feat: Introduce Amazon Linux 2023 ARM image

dimamo5 · dimamo5 · commit 3d30fc023862 · 2025-09-21T14:35:56.000+01:00
diff --git a/images/linux-al2023-arm/github_agent.linux.pkr.hcl b/images/linux-al2023-arm/github_agent.linux.pkr.hcl
@@ -0,0 +1,204 @@
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 1.0.0"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+variable "runner_version" {
+  description = "The version (no v prefix) of the runner software to install https://github.com/actions/runner/releases. The latest release will be fetched from GitHub if not provided."
+  default     = null
+}
+
+variable "region" {
+  description = "The region to build the image in"
+  type        = string
+  default     = "eu-west-1"
+}
+
+variable "security_group_id" {
+  description = "The ID of the security group Packer will associate with the builder to enable access"
+  type        = string
+  default     = null
+}
+
+variable "subnet_id" {
+  description = "If using VPC, the ID of the subnet, such as subnet-12345def, where Packer will launch the EC2 instance. This field is required if you are using an non-default VPC"
+  type        = string
+  default     = null
+}
+
+variable "associate_public_ip_address" {
+  description = "If using a non-default VPC, there is no public IP address assigned to the EC2 instance. If you specified a public subnet, you probably want to set this to true. Otherwise the EC2 instance won't have access to the internet"
+  type        = string
+  default     = null
+}
+
+variable "instance_type" {
+  description = "The instance type Packer will use for the builder"
+  type        = string
+  default     = "t4g.small"
+}
+
+variable "iam_instance_profile" {
+  description = "IAM instance profile Packer will use for the builder. An empty string (default) means no profile will be assigned."
+  type        = string
+  default     = ""
+}
+
+variable "root_volume_size_gb" {
+  type    = number
+  default = 8
+}
+
+variable "ebs_delete_on_termination" {
+  description = "Indicates whether the EBS volume is deleted on instance termination."
+  type        = bool
+  default     = true
+}
+
+variable "global_tags" {
+  description = "Tags to apply to everything"
+  type        = map(string)
+  default     = {}
+}
+
+variable "ami_tags" {
+  description = "Tags to apply to the AMI"
+  type        = map(string)
+  default     = {}
+}
+
+variable "snapshot_tags" {
+  description = "Tags to apply to the snapshot"
+  type        = map(string)
+  default     = {}
+}
+
+variable "custom_shell_commands" {
+  description = "Additional commands to run on the EC2 instance, to customize the instance, like installing packages"
+  type        = list(string)
+  default     = []
+}
+
+variable "temporary_security_group_source_public_ip" {
+  description = "When enabled, use public IP of the host (obtained from https://checkip.amazonaws.com) as CIDR block to be authorized access to the instance, when packer is creating a temporary security group. Note: If you specify `security_group_id` then this input is ignored."
+  type        = bool
+  default     = false
+}
+
+data "http" github_runner_release_json {
+  url = "https://api.github.com/repos/actions/runner/releases/latest"
+  request_headers = {
+    Accept = "application/vnd.github+json"
+    X-GitHub-Api-Version : "2022-11-28"
+  }
+}
+
+locals {
+  runner_version = coalesce(var.runner_version, trimprefix(jsondecode(data.http.github_runner_release_json.body).tag_name, "v"))
+}
+
+source "amazon-ebs" "githubrunner" {
+  ami_name                                  = "github-runner-al2023-arm64-${formatdate("YYYYMMDDhhmm", timestamp())}"
+  instance_type                             = var.instance_type
+  iam_instance_profile                      = var.iam_instance_profile
+  region                                    = var.region
+  security_group_id                         = var.security_group_id
+  subnet_id                                 = var.subnet_id
+  associate_public_ip_address               = var.associate_public_ip_address
+  temporary_security_group_source_public_ip = var.temporary_security_group_source_public_ip
+
+  source_ami_filter {
+    filters = {
+      name                = "al2023-ami-2023.*-kernel-6.*-arm64"
+      root-device-type    = "ebs"
+      virtualization-type = "hvm"
+    }
+    most_recent = true
+    owners      = ["137112412989"]
+  }
+  ssh_username = "ec2-user"
+  tags = merge(
+    var.global_tags,
+    var.ami_tags,
+    {
+      OS_Version    = "al2023"
+      Release       = "Latest"
+      Base_AMI_Name = "{{ .SourceAMIName }}"
+  })
+  snapshot_tags = merge(
+    var.global_tags,
+    var.snapshot_tags,
+  )
+
+
+  launch_block_device_mappings {
+    device_name           = "/dev/xvda"
+    volume_size           = "${var.root_volume_size_gb}"
+    volume_type           = "gp3"
+    delete_on_termination = "${var.ebs_delete_on_termination}"
+  }
+}
+
+build {
+  name = "githubactions-runner"
+  sources = [
+    "source.amazon-ebs.githubrunner"
+  ]
+  provisioner "shell" {
+    environment_vars = []
+    inline = concat([
+      "sudo dnf upgrade-minimal -y",
+      "sudo dnf install -y amazon-cloudwatch-agent jq git docker",
+      "sudo dnf install -y --allowerasing curl",
+      "sudo systemctl enable docker.service",
+      "sudo systemctl enable containerd.service",
+      "sudo service docker start",
+      "sudo usermod -a -G docker ec2-user",
+    ], var.custom_shell_commands)
+  }
+
+  provisioner "file" {
+    content = templatefile("../install-runner.sh", {
+      install_runner = templatefile("../../modules/runners/templates/install-runner.sh", {
+        ARM_PATCH                       = ""
+        S3_LOCATION_RUNNER_DISTRIBUTION = ""
+        RUNNER_ARCHITECTURE             = "arm64"
+      })
+    })
+    destination = "/tmp/install-runner.sh"
+  }
+
+  provisioner "shell" {
+    environment_vars = [
+      "RUNNER_TARBALL_URL=https://github.com/actions/runner/releases/download/v${local.runner_version}/actions-runner-linux-arm64-${local.runner_version}.tar.gz"
+    ]
+    inline = [
+      "sudo chmod +x /tmp/install-runner.sh",
+      "echo ec2-user > /tmp/install-user.txt",
+      "sudo RUNNER_ARCHITECTURE=arm64 RUNNER_TARBALL_URL=$RUNNER_TARBALL_URL /tmp/install-runner.sh"
+    ]
+  }
+
+  provisioner "file" {
+    content = templatefile("../start-runner.sh", {
+      start_runner = templatefile("../../modules/runners/templates/start-runner.sh", { metadata_tags = "enabled" })
+    })
+    destination = "/tmp/start-runner.sh"
+  }
+
+  provisioner "shell" {
+    inline = [
+      "sudo mv /tmp/start-runner.sh /var/lib/cloud/scripts/per-boot/start-runner.sh",
+      "sudo chmod +x /var/lib/cloud/scripts/per-boot/start-runner.sh",
+    ]
+  }
+
+  post-processor "manifest" {
+    output     = "manifest.json"
+    strip_path = true
+  }
+}
