ghes/ephemeral.yml

name: Ephemeral

on:
  workflow_dispatch:
    inputs:
      action:
        description: Action to take (deploy or destroy)
        required: true
      org:
        description: Org requesting an ephemeral runner
        required: true
      repo:
        description: Repo requesting an ephemeral runner
        required: true
      actor:
        description: Actor requesting an ephemeral runner
        required: true
      identifier:
        description: Unique identifier (labels) for the ephemeral runner
        required: true

env:
  rg_name: cd-ephemeral
  aci_prefix: gh
  runner_image: ghcr.io/colindembovsky/ubuntu-actions-runner:77e620b571af517697a900c6290388d5c6ed4294
  ghes_url: https://colindembovsky-0cd7b2095901bb090.gh-quality.net
  
jobs:
  debug:
    runs-on: [self-hosted, permanent]
    steps:
      - uses: actions/checkout@v1
      - name: Echo inputs
        run: |
          echo '${{ toJson(github.event.inputs) }}'

  deploy_runner:
    name: Deploy Ephemeral Runner
    needs: debug
    if: ${{ github.event.inputs.action == 'queued' }}
    runs-on: [ self-hosted, permanent ]
    steps:
    - uses: central/az-login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    
    - name: Create runner
      run: |
        az container create \
          -g ${{ env.rg_name }} -n ${{ env.aci_prefix }}-${{ github.event.inputs.identifier }} \
          --image ${{ env.runner_image }} --restart-policy Never \
          --environment-variables \
            RUNNER_REPOSITORY_URL=${{ env.ghes_url }}/${{ github.event.inputs.org }}/${{ github.event.inputs.repo }} \
            GITHUB_TOKEN=${{ secrets.REPO_PAT }} \
            RUNNER_OPTIONS="--ephemeral" \
            RUNNER_LABELS=${{ github.event.inputs.identifier }} \
            GITHUB_SERVER=${{ env.ghes_url }} \
            RUNNER_NAME=${{ env.aci_prefix }}-${{ github.event.inputs.identifier }}

  delete_aci:
    name: Delete Dead ACI
    needs: debug
    if: ${{ github.event.inputs.action == 'completed' }}
    runs-on: [ self-hosted, permanent ]
    steps:
    - uses: central/az-login@v1
      with:
        creds: ${{ secrets.AZURE_CREDENTIALS }}
    
    - name: Delete ACI
      run: |
        az container delete -g ${{ env.rg_name }} -n ${{ env.aci_prefix }}-${{ github.event.inputs.identifier }} --yes
  