ci + ansible

2026-06-20 11:06:27 +07:00
parent a6d74d9316
commit 966578ed58
15 changed files with 637 additions and 30 deletions
@@ -0,0 +1,67 @@
+---
+# Installs + registers + services a single runner instance.
+# Inputs: project_spec (dict), idx (int), project_token (str).
+- name: Set per-runner facts
+  ansible.builtin.set_fact:
+    runner_name: "{{ inventory_hostname }}-{{ project_spec.project }}-{{ runner_env }}-{{ idx }}"
+    runner_dir: "{{ runner_home }}/actions-runner-{{ project_spec.project }}-{{ idx }}"
+
+- name: "Create runner dir {{ runner_dir }}"
+  ansible.builtin.file:
+    path: "{{ runner_dir }}"
+    state: directory
+    owner: "{{ runner_user }}"
+    group: "{{ runner_user }}"
+    mode: "0755"
+
+- name: Download runner tarball (sha256 verified)
+  ansible.builtin.get_url:
+    url: "{{ runner_download_url }}"
+    dest: "{{ runner_dir }}/{{ runner_tarball }}"
+    checksum: "sha256:{{ runner_sha256 }}"
+    owner: "{{ runner_user }}"
+    group: "{{ runner_user }}"
+    mode: "0644"
+
+- name: Extract runner
+  ansible.builtin.unarchive:
+    src: "{{ runner_dir }}/{{ runner_tarball }}"
+    dest: "{{ runner_dir }}"
+    remote_src: true
+    owner: "{{ runner_user }}"
+    group: "{{ runner_user }}"
+    creates: "{{ runner_dir }}/config.sh"
+
+- name: "Register runner {{ runner_name }}"
+  ansible.builtin.command:
+    cmd: >-
+      ./config.sh --unattended
+      --url {{ project_spec.url }}
+      --token {{ project_token }}
+      --name {{ runner_name }}
+      --labels {{ project_spec.label }}
+      --work _work
+      --replace
+    chdir: "{{ runner_dir }}"
+    creates: "{{ runner_dir }}/.runner"
+  become_user: "{{ runner_user }}"
+
+- name: "Check if service installed for {{ runner_name }}"
+  ansible.builtin.find:
+    paths: "{{ runner_dir }}"
+    patterns: ".service"
+    hidden: true
+  register: runner_svc_marker
+
+- name: "Install systemd service for {{ runner_name }}"
+  ansible.builtin.command:
+    cmd: "./svc.sh install {{ runner_user }}"
+    chdir: "{{ runner_dir }}"
+  when: runner_svc_marker.matched == 0
+
+- name: "Start + enable service for {{ runner_name }}"
+  ansible.builtin.command:
+    cmd: "./svc.sh start"
+    chdir: "{{ runner_dir }}"
+  register: svc_start
+  changed_when: "'active (running)' not in svc_start.stdout"
@@ -0,0 +1,22 @@
+---
+# Expands one project entry into `count` runner instances.
+- name: "Read registration token for {{ project_spec.project }} from .env"
+  ansible.builtin.set_fact:
+    project_token: >-
+      {{ lookup('ansible.builtin.ini', project_spec.token_env,
+                file=env_file, type='properties') }}
+
+- name: "Fail if token missing for {{ project_spec.project }}"
+  ansible.builtin.assert:
+    that:
+      - project_token | length > 0
+    fail_msg: >-
+      {{ project_spec.token_env }} not found in {{ env_file }}.
+      Mint a fresh registration token (Settings > Actions > Runners) and set it.
+
+- name: "Install {{ project_spec.count }} runner(s) for {{ project_spec.project }}"
+  ansible.builtin.include_tasks: install_one_runner.yml
+  loop: "{{ range(1, project_spec.count | int + 1) | list }}"
+  loop_control:
+    loop_var: idx
+    label: "{{ project_spec.project }}-{{ idx }}"