Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/xenitab/github-runner
Small tool to generate GitHub Self-hosted runner token using GitHub App
https://github.com/xenitab/github-runner
xenit-kubernetes-framework
Last synced: 29 days ago
JSON representation
Small tool to generate GitHub Self-hosted runner token using GitHub App
- Host: GitHub
- URL: https://github.com/xenitab/github-runner
- Owner: XenitAB
- License: mit
- Created: 2020-11-26T21:50:49.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2021-03-22T20:31:19.000Z (almost 4 years ago)
- Last Synced: 2024-12-06T02:34:19.703Z (29 days ago)
- Topics: xenit-kubernetes-framework
- Language: Go
- Homepage:
- Size: 36.1 KB
- Stars: 8
- Watchers: 2
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
# github-runner
## Information
Used to get a GitHub Self-hosted runner token using GitHub App.
The big reason for this is to be able to create a GitHub App that is limited to only self-hosted runners with no other access, being able to use this in automation projects and ephemeral buld agents.
The `stdout` will be the token that can be used to configure the self-hosted runner. It can either be configured through cli parameters or using secrets in Azure KeyVault (ENV and CLI authentication methods are supported).
Example usage can be found [here](https://github.com/XenitAB/packer-templates/tree/main/templates/azure/github-runner).
## Creating a GitHub App
The following is needed:
- App ID
- Installation ID
- Organization name
- Private Key
### Creating the app
Do the following:
GitHub -> Organization -> Settings -> Developer Settings -> GitHub Apps -> New GitHub App:
- GitHub App name:
- Homepage URL: http://localhost
- Webhook > Active: [ ]
- Organization permissions > Self-hosted runners: Read & write
- Where can this GitHub App be installed? > [v] Only on this account
- Press Create GitHub App
Document the `App ID`.
### Installing the app in the organization
In the app, go to `Install App`:
- Select `Install` on organization
- Verify the permissions and organization, press `Install`
The URL you will be sent to will be something like: `https://github.com/organizations//settings/installations/`
Document the `Installation ID` from the URL.
### Generating the private key
Go back to App Settings, in General go to Private Key and press Generate a private key.
Download the `Private key` and store it somewhere secure.
## Usage
### Without Azure KeyVault
```shell
go run cmd/github-runner/main.go --organization weaveworks-gitops-poc --app-id --installation-id --private-key-path
```
### With Azure KeyVault
#### Configuring secret
```shell
az keyvault secret set --vault-name --name github-private-key --file
az keyvault secret set --vault-name --name github-organization --value
az keyvault secret set --vault-name --name github-app-id --value
az keyvault secret set --vault-name --name github-installation-id --value
```
#### Azure ENV Authentication
```shell
go run cmd/github-runner/main.go --value-source AZURE_KEYVAULT --azure-keyvault-name --organization-kvsecret github-organization --app-id-kvsecret github-app-id --installation-id-kvsecret github-installation-id --private-key-kvsecret github-private-key
```
#### Azure CLI Authentication
```shell
go run cmd/github-runner/main.go --value-source AZURE_KEYVAULT --azure-keyvault-name --organization-kvsecret github-organization --app-id-kvsecret github-app-id --installation-id-kvsecret github-installation-id --private-key-kvsecret github-private-key --azure-auth CLI
```
### Other arguments
| Argument | Description | Type / Options | Default | Required when |
| ---------------------------- | ------------------------------------------------------------------------------------ | ---------------------------- | ----------- | ------------------------------- |
| `--token-type` | Token type to get from GitHub. | `REGISTER` `REMOVE` | `REGISTER` | Never |
| `--azure-auth` | The Azure authentication method. | `ENV` `CLI` | `CLI` | Never |
| `--output` | How should the output be printed. | `TOKEN` `JSON` | `TOKEN` | Never |
| `--value-source` | Source of the GitHub values. | `ARGUMENTS` `AZURE_KEYVAULT` | `ARGUMENTS` | Never |
| `--organization` | Name of the GitHub organization. | `string` | `""` | `--value-source ARGUMENTS` |
| `--app-id` | Application ID of the GitHub App. | `string` | `""` | `--value-source ARGUMENTS` |
| `--installation-id` | Installation ID of the GitHub App. | `int64` | `0` | `--value-source ARGUMENTS` |
| `--private-key-path` | The private key (PEM format) from the GitHub App. | `int64` | `0` | `--value-source ARGUMENTS` |
| `--azure-keyvault-name` | The name of the Azure KeyVault containing the secrets. | `string` | `""` | `--value-source AZURE_KEYVAULT` |
| `--organization-kvsecret` | The key name of the Azure KeyVault secret containing the organization name value. | `string` | `""` | `--value-source AZURE_KEYVAULT` |
| `--app-id-kvsecret` | The name of the Azure KeyVault containing the secrets. | `string` | `""` | `--value-source AZURE_KEYVAULT` |
| `--installation-id-kvsecret` | The key name of the Azure KeyVault secret containing the Installation ID name value. | `string` | `""` | `--value-source AZURE_KEYVAULT` |
| `--private-key-kvsecret` | he key name of the Azure KeyVault secret containing the GitHub Private Key value. | `string` | `""` | `--value-source AZURE_KEYVAULT` |
| `--azure-keyvault-name` | The name of the Azure KeyVault containing the secrets. | `string` | `""` | `--value-source AZURE_KEYVAULT` |