# Module to Add GitHub Runners to an organization using instances that stand up on demand.

Keep the costs low! Uses spot instances. Based off https://github.com/philips-labs/terraform-aws-github-runner

Most of this code is from the 'examples' directory. 

See also the XDR readme in `xdr-terraform-modules/thirdparty/terraform-aws-github-runner/README.XDR.md`

## To add runners to a new organization

### Step 1: Prepare the Secrets
1. Add the organization to the `ghe_orgs_with_runners` variable in `~/xdr-terraform-modules/base/account_standards_c2/secrets.tf`.
1. Update the module and apply. It should create a number of 'SETME' secrets entries.
1. Follow normal PR procedures and apply.

### Step 2: Initial Configuration of the GitHub App
1. Follow the instructions for ["Setup GitHub App (part 1)"](https://github.com/philips-labs/terraform-aws-github-runner#setup-github-app-part-1)
  a. Note the "App ID" and "Client ID" parameters
  b. Temporarily save the app.private-key.pem file
1. Convert the private key to base64
```
cat app.private-key.pem | base64
```
1. Log into the AWS Console, go to the C2 account->Secrets Manager, and record the base64 string under `GHE/runners/<GHE ORG>/webhook_key`

### Step 3: Copy the Module in xdr-terraform-live

1. Copy the module for a new organization
```
cp -a ~/xdr-terraform-live/test/aws-us-gov/mdr-test-c2/093-github-runners-mdr-engineering ~/xdr-terraform-live/test/aws-us-gov/mdr-test-c2/093-github-runners-NEWORG`
```
1. Edit the terragrunt.hcl in the new module and set the org and `github_app_id` appropriately
1. Follow normal PR procedures and apply.
1. Run `terragrunt output webhook_secret` and record the output

### Step 4: Finish the App Installation

1. Follow the instructions for ["Setup the webhook / GitHub App (part 2)"](https://github.com/philips-labs/terraform-aws-github-runner#setup-the-webhook--github-app-part-2)
  a. Choose option #2 to configure the webhook for the app
  b. Don't forget to install the app itself.

## TESTING

There is a sample repo at https://github.xdrtest.accenturefederalcyber.com/MDR-Engineering/xdr-test-runners that has an extremely simple workflow job. Clone the repo,
update `NUM`, commit, and push back to main.

Then check two things:
a) In the AWS EC2 console, go to instances, and search for 'runners'. An instance should be created.
b) On https://github.xdrtest.accenturefederalcyber.com/MDR-Engineering/xdr-test-runners/actions