Document self-hosted runners

Author: sdarwin

README.md

@@ -1,16 +1,147 @@
+# Github Actions Self-Hosted Runners
 
-### Introduction
+[The C++ Alliance](https://cppalliance.org/) is offering a service to Boost C++ repositories, enabling Github Actions workflows to be processed on AWS hosted runners.
 
-[GitHub Actions](https://github.com/features/actions) makes it easy to automate all your software workflows with world-class CI/CD. Build, test, and deploy your code right from GitHub. [The C++ Alliance](https://cppalliance.org/) has been working on a project to translate pre-existing .travis.yml files into GitHub Actions format for Boost Libraries.  
+Often the standard Github runners are slow and unresponsive. Github throttles the number of simultaneous jobs. The monthly quota gets used up. By switching to self-hosted runners, CI can continue at a faster pace.
 
-### Instructions
+We have implemented a feature to globally switch the service ON or OFF. At the beginning of the month, or when Github is running smoothly, the jobs may be hosted on the normal Github runners. If things are moving slowly we will switch to the AWS machines. There is an opportunity to fine-tune the switch by adding logic that queries the Github API and makes intelligent decisions based on when the queues are busy.   
 
-There are different options to consider.  
+## Instructions
 
-1. If your .travis.yml has been kept reasonably up-to-date and/or contains customized tests, then the provided ci.yml is a convenient choice. It includes the same jobs as before. Merge the pull request which creates a .github/workflows/ci.yml file. Push another commit or pull request to trigger the CI tests. The same tests which passed on travis should be successful on GitHub Actions immediately.  
+Modify your github actions workflow file, usually located at .github/workflows/ci.yml. A script has been provided in this repository [scripts/update_workflow.py](scripts/update_workflow.py) that will do most of the work if the ci.yml has a common format similar to boostorg/system. Otherwise, the updates can be made without using the script.  
 
-2. Another option, if your .travis.yml file is not current, could be to replace the entire workflow. In that case, do not merge the pull request. Copy a new template file from https://github.com/boostorg/boost-ci/blob/master/.github/workflows/ci.yml to your repository at .github/workflows/ci.yml. This may require debugging, it is not guaranteed to pass right away. The advantage of this choice is you will now have a relatively complete set of tests, if the previous .travis.yml file was not very extensive.  
+LINUX:  
 
-3. Yet another option is a hybrid approach. Start with either of the files mentioned above. Copy-and-paste sections from the other file.  
+Copy the script into your $PATH. For example:  
 
