GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → github-developer → self-hosted-runners-anthos

github-developer / self-hosted-runners-anthos

Licence: MIT License
GitHub Actions Self Hosted Runners on Anthos GKE

Programming Languages

Dockerfile
14818 projects
shell
77523 projects

Labels

google-cloudgithub-actionsanthos

Projects that are alternatives of or similar to self-hosted-runners-anthos

build-a-platform-with-krm
Build a platform with the Kubernetes resource model!
Stars: ✭ 55 (+223.53%)
Mutual labels:  google-cloud, anthos
deploy-cloudrun
This action deploys your container image to Cloud Run.
Stars: ✭ 238 (+1300%)
Mutual labels:  google-cloud, github-actions
notionproxy
Notion as a web site, inspired by react-notion-x.
Stars: ✭ 24 (+41.18%)
Mutual labels:  google-cloud, github-actions
github-create-release-action
Github Action that create Github Release automatically
Stars: ✭ 28 (+64.71%)
Mutual labels:  github-actions
update-container-description-action
github action to update a Docker Hub, Quay or Harbor repository description from a README file
Stars: ✭ 20 (+17.65%)
Mutual labels:  github-actions
profile-readme-stats
Showcase your github stats on your profile README.md
Stars: ✭ 144 (+747.06%)
Mutual labels:  github-actions
lychee-action
Github action to check for broken links in Markdown, HTML, and text files using lychee, a fast link checker written in Rust.
Stars: ✭ 89 (+423.53%)
Mutual labels:  github-actions
universal-translator
Demo app using Firebase and Google Cloud products to implement a "universal translator"
Stars: ✭ 37 (+117.65%)
Mutual labels:  google-cloud
microk8s-kata-containers
Kata Containers with MicroK8s
Stars: ✭ 32 (+88.24%)
Mutual labels:  google-cloud
arduino-lint-action
GitHub Actions action to check Arduino projects for problems
Stars: ✭ 20 (+17.65%)
Mutual labels:  github-actions
nodejs-talent
Node.js client for Google Cloud Talent Solutions. Transform your job search and candidate matching capabilities with Cloud Talent Solution.
Stars: ✭ 21 (+23.53%)
Mutual labels:  google-cloud
github-actions-automate-projects
GitHub Actions adding GitHub Issues & Pull requests to the specified GitHub Project column automatically ♻️
Stars: ✭ 44 (+158.82%)
Mutual labels:  github-actions
purescript-github-actions-toolkit
PureScript wrapper around GitHub's Actions Toolkit
Stars: ✭ 21 (+23.53%)
Mutual labels:  github-actions
setup-scheme
Github Actions CI / CD setup for Scheme
Stars: ✭ 13 (-23.53%)
Mutual labels:  github-actions
minesweeper
💣Minesweeper game written with React
Stars: ✭ 18 (+5.88%)
Mutual labels:  github-actions
gha
🔧 Test your GitHub Actions workflow locally.
Stars: ✭ 53 (+211.76%)
Mutual labels:  github-actions
maven-settings-action
This action setup maven settings.xml
Stars: ✭ 39 (+129.41%)
Mutual labels:  github-actions
healthcare-dicom-dicomweb-adapter
Adapter which transforms DIMSE requests to DICOMweb requests
Stars: ✭ 92 (+441.18%)
Mutual labels:  google-cloud
install-swift
GitHub Action to install a version of Swift 🏎
Stars: ✭ 23 (+35.29%)
Mutual labels:  github-actions
GaeSupportLaravel
Run Laravel on Google App Engine
Stars: ✭ 22 (+29.41%)
Mutual labels:  google-cloud
View All Similar Projects ➔

GitHub Actions Self Hosted Runners on Anthos

Build and deploy GitHub Actions self hosted runners to Google Cloud Anthos GKE, making them available to a given GitHub repository.

awesome-runnersBuild status

About

This project accompanies the "GitHub Actions self-hosted runners on Google Cloud" blog post.

image

A Continuous Integration job builds the image and publishes it to Google Container Registry, and a Continuous Deployment job deploys it to Google Kubernetes Engine (GKE). The self hosted runners in this cluster are made available to the GitHub repository configured via the GITHUB_REPO environment variable below.

Because a Docker-in-Docker sidecar pod has been used in this project, these self-hosted runners can also run container builds. Though this approach offers build flexibility, it requires a privileged security context and therefore extends the trust boundary to the whole cluster. Extra caution is recommended with this approach or removing the sidecar if your application doesn’t require container builds.

⚠️ Note that this use case is considered experimental and not officially supported by GitHub at this time. Additionally it’s recommended not to use self-hosted runners on public repositories for a number of security reasons.

Setup

  • Create a new Google Cloud Platform project (docs)
gcloud projects create self-hosted-runner-test --name "Self Hosted Runner Test"
  • Create a new Service Account (docs)
gcloud iam service-accounts create runner-admin \
    --description "Runner administrator"
  • Grant roles to Service Account (docs). Note: should be restricted in production environments.
gcloud projects add-iam-policy-binding self-hosted-runner-test \
  --member serviceAccount:[email protected] \
  --role roles/admin
  • Enable APIs (docs)
gcloud services enable \
    stackdriver.googleapis.com \
    compute.googleapis.com \
    container.googleapis.com \
    anthos.googleapis.com
  • Create GKE cluster (docs)
gcloud container clusters create self-hosted-runner-test-cluster
  • Register cluster to the environ docs
gcloud container hub memberships register self-hosted-anthos-membership \
  --project=self-hosted-runner-test-myid \
  --gke-uri=https://container.googleapis.com/v1/projects/self-hosted-runner-test-myid/locations/us-west1/clusters/self-hosted-runner-test-cluster \
  --service-account-key-file=/path-to/service-account-key.json
  • Get the credentails for this cluster
gcloud container clusters get-credentials self-hosted-runner-test-cluster --region us-west1
  • Use Kubernetes secrets to provide a Personal Access Token (TOKEN) and repository/organization (GITHUB_REPO) as environment variables available to your pods.
kubectl create secret generic self-hosted-runner-creds \
    --from-literal=GITHUB_REPO='<owner>/<repo>' \
    --from-literal=TOKEN='token'

  • Set these as secrets in your GitHub repository:

    • GCP_PROJECT: ID of your Google Cloud Platform project, eg. self-hosted-runner-test-897234
    • GCP_KEY: Download your Service Account JSON credentials and Base64 encode them, eg. output of cat ~/path/to/my/credentials.json | base64
    • TOKEN: Personal Access Token. From the documentation, "Access tokens require repo scope for private repos and public_repo scope for public repos".

  • Update these environment variables in cicd.yml according to the specific names you chose for your project:

    • GKE_CLUSTER: Name of your GKE cluster chosen above, eg. self-hosted-runner-test-cluster
    • GKE_SECRETS: Name of your secret configuration group, eg. self-hosted-runner-creds
    • GCP_REGION: The region your cluster is in, eg. us-central1
    • IMAGE: Name of your image used in ci.yml and deployment.yml
    • GITHUB_REPO: owner/repo of the repository that will use the self hosted runner, eg. octocat/sandbox

Automation

  • Upon push of any image-related code to any branch, ci.yml will kick off to build and push the Docker image.
  • Upon push of any code to master branch, cd.yml will kick off to deploy to Google Cloud.

Future improvements

  • Replace Docker-in-Docker with Tekton, Buildah, etc.

Contributions

We welcome contributions! See how to contribute.

License

MIT

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].