SwanseaUniversityMedical · JossWhittle · Aug 6, 2024 · Aug 6, 2024 · Aug 8, 2024 · Aug 8, 2024
@@ -0,0 +1,45 @@
+name: Build Actions Runner Container
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/actions-runner-container.yaml'
+      - 'containers/actions-runner/**'
+  push:
+    branches:
+      - 'main'
+    paths:
+      - '.github/workflows/actions-runner-container.yaml'
+      - 'containers/actions-runner/**'
+
+permissions:
+  contents: write
+  pull-requests: write
+  actions: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  # Cancel early on pull requests if new commits are added,
+  # Don't cancel on release pushes
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  # Job name must be unique across repo to target
+  # branch protection rules "required checks" properly!
+  actions-runner-container:
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/pr-and-release-container.yaml@feat/runs-on-input
+    with:
+      job-name: actions-runner-container
+      comment-pr: "true"
+      comment-release: "true"
+      registry: ${{ vars.HARBOR_REGISTRY }}
+      registry-user: ${{ vars.HARBOR_USER }}
+      registry-repo: ${{ vars.HARBOR_PROJECT }}/actions-runner
+      release-tag-format: 'v${version}-actions-runner-container'
+      cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
+      build-file: containers/actions-runner/Dockerfile
+      build-context: containers/actions-runner
+    secrets:
+      cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      cosign-password: ${{ secrets.COSIGN_PASSWORD }}
+      registry-token: ${{ secrets.HARBOR_TOKEN }}
@@ -2,6 +2,11 @@ on:
   workflow_call:
     inputs:
 
+      runs-on:
+        description: "Name of the runner group to execute on."
+        default: "ubuntu-latest"
+        type: string
+
       job-name:
         description: "Job name to display on Slack messages."
         required: true
@@ -73,9 +78,7 @@ on:
 
 jobs:
   chart:
-    runs-on:
-      labels: [ self-hosted, linux, x64 ]
-      group: heavy
+    runs-on: ${{ inputs.runs-on }}
     steps:
       - name: get workflow reference
         id: workflows-ref

@@ -2,6 +2,11 @@ on:
   workflow_call:
     inputs:
 
+      runs-on:
+        description: "Name of the runner group to execute on."
+        default: "ubuntu-latest"
+        type: string
+
       job-name:
         description: "Job name to display on Slack messages."
         required: true
@@ -83,9 +88,7 @@ on:
 
 jobs:
   container:
-    runs-on:
-      labels: [ self-hosted, linux, x64 ]
-      group: heavy
+    runs-on: ${{ inputs.runs-on }}
     steps:
       - name: get workflow reference
         id: workflows-ref

@@ -14,3 +14,5 @@ concurrency:
 jobs:
   pr-title-commitlint:
     uses: ./.github/workflows/pr-title-commitlint.yaml
+    with:
+      runs-on: "ubuntu-latest"
@@ -13,3 +13,5 @@ concurrency:
 jobs:
   pr-labeler:
     uses: ./.github/workflows/pr-labeler.yaml
+    with:
+      runs-on: "ubuntu-latest"
@@ -2,6 +2,11 @@ on:
   workflow_call:
     inputs:
 
+      runs-on:
+        description: "Name of the runner group to execute on."
+        default: "ubuntu-latest"
+        type: string
+
       job-name:
         description: "Job name to display on Slack messages."
         required: true
@@ -88,9 +93,7 @@ on:
 
 jobs:
   chart:
-    runs-on:
-      labels: [ self-hosted, linux, x64 ]
-      group: heavy
+    runs-on: ${{ inputs.runs-on }}
     steps:
       - name: get workflow reference
         id: workflows-ref

@@ -2,6 +2,11 @@ on:
   workflow_call:
     inputs:
 
+      runs-on:
+        description: "Name of the runner group to execute on."
+        default: "ubuntu-latest"
+        type: string
+
       job-name:
         description: "Job name to display on Slack messages."
         required: true
@@ -98,9 +103,7 @@ on:
 
 jobs:
   container:
-    runs-on:
-      labels: [ self-hosted, linux, x64 ]
-      group: heavy
+    runs-on: ${{ inputs.runs-on }}
     steps:
       - name: get workflow reference
         id: workflows-ref

@@ -2,6 +2,11 @@ on:
   workflow_call:
     inputs:
 
+      runs-on:
+        description: "Name of the runner group to execute on."
+        default: "ubuntu-latest"
+        type: string
+
       job-name:
         description: "Job name to display on Slack messages."
         required: true
@@ -55,9 +60,7 @@ on:
 
 jobs:
   repo:
-    runs-on:
-      labels: [ self-hosted, linux, x64 ]
-      group: heavy
+    runs-on: ${{ inputs.runs-on }}
     outputs:
       release-info: ${{ steps.release.outputs.release-info }}
       new-release-published: ${{ steps.release.outputs.new-release-published }}

