Add new workflow to automate runner updates (#2247)

Co-authored-by: Nikola Jokic <jokicnikola07@gmail.com>

.github/workflows/release-runners.yaml

@@ -3,23 +3,20 @@ name: Runners
 # Revert to https://github.com/actions-runner-controller/releases#releases
 # for details on why we use this approach
 on:
-  # We must do a trigger on a push: instead of a types: closed so GitHub Secrets 
+  # We must do a trigger on a push: instead of a types: closed so GitHub Secrets
   # are available to the workflow run
   push:
     branches:
       - 'master'
     paths:
-      - 'runner/**'
-      - '!runner/Makefile'
-      - '.github/workflows/runners.yaml'
-      - '!**.md'
+      - 'runner/VERSION'
+      - '.github/workflows/release-runners.yaml'
 
 env:
-  # Safeguard to prevent pushing images to registeries after build  
+  # Safeguard to prevent pushing images to registeries after build
   PUSH_TO_REGISTRIES: true
   TARGET_ORG: actions-runner-controller
   TARGET_WORKFLOW: release-runners.yaml
-  RUNNER_VERSION: 2.301.1
   DOCKER_VERSION: 20.10.21
   RUNNER_CONTAINER_HOOKS_VERSION: 0.2.0
 
@@ -28,6 +25,13 @@ jobs:
     name: Trigger Build and Push of Runner Images
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@v3
+      - name: Get runner version
+        id: runner_version
+        run: |
+          version=$(echo -n $(cat runner/VERSION))
+          echo runner_version=$version >> $GITHUB_OUTPUT
+
       - name: Get Token
         id: get_workflow_token
         uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db
@@ -37,6 +41,8 @@ jobs:
           organization: ${{ env.TARGET_ORG }}
 
       - name: Trigger Build And Push Runner Images To Registries
+        env:
+          RUNNER_VERSION: ${{ steps.runner_version.outputs.runner_version }}
         run: |
           # Authenticate
           gh auth login --with-token <<< ${{ steps.get_workflow_token.outputs.token }}
@@ -50,6 +56,8 @@ jobs:
             -f push_to_registries=${{ env.PUSH_TO_REGISTRIES }}
 
       - name: Job summary
+        env:
+          RUNNER_VERSION: ${{ steps.runner_version.outputs.runner_version }}
         run: |
           echo "The [release-runners.yaml](https://github.com/actions-runner-controller/releases/blob/main/.github/workflows/release-runners.yaml) workflow has been triggered!" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY

