Skip to content

Commit

Permalink
Merge pull request #15 from wainersm/updates
Browse files Browse the repository at this point in the history
Update docs regarding expired tokens
  • Loading branch information
wainersm authored Aug 6, 2024
2 parents 684f4a9 + 9ee653b commit 02e5c59
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 10 deletions.
28 changes: 20 additions & 8 deletions github/azure-self-hosted-runners/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,15 @@ The application is deployed as an [ACI](https://azure.microsoft.com/en-us/produc

### Deployment

Github tokens (see above) need to be passed to Garm via tf variables, either by creating a `tf/terraform.tfvars` or specifying it on the cli:
Github tokens (see above) are passed to Garm via Azure Key Vault secrets. So first you should put the tokens as secrets in
a Key Vault. The Key Vault id is then passed to terraform either by creating a `tf/terraform.tfvars` or specifying it on the cli:

```hcl
github_tokens = [
{
name = "some name"
token = "abc123"
},
]
github_token_key_vault_id = "the vault id"
```

```bash
terraform apply -var='github_tokens=[{"name":"some name","token":"abc123"}]'
terraform apply -var='github_token_key_vault_id="the vault id"'
```

## Configuration
Expand Down Expand Up @@ -125,3 +121,19 @@ $ az container logs -g garm -n garm-kg1ocu --container-name garm --follow
}
127.0.0.1 - - [02/Jun/2023:13:01:21 +0000] "GET /api/v1/metadata/runner-registration-token/ HTTP/1.1" 200 29 "" "curl/7.81.0"
```

## Updating expired Github tokens

The Github tokens should be updated in the Garm installation from time-to-time because they expire. You will need to re-generate the expired token(s) first.

Then you will need to update its value on the Key Vault. For example, suppose the new token is "github_pat_xxxxxxxx", to update the "garm" secret in the "garm-github-tokens" vault:

```
$ az keyvault secret set --value github_pat_xxxxxxxx --name garm --vault-name garm-github-tokens
```

Finally you will need to re-deploy Garm:

```bash
$ terraform apply
```
4 changes: 2 additions & 2 deletions github/azure-self-hosted-runners/tf/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@ variable "vm_location" {

variable "garm_image" {
type = string
default = "ghcr.io/confidential-containers/garm:main"
default = "ghcr.io/confidential-containers/garm@sha256:c79f9231ef52e8be9141623e3ef67bae0ab373e4ad5b0b6cee78e20fb54f994c"
description = "Container image for garm"
}

variable "caddy_image" {
type = string
default = "caddy:2.6.4"
default = "ghcr.io/confidential-containers/caddy:2.6.4"
description = "Container image for caddy"
}

Expand Down

0 comments on commit 02e5c59

Please sign in to comment.