-If you have any questions or problems, please open an Issue in this github repo.  
+```
+cp scripts/update_workflow.py /usr/local/bin/update_workflow.py
+``` 
+
+Run the script:
+
+```
+update_workflow.py .github/workflows/ci.yml
+```
+
+WINDOWS:  
+
+It may be necessary on Windows to execute the script with the `python` executable:
+
+```
+python update_workflow.py _target_file_
+```
+
+In either case, it should create a .orig backup file. After running the script, check the updates, and fix anything that's missing.  
+
+```
+diff .github/workflows/ci.yml.orig .github/workflows/ci.yml
+```
+
+These modifications should have been made in the workflow file:  
+
+- In the matrix section, quote the operating system labels. That is 'ubuntu-latest' or 'ubuntu-22.04'. Don't leave them as plain text ubuntu-latest. (The need for this change may depend on whether you have sections of json in the workflow or it is completely yaml format).  
+
+- Add a `runner-selection` job:
+
+```
+jobs:
+  runner-selection:
+    # runs-on: ubuntu-latest
+    runs-on: ${{ github.repository_owner == 'boostorg' && fromJSON('[ "self-hosted", "linux", "x64", "ubuntu-latest-aws" ]') || 'ubuntu-latest' }}
+    outputs:
+      labelmatrix: ${{ steps.aws_hosted_runners.outputs.labelmatrix }}
+    steps:
+      - name: AWS Hosted Runners
+        id: aws_hosted_runners
+        uses: cppalliance/[email protected]
+```
+
+The initial runner-selection job may run on either a self-hosted or GitHub host. There are pros and cons to each. Consider both options and set the one you prefer. If GitHub is being responsive and everything is pointed to using GitHub, a self-hosted runner at the first step causes a delay. If GitHub is slow and everything is pointed to AWS, then it's faster to use self-hosted.  
+
+- Set the `runs-on` and `needs` configuration in all jobs:  
+
+```
+needs: [runner-selection]
+runs-on: ${{ fromJSON(needs.runner-selection.outputs.labelmatrix)[matrix.os] }}
+```
+
+In the above example, notice where it says "matrix.os". That is whatever the runner label had been before.  
+
+If a job specified the exact label 'ubuntu-22.04', then the section should be:  
+
+```
+needs: [runner-selection]
+runs-on: ${{ fromJSON(needs.runner-selection.outputs.labelmatrix)['ubuntu-22.04'] }}
+```
+
+After `update_workflow.py` has completed you may modify ci.yml manually to adjust anything.  
+
+If specific jobs should be excluded add '-no-aws' to the label, such as 'ubuntu-latest-no-aws'. `runner-selection` will resolve that back to 'ubuntu-latest'.  
+
+## Supported Runners
+
+The list of runner images and installed packages may be found at https://github.com/cppalliance/terraform-aws-github-runner/blob/cppal/images in the *-cppal files.
+
+| AMI Images |
+| ---------- |
+| ubuntu-bionic-arm64-cppal |
+| ubuntu-bionic-cppal |
+| ubuntu-focal-arm64-cppal |
+| ubuntu-focal-cppal |
+| ubuntu-jammy-arm64-cppal |
+| ubuntu-jammy-cppal |
+| windows-2019-cppal |
+| windows-2022-cppal |
+
+Linux:
+
+| Runner Label  |
+| ------------- |
+| ubuntu-20.04 |
+| ubuntu-22.04, ubuntu-latest |
+
+Windows:
+
+| Runner Label  | Visual Studio |
+| ------------- | ------------- |
+| windows-2019 | msvc-14.0 |
+| windows-2019 | msvc-14.1 |
+| windows-2019 | msvc-14.2 |
+| windows-2022, windows-latest | msvc-14.3 |
+
+Mac:
+
+| Runner Label  |
+| ------------- |
+| macos-11 |
+| macos-12, macos-latest |
+
+MacOS is not being hosted currently. Those jobs will continue to use Github runners instead of AWS.
+
+## GitHub App
+
+A "GitHub App" called "Terraform-AWS-Runners-Boost" should already be installed at the Organization level. However, it must also be installed to each repository that will use self-hosted runners. Contact an organization-level administrator so they can modify the install settings of the GitHub App and include the repository.  Admin instructions are covered in [docs/admin-guide.md](docs/admin-guide.md)
+
+## Advanced Configuration  
+
+### Temporarily disable self-hosted runners
+
+To ensure self-hosted runners are not used, modify the runner selection:  
+- `run-on` a GitHub runner 
+- self_hosted_runners_override set to 'false'
+
+```
+jobs:
+  runner-selection:
+    runs-on: ubuntu-latest
+    # runs-on: [ self-hosted, linux, x64, ubuntu-latest-aws ]
+    outputs:
+      labelmatrix: ${{ steps.aws_hosted_runners.outputs.labelmatrix }}
+    steps:
+      - name: AWS Hosted Runners
+        id: aws_hosted_runners
+        uses: cppalliance/[email protected]
+          with:
+          self_hosted_runners_override: 'false'
+```

docs/admin-guide.md

@@ -0,0 +1,47 @@
+
+## Admin Instructions
+
+The project is based on "Terraform module for scalable self hosted GitHub action runners" https://github.com/philips-labs/terraform-aws-github-runner . CPPAlliance is maintaining a fork of that repo with updated AMI images and runner configurations at https://github.com/cppalliance/terraform-aws-github-runner
+
+### Create a GitHub App  
+
+This is a one-time action. Replace "boostorg" in the following steps if another organization is being used.  
+
+Go to the GitHub Apps setting page https://github.com/organizations/boostorg/settings/apps (This page may also be reached from Settings https://github.com/organizations/boostorg/settings and then navigate to Developer Settings -> GitHub Apps)
+
+In the Management section, add other admin users. Most steps can be done by a delegated user, except the final installation.  
+
+Click "New GitHub App" to create a new GitHub App.  
+
+On the "General" page of the app:  
+
+Name: Terraform-AWS-Runners-Boost  
+Description: Self-hosted github actions runners  
+Homepage URL: https://github.com/cppalliance/githubactions  
+  
+Webhook:  
+Active: Check this box  
+Webhook URL: fill in the value from Terraform  
+Webhook secret: fill in the value from Terraform  
+
+Under Private Keys click "Generate a private key". Download a private key. The key and the "App ID:" at the top of the page will be entered in Terraform.
+
+Click "Save Changes"  
+
+On the "Permissions and Events" page of the app, under Repository Permissions:  
+Actions: Read-Only  
+Administration: Read and Write  
+Checks: Read-Only  
+Metadata: Read-Only  
+
+Subscribe to Events:  
+choose Workflow Job  
+
+Click "Save Changes"  
+
+## Install the App
+
+In the "Install App" page of the app configuration, choose the Organization and then the target repositories. This step must be done by an organization administrator.  
+
+Only apply the app to selected repositories, not the entire organization. Whenever a repository will add self-hosted runners the organization administrator must modify the installation setting.  
+

