This module allows you to provision a self hosted runner which scales to 0 when not in use.
It is designed to be a "It just works" wrapper for debian based amis around that fantastic Philips Labs terraform-aws-github-runner module.
To get started, you need to create an organisation level GitHub App. This is a one time process and you can follow the GitHub documentation to do this.
The app should be installed into your organisation and you should have the following permissions in it:
- Repository permissions
- Administration: Read & write
- Checks: Read
- Metadata: Read-only
- Actions: Read-only
- Organization permissions
- Self-hosted runners: Read & write
- Webhooks: Read & write
You will need the:
- App ID
- App Install ID (you can find this in the URL when viewing the app in the GitHub UI)
- App Private Key (you can download this from GitHub App page, keep it in PEM format)
Note, to use this worker for public repositories, you will need to enable "Allow public repositories" in the GitHub runner groups section. You can find this in the organisation settings under actions, runner groups, then clicking on the default group.
| Name | Version |
|---|---|
| aws | ~> 5.70.0 |
| github | ~> 6.0 |
| http | ~> 3.4.0 |
| local | ~> 2.5.0 |
| random | ~> 3.6.0 |
| Name | Version |
|---|---|
| aws | ~> 5.70.0 |
| github | ~> 6.0 |
| random | ~> 3.6.0 |
| Name | Source | Version |
|---|---|---|
| download_lambda | philips-labs/github-runner/aws//modules/download-lambda | 5.17.0 |
| github_runner | philips-labs/github-runner/aws | 5.17.0 |
| runners_zip | terraform-aws-modules/s3-bucket/aws//modules/object | 4.2.0 |
| s3_bucket_lambda_sources | terraform-aws-modules/s3-bucket/aws | 4.2.0 |
| syncer_zip | terraform-aws-modules/s3-bucket/aws//modules/object | 4.2.0 |
| vpc | terraform-aws-modules/vpc/aws | 5.13.0 |
| webhook_zip | terraform-aws-modules/s3-bucket/aws//modules/object | 4.2.0 |
| Name | Type |
|---|---|
| github_organization_webhook.webhook | resource |
| random_id.webhook_secret | resource |
| aws_availability_zones.available | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_install_script | A script that will be executed before setup of the runner, this can be used to install additional software, or configure the runner in some way | string |
"" |
no |
| ami_name_filter | The name filter to use when searching for the AMI to use for the runner | string |
"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*" |
no |
| ami_owner_filter | The owner filter to use when searching for the AMI to use for the runner. The default is canonicals account | string |
"099720109477" |
no |
| aws_region | AWS Region | string |
n/a | yes |
| aws_resource_prefix | Prefix for all resources | string |
"gh-act" |
no |
| aws_vpc_cidr | The cidr for the VPC that the runners run in, must have at enough blocks available with a subnet in each Availability Zone, for example 10.68.0.0/16, with a newbits of 8 and a azs_count of 3 will result in 6 subnets being provisioned in the ranges of 10.68.1.0/24, 10.68.2.0/24, and 10.68.3.0/24 in the private subnet and 10.68.4.0/24, 10.68.5.0/24, and 10.68.6.0/24 in the public subnet, with one private and one public per availability zone. Note the "/24" here, 16+8 == 24, you may also choose different ranges with less tidy ip blocks | object({ |
{ |
no |
| enable | Disable or enable everything in this module | bool |
true |
no |
| github_app_id | This is ID from App in developer settings | string |
n/a | yes |
| github_app_install_id | You can find this in the URL when viewing the installed app in the GitHub UI | string |
n/a | yes |
| github_app_key | The private key of the GitHub App. PEM formatted. | string |
n/a | yes |
| github_organisation | The github organisation to use | string |
n/a | yes |
| runner_run_as | The user to run things as on the host, defaults to ubuntu, as this is the username on the ubuntu AMI, however if you might want to change it to whatever you use, perhaps ec2-user | string |
"ubuntu" |
no |
No outputs.