From d8255f09da39e603e710149dc87a5f3eaa4ff049 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 7 Dec 2024 12:53:16 +1100 Subject: [PATCH 1/4] github-runner: remove `with lib;` --- modules/services/github-runner/options.nix | 4 +++- modules/services/github-runner/service.nix | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/modules/services/github-runner/options.nix b/modules/services/github-runner/options.nix index 8f98aa07..75084344 100644 --- a/modules/services/github-runner/options.nix +++ b/modules/services/github-runner/options.nix @@ -3,7 +3,9 @@ , ... }: -with lib; +let + inherit (lib) literalExpression mkOption mkPackageOption types; +in { options.services.github-runners = mkOption { description = '' diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 21d908e0..7360a343 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -1,6 +1,10 @@ { config, lib, pkgs, ... }: -with lib; + let + inherit (lib) any attrValues boolToString concatStringsSep escapeShellArg + flatten flip getExe hasAttr hasPrefix mapAttrsToList mapAttrs' mkBefore + mkDefault mkIf mkMerge nameValuePair optionalAttrs optionalString replaceStrings; + mkSvcName = name: "github-runner-${name}"; mkStateDir = cfg: "/var/lib/github-runners/${cfg.name}"; mkLogDir = cfg: "/var/log/github-runners/${cfg.name}"; From 06e1d770687a832a13aa23f37cdebeadc3af89b8 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 7 Dec 2024 13:00:54 +1100 Subject: [PATCH 2/4] github-runner: use `lib.getExe{,'}` --- modules/services/github-runner/service.nix | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 7360a343..2c2411db 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -2,7 +2,7 @@ let inherit (lib) any attrValues boolToString concatStringsSep escapeShellArg - flatten flip getExe hasAttr hasPrefix mapAttrsToList mapAttrs' mkBefore + flatten flip getExe getExe' hasAttr hasPrefix mapAttrsToList mapAttrs' mkBefore mkDefault mkIf mkMerge nameValuePair optionalAttrs optionalString replaceStrings; mkSvcName = name: "github-runner-${name}"; @@ -55,15 +55,15 @@ in ( umask -S u=rwx,g=rx,o= > /dev/null - ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkStateDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)} + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkStateDir cfg)} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkStateDir cfg)} - ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkLogDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)} + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkLogDir cfg)} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkLogDir cfg)} ${optionalString (cfg.workDir == null) '' - ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkWorkDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} + ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkWorkDir cfg)} + ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} ''} ) ''); @@ -127,7 +127,7 @@ in else args+=(--token "$token") fi - ${package}/bin/config.sh "''${args[@]}" + ${getExe' package "config.sh"} "''${args[@]}" ''; }; in @@ -135,12 +135,12 @@ in echo "Configuring GitHub Actions Runner" # Always clean the working directory - ${pkgs.findutils}/bin/find ${escapeShellArg workDir} -mindepth 1 -delete + ${getExe pkgs.findutils} ${escapeShellArg workDir} -mindepth 1 -delete # Clean the $RUNNER_ROOT if we are in ephemeral mode if ${boolToString cfg.ephemeral}; then echo "Cleaning $RUNNER_ROOT" - ${pkgs.findutils}/bin/find "$RUNNER_ROOT" -mindepth 1 -delete + ${getExe pkgs.findutils} "$RUNNER_ROOT" -mindepth 1 -delete fi # If the `.runner` file does not exist, we assume the runner is not configured @@ -149,7 +149,7 @@ in fi # Start the service - ${package}/bin/Runner.Listener run --startuptype service + ${getExe' package "Runner.Listener"} run --startuptype service ''; serviceConfig = mkMerge [ From 22cde06f497b97cbab4186292f9fd82487bbfecc Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 7 Dec 2024 13:06:10 +1100 Subject: [PATCH 3/4] github-runner: fix service not starting --- modules/services/github-runner/service.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 2c2411db..029f863e 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -59,6 +59,8 @@ in ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkStateDir cfg)} ${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkLogDir cfg)} + # launchd will fail to start the service if the outer direction doesn't have sufficient permissions + ${getExe' pkgs.coreutils "chmod"} o+rx ${escapeShellArg (mkLogDir { name = ""; })} ${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkLogDir cfg)} ${optionalString (cfg.workDir == null) '' From 8752b6ae3c0d6b44ca4ef28e50503f8efcec0096 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 7 Dec 2024 13:08:04 +1100 Subject: [PATCH 4/4] github-runner: add instructions for triggering a runner registration --- modules/services/github-runner/options.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/services/github-runner/options.nix b/modules/services/github-runner/options.nix index 75084344..5152cc43 100644 --- a/modules/services/github-runner/options.nix +++ b/modules/services/github-runner/options.nix @@ -90,6 +90,9 @@ in Changing this option or the `tokenFile`’s content triggers a new runner registration. + You can also manually trigger a new runner registration by deleting + {file}`/var/lib/github-runners//.runner` and restarting the service. + We suggest using the fine-grained PATs. A runner registration token is valid only for 1 hour after creation, so the next time the runner configuration changes this will give you hard-to-debug HTTP 404 errors in the configure step.