Copyright (c) 2020-2025 Antmicro
The aim of this project is to simplify the deployment of Antmicro's GitHub Actions runner and to describe the virtual resources according to IaC principles.
In order to deploy the infrastructure, make sure that the service account has the following roles assigned:
- Compute Admin for creating and managing resources within the Compute Engine.
- Security Admin for managing IAM policies.
- Service Account Creator for managing the service account linked with the coordinator instance.
- Service Account User for assigning the aforementioned service account to the coordinator instance.
- Service Usage Admin for enabling the necessary APIs.
- (optional) Storage Admin for managing GCS buckets for data archiving purposes e.g. storing job logs.
Note that there is no explicit module-level parameter for passing the project name.
If you don't want Terraform to use the default value,
declare a provider, set the project
argument and pass the provider as a meta-argument to the module declaration.
Changing certain parameters after the module has been applied may result in the necessity to recreate one or more resources. This section is an attempt to document these scenarios.
Changing the gcp_vpc_ipv6
variable will always result in recreation of all subnetworks.
That's because it is not possible to edit the stack type (IPv4 only or dual stack) of the subnetwork
after it has been created.
Therefore, in order to change this particular parameter of a subnetwork, it is necessary to first
remove it and create it again.
For this operation to succeed, the following preconditions must be true:
- no worker instance may be running
- the coordinator instance must be stopped
- the network associated with the coordinator instance must be changed to something else (e.g. default)
Name | Version |
---|---|
terraform | >= 0.13 |
~> 4.42.1 | |
google-beta | ~> 4.42.1 |
Name | Version |
---|---|
~> 4.42.1 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
gcp_arm64_worker_image_name | Name of the image used for worker instances (ARM64) | string |
"" |
no |
gcp_auxiliary_zones | A list of zones where workers can be spawned in case of home zone resource exhaustion (beta) | list(any) |
[] |
no |
gcp_boot_image_bucket_name | Name of the bucket used for uploading and storing boot images | string |
"" |
no |
gcp_build_results_viewer_public_url | Address of build-results-viewer front-end | string |
"" |
no |
gcp_build_results_viewer_url | Address and port of build-results-viewer backend | string |
"" |
no |
gcp_coordinator_boot_image_update | Name of the image to use for updating coordinator boot disk | string |
"" |
no |
gcp_coordinator_disk_image | Name of the image to use for coordinator boot disk - cannot be changed | string |
"projects/debian-cloud/global/images/debian-10-buster-v20210512" |
no |
gcp_coordinator_disk_name_prefix | Defaults to instance name if not specified. | string |
null |
no |
gcp_coordinator_disk_name_suffix | String to append after instance name (useful for managing legacy deployments) | string |
"---boot-disk" |
no |
gcp_coordinator_disk_size | Runner coordinator boot disk size in gigabytes | number |
10 |
no |
gcp_coordinator_disk_type | Runner coordinator boot disk type | string |
"pd-standard" |
no |
gcp_coordinator_log_disk_present | Specify if a sepearate disk for logs should be created and managed | bool |
false |
no |
gcp_coordinator_log_disk_size | Runner coordinator log disk size in gigabytes | number |
10 |
no |
gcp_coordinator_machine_type | Runner coordinator machine type | string |
"n2-standard-4" |
no |
gcp_coordinator_name | Runner coordinator instance name | string |
"gha-runner-coordinator" |
no |
gcp_coordinator_persistent_disk_present | Specify if a sepearate disk for persistent data should be created and managed (beta) | bool |
false |
no |
gcp_coordinator_persistent_disk_size | Runner coordinator persistent disk size in gigabytes (beta) | number |
50 |
no |
gcp_coordinator_reserve_static_internal_ip | Reserve a static IP for coordinator within gcp_subnet |
bool |
false |
no |
gcp_coordinator_scale | Number of runners that coordinator should enable (beta) | number |
"0" |
no |
gcp_coordinator_sif_image_disk_present | Specify if a sepearate disk for image should be attached (beta) | bool |
false |
no |
gcp_coordinator_sif_image_name | Name of the image containing sif image of the coordinator (beta) | string |
"" |
no |
gcp_log_bucket_name | Name of the bucket used for storing log files | string |
null |
no |
gcp_sa_access_scope | API access scope for coordinator service account | string |
"https://www.googleapis.com/auth/compute" |
no |
gcp_service_account | Name component of the service account for coordinator | string |
"gha-runner-coordinator-sa" |
no |
gcp_subnet | Name for VPC network and subnetwork | string |
"gha-runner-net" |
no |
gcp_vpc_ipv6 | Enable external IPv6 access for worker machines | bool |
false |
no |
gcp_vpc_nat_ips | An optional map of IP addresses for use with NAT per region | map(list(string)) |
{} |
no |
gcp_vpc_newbits | The newbits parameter passed to cidrsubnet |
number |
8 |
no |
gcp_vpc_no_firewall | Do not create firewall rules in the dedicated VPC network | bool |
false |
no |
gcp_vpc_prefix | Total CIDR range (the prefix parameter passed to cidrsubnet) |
string |
"10.0.0.0/8" |
no |
gcp_worker_image_name | Name of the image used for worker instances | string |
"" |
no |
gcp_zone | Zone where the coordinator instance, VPC resources and workers will be created | string |
"us-west1-a" |
no |
Name | Description |
---|---|
coordinator_sa | The email address of the service account assigned to the coordinator machine |
coordinator_static_ip | Static IP address of the coordinator machine (null if ephemeral) |
coordinator_vpc_self_link | Self-link to the VPC network of the deployment |