chore(scripts): add GitHub runner install script with unzip and awscurl#7
chore(scripts): add GitHub runner install script with unzip and awscurl#7andybrown668 wants to merge 1 commit intomainfrom
Conversation
New script installs self-hosted runner plus apt:unzip and pipx:awscurl for CI workflows. Made-with: Cursor
andybrown668
force-pushed
the
chore/runner-install-deps
branch
from
de307c5 to
1c63a67
Compare
andybrown668
changed the title
There was a problem hiding this comment.
Pull request overview
Adds additional tooling to the self-hosted GitHub Actions runner installation script so CI workflows can rely on unzip and awscurl being available on runner machines.
Changes:
- Installs
unzipandpipxviaapt-get. - Installs
awscurlviapipxand attempts to ensure~/.local/binis on PATH. - Adds checksum validation and runner download/config/service setup in the install script.
| #!/usr/bin/env bash | ||
| # Install and configure a GitHub Actions self-hosted runner on Ubuntu. | ||
| # Repo: https://github.com/wasabi/rustfs | ||
| # Prompts for runner token and runner name; adds labels 'ubicloud-standard-2' and 'ubicloud-standard-4 '; uses default group. |
There was a problem hiding this comment.
The header comment has an extra trailing space in the label name ('ubicloud-standard-4 '). This looks like a typo and could confuse readers about the actual label being applied; update the comment to match RUNNER_LABELS exactly.
| # Prompts for runner token and runner name; adds labels 'ubicloud-standard-2' and 'ubicloud-standard-4 '; uses default group. | |
| # Prompts for runner token and runner name; adds labels 'ubicloud-standard-2' and 'ubicloud-standard-4'; uses default group. |
| pipx ensurepath | ||
|
|
There was a problem hiding this comment.
pipx ensurepath updates shell startup files, but GitHub Actions steps on self-hosted runners typically run in non-login, non-interactive shells and the runner itself is started via systemd. As a result, this usually won’t make awscurl discoverable in job steps. Prefer making awscurl available in a PATH location that the runner service and steps will actually see (e.g., install/symlink into /usr/local/bin, or set PATH explicitly in the runner systemd service environment).
| pipx ensurepath | |
| # Ensure awscurl is available on PATH for the GitHub runner service | |
| PIPX_BIN_DIR="$(pipx environment --value PIPX_BIN_DIR 2>/dev/null || echo "$HOME/.local/bin")" | |
| if [ -x "${PIPX_BIN_DIR}/awscurl" ]; then | |
| echo "Linking awscurl into /usr/local/bin for runner PATH..." | |
| sudo ln -sf "${PIPX_BIN_DIR}/awscurl" /usr/local/bin/awscurl | |
| else | |
| echo "Warning: awscurl binary not found in ${PIPX_BIN_DIR}; it may not be available in runner PATH." | |
| fi |
|
|
||
| # Validate hash | ||
| echo "Validating checksum..." | ||
| echo "${RUNNER_SHA256} ${RUNNER_TAR}" | shasum -a 256 -c |
There was a problem hiding this comment.
Checksum verification uses shasum -a 256 -c, but shasum is not guaranteed to be present on a fresh Ubuntu install (whereas sha256sum from coreutils generally is). This can cause the installer to fail even when the download is correct; consider switching to sha256sum -c (or adding a small fallback that tries sha256sum then shasum).
| echo "${RUNNER_SHA256} ${RUNNER_TAR}" | shasum -a 256 -c | |
| if command -v sha256sum >/dev/null 2>&1; then | |
| echo "${RUNNER_SHA256} ${RUNNER_TAR}" | sha256sum -c - | |
| elif command -v shasum >/dev/null 2>&1; then | |
| echo "${RUNNER_SHA256} ${RUNNER_TAR}" | shasum -a 256 -c - | |
| else | |
| echo "Error: neither 'sha256sum' nor 'shasum' is available to verify the runner checksum." >&2 | |
| exit 1 | |
| fi |
| sudo apt-get update -qq | ||
| sudo apt-get install -y unzip pipx | ||
| echo "Installing awscurl via pipx..." | ||
| pipx install awscurl |
There was a problem hiding this comment.
pipx install awscurl will exit non-zero if awscurl is already installed, and set -e will abort the whole script on re-runs. If re-running this installer is expected, make the awscurl installation idempotent (e.g., detect existing install and upgrade/skip, or use the appropriate pipx option to overwrite).
| pipx install awscurl | |
| pipx install --force awscurl |
| pipx ensurepath | ||
|
|
||
| # Prompt for token | ||
| read -r -p "Runner token: " RUNNER_TOKEN |
There was a problem hiding this comment.
The runner registration token is read with a normal read, which echoes the token as it’s typed and can leak it via terminal scrollback/recording. Use a silent prompt for secrets (and print a newline afterwards) to reduce accidental exposure.
| read -r -p "Runner token: " RUNNER_TOKEN | |
| read -r -s -p "Runner token: " RUNNER_TOKEN | |
| echo |
Type of Change
Related Issues
N/A
Summary of Changes
Adds
unzip(via apt) andawscurl(via pipx) to the GitHub Actions self-hosted runner install script. These tools are required by CI workflows that run on self-hosted runners.apt-get install -y unzip pipx(pipx needed for awscurl)pipx install awscurlpipx ensurepathso~/.local/binis on PATH for job stepsChecklist
make pre-commitImpact
Additional Notes
Verification: run
./scripts/install-github-runner.shon a fresh Ubuntu VM; after the deps step,unzip --versionandawscurl --helpshould succeed.Thank you for your contribution! Please ensure your PR follows the community standards (CODE_OF_CONDUCT.md) and sign the CLA if this is your first contribution.