Feature: GitHub runner as systemd service

.github/workflows/tests.yml

@@ -1,14 +1,17 @@
 name: tests
 
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-    branchs:
-      - 'feature/**'
-      - 'fix/**'
-      - 'refactor/**'
+
+on: workflow_dispatch
+# on:
+#   push:
+#     branches:
+#       - main
+#   pull_request:
+#     branchs:
+#       - 'feature/**'
+#       - 'fix/**'
+#       - 'refactor/**'
+
 
 
 jobs:
@@ -19,19 +22,105 @@ jobs:
       - name: checkout PR merge commit
         uses: actions/checkout@v3
 
-      - name: Rodar um echo
-        run: echo 'teste'
+      - name: Executa um echo
+        run: echo 'Olá mundo!'
 
-      - name: Executa docker do host
+      - name: Testes de esforço
         run: |
-          # sudo apt-get install -y podman
-          docker pull alpine
-          docker images
-          docker info
+          docker \
+            run \
+            -t \
+            --rm \
+            polinux/stress-ng \
+              --cpu 4 \
+              --io 4 \
+              --vm 2 \
+              --vm-bytes 128M \
+              --fork 4 \
+              --timeout 10s
+
+      - name: Executa GNU hello e python3
+        run: |
+          hello
+          python --version
 
-      - name: Run alpine OCI image with docker and metadatas
+      - name: Metadatas
         run: |
-          docker run alpine cat /etc/os*release
           cat /etc/os*release
+          echo           
+          # cat /etc/group
           uname -a
-          nix flake metadata nixpkgs
+          echo 
+          id
+          echo 
+          pwd
+          echo 
+          ls -alh
+          echo 
+          nproc
+          echo 
+          free -h
+          echo 
+          # sudo id
+          # A ideia aqui é testar persistência de estado
+          cat $HOME/logs.txt || true
+          echo FOO-BAR > $HOME/logs.txt
+
+      - name: Testes sobre docker
+        run: |
+          # env | sort
+          # touch /dev/kvm
+          which docker
+          readlink -f $(which docker)
+          docker --version
+          docker info
+          docker images
+          docker run --rm alpine cat /etc/os-release
+          docker images
+          docker build --tag custom-python .
+          docker images
+
+      - name: Testes sobre /dev/kvm
+        run: |
+          id
+          docker run --privileged=true --rm \
+          alpine sh -c 'id && touch /dev/kvm && stat /dev/kvm'
+
+      - name: Testes sobre DinD
+        run: |
+          docker rm --force dind-container || true
+          docker \
+          run \
+          --device=/dev/kvm \
+          -d \
+          -t \
+          --name=dind-container --rm \
+          -v /var/run/docker.sock:/var/run/docker.sock \
+          docker:24.0.7-dind-alpine3.18 \
+          tail -f /dev/null
+          echo 
+          docker \
+          exec \
+          -t \
+          dind-container \
+          /bin/sh \
+          -c \
+          'docker run -t --rm alpine cat /etc/os-release'
+
+      - name: Testes sobre PinD
+        run: |
+          docker \
+          run \
+          --privileged=true \
+          --rm \
+          quay.io/podman/stable \
+          podman run quay.io/podman/hello
+
+      - name: Mais metadados
+        run: |
+           nix flake --version
+           nix flake metadata nixpkgs
+           echo
+           nix build --no-link --print-out-paths nixpkgs#dockerTools.examples.redis
+           echo
+           nix build --no-link --print-out-paths --rebuild nixpkgs#dockerTools.examples.redis

Dockerfile

@@ -0,0 +1,32 @@
+FROM python:3.9-slim-buster
+
+
+# Set python environment variables
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONUNBUFFERED 1
+ENV PIP_NO_CACHE_DIR 0
+ENV PIP_DISABLE_PIP_VERSION_CHECK 1
+
+ENV USER app_user
+
+WORKDIR /home/app_user
+
+RUN apt-get update \
+ && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --no-install-suggests -y \
+    ca-certificates \
+ && apt-get -y autoremove \
+ && apt-get -y clean  \
+ && rm -rf /var/lib/apt/lists/*
+
+RUN addgroup app_group \
+ && adduser \
+    --quiet \
+    --disabled-password \
+    --shell /bin/bash \
+    --home /home/app_user \
+    --gecos "User" app_user \
+    --ingroup app_group \
+ && chmod 0700 /home/app_user \
+ && chown --recursive app_user:app_group /home/app_user
+
+CMD ["/bin/bash"]

README.md

@@ -42,4 +42,40 @@ source .env
 ```bash
 source .env
 RUNNER_SCOPE="org" SCOPE_TARGET="imobanco" bash ./ops/bash/entrypoint.sh
-```
+```
+
+
+# github self-hosted runner em uma máquina virtual NixOS usando systemd
+
+
+Gerar token:
+- onde gerar: https://github.com/settings/tokens
+- com os seguintes checks: https://github.com/myoung34/docker-github-actions-runner/wiki/Usage#token-scope
+
+
+Como o copy/paste está quebrado nesse momento, é necessário
+clonar o repositório.
+```bash
+nix flake clone 'git+ssh://git@github.com/imobanco/github-ci-runner.git' --dest github-ci-runner \
+&& cd github-ci-runner 1>/dev/null 2>/dev/null \
+&& git checkout feature/github-runner-as-systemd-service \
+&& (direnv --version 1>/dev/null 2>/dev/null && direnv allow) \
+|| nix develop --command $SHELL
+```
+
+
+Por hora está sendo feito um hardcode do PAT. 
+Cole o valor do seu PAT no script `run-github-runner`.
+
+
+Após adicionar o PAT:
+```bash
+rm -fv nixos.qcow2;  
+env NIXPKGS_ALLOW_UNFREE=1 \
+NIXPKGS_ALLOW_INSECURE=1 \
+nix run --impure --refresh --verbose .#vm
+```
+
+O histórico é populado com comandos úteis.
+Usar seta para cima e enter.
+