From 2e6b4a7a5281b585ce2023465d34fb6eb6a9767b Mon Sep 17 00:00:00 2001 From: action-runner Date: Fri, 24 Oct 2025 12:02:02 +0000 Subject: [PATCH] publish action run testing-34 --- action.yaml | 9 ++ configure.sh | 279 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 288 insertions(+) create mode 100644 action.yaml create mode 100755 configure.sh diff --git a/action.yaml b/action.yaml new file mode 100644 index 0000000..c63b503 --- /dev/null +++ b/action.yaml @@ -0,0 +1,9 @@ +name: "configure runner environment" +description: "Set up common tools and environment variables for workflows" + +runs: + using: composite + steps: + - name: "publish docker image" + run: ${GITHUB_ACTION_PATH}/configure.sh + shell: bash diff --git a/configure.sh b/configure.sh new file mode 100755 index 0000000..51eae0f --- /dev/null +++ b/configure.sh @@ -0,0 +1,279 @@ +#!/nix/store/cfqbabpc7xwg8akbcchqbq3cai6qq2vs-bash-5.2p37/bin/bash +set -o errexit +set -o nounset +set -o pipefail + +echo "== CONFIGURATION ==" +export AWS_ACCESS_KEY=${AWS_ACCESS_KEY:-} +export CARGO_NET_GIT_FETCH_WITH_CLI=${CARGO_NET_GIT_FETCH_WITH_CLI:-true} +export GCP_CLUSTER_NAME=${GCP_CLUSTER_NAME:-} +export GCP_CONTROL_PLANE_LOCATION=${GCP_CONTROL_PLANE_LOCATION:-} +export GCP_PRINCIPAL=${GCP_PRINCIPAL:-} +export GCP_PROJECT_NAME=${GCP_PROJECT_NAME:-} +export GITEA_INSTANCE=${GITEA_INSTANCE:-} +export GITEA_INSTANCE_SCHEME=${GITEA_INSTANCE_SCHEME:-https} +export GITEA_ORGANIZATION=${GITEA_ORGANIZATION:-} +export GIT_TERMINAL_PROMPT=${GIT_TERMINAL_PROMPT:-0} +export NIXOS_CACHE_LOCATION=${NIXOS_CACHE_LOCATION:-https://cache.nixos.org/} +export NIXOS_CACHE_SIGN_KEY=${NIXOS_CACHE_SIGN_KEY:-cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=} +export NIX_S3_CACHE_LOCATION=${NIX_S3_CACHE_LOCATION:-} +export NIX_SIGN_KEY=${NIX_SIGN_KEY:-} +export RUNNER_CAPACITY=${RUNNER_CAPACITY:-1} +export RUNNER_CONFIG_FILE=${RUNNER_CONFIG_FILE:-} +export RUNNER_CONTAINER_IS_PRIVILEGED=${RUNNER_CONTAINER_IS_PRIVILEGED:-false} +export RUNNER_CONTAINER_OPTIONS=${RUNNER_CONTAINER_OPTIONS:-} +export RUNNER_DOCKER_HOST=${RUNNER_DOCKER_HOST:-} +export RUNNER_JOB_TIMEOUT=${RUNNER_JOB_TIMEOUT:-3h} +export RUNNER_LABELS=${RUNNER_LABELS:-["action-runner-persistent:host","action-runner:docker://action-runner-job:latest","ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest"]} +export RUNNER_LOG_LEVEL=${RUNNER_LOG_LEVEL:-info} +export RUNNER_RUNNER_FILE=${RUNNER_RUNNER_FILE:-.runner} +export RUNNER_USERNAME=${RUNNER_USERNAME:-} +export RUNNER_WORKDIR=${RUNNER_WORKDIR:-/tmp} +export