.github/workflows/update-runners.yaml

@@ -0,0 +1,107 @@
+# This workflows polls releases from actions/runner and in case of a new one it
+# updates files containing runner version and opens a pull request.
+name: Update runners
+
+on:
+  schedule:
+    # run daily
+    - cron: "0 9 * * *"
+  workflow_dispatch:
+
+jobs:
+  # check_versions compares our current version and the latest available runner
+  # version and sets them as outputs.
+  check_versions:
+    runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ github.token }}
+    outputs:
+      current_version: ${{ steps.versions.outputs.current_version }}
+      latest_version: ${{ steps.versions.outputs.latest_version }}
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Get current and latest versions
+        id: versions
+        run: |
+          CURRENT_VERSION=$(echo -n $(cat runner/VERSION))
+          echo "Current version: $CURRENT_VERSION"
+          echo current_version=$CURRENT_VERSION >> $GITHUB_OUTPUT
+
+          LATEST_VERSION=$(gh release list --exclude-drafts --exclude-pre-releases --limit 1 -R actions/runner | grep -oP '(?<=v)[0-9.]+' | head -1)
+          echo "Latest version: $LATEST_VERSION"
+          echo latest_version=$LATEST_VERSION >> $GITHUB_OUTPUT
+
+  # check_pr checks if a PR for the same update already exists. It only runs if
+  # runner latest version != our current version. If no existing PR is found,
+  # it sets a PR name as output.
+  check_pr:
+    runs-on: ubuntu-latest
+    needs: check_versions
+    if: needs.check_versions.outputs.current_version != needs.check_versions.outputs.latest_version
+    outputs:
+      pr_name: ${{ steps.pr_name.outputs.pr_name }}
+    env:
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - name: debug
+        run:
+          echo ${{ needs.check_versions.outputs.current_version }}
+          echo ${{ needs.check_versions.outputs.latest_version }}
+      - uses: actions/checkout@v3
+
+      - name: PR Name
+        id: pr_name
+        env:
+          LATEST_VERSION: ${{ needs.check_versions.outputs.latest_version }}
+        run: |
+          PR_NAME="Update runner to version ${LATEST_VERSION}"
+
+          result=$(gh pr list --search "$PR_NAME" --json number --jq ".[].number" --limit 1)
+          if [ -z "$result" ]
+          then
+            echo "No existing PRs found, setting output with pr_name=$PR_NAME"
+            echo pr_name=$PR_NAME >> $GITHUB_OUTPUT
+          else
+            echo "Found a PR with title '$PR_NAME' already existing: ${{ github.server_url }}/${{ github.repository }}/pull/$result"
+          fi
+
+  # update_version updates runner version in the files listed below, commits
+  # the changes and opens a pull request as `github-actions` bot.
+  update_version:
+    runs-on: ubuntu-latest
+    needs:
+      - check_versions
+      - check_pr
+    if: needs.check_pr.outputs.pr_name
+    permissions:
+      pull-requests: write
+      contents: write
+    env:
+      GH_TOKEN: ${{ github.token }}
+      CURRENT_VERSION: ${{ needs.check_versions.outputs.current_version }}
+      LATEST_VERSION: ${{ needs.check_versions.outputs.latest_version }}
+      PR_NAME: ${{ needs.check_pr.outputs.pr_name }}
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: New branch
+        run: git checkout -b update-runner-$LATEST_VERSION
+      - name: Update files
+        run: |
+          sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/VERSION
+          sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" runner/Makefile
+          sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" Makefile
+          sed -i "s/$CURRENT_VERSION/$LATEST_VERSION/g" test/e2e/e2e_test.go
+
+      - name: Commit changes
+        run: |
+          # from https://github.com/orgs/community/discussions/26560
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config user.name "github-actions[bot]"
+          git add .
+          git commit -m "$PR_NAME"
+          git push -u origin HEAD
+
+      - name: Create pull request
+        run: gh pr create -f

runner/VERSION

@@ -0,0 +1 @@
+2.301.1

runner/actions-runner-dind-rootless.ubuntu-20.04.dockerfile

@@ -1,7 +1,7 @@
 FROM ubuntu:20.04
 
 ARG TARGETPLATFORM
-ARG RUNNER_VERSION=2.301.1
+ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION=0.2.0
 # Docker and Docker Compose arguments
 ENV CHANNEL=stable

runner/actions-runner-dind-rootless.ubuntu-22.04.dockerfile

@@ -1,7 +1,7 @@
 FROM ubuntu:22.04
 
 ARG TARGETPLATFORM
-ARG RUNNER_VERSION=2.301.1
+ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION=0.2.0
 # Docker and Docker Compose arguments
 ENV CHANNEL=stable

runner/actions-runner-dind.ubuntu-20.04.dockerfile

@@ -1,7 +1,7 @@
 FROM ubuntu:20.04
 
 ARG TARGETPLATFORM
-ARG RUNNER_VERSION=2.301.1
+ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION=0.2.0
 # Docker and Docker Compose arguments
 ARG CHANNEL=stable

runner/actions-runner-dind.ubuntu-22.04.dockerfile

@@ -1,7 +1,7 @@
 FROM ubuntu:22.04
 
 ARG TARGETPLATFORM
-ARG RUNNER_VERSION=2.301.1
+ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION=0.2.0
 # Docker and Docker Compose arguments
 ARG CHANNEL=stable

runner/actions-runner.ubuntu-20.04.dockerfile

@@ -1,7 +1,7 @@
 FROM ubuntu:20.04
 
 ARG TARGETPLATFORM
-ARG RUNNER_VERSION=2.301.1
+ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION=0.2.0
 # Docker and Docker Compose arguments
 ARG CHANNEL=stable

runner/actions-runner.ubuntu-22.04.dockerfile

@@ -1,7 +1,7 @@
 FROM ubuntu:22.04
 
 ARG TARGETPLATFORM
-ARG RUNNER_VERSION=2.301.1
+ARG RUNNER_VERSION
 ARG RUNNER_CONTAINER_HOOKS_VERSION=0.2.0
 # Docker and Docker Compose arguments
 ARG CHANNEL=stable