mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-07 13:48:00 -05:00
13f973f61e
Add code of an azure function that is a close copy of the existing cloud function on google. The function spawns a CVM and initializes it as a GitHub runner. The tag is 'azure-cvm'.
37 lines
2.2 KiB
Plaintext
37 lines
2.2 KiB
Plaintext
#cloud-config
|
|
|
|
users:
|
|
- default
|
|
- name: github-actions-runner-user
|
|
groups: docker
|
|
sudo: ALL=(ALL) NOPASSWD:ALL
|
|
homedir: /home/github-actions-runner-user
|
|
|
|
package_update: true
|
|
packages:
|
|
- git
|
|
- cryptsetup
|
|
- build-essential
|
|
- libguestfs-tools
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- curl
|
|
- gnupg
|
|
- lsb-release
|
|
- jq
|
|
- pv
|
|
|
|
runcmd:
|
|
- [/bin/bash, -c, "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg"]
|
|
- [/bin/bash, -c, "echo \"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" | tee /etc/apt/sources.list.d/docker.list > /dev/null "]
|
|
- [apt-get, update]
|
|
- [apt-get, install, -y, docker-ce, docker-ce-cli, containerd.io, libssl-dev, pigz, azure-cli]
|
|
- [/bin/bash, -c, "sudo service docker start"]
|
|
- [mkdir, -p, /actions-runner]
|
|
- [curl, -o, "/actions-runner/actions-runner-linux-x64-2.286.1.tar.gz", -L, "https://github.com/actions/runner/releases/download/v2.286.1/actions-runner-linux-x64-2.286.1.tar.gz"]
|
|
- [/bin/bash, -c, "cd /actions-runner && tar xzf /actions-runner/actions-runner-linux-x64-2.286.1.tar.gz"]
|
|
- [chown, -R, github-actions-runner-user:github-actions-runner-user, /actions-runner]
|
|
- [sudo, -u, github-actions-runner-user, /bin/bash, -c, "cd /actions-runner && /actions-runner/config.sh --url https://github.com/edgelesssys/constellation --ephemeral --labels azure-cvm --replace --unattended --token $(curl -X POST -H \"Accept: application/vnd.github+json\" -H \"Authorization: Bearer $(curl -s -H Metadata:true -H \"Authorization: Bearer $(curl -s -H Metadata:true --noproxy \"*\" \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://vault.azure.net\" | jq -r .access_token)\" --noproxy \"*\" \"https://github-token.vault.azure.net/secrets/github-access-token?api-version=2016-10-01\" | jq -r .value)\" https://api.github.com/repos/edgelesssys/constellation/actions/runners/registration-token | jq -r .token)"]
|
|
- [/bin/bash, -c, "cd /actions-runner && ./svc.sh install"]
|
|
- [/bin/bash, -c, "systemctl enable --now actions.runner.edgelesssys-constellation.$(hostname | cut -c -31).service"]
|