Merge branch 'master' into devel

Author: juju4

.github/workflows/lint.yml

@@ -5,6 +5,7 @@ on:
   push:
     branches:
       - master
+      - main
       - devel*
 
 jobs:

.github/workflows/tests.yml

@@ -4,6 +4,7 @@ on:
   pull_request:
     branches:
       - master
+      - main
       - devel*
     types: [opened, synchronize, reopened]
     paths:

README.md

@@ -9,7 +9,7 @@
 
 
 This role will deploy/redeploy/uninstall and register/unregister local GitHub Actions Runner on Linux and macOS Systems (see [compatibility list](#supported-operating-systems) ).
-It supports both, Organization and Repository Runners.
+It supports Enterprise, Organization and Repository Runners.
 
 ## Requirements
 
@@ -18,7 +18,8 @@ It supports both, Organization and Repository Runners.
 * The role require Personal Access Token to access the GitHub. The token can be set as `PERSONAL_ACCESS_TOKEN` environment variable.
 
 > **Note**  
-> The token must have the `repo` scope (when creating a repo runner) or the `admin:org` scope (when creating a runner for an organization).
+> The token must have the `repo` scope (when creating a repo runner), the `admin:org` scope (when creating a runner for an organization),
+> the `manage_runners:enterprise` scope (when creating a enterprise runner).
 Personal Access Token for GitHub account can be created [here](https://github.com/settings/tokens).
 
 > **Warning**  
@@ -112,6 +113,9 @@ runner_name: "{{ ansible_hostname }}"
 # Github repository name
 # github_repo: "yourrepo"
 
+# GitHub Enterprise name
+# github_enterprise: "yourenterprise"
+
 # Configuring a custom .env file
 # custom_env: |
 # http_proxy=YOUR_URL_HERE
@@ -122,7 +126,7 @@ runner_name: "{{ ansible_hostname }}"
 # HTTP_PROXY=
 ```
 
-## Example Playbook
+## Example Playbooks
 
 In this example the Ansible role will install (or update) the GitHub Actions Runner service (latest available version). The runner will be registered for *my_awesome_repo* GitHub repo.
 Runner service will be stated and will run under the same user as the Ansible is using for ssh connection (*ansible*).
@@ -156,6 +160,20 @@ Same example as above, but runner will be added to an organization and deployed
     - role: monolithprojects.github_actions_runner
 ```
 
+If you have a Github Enterprise Cloud license and you want to manage all the self-hosted runners from the enterprise:
+```yaml
+---
+- name: Install GitHub Actions Runner
+  hosts: all
+  user: automation
+  become: yes
+  vars:
+    - github_enterprise: my_awesome_enterprise
+    - runner_org: no
+  roles:
+    - role: monolithprojects.github_actions_runner
+```
+
 In this example the Ansible role will deploy (or update) the GitHub Actions runner service (version 2.165.2) and register the runner for the GitHub repo. Runner service will run under the user `runner-user`. Runner will be registered with two labels.
 The runner service will be *stopped* and disabled. Runner will use custom environment variables (from file named `.env` in the self-hosted runner application directory).
 

defaults/main.yml

@@ -54,6 +54,9 @@ runner_name: "{{ ansible_hostname }}"
 # Github repository name
 # github_repo: "yourrepo"
 
+# GitHub Enterprise name
+# github_enterprise: "yourenterprise"
+
 # Configuring a custom .env file
 # custom_env: |
 # http_proxy=YOUR_URL_HERE

tasks/assert.yml

@@ -5,6 +5,7 @@
       - github_account is defined
     fail_msg: "github_account is not defined"
   run_once: true
+  when: not github_enterprise
 
 - name: Check access_token variable (RUN ONCE)
   ansible.builtin.assert:
@@ -20,3 +21,13 @@
       - runner_org | bool == True or runner_org == False
     fail_msg: "runner_org should be a boolean value"
   run_once: true
+  when: not github_enterprise
+
+- name: Check github_repo variable (RUN ONCE)
+  ansible.builtin.assert:
+    that:
+      - github_repo is defined
+      - github_repo | length > 0
+    fail_msg: "github_repo was not found or is using an invalid format."
+  run_once: true
+  when: not runner_org and not github_enterprise

tasks/collect_info.yml

@@ -5,12 +5,17 @@
     - name: Set complete API url for repo runner
       ansible.builtin.set_fact:
         github_full_api_url: "{{ github_api_url }}/repos/{{ github_owner | default(github_account) }}/{{ github_repo }}/actions/runners"
-      when: not runner_org
+      when: not runner_org and not github_enterprise
 
