util: Add action-run.sh to run Action Runners

The "action-run.sh" action replaces inline scripting in the Vagrantfile.

The major improvement is this script runs an infinite loop and
configures the runners to be ephemeral. This means they cease to exist
after a job is complete. The script then cleans the VM workspace and the
loop restarts by configuring and setting up another runner. This means
our VMs no longer accumulate files that eventually lead to the VM
running out of space.

Change-Id: Iba6dc9a480f5805042602f120fc84bdc47a96d55

util/github-runners-vagrant/Vagrantfile

@@ -1,6 +1,9 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 
+PERSONAL_ACCESS_TOKEN="<PERSONAL ACCESS TOKEN>"
+GITHUB_ORG="<GITHUB_ORG>"
+
 Vagrant.configure("2") do |config|
   config.vm.box = "generic/ubuntu2204"
   config.vm.box_check_update = true
@@ -22,27 +25,10 @@ Vagrant.configure("2") do |config|
   config.vm.provision :shell, privileged: false, path: "provision_nonroot.sh"
   # The provision_root.sh adds the vagrant user to the docker group, so we need to reload the VM.
   config.vm.provision :reload
-  config.vm.provision :shell, privileged: false, run: 'always', inline: <<-SHELL
-    if [ -d ~/actions-runner ]; then
-        # This will be run everytime the VM is run (once created).
-        cd actions-runner
-        nohup ./run.sh &
-    else
-        # This will be run the first time the VM is created.
-        mkdir ~/actions-runner && cd ~/actions-runner
-        curl -so actions-runner-linux-x64-2.304.0.tar.gz -L \
-            https://github.com/actions/runner/releases/download/v2.304.0/actions-runner-linux-x64-2.304.0.tar.gz
-        tar xzf ./actions-runner-linux-x64-2.304.0.tar.gz
+  # Copy the "action-run.sh" script from the host to the VM.
+  builder.vm.provision "file", source: "./action-run.sh", destination: "/tmp/action-run.sh"
+  builder.vm.provision :shell, privileged: false,  inline: "cp /tmp/action-run.sh ."
+  # Execute the actions-run.sh script on every boot. This configures the and starts the runner.
+  config.vm.provision :shell, privileged: false, run: 'always', inline: "./action-run.sh #{PERSONAL_ACCESS_TOKEN} #{GITHUB_ORG} >> action-run.log 2>&1 &"
 
-        # configure the runner
-        # echo automatically sets the name of the runner, and the tags
-        # create a personal access token with admin permission and copy it into the curl command
-        echo -ne '\n\nrun\n\n' | ./config.sh --url https://github.com/<GITHUB_ORG> --token $(curl -L \
-            -X POST   -H "Accept: application/vnd.github+json"   -H "Authorization: Bearer <PERSONAL ACCESS TOKEN>" \
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            https://api.github.com/orgs/${GITHUB_ORG}/actions/runners/registration-token | jq -r '.token')
-        # start the runner
-        nohup ./run.sh &
-    fi
-  SHELL
 end

util/github-runners-vagrant/action-run.sh

@@ -0,0 +1,81 @@
+#!/bin/bash
+
+# Copyright (c) 2023 The Regents of the University of California
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met: redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer;
+# redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution;
+# neither the name of the copyright holders nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+set -x
+
+# No argument checking here, this is run directly in the Vagrantfile.
+PERSONAL_ACCESS_TOKEN="$1"
+GITHUB_ORG="$2"
+LABELS="$3"
+WORK_DIR="_work"
+
+# This checks there isn't another instance of this script running.
+# If this script is run twice then more than one runner can be active in the
+# VM and this causes problems.
+if [[ `pgrep -f $0` != "$$" ]]; then
+    echo "Another instance of shell already exist! Exiting"
+    exit
+fi
+
+# If the tarball isn't here then download it and extract it.
+# Note: we don't delete the tarball, we use it to check if we've already
+# downloaded it and extracted it.
+if [ ! -f "actions-runner-linux-x64-2.304.0.tar.gz" ]; then
+    wget https://github.com/actions/runner/releases/download/v2.304.0/actions-runner-linux-x64-2.304.0.tar.gz
+    tar xzf ./actions-runner-linux-x64-2.304.0.tar.gz
+fi
+
+# An infinite loop to re-configure and re-run the runner after each job.
+while true; do
+    # 1. Obtain the registration token.
+    token_curl=$(curl -L \
+    		      -X POST \
+    		      -H "Accept: application/vnd.github+json" \
+    		      -H "Authorization: Bearer ${PERSONAL_ACCESS_TOKEN}" \
+    		      -H "X-GitHub-Api-Version: 2022-11-28" \
+    		      https://api.github.com/orgs/${GITHUB_ORG}/actions/runners/registration-token)
+
+    token=$(echo ${token_curl} | jq -r '.token')
+
+    # 2. Configure the runner.
+    ./config.sh --unattended \
+                --url https://github.com/${GITHUB_ORG} \
+                --ephemeral \
+                --replace \
+                --work "${WORK_DIR}" \
+                --name "$(hostname)" \
+                --labels "${LABELS}" \
+                --token ${token}
+
+    # 3. Run the runner.
+    ./run.sh # This will complete with the runner being destroyed
+
+    # 4. Cleanup the machine
+    rm -rf "${WORK_DIR}"
+    docker system prune --force --volumes
+done