feat(images): Added ubuntu-focual example packer configuration (#1644)

* feat: create Ubuntu image

* feat: add aws v2 cli

* feat: add unzip

* feat: port tag changes to amazon linux image

* chore(images): use same default for aws region

* fix: use apt-get you melon

* feat: add cloudwatch agent

* fix: use new install location in example

* feat: set env vars in service and align

* fix: setup action tool cache

* fix: add missing arch var

* fix: use Ubuntu's root device name

* chore: set apt to be noninteractive

* chore: align tag values with amzn2 image

* chore: better docs for tool cache location

* chore: include a warning

Co-authored-by: toast-gear <[email protected]>

Author: toast-gear

Diff for: .github/workflows/packer-build.yml

@@ -21,7 +21,7 @@ jobs:
       image: hashicorp/packer:1.7.8
     strategy:
       matrix:
-        image: ["linux-amzn2", "windows-core-2019"]
+        image: ["linux-amzn2", "windows-core-2019", "ubuntu-focal"]
     defaults:
       run:
         working-directory: images/${{ matrix.image }}

Diff for: examples/ubuntu/main.tf

@@ -35,7 +35,7 @@ module "runners" {
   # enable access to the runners via SSM
   enable_ssm_on_runners = true
 
-  runner_run_as     = "runners"
+  runner_run_as     = "ubuntu"
   userdata_template = "./templates/user-data.sh"
   ami_owners        = ["099720109477"] # Canonical's Amazon account ID
 
@@ -64,7 +64,7 @@ module "runners" {
     {
       "log_group_name" : "runner",
       "prefix_log_group" : true,
-      "file_path" : "/home/runners/actions-runner/_diag/Runner_**.log",
+      "file_path" : "/opt/actions-runner/_diag/Runner_**.log",
       "log_stream_name" : "{instance_id}/runner"
     }
   ]

Diff for: images/install-runner.sh

@@ -1,6 +1,6 @@
 #!/bin/bash -e
 
-user_name=ec2-user
+user_name=$(cat /tmp/install-user.txt)
 
 ## This wrapper file re-uses scripts in the /modules/runners/templates directory
 ## of this repo. These are the same that are used by the user_data functionality 

Diff for: images/linux-amzn2/github_agent.linux.pkr.hcl

@@ -10,7 +10,7 @@ packer {
 variable "runner_version" {
   description = "The version (no v prefix) of the runner software to install https://github.com/actions/runner/releases"
   type        = string
-  default     = "2.286.0"
+  default     = "2.286.1"
 }
 
 variable "region" {
@@ -42,8 +42,20 @@ variable "root_volume_size_gb" {
   default = 8
 }
 
-variable "tags" {
-  description = "Additional tags to add globally"
+variable "global_tags" {
+  description = "Tags to apply to everything"
+  type        = map(string)
+  default     = {}
+}
+
+variable "ami_tags" {
+  description = "Tags to apply to the AMI"
+  type        = map(string)
+  default     = {}
+}
+
+variable "snapshot_tags" {
+  description = "Tags to apply to the snapshot"
   type        = map(string)
   default     = {}
 }
@@ -65,12 +77,18 @@ source "amazon-ebs" "githubrunner" {
   }
   ssh_username = "ec2-user"
   tags = merge(
-    var.tags,
+    var.global_tags,
+    var.ami_tags,
     {
       OS_Version    = "amzn2"
       Release       = "Latest"
       Base_AMI_Name = "{{ .SourceAMIName }}"
   })
+  snapshot_tags = merge(
+    var.global_tags,
+    var.snapshot_tags,
+  )
+
 
   launch_block_device_mappings {
     device_name = "/dev/xvda"
@@ -114,6 +132,7 @@ build {
     ]
     inline = [
       "sudo chmod +x /tmp/install-runner.sh",
+      "echo ec2-user > /tmp/install-user.txt",
       "sudo RUNNER_ARCHITECTURE=x64 RUNNER_TARBALL_URL=$RUNNER_TARBALL_URL /tmp/install-runner.sh"
     ]
   }

