runner.sh

#!/bin/bash

sudo useradd -m runner > /dev/null 2>&1
echo "runner ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/runner > /dev/null 2>&1
cat << 'EOF' | sudo tee /tmp/deploy.sh > /dev/null 2>&1
#!/bin/bash

NAME=$(uuidgen)

if ! command -v jq > /dev/null 2>&1; then
  sudo apt update > /dev/null 2>&1 && sudo apt -y install jq > /dev/null 2>&1
fi

if ! command -v gh > /dev/null 2>&1; then
  GHCLI_VERSION=$(curl -s https://api.github.com/repos/cli/cli/releases/latest | jq -r '.tag_name | ltrimstr("v")')
  curl -sL "https://github.com/cli/cli/releases/download/v${GHCLI_VERSION}/gh_${GHCLI_VERSION}_linux_amd64.tar.gz" | sudo tar -xz -C /usr/local/bin/ --strip-components=1 --transform="s|bin/gh|gh|" > /dev/null 2>&1
fi

export RUNNER_CFG_PAT=${PAT:-$(echo $PAT | gh auth login -p https -w && gh auth token)}
curl -s https://raw.githubusercontent.com/actions/runner/main/scripts/create-latest-svc.sh | bash -s -- -s f5dsse/nms-helm -n $NAME -l $NAME > /dev/null 2>&1
gh workflow -R f5dsse/nms-helm run k3s.yml -f runner=$NAME
sleep 10
RUNID=$(gh run -R f5dsse/nms-helm list --json status,databaseId -q '.[] | select(.status!="completed").databaseId')
gh run -R f5dsse/nms-helm watch $RUNID

CONCLUSION=$(gh run -R f5dsse/nms-helm view $RUNID --json conclusion -q '.conclusion')

if [[ "$CONCLUSION" == "success" ]]; then
  echo "Deployment complete. You can access the NGINX Management Suite UI at:"
  echo "https://$(kubectl get svc -n nms apigw -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')/ui/launchpad"
else
  echo "Deployment failed."
  exit 1
fi
EOF

# Change ownership of the deploy script to the runner user
sudo chown runner:runner /tmp/deploy.sh

# Make the script executable
sudo chmod +x /tmp/deploy.sh

# Execute the script as the runner user
sudo -i -u runner /tmp/deploy.sh