     - name: Set complete API url for org runner
       ansible.builtin.set_fact:
         github_full_api_url: "{{ github_api_url }}/orgs/{{ github_owner | default(github_account) }}/actions/runners"
-      when: runner_org | bool
+      when: runner_org | bool and not github_enterprise
+
+    - name: Set complete API url for enterprise runner
+      ansible.builtin.set_fact:
+        github_full_api_url: "{{ github_api_url }}/enterprises/{{ github_enterprise }}/actions/runners"
+      when: github_enterprise
 
     - name: Get registration token (RUN ONCE)
       ansible.builtin.uri:

tasks/install_deps.yml

@@ -10,7 +10,7 @@
       - libssl1.1
       - libicu57
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "9")
 
 - name: Install dependencies on Debian Buster
@@ -23,7 +23,7 @@
       - libssl1.1
       - libicu63
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "10")
 
 - name: Install dependencies on Debian Bullseye
@@ -36,7 +36,7 @@
       - libssl1.1
       - libicu67
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "11")
 
 - name: Install dependencies on Debian Bookworm
@@ -49,7 +49,7 @@
       - libssl3
       - libicu72
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Debian" and ansible_distribution_major_version == "12")
 
 - name: Install dependencies on Ubuntu Xenial systems
@@ -62,7 +62,7 @@
       - libssl1.0.0
       - libicu55
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "16")
 
 - name: Install dependencies on Ubuntu Bionic systems
@@ -75,7 +75,7 @@
       - libssl1.1
       - libicu60
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "18")
 
 - name: Install dependencies on Ubuntu Focal systems
@@ -88,7 +88,7 @@
       - libssl1.1
       - libicu66
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "20")
 
 - name: Install dependencies on Ubuntu Jammy systems
@@ -100,7 +100,7 @@
       - zlib1g
       - libicu70
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "Ubuntu" and ansible_distribution_major_version == "22")
 
 - name: Install dependencies on RHEL/CentOS/Fedora systems
@@ -112,7 +112,7 @@
       - zlib
       - libicu
     state: present
-    update_cache: yes
+    update_cache: true
   when: (ansible_distribution == "RedHat") or
         (ansible_distribution == "CentOS") or
         (ansible_distribution == "Fedora") or

tasks/install_runner.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ runner_dir }}"
     state: directory
-    mode: '0755'
+    mode: "0755"
     owner: "{{ runner_user_id.stdout }}"
     group: "{{ runner_user_group_id.stdout }}"
 
@@ -26,8 +26,8 @@
     dest: "{{ runner_dir }}/"
     owner: "{{ runner_user_id.stdout }}"
     group: "{{ runner_user_group_id.stdout }}"
-    remote_src: yes
-    mode: '0755'
+    remote_src: true
+    mode: "0755"
   environment:
     PATH: /usr/local/bin:/opt/homebrew/bin/:{{ ansible_env.HOME }}/bin:{{ ansible_env.PATH }}
   when: runner_version not in runner_installed.stdout or reinstall_runner
@@ -37,8 +37,8 @@
     path: "{{ runner_dir }}/.env"
     block: "{{ custom_env }}"
     owner: "{{ runner_user }}"
-    create: yes
-    mode: '0755'
+    create: true
+    mode: "0755"
     marker_begin: "# BEGIN ANSIBLE MANAGED BLOCK"
     marker_end: "# END ANSIBLE MANAGED BLOCK"
   when: custom_env is defined
@@ -51,12 +51,17 @@
 - name: Set complete GitHub url for repo runner
   ansible.builtin.set_fact:
     github_full_url: "{{ github_url }}/{{ github_owner | default(github_account) }}/{{ github_repo }}"
-  when: not runner_org
+  when: not runner_org and not github_enterprise
 
 - name: Set complete GitHub url for org runner
   ansible.builtin.set_fact:
     github_full_url: "{{ github_url }}/{{ github_owner | default(github_account) }}"
-  when: runner_org | bool
+  when: runner_org | bool and not github_enterprise
+
+- name: Set complete GitHub url for enterprise runner
+  ansible.builtin.set_fact:
+    github_full_url: "{{ github_url }}/enterprises/{{ github_enterprise }}"
+  when: github_enterprise
 