TWINE_NON_INTERACTIVE=${TWINE_NON_INTERACTIVE:-true} +echo "AWS_ACCESS_KEY=\"${AWS_ACCESS_KEY}"\" +echo "CARGO_NET_GIT_FETCH_WITH_CLI=\"${CARGO_NET_GIT_FETCH_WITH_CLI}"\" +echo "GCP_CLUSTER_NAME=\"${GCP_CLUSTER_NAME}"\" +echo "GCP_CONTROL_PLANE_LOCATION=\"${GCP_CONTROL_PLANE_LOCATION}"\" +echo "GCP_PRINCIPAL=\"${GCP_PRINCIPAL}"\" +echo "GCP_PROJECT_NAME=\"${GCP_PROJECT_NAME}"\" +echo "GITEA_INSTANCE=\"${GITEA_INSTANCE}"\" +echo "GITEA_INSTANCE_SCHEME=\"${GITEA_INSTANCE_SCHEME}"\" +echo "GITEA_ORGANIZATION=\"${GITEA_ORGANIZATION}"\" +echo "GIT_TERMINAL_PROMPT=\"${GIT_TERMINAL_PROMPT}"\" +echo "NIXOS_CACHE_LOCATION=\"${NIXOS_CACHE_LOCATION}"\" +echo "NIXOS_CACHE_SIGN_KEY=\"${NIXOS_CACHE_SIGN_KEY}"\" +echo "NIX_S3_CACHE_LOCATION=\"${NIX_S3_CACHE_LOCATION}"\" +echo "NIX_SIGN_KEY=\"${NIX_SIGN_KEY}"\" +echo "RUNNER_CAPACITY=\"${RUNNER_CAPACITY}"\" +echo "RUNNER_CONFIG_FILE=\"${RUNNER_CONFIG_FILE}"\" +echo "RUNNER_CONTAINER_IS_PRIVILEGED=\"${RUNNER_CONTAINER_IS_PRIVILEGED}"\" +echo "RUNNER_CONTAINER_OPTIONS=\"${RUNNER_CONTAINER_OPTIONS}"\" +echo "RUNNER_DOCKER_HOST=\"${RUNNER_DOCKER_HOST}"\" +echo "RUNNER_JOB_TIMEOUT=\"${RUNNER_JOB_TIMEOUT}"\" +echo "RUNNER_LABELS=\"${RUNNER_LABELS}"\" +echo "RUNNER_LOG_LEVEL=\"${RUNNER_LOG_LEVEL}"\" +echo "RUNNER_RUNNER_FILE=\"${RUNNER_RUNNER_FILE}"\" +echo "RUNNER_USERNAME=\"${RUNNER_USERNAME}"\" +echo "RUNNER_WORKDIR=\"${RUNNER_WORKDIR}"\" +echo "TWINE_NON_INTERACTIVE=\"${TWINE_NON_INTERACTIVE}"\" +echo "" + +LAST_CONFIG_HASH_FILE="$HOME/current_config" +if [[ -f "$LAST_CONFIG_HASH_FILE" ]]; then + LAST_CONFIG_HASH=$(cat "$LAST_CONFIG_HASH_FILE") +else + LAST_CONFIG_HASH="-" +fi + +mkdir -p "$HOME/scratch" +CONFIG_HASH_FILE="$HOME/scratch/config-hash.txt" + +cat < "$CONFIG_HASH_FILE" +AWS_ACCESS_KEY="$AWS_ACCESS_KEY" +AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" +CARGO_NET_GIT_FETCH_WITH_CLI="$CARGO_NET_GIT_FETCH_WITH_CLI" +GCP_CLUSTER_NAME="$GCP_CLUSTER_NAME" +GCP_CONTROL_PLANE_LOCATION="$GCP_CONTROL_PLANE_LOCATION" +GCP_PRINCIPAL="$GCP_PRINCIPAL" +GCP_PROJECT_NAME="$GCP_PROJECT_NAME" +GCP_SERVICE_KEY="$GCP_SERVICE_KEY" +GIT_TERMINAL_PROMPT="$GIT_TERMINAL_PROMPT" +GITEA_INSTANCE="$GITEA_INSTANCE" +GITEA_INSTANCE_SCHEME="$GITEA_INSTANCE_SCHEME" +GITEA_ORGANIZATION="$GITEA_ORGANIZATION" +GITEA_SSH_KEY="$GITEA_SSH_KEY" +NIXOS_CACHE_LOCATION="$NIXOS_CACHE_LOCATION" +NIXOS_CACHE_SIGN_KEY="$NIXOS_CACHE_SIGN_KEY" +NIX_S3_CACHE_LOCATION="$NIX_S3_CACHE_LOCATION" +NIX_SECRET_SIGN_KEY="$NIX_SECRET_SIGN_KEY" +NIX_SIGN_KEY="$NIX_SIGN_KEY" +RUNNER_PASSWORD="$RUNNER_PASSWORD" +RUNNER_USERNAME="$RUNNER_USERNAME" +TWINE_NON_INTERACTIVE="$TWINE_NON_INTERACTIVE" +EOF + +CURRENT_CONFIG_HASH=$(envsubst < "$CONFIG_HASH_FILE" | sha256sum) +echo "current config hash: $CURRENT_CONFIG_HASH" +echo "last config hash: $LAST_CONFIG_HASH" + +if [[ "$CURRENT_CONFIG_HASH" == "$LAST_CONFIG_HASH" ]]; then + echo "-> config unchanged." + CONFIG_CHANGED=0 +else + echo "-> config changed. updating." + CONFIG_CHANGED=1 +fi +echo "" + +if [[ "$CONFIG_CHANGED" -eq 1 || ! -d "$HOME/.config/gcloud" ]]; then + echo "== SETTING UP GOOGLE CLOUD CLI ==" + + GCP_SERVICE_KEY_FILENAME="$HOME/gcp_servicekey.json" + echo "$GCP_SERVICE_KEY" > "$GCP_SERVICE_KEY_FILENAME" + + gcloud auth activate-service-account \ + "$GCP_PRINCIPAL" --key-file="$GCP_SERVICE_KEY_FILENAME" + + gcloud config set project "$GCP_PROJECT_NAME" + gcloud container clusters get-credentials \ + "$GCP_CLUSTER_NAME" --location "$GCP_CONTROL_PLANE_LOCATION" + + gcloud auth list + gcloud info +else + echo "== google cloud cli already configured ==" +fi + +if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.docker/config.json" ]]; then + echo "== SETTING UP DOCKER USER CONFIG ==" + mkdir -p ~/.docker + rm -fr ~/.docker/config.json + mkdir -p "$HOME/scratch" +DOCKER_CONFIG_FILE="$HOME/scratch/config.json" + +cat < "$DOCKER_CONFIG_FILE" +{ + "credHelpers": { + "gcr.io": "gcloud", + "us.gcr.io": "gcloud", + "eu.gcr.io": "gcloud", + "asia.gcr.io": "gcloud", + "staging-k8s.gcr.io": "gcloud", + "marketplace.gcr.io": "gcloud", + "europe-docker.pkg.dev": "gcloud" + } +} + +EOF + + cp "$DOCKER_CONFIG_FILE" ~/.docker/config.json +else + echo "== docker already configured ==" +fi + +NIX_USER_CONF_FILES="$HOME/nix.conf" +NIX_SECRET_SIGN_KEY_FILE="$HOME/nix-sign.private" + +if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$NIX_USER_CONF_FILES" ]]; then + echo "== SETTING UP NIX CONFIG ==" + + if [[ -v NIX_SECRET_SIGN_KEY ]]; then + echo "$NIX_SECRET_SIGN_KEY" > "$NIX_SECRET_SIGN_KEY_FILE" + fi + + mkdir -p "$HOME/scratch" +NIX_USER_CONFIG_TEMPLATE_FILE="$HOME/scratch/nix.conf" + +cat < "$NIX_USER_CONFIG_TEMPLATE_FILE" +substituters = $NIX_S3_CACHE_LOCATION $NIXOS_CACHE_LOCATION +trusted-public-keys = $NIXOS_CACHE_SIGN_KEY $NIX_SIGN_KEY +trusted-substituters = $NIXOS_CACHE_LOCATION $NIX_S3_CACHE_LOCATION +always-allow-substitutes = true + +EOF + + envsubst < "$NIX_USER_CONFIG_TEMPLATE_FILE" > "$NIX_USER_CONF_FILES" +else + echo "== nix already configured ==" +fi + +if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.aws/credentials" ]]; then + echo "== SETTING UP AWS CREDENTIALS FOR