Diff for: images/ubuntu-focal/github_agent.ubuntu.pkr.hcl

@@ -0,0 +1,164 @@
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 0.0.2"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+variable "runner_version" {
+  description = "The version (no v prefix) of the runner software to install https://github.com/actions/runner/releases"
+  type        = string
+  default     = "2.286.1"
+}
+
+variable "region" {
+  description = "The region to build the image in"
+  type        = string
+  default     = "eu-west-1"
+}
+
+variable "security_group_id" {
+  description = "The ID of the security group Packer will associate with the builder to enable access"
+  type        = string
+  default     = null
+}
+
+variable "subnet_id" {
+  description = "If using VPC, the ID of the subnet, such as subnet-12345def, where Packer will launch the EC2 instance. This field is required if you are using an non-default VPC"
+  type        = string
+  default     = null
+}
+
+variable "instance_type" {
+  description = "The instance type Packer will use for the builder"
+  type        = string
+  default     = "t3.medium"
+}
+
+variable "root_volume_size_gb" {
+  type    = number
+  default = 8
+}
+
+variable "global_tags" {
+  description = "Tags to apply to everything"
+  type        = map(string)
+  default     = {}
+}
+
+variable "ami_tags" {
+  description = "Tags to apply to the AMI"
+  type        = map(string)
+  default     = {}
+}
+
+variable "snapshot_tags" {
+  description = "Tags to apply to the snapshot"
+  type        = map(string)
+  default     = {}
+}
+
+source "amazon-ebs" "githubrunner" {
+  ami_name          = "github-runner-ubuntu-focal-amd64-${formatdate("YYYYMMDDhhmm", timestamp())}"
+  instance_type     = var.instance_type
+  region            = var.region
+  security_group_id = var.security_group_id
+  subnet_id         = var.subnet_id
+  source_ami_filter {
+    filters = {
+      name                = "*/ubuntu-focal-20.04-amd64-server-*"
+      root-device-type    = "ebs"
+      virtualization-type = "hvm"
+    }
+    most_recent = true
+    owners      = ["099720109477"]
+  }
+  ssh_username = "ubuntu"
+  tags = merge(
+    var.global_tags,
+    var.ami_tags,
+    {
+      OS_Version    = "ubuntu-focal"
+      Release       = "Latest"
+      Base_AMI_Name = "{{ .SourceAMIName }}"
+  })
+  snapshot_tags = merge(
+    var.global_tags,
+    var.snapshot_tags,
+  )
+
+  launch_block_device_mappings {
+    device_name = "/dev/sda1"
+    volume_size = "${var.root_volume_size_gb}"
+    volume_type = "gp3"
+  }
+}
+
+build {
+  name = "githubactions-runner"
+  sources = [
+    "source.amazon-ebs.githubrunner"
+  ]
+  provisioner "shell" {
+    environment_vars = [
+      "DEBIAN_FRONTEND=noninteractive"
+    ]
+    inline = [
+      "sudo apt-get -y update",
+      "sudo apt-get -y install ca-certificates curl gnupg lsb-release",
+      "sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg",
+      "echo deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null",
+      "sudo apt-get -y update",
+      "sudo apt-get -y install docker-ce docker-ce-cli containerd.io jq git unzip",
+      "sudo systemctl enable containerd.service",
+      "sudo service docker start",
+      "sudo usermod -a -G docker ubuntu",
+      "sudo curl -f https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb -o amazon-cloudwatch-agent.deb",
+      "sudo dpkg -i amazon-cloudwatch-agent.deb",
+      "sudo systemctl restart amazon-cloudwatch-agent",
+      "sudo curl -f https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip",
+      "unzip awscliv2.zip",
+      "sudo ./aws/install",
+    ]
+  }
+
+  provisioner "file" {
+    content = templatefile("../install-runner.sh", {
+      install_runner = templatefile("../../modules/runners/templates/install-runner.sh", {
+        ARM_PATCH                       = ""
+        S3_LOCATION_RUNNER_DISTRIBUTION = ""
+        RUNNER_ARCHITECTURE             = "x64"
+      })
+    })
+    destination = "/tmp/install-runner.sh"
+  }
+
+  provisioner "shell" {
+    environment_vars = [
+      "RUNNER_TARBALL_URL=https://github.com/actions/runner/releases/download/v${var.runner_version}/actions-runner-linux-x64-${var.runner_version}.tar.gz"
+    ]
+    inline = [
+      "sudo chmod +x /tmp/install-runner.sh",
+      "echo ubuntu | tee -a /tmp/install-user.txt",
+      "sudo RUNNER_ARCHITECTURE=x64 RUNNER_TARBALL_URL=$RUNNER_TARBALL_URL /tmp/install-runner.sh",
+      "echo ImageOS=ubuntu20 | tee -a /opt/actions-runner/.env"
+    ]
+  }
+
+  provisioner "file" {
+    content = templatefile("../start-runner.sh", {
+      start_runner = templatefile("../../modules/runners/templates/start-runner.sh", {})
+    })
+    destination = "/tmp/start-runner.sh"
+  }
+
+  provisioner "shell" {
+    inline = [
+      "sudo mv /tmp/start-runner.sh /var/lib/cloud/scripts/per-boot/start-runner.sh",
+      "sudo chmod +x /var/lib/cloud/scripts/per-boot/start-runner.sh",
+    ]
+  }
+
+}

Diff for: modules/runners/templates/install-runner.sh

@@ -12,10 +12,17 @@ fi
 
 file_name="actions-runner.tar.gz"
 
-echo "Creating actions-runner directory for the GH Action installtion"
+echo "Setting up GH Actions runner tool cache"
+# Required for various */setup-* actions to work, location is also know by various environment
+# variable names in the actions/runner software : RUNNER_TOOL_CACHE / RUNNER_TOOLSDIRECTORY / AGENT_TOOLSDIRECTORY
+# Warning, not all setup actions support the env vars and so this specific path must be created regardless
+mkdir -p /opt/hostedtoolcache
+
+echo "Creating actions-runner directory for the GH Action installation"
 cd /opt/
 mkdir -p actions-runner && cd actions-runner
 
+
 if [[ -n "$RUNNER_TARBALL_URL" ]]; then
   echo "Downloading the GH Action runner from $RUNNER_TARBALL_URL to $file_name"
   curl -o $file_name -L "$RUNNER_TARBALL_URL"
@@ -47,3 +54,4 @@ fi
 
 echo "Set file ownership of action runner"
 chown -R "$user_name":"$user_name" .
+chown -R "$user_name":"$user_name" /opt/hostedtoolcache