scripts/update_workflow.py

@@ -0,0 +1,92 @@
+#!/usr/bin/python3
+
+# 
+# update_workflow.py
+# 
+# Modifies github actions workflows to use self-hosted runners.
+#
+# python3 update_workflow.py __path_to_ci_file__
+#
+
+import sys
+import re
+import shutil
+
+targetfile=sys.argv[1]
+
+shutil.copyfile(targetfile, targetfile + '.orig')
+
+with open(targetfile, 'r') as file:
+    data = file.read()
+
+# Add single quotes around operating system names if they are missing. 'ubuntu-latest'
+
+data=re.sub(
+    pattern=r'([^"\'])(\S*)-latest([^"\'])',
+    repl='\\1\'\\2-latest\'\\3',
+    string=data
+)
+
+data=re.sub(
+    pattern=r'([^"\'])ubuntu-(\d\d)\.(\d\d)([^"\'])',
+    repl='\\1\'ubuntu-\\2.\\3\'\\4',
+    string=data
+)
+
+data=re.sub(
+    pattern=r'([^"\'])windows-(\d{4})([^"\'])',
+    repl='\\1\'windows-\\2\'\\3',
+    string=data
+)
+
+data=re.sub(
+    pattern=r'([^"\'])macos-(\d{2})([^"\'])',
+    repl='\\1\'macos-\\2\'\\3',
+    string=data
+)
+
+data=re.sub(
+    pattern=r'([^\S\r\n]*)runs-on: \${{\s*matrix.os\s*}}',
+    repl='\\1needs: [runner-selection]\n\\1runs-on: ${{ fromJSON(needs.runner-selection.outputs.labelmatrix)[matrix.os] }}',
+    string=data
+)
+
+data=re.sub(
+    pattern=r"([^\S\r\n]*)runs-on:(\s*)('ubuntu.*').*",
+    repl='\\1needs: [runner-selection]\n\\1runs-on: ${{ fromJSON(needs.runner-selection.outputs.labelmatrix)[\\3] }}',
+    string=data
+)
+
+data=re.sub(
+    pattern=r"([^\S\r\n]*)runs-on:(\s*)('windows.*').*",
+    repl='\\1needs: [runner-selection]\n\\1runs-on: ${{ fromJSON(needs.runner-selection.outputs.labelmatrix)[\\3] }}',
+    string=data
+)
+
+data=re.sub(
+    pattern=r"([^\S\r\n]*)runs-on:(\s*)('mac.*').*",
+    repl='\\1needs: [runner-selection]\n\\1runs-on: ${{ fromJSON(needs.runner-selection.outputs.labelmatrix)[\\3] }}',
+    string=data
+)
+
+job_to_include="""
+  runner-selection:
+    # runs-on: ubuntu-latest
+    runs-on: ${{ github.repository_owner == 'boostorg' && fromJSON('[ "self-hosted", "linux", "x64", "ubuntu-latest-aws" ]') || 'ubuntu-latest' }}
+    outputs:
+      labelmatrix: ${{ steps.aws_hosted_runners.outputs.labelmatrix }}
+    steps:
+      - name: AWS Hosted Runners
+        id: aws_hosted_runners
+        uses: cppalliance/[email protected]
+"""
+
+data=re.sub(
+    pattern=r'(jobs:)',
+    repl='\\1' + job_to_include,
+    string=data
+)
+
+f = open(targetfile, "w")
+f.write(data)
+f.close()