NIX CACHE ==" + + mkdir -p ~/.aws + mkdir -p "$HOME/scratch" +AWS_CREDENTIALS_FILE="$HOME/scratch/aws-credentials-template" + +cat < "$AWS_CREDENTIALS_FILE" +[default] +aws_access_key_id=$AWS_ACCESS_KEY +aws_secret_access_key=$AWS_SECRET_ACCESS_KEY + +EOF + + envsubst < "$AWS_CREDENTIALS_FILE" > ~/.aws/credentials +else + echo "== aws credentials for nix cache already configured ==" +fi + +if [[ "$CONFIG_CHANGED" -eq 1 || ! -d "$HOME/.ssh" ]]; then + echo "== SETTING UP SSH CLIENT ==" + mkdir -p ~/.ssh + rm -fr ~/.ssh/id_gitea + echo "$GITEA_SSH_KEY" > "$HOME/.ssh/id_gitea" + chmod 0400 ~/.ssh/id_gitea +else + echo "== ssh client already configured ==" +fi + +if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.netrc" ]]; then + echo "== SETTING UP NETRC ==" + mkdir -p "$HOME/scratch" +NETRC_TEMPLATE_FILE="$HOME/scratch/netrc" + +cat < "$NETRC_TEMPLATE_FILE" +machine gitea.puzzleyou.net +login $RUNNER_USERNAME +password $RUNNER_PASSWORD + +EOF + + envsubst < "$NETRC_TEMPLATE_FILE" > ~/.netrc + chmod 600 ~/.netrc +else + echo "== netrc already configured ==" +fi + +if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.pypirc" ]]; then + echo "== SETTING UP PYPIRC ==" + mkdir -p "$HOME/scratch" +PYPIRC_TEMPLATE_FILE="$HOME/scratch/pypirc" + +cat < "$PYPIRC_TEMPLATE_FILE" +[distutils] +index-servers = gitea + +[gitea] +repository = $GITEA_INSTANCE_SCHEME://$GITEA_INSTANCE/api/packages/$GITEA_ORGANIZATION/pypi +username = $RUNNER_USERNAME +password = $RUNNER_PASSWORD + +EOF + + envsubst < "$PYPIRC_TEMPLATE_FILE" > ~/.pypirc +else + echo "== pypirc already configured ==" +fi + +if [[ "$CONFIG_CHANGED" -eq 1 || ! -f "$HOME/.config/git/config" ]]; then + echo "== SETTING UP GIT ==" + git config --global user.email "action-runner@cluster.local" + git config --global user.name "action-runner" + git config --global credential.helper store + + mkdir -p "$HOME/scratch" +GIT_CREDENTIALS_FILE="$HOME/scratch/git-credentials" + +cat < "$GIT_CREDENTIALS_FILE" +$GITEA_INSTANCE_SCHEME://$RUNNER_USERNAME:$RUNNER_PASSWORD@$GITEA_INSTANCE + +EOF + + envsubst < "$GIT_CREDENTIALS_FILE" > ~/.git-credentials +else + echo "== git already configured ==" +fi + +echo "$CURRENT_CONFIG_HASH" > "$LAST_CONFIG_HASH_FILE" + +if [[ -v GITHUB_ENV ]]; then + echo "== POPULATING GITHUB_ENV ==" + cat <> "$GITHUB_ENV" +CARGO_NET_GIT_FETCH_WITH_CLI="$CARGO_NET_GIT_FETCH_WITH_CLI" +TWINE_NON_INTERACTIVE="$TWINE_NON_INTERACTIVE" +NIX_S3_CACHE_LOCATION="$NIX_S3_CACHE_LOCATION" +EOF +else + echo "== \$GITHUB_ENV is not set. not running as an action. ==" +fi +