@@ -2,17 +2,19 @@ on:
   workflow_call:
     inputs:
 
+      runs-on:
+        description: "Name of the runner group to execute on."
+        default: "ubuntu-latest"
+        type: string
+
       config:
         description: "Path to the labeler config file within the repo."
         default: ".github/labeler.yaml"
         type: string
 
 jobs:
   label:
-    runs-on:
-      labels: [self-hosted, linux, x64]
-      group: light
-
+    runs-on: ${{ inputs.runs-on }}
     steps:
       - name: clone config from repo
         uses: actions/checkout@v4

@@ -2,6 +2,11 @@ on:
   workflow_call:
     inputs:
 
+      runs-on:
+        description: "Name of the runner group to execute on."
+        default: "ubuntu-latest"
+        type: string
+
       error-label:
         description: "Label to add on bad lints."
         default: ":black_nib: Bad PR Title"
@@ -29,9 +34,7 @@ on:
 
 jobs:
   lint:
-    runs-on:
-      labels: [self-hosted, linux, x64]
-      group: light
+    runs-on: ${{ inputs.runs-on }}
     steps:
       - name: clone config from repo
         uses: actions/checkout@v4

@@ -47,6 +47,7 @@ jobs:
   bulk-charts:
     uses: ./.github/workflows/pr-and-release-repo.yaml
     with:
+      runs-on: "ubuntu-latest"
       job-name: bulk-charts
       comment-release: true
       release-tag-format: 'v${version}-bulk-charts'
@@ -47,6 +47,7 @@ jobs:
   bulk-containers:
     uses: ./.github/workflows/pr-and-release-repo.yaml
     with:
+      runs-on: "ubuntu-latest"
       job-name: bulk-containers
       comment-release: true
       release-tag-format: 'v${version}-bulk-containers'
@@ -47,6 +47,7 @@ jobs:
   charts:
     uses: ./.github/workflows/pr-and-release-repo.yaml
     with:
+      runs-on: "ubuntu-latest"
       job-name: charts
       comment-release: true
       release-tag-format: 'v${version}-charts'
@@ -47,6 +47,7 @@ jobs:
   containers:
     uses: ./.github/workflows/pr-and-release-repo.yaml
     with:
+      runs-on: "ubuntu-latest"
       job-name: containers
       comment-release: true
       release-tag-format: 'v${version}-containers'
@@ -37,6 +37,7 @@ jobs:
   pr-labeler:
     uses: ./.github/workflows/pr-and-release-repo.yaml
     with:
+      runs-on: "ubuntu-latest"
       job-name: pr-labeler
       comment-release: true
       release-tag-format: 'v${version}-pr-labeler'
@@ -37,6 +37,7 @@ jobs:
   pr-title-commitlint:
     uses: ./.github/workflows/pr-and-release-repo.yaml
     with:
+      runs-on: "ubuntu-latest"
       job-name: pr-title-commitlint
       comment-release: true
       release-tag-format: 'v${version}-pr-title-commitlint'
@@ -37,6 +37,7 @@ jobs:
   release-renovate-workflow:
     uses: ./.github/workflows/pr-and-release-repo.yaml
     with:
+      runs-on: "ubuntu-latest"
       job-name: renovate
       comment-release: true
       release-tag-format: 'v${version}-renovate'
@@ -45,6 +45,7 @@ jobs:
   repo:
     uses: ./.github/workflows/pr-and-release-repo.yaml
     with:
+      runs-on: "ubuntu-latest"
       job-name: repo
       comment-release: true
       release-tag-format: 'v${version}-repo'
@@ -28,4 +28,4 @@ jobs:
         with:
           token: ${{ secrets.RENOVATE_TOKEN }}
         env:
-          RENOVATE_SOME_TOKEN: "xxxxxx"
+          RENOVATE_SOME_TOKEN: "xxxxxxx"
@@ -0,0 +1,18 @@
+FROM ghcr.io/actions/actions-runner:2.318.0
+
+LABEL org.opencontainers.image.source=https://github.com/SwanseaUniversityMedical/workflows
+
+# Add missing dependencies compared to the old summerwind runners
+USER root
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive \
+    apt-get install -y --no-install-recommends \
+      curl unzip jq wget python3-pip git-all && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN echo 'export PATH="/home/runner/.local/bin:$PATH"' >> /etc/profile
+ENV PATH="/home/runner/.local/bin:$PATH"
+
+USER runner
+ENV PATH="/home/runner/.local/bin:$PATH"
+