fix: add runner user alias for GARM image compatibility (ISD-5726)#223
Draft
florentianayuwono wants to merge 12 commits into
Draft
fix: add runner user alias for GARM image compatibility (ISD-5726)#223florentianayuwono wants to merge 12 commits into
florentianayuwono wants to merge 12 commits into
Conversation
GARM expects a 'runner' user with /home/runner/actions-runner path. This adds a runner user as an alias to ubuntu (same UID/GID, same home directory) so GARM can boot runners from images produced by this charm without breaking existing GitHub runner charm deployments. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR aims to make images produced by the charm compatible with GARM by introducing a runner user “alias” for the existing ubuntu user in the generated cloud-init, and documenting the change via changelog + version bump.
Changes:
- Add
runneruser creation steps to the cloud-init template (and update the unit test expected script). - Document the GARM compatibility change in
docs/changelog.md. - Bump application version from
0.14.0to0.14.1.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| docs/changelog.md | Adds a changelog entry describing the GARM compatibility change. |
| app/tests/unit/test_openstack_builder.py | Updates expected generated cloud-init script to include runner user alias steps. |
| app/src/github_runner_image_builder/templates/cloud-init.sh.j2 | Adds runner user alias creation logic to the cloud-init script. |
| app/pyproject.toml | Bumps project version to 0.14.1. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ility - Add --non-unique to useradd so the duplicate UID is accepted instead of silently failing - Add symlink /home/runner -> /home/ubuntu so GARM's hardcoded /home/runner/actions-runner path resolves correctly Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Use rmdir guard + ln -sfnT to handle all cases: - No /home/runner: symlink created directly - /home/runner is a symlink: -f replaces it, -T prevents acting as dir target - /home/runner is an empty directory: rmdir removes it, then symlink created - /home/runner is a non-empty directory: rmdir fails silently, ln -sfnT then fails loudly (correct - something unexpected occupies that path) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Comment on lines
+178
to
+180
| # 2>/dev/null || true: ignore errors (e.g. runner user already exists) without failing the script. | ||
| /usr/sbin/useradd --non-unique --uid "$UBUNTU_UID" --gid "$UBUNTU_GID" --no-create-home --home-dir /home/ubuntu runner 2>/dev/null || true | ||
| /usr/sbin/usermod --append --groups docker,microk8s,lxd,sudo runner 2>/dev/null || true |
Comment on lines
+182
to
+186
| # If /home/runner exists as a plain directory (not a symlink), remove it first; otherwise ln -sfnT would | ||
| # create the symlink inside the directory instead of replacing it. | ||
| # -T: treat destination as a file path, never as a directory target (prevents ln from creating the | ||
| # symlink inside /home/runner if it exists as a directory after rmdir fails). | ||
| [ -d /home/runner ] && ! [ -L /home/runner ] && rmdir /home/runner 2>/dev/null || true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
Adds a
runneruser as an alias to theubuntuuser in the cloud-init script. Both users share the same UID, GID, and home directory (/home/ubuntu), so/home/runner/actions-runnerresolves to the same path as/home/ubuntu/actions-runner.Rationale
GARM (GitHub Actions Runner Manager) expects a
runneruser and looks for the runner application at/home/runner/actions-runner. The current image builder only creates anubuntuuser, causing GARM to fail when attempting to boot runners from the produced images.The user alias approach was chosen over alternatives (e.g. an opt-in
garm-supportdatabag field) because it requires a single, minimal change with zero impact on existing deployments.Juju Events Changes
None.
Module Changes
app/src/github_runner_image_builder/templates/cloud-init.sh.j2: Addedrunneruser creation inconfigure_system_users(). The runner user is created with the same UID/GID asubuntuand the same home directory, then added to the same groups (docker, microk8s, lxd, sudo).Library Changes
None.
Checklist
urgent,trivial,senior-review-required,documentation)app/pyproject.toml