdout) { should match "storage-api.googleapis.com" }
-  end
-end
+steps:
+  - name: "gcr.io/cloud-builders/docker"
+    args:
+      [
+        "build",
+        "-t",
+        "gcr.io/$PROJECT_ID/runner:latest",
+        "-t",
+        "gcr.io/$PROJECT_ID/runner:0.1",
+        ".",
+      ]
+images:
+  - "gcr.io/$PROJECT_ID/runner"

examples/gh-runner-gke-dind/entrypoint.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#set name for this runner as the hostname
+# shellcheck disable=SC2034
+# ACTIONS_RUNNER_INPUT_NAME is used by config.sh
+ACTIONS_RUNNER_INPUT_NAME=$HOSTNAME
+#get regsistration token for this runnner
+ACTIONS_RUNNER_INPUT_TOKEN="$(curl -sS --request POST --url "https://api.github.com/repos/${REPO_OWNER}/${REPO_NAME}/actions/runners/registration-token" --header "authorization: Bearer ${GITHUB_TOKEN}"  --header 'content-type: application/json' | jq -r .token)"
+#configure runner
+/runner/config.sh --unattended --replace --work "/tmp" --url "$ACTIONS_RUNNER_INPUT_URL" --token "$ACTIONS_RUNNER_INPUT_TOKEN"
+#start runner
+#https://github.com/actions/runner/issues/246#issuecomment-615293718
+/runner/bin/runsvc.sh

test/integration/simple_example/controls/gcp.rb → examples/gh-runner-gke-dind/kustomization.yaml

@@ -1,4 +1,4 @@
-# Copyright 2018 Google LLC
+# Copyright 2020 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,10 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-control "gcp" do
-  title "GCP Resources"
-
-  describe google_storage_bucket(name: attribute("bucket_name")) do
-    it { should exist }
-  end
-end
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - sample-manifests/deployment.yaml
+  - sample-manifests/hpa.yaml