 - name: Register runner  # noqa no-changed-when
   environment:
@@ -72,6 +77,7 @@
     {{ runner_extra_config_args }}"
   args:
     chdir: "{{ runner_dir }}"
+  changed_when: true
   become_user: "{{ runner_user }}"
   no_log: "{{ hide_sensitive_logs | bool }}"
   when: runner_name not in registered_runners.json.runners|map(attribute='name')|list
@@ -90,14 +96,19 @@
     --replace"
   args:
     chdir: "{{ runner_dir }}"
+  changed_when: true
   become_user: "{{ runner_user }}"
   no_log: "{{ hide_sensitive_logs | bool }}"
-  when: runner_name in registered_runners.json.runners|map(attribute='name')|list and reinstall_runner and not runner_org
+  when: >
+    runner_name in registered_runners.json.runners|map(attribute='name')|list and
+    reinstall_runner and
+    not runner_org
 
 - name: Install service  # noqa no-changed-when
   ansible.builtin.command: "./svc.sh install {{ runner_user }}"
   args:
     chdir: "{{ runner_dir }}"
+  changed_when: true
   become: "{{ 'false' if ansible_system == 'Darwin' else 'true' }}"
   when: not runner_service_file_path.stat.exists
 
@@ -112,10 +123,11 @@
     chdir: "{{ runner_dir }}"
   no_log: "{{ hide_sensitive_logs | bool }}"
   ignore_errors: "{{ ansible_check_mode }}"
-  when:
-    - ansible_system != 'Darwin'
-    - runner_state|lower == "started"
-    - ansible_facts.services[(runner_service.content | b64decode) | trim ]['state'] != 'running'
+  changed_when: true
+  when: >
+    ansible_system != 'Darwin' and
+    runner_state|lower == "started" and
+    ansible_facts.services[(runner_service.content | b64decode) | trim ]['state'] != 'running'
 
 - name: START and enable Github Actions Runner service (macOS) # TODO: Idempotence
   ansible.builtin.command: "./svc.sh start"  # noqa no-changed-when
@@ -124,25 +136,24 @@
   become: false
   no_log: "{{ hide_sensitive_logs | bool }}"
   ignore_errors: "{{ ansible_check_mode }}"
+  changed_when: true
   when: ansible_system == 'Darwin' and runner_state|lower
 
 - name: STOP and disable Github Actions Runner service  # noqa no-changed-when
   ansible.builtin.command: "./svc.sh stop"
   args:
     chdir: "{{ runner_dir }}"
+  changed_when: true
   become: "{{ 'false' if ansible_distribution == 'MacOS' else 'true' }}"
   no_log: "{{ hide_sensitive_logs | bool }}"
   ignore_errors: "{{ ansible_check_mode }}"
   when: runner_state|lower == "stopped"
 
 - name: Version changed - RESTART Github Actions Runner service
-  ansible.builtin.shell:  # noqa no-changed-when
-    cmd: |
-      ./svc.sh stop
-      sleep 5
-      ./svc.sh start
+  ansible.builtin.command: "./svc.sh stop && sleep 5 && ./svc.sh start"
   args:
     chdir: "{{ runner_dir }}"
+  changed_when: true
   become: "{{ 'false' if ansible_system == 'Darwin' else 'true' }}"
   no_log: "{{ hide_sensitive_logs | bool }}"
   ignore_errors: "{{ ansible_check_mode }}"

tasks/uninstall_runner.yml

@@ -8,6 +8,7 @@
   ansible.builtin.command: "./svc.sh uninstall"
   args:
     chdir: "{{ runner_dir }}"
+  changed_when: true
   become: "{{ 'false' if ansible_system == 'Darwin' else 'true' }}"
   when: runner_service_file_path.stat.exists
 
@@ -25,6 +26,7 @@
   become: false
   become_user: "{{ runner_user }}"
   no_log: "{{ hide_sensitive_logs | bool }}"
+  changed_when: true
   when: runner_name in registered_runners.json.runners|map(attribute='name')|list and runner_file.stat.exists
 
 - name: Delete runner directory