Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add option to use a pre-registered Runner #1115

Merged
merged 11 commits into from
Apr 24, 2024
Merged

feat: add option to use a pre-registered Runner #1115

merged 11 commits into from
Apr 24, 2024

Conversation

kayman-mk
Copy link
Collaborator

@kayman-mk kayman-mk commented Apr 20, 2024
edited
Loading

Description

GitLab announced then Next GitLab Runner Token Architecture. Runners have to be registered manually.

This PR adds a new import parameter runner_gitlab.preregistered_runner_token_ssm_parameter_name holding the name of a SSM parameter (type: SecuredString). This parameter contains the GitLab Runner token obtained from GitLab. All other registration methods will still work, but have been marked as deprecated and will be removed with v8.0.0 end of the year.

This also solves the problems with Runners removed from GitLab at shutdown, resulting in new Runners not able to start.

Closes #1074 and #1109

Verification

  • deployed the module using the new registration version. Runner is online.
  • deployed the module using the old authentication schema. Runner is online.

@kayman-mk kayman-mk requested a review from npalm as a code owner April 20, 2024 08:56
@github-actions GitHub Actions
Copy link
Contributor

Hey @kayman-mk! 👋

Thank you for your contribution to the project. Please refer to the contribution rules for a quick overview of the process.

Make sure that this PR clearly explains:

  • the problem being solved
  • the best way a reviewer and you can test your changes

With submitting this PR you confirm that you hold the rights of the code added and agree that it will published under this LICENSE.

The following ChatOps commands are supported:

  • /help: notifies a maintainer to help you out

Simply add a comment with the command in the first line. If you need to pass more information, separate it with a blank line from the command.

This message was generated automatically. You are welcome to improve it.

@kayman-mk
Copy link
Collaborator Author

We already have several options to configure the Runner registration. I used a new parameter to be able to remove all the old methods easily with v8.0.0

@kayman-mk
Copy link
Collaborator Author

@woz5999 @lpsm-nuageit Can you please have a quick look here? Are there any better names for the new variable coming into your mind?

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 20, 2024
edited
Loading

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ COPYPASTE jscpd yes no 1.54s
✅ MARKDOWN markdownlint 1 0 0 0.6s
✅ MARKDOWN markdown-link-check 1 0 1.46s
✅ REPOSITORY checkov yes no 16.16s
✅ REPOSITORY dustilock yes no 0.28s
✅ REPOSITORY gitleaks yes no 1.36s
✅ REPOSITORY git_diff yes no 0.01s
✅ REPOSITORY grype yes no 10.61s
✅ REPOSITORY secretlint yes no 1.27s
✅ REPOSITORY syft yes no 0.2s
✅ REPOSITORY trivy-sbom yes no 1.53s
✅ REPOSITORY trufflehog yes no 7.71s
✅ SPELL cspell 14 0 3.46s
✅ TERRAFORM terraform-fmt 12 0 0 0.76s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@kayman-mk
Copy link
Collaborator Author

kayman-mk commented Apr 20, 2024
edited
Loading

Still to do: update examples to new registration method, update docs and describe new registration method

EDIT: done

@lpsm-nuageit
Copy link

@kayman-mk I believe we can use the same config nomenclatures that gitlab runner uses in the helm chart version.

But since we're in a different stream, I think the name preregistered_runner_token_ssm_parameter_name makes more sense and avoids ambiguity.

@woz5999
Copy link

woz5999 commented Apr 22, 2024

This all looks reasonable to me

@kayman-mk kayman-mk merged commit 9153a3a into main Apr 24, 2024
20 checks passed
@kayman-mk kayman-mk deleted the kayma/1109/use-preregistered-runners branch April 24, 2024 21:00
@cattle-ops-releaser-2 cattle-ops-releaser-2 bot mentioned this pull request Apr 24, 2024
Merged
kayman-mk pushed a commit that referenced this pull request May 1, 2024
@cattle-ops-releaser-2 @github-actions
chore(main): release 7.6.0 (#1119)
4baab28 
🤖 I have created a release *beep* *boop*
---


##
[7.6.0](7.5.0...7.6.0)
(2024-05-01)


### Features

* add option to use a pre-registered Runner
([#1115](#1115))
([9153a3a](9153a3a))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: cattle-ops-releaser-2[bot] <134548870+cattle-ops-releaser-2[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@czomo
Copy link

czomo commented Jul 2, 2024

Are there any plans to support AWS Secret Manager as secret store for Gitlab tokens?

@bck01215
Copy link

The docs are still unclear to me (new to project) preregistered_runner_token_ssm_parameter_name gets created so it can't exist beforehand. Does that mean I need to pass the token into the resource after it's created?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@npalm npalm Awaiting requested review from npalm npalm is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Module update removes registered runner but does not create a new runner
5 participants
@kayman-mk @lpsm-nuageit @woz5999 @czomo @bck01215