On-demand self-hosted Huawei Cloud ECS runner for GitHub Actions
Start your ECS self-hosted runner right before you need it. Run the job on it. Finally, stop it when you finish. And all this automatically as a part of your GitHub Actions workflow.
This project was forked from machulav/ec2-github-runner with modifications.
See below the YAML code of the depicted workflow.
Use the following steps to prepare your workflow for running on your ECS self-hosted runner:
1. Prepare IAM user with access keys
- Create new acccess keys for the new or an existing IAM user with required ECS server adminstrator permisions.
- Add the keys to GitHub secrets
2. Prepare GitHub personal access token
- Create a new GitHub personal access token with the repo scope. The action will use the token for self-hosted runners management in the GitHub account on the repository level.
- Add the token to GitHub secrets.
3. Prepare ECS image (optional)
- You can use the default Ubuntu/CentOS image, but it's recommended to create your own image with Docker pre-installed.
4. Prepare VPC with subnet and security group
- Create a new VPC and a new subnet in it. Or use the existing VPC and subnet.
- Create a new security group for the runners in the VPC. Only the outbound traffic on port 443 should be allowed for pulling jobs from GitHub. No inbound traffic is required.
5. Configure the GitHub workflow
- Create a new GitHub Actions workflow or edit the existing one.
- Use the documentation and example below to configure your workflow.
- Please don't forget to set up a job for removing the ECS instance at the end of the workflow execution. Otherwise, the ECS instance won't be removed and continue to run even after the workflow execution is finished.
Name | Required | Description |
---|---|---|
mode |
Always required. | Specify here which mode you want to use: - start - to start a new runner; - stop - to stop the previously created runner. |
github-token |
Always required. | GitHub Personal Access Token with the repo scope assigned. |
huawei-cloud-ak |
Always required. | Huawei Cloud AK |
huawei-cloud-sk |
Always required. | Huawei Cloud SK |
project-id |
Always required. | Huawei Cloud project id |
availability-zone |
Alwasy required. | ECS availability zone |
ecs-image-id |
Required if you use the start mode. |
ECS Image Id. The new runner will be launched from this image. The action is compatible with Ubuntu/CentOS images. |
ecs-instance-type |
Required if you use the start mode. |
ECS Instance Type. |
vpc-id |
This input is required if you use the start mode. |
VPC Id |
subnet-id |
Required if you use the start mode. |
VPC Subnet Id. The subnet should belong to the same VPC as the specified security group. |
security-group-id |
Required if you use the start mode. |
ECS Security Group Id. The security group should belong to the same VPC as the specified subnet. Only the outbound traffic for port 443 should be allowed. No inbound traffic is required. |
label |
Required if you use the stop mode. |
Name of the unique label assigned to the runner. The label is provided by the output of the action in the start mode. The label is used to remove the runner from GitHub when the runner is not needed anymore. |
ecs-instance-id |
Required if you use the stop mode. |
ECS Instance Id of the created runner. The id is provided by the output of the action in the start mode. The id is used to terminate the ECS instance when the runner is not needed anymore. |
count |
Not required | ECS instance count, defaults to 1 |
server-tags |
Optional. Used only with the start mode. |
Specifies tags to add to the ECS instance and any attached storage. This field is a stringified JSON array of tag objects, each containing a key and value field (see example below). |
The runners created by this action will have self-hosted
and huaweicloud
labels, you can use them in runs-on
.
The workflow showed in the picture above and declared in do-the-job.yml
looks like this:
name: do-the-job
on: [push]
jobs:
start-runner:
name: Start self-hosted ECS runner
runs-on: ubuntu-latest
outputs:
label: ${{ steps.start-ecs-runner.outputs.label }}
ecs-instance-id: ${{ steps.start-ecs-runner.outputs.ecs-instance-id }}
steps:
- uses: actions/checkout@v2
- name: Start ECS runner
id: start-ecs-runner
uses: messense/huaweicloud-github-runner@main
with:
mode: start
github-token: ${{ secrets.GH_PAT }}
huawei-cloud-ak: ${{ secrets.HUAWEI_CLOUD_AK }}
huawei-cloud-sk: ${{ secrets.HUAWEI_CLOUD_SK }}
project-id: ${{ secrets.PROJECT_ID }}
availability-zone: ap-southeast-1b
ecs-image-id: 93b1fc8d-ee4e-4126-950e-8f4404408acc
ecs-instance-type: kc1.large.2
vpc-id: ${{ secrets.VPC_ID }}
subnet-id: ${{ secrets.SUBNET_ID }}
security-group-id: ${{ secrets.SECURITY_GROUP_ID }}
do-the-job:
name: Do the job on the runner
needs: start-runner
runs-on: ${{ needs.start-runner.outputs.label }}
steps:
- name: Hello World
run: echo 'Hello World!'
stop-runner:
name: Stop self-hosted ECS runner
needs: [start-runner, do-the-job]
runs-on: ubuntu-latest
if: ${{ always() }}
steps:
- uses: actions/checkout@v2
- name: Stop ECS runner
if: ${{ needs.start-runner.outputs.ecs-instance-id }}
uses: messense/huaweicloud-github-runner@main
with:
mode: stop
github-token: ${{ secrets.GH_PAT }}
huawei-cloud-ak: ${{ secrets.HUAWEI_CLOUD_AK }}
huawei-cloud-sk: ${{ secrets.HUAWEI_CLOUD_SK }}
project-id: ${{ secrets.PROJECT_ID }}
availability-zone: ap-southeast-1b
label: ${{ needs.start-runner.outputs.label }}
ecs-instance-id: ${{ needs.start-runner.outputs.ecs-instance-id }}
This work is released under the MIT license. A copy of the license is provided in the LICENSE file.