Domů Procházet Nápověda
Registrovat se Přihlásit se
AFS
/
xdr-terraform-modules
2
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: 5713a943b8
Větve Značky
xdr-terraform-m...
/
base
/
github-runners
Fred Damstra [afs macbook] 4e2cfe2ba7 Adds module for github runners using philips labs 3rd party module před 3 roky
..
README.md 4e2cfe2ba7 Adds module for github runners using philips labs 3rd party module před 3 roky
constants.tf 4e2cfe2ba7 Adds module for github runners using philips labs 3rd party module před 3 roky
globals.tf 4e2cfe2ba7 Adds module for github runners using philips labs 3rd party module před 3 roky
locals.tf 4e2cfe2ba7 Adds module for github runners using philips labs 3rd party module před 3 roky
main.tf 4e2cfe2ba7 Adds module for github runners using philips labs 3rd party module před 3 roky
outputs.tf 4e2cfe2ba7 Adds module for github runners using philips labs 3rd party module před 3 roky
secrets.tf 4e2cfe2ba7 Adds module for github runners using philips labs 3rd party module před 3 roky
vars.tf 4e2cfe2ba7 Adds module for github runners using philips labs 3rd party module před 3 roky

README.md

Module to Add GitHub Runners to an organization using instances that stand up on demand.

Keep the costs low! Uses spot instances. Based off https://github.com/philips-labs/terraform-aws-github-runner

Most of this code is from the 'examples' directory.

See also the XDR readme in xdr-terraform-modules/thirdparty/terraform-aws-github-runner/README.XDR.md

To add runners to a new organization

Step 1: Prepare the Secrets

  1. Add the organization to the ghe_orgs_with_runners variable in ~/xdr-terraform-modules/base/account_standards_c2/secrets.tf.
  2. Update the module and apply. It should create a number of 'SETME' secrets entries.
  3. Follow normal PR procedures and apply.

Step 2: Initial Configuration of the GitHub App

  1. Follow the instructions for "Setup GitHub App (part 1)" a. Note the "App ID" and "Client ID" parameters b. Temporarily save the app.private-key.pem file

  2. Convert the private key to base64

    cat app.private-key.pem | base64

  3. Log into the AWS Console, go to the C2 account->Secrets Manager, and record the base64 string under GHE/runners/<GHE ORG>/webhook_key

Step 3: Copy the Module in xdr-terraform-live

  1. Copy the module for a new organization

    cp -a ~/xdr-terraform-live/test/aws-us-gov/mdr-test-c2/093-github-runners-mdr-engineering ~/xdr-terraform-live/test/aws-us-gov/mdr-test-c2/093-github-runners-NEWORG`

  2. Edit the terragrunt.hcl in the new module and set the org and github_app_id appropriately

  3. Follow normal PR procedures and apply.

  4. Run terragrunt output webhook_secret and record the output

Step 4: Finish the App Installation

  1. Follow the instructions for "Setup the webhook / GitHub App (part 2)" a. Choose option #2 to configure the webhook for the app b. Don't forget to install the app itself.

TESTING

There is a sample repo at https://github.xdrtest.accenturefederalcyber.com/MDR-Engineering/xdr-test-runners that has an extremely simple workflow job. Clone the repo, update NUM, commit, and push back to main.

Then check two things: a) In the AWS EC2 console, go to instances, and search for 'runners'. An instance should be created. b) On https://github.xdrtest.accenturefederalcyber.com/MDR-Engineering/xdr-test-runners/actions