Deploying a self-hosted SourceCraft worker on a Yandex Compute Cloud VM
Self-hosted workers are users’ personal servers, both virtual and physical, on which SourceCraft CI/CD processes run. These processes will have access to the user server environment.
Restrictions on the amount of computing resources do not apply to self-hosted workers, and they also do not consume the total CI/CD runtime quota.
If you have a computer with a suitable configuration, you can set up a self-hosted worker for SourceCraft all by yourself. Otherwise, you can create a VM in Compute Cloud and install a self-hosted worker on it. Even more, you can automate not only the processes of creating a VM, installing, configuring, and starting a self-hosted worker, but also the process of deleting a VM after the CI/CD workflow is completed. This way you can optimize the use of your Compute Cloud resources.
Here we discuss an example of how to implement such automation with the help of SourceCraft CI/CD processes using a service connection.
Self-hosted worker use cases:
-
In the same repository the worker was created from. In cases like this, the VM can be automatically deleted as soon as the workflow is completed.
test-task-and-delete-vm-async workflow example
test-task-and-delete-vm-async: runs_on: self-hosted tasks: - test-task - name: delete uses: delete-vm-async needs: [test-task]The
test-tasktask performs useful work, such as project compilation.The
deletetask gets started only aftertest-task(theneeds: [test-task]parameter) is executed and asynchronously deletes the VM on which the self-hosted worker was run.Before executing the
test-task-and-delete-vm-asyncworkflow, you need to execute thecreate-vmworkflow the self-hosted worker will be created in.Note
You cannot set a precise workflow sequence, so workflows must be started manually one by one.
-
In any other repository of the organization. In this case, you need to delete the VM with the self-hosted worker manually.
To deploy a self-hosted SourceCraft worker on a Compute Cloud VM:
- Get ready.
- Deploy the infrastructure.
- Create a repository with a CI/CD configuration.
- Create secrets.
- Set up a service connection.
- Set up a CI/CD process.
- Test the worker.
If you no longer need the resources you created, delete them.
Get ready for work
-
Sign up for Yandex Cloud and create a billing account:
- Navigate to the management console and log in to Yandex Cloud or create a new account.
- On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the
ACTIVEorTRIAL_ACTIVEstatus. If you do not have a billing account, create one and link a cloud to it.
If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure.
Learn more about clouds and folders here.
- Authenticate in SourceCraft on the service home page or sign up.
Required paid resources
The cost of supporting a self-hosted worker infrastructure includes:
- Fee for a disk and a running VM (see Yandex Compute Cloud pricing).
- Fee for using an external IP address (see Yandex Virtual Private Cloud pricing).
Deploy the infrastructure
-
If you do not already have a network infrastructure in the Yandex Cloud folder you want to have your self-hosted worker VM in, create a cloud network, e.g.,
default, and a subnet, e.g.,default-ru-central1-d.Note
The example CI/CD configuration discussed here uses a network named
defaultand a subnet nameddefault-ru-central1-d. -
In the given example, the default security group is used for the VM. Add the following rules to it:
Traffic
directionDescription
Port range
Protocol
Source /
Destination nameCIDR blocks
Inbound
Access to VM from
the internet0-65535AnyCIDR0.0.0.0/0Outbound
VM access to
the internet0-65535AnyCIDR0.0.0.0/0 -
In the Yandex Cloud folder you want to have your self-hosted worker VM in, create a service account with the
compute.editorrole for the folder.This service account will be used to create VMs in Compute Cloud and establish a SourceCraft service connection.
Create a repository with a CI/CD configuration
Tip
This example shows how to create a new repository based on a self-hosted-worker repository.
Instead of creating a new repository, you can also fork it from the self-hosted-worker repository.
-
Create a new empty repository in the organization whose cloud and folder will be used for the self-hosted worker VM.
On the page that opens, copy the link for access to the new repository formatted as:
https://git@git.sourcecraft.dev/<organization_slug>/<new_repository_slug>.git. -
Clone the self-hosted-worker repository with an example of a self-hosted worker deployment:
git clone https://git@git.sourcecraft.dev/examples/self-hosted-worker.git cd self-hosted-workerThe
self-hosted-workerrepository contains the following files:├── .sourcecraft │ └── ci.yaml # SourceCraft CI/CD configuration ├── .gitignore ├── compute-instance-create.sh # script for creating a VM ├── compute-instance-delete-async.sh # script for deleting a VM in asynchronous mode ├── compute-instance-delete.sh # script for deleting a VM ├── metadata.yaml # metadata for a VM └── README.md -
Use the
self-hosted-workerrepository as the basis for your new repository:git remote remove origin git remote add origin https://git@git.sourcecraft.dev/<organization_slug>/<new_repository_slug>.git git branch -M main -
Push your changes to the new repository:
git push -u origin main
Create secrets
-
Get a personal authentication token (PAT) with the Repository administrator
roleand access to the repository you want to be using the self-hosted CI/CD worker in.Tip
If you want to use the worker for more than just the repository it was created from, specify the appropriate permissions for the personal token.
The worker uses this token to get authenticated in SourceCraft.
-
Generate SSH keys for access to the worker VM.
-
Create the following SourceCraft secrets:
- With the
PATname and the token value. - With the
SSH_PUBname and a public SSH key.
- With the
Set up a service connection
Service connections allow you to securely integrate your SourceCraft projects with the Yandex Cloud resources.
Create a service connection named default-service-connection, use the previously created service account with the compute.editor role for the folder.
Warning
The SourceCraft grant you get when creating a service connection in a SourceCraft personal organization, does not apply to Yandex Compute Cloud and Yandex Virtual Private Cloud.
Set up a CI/CD process
Set up a CI/CD process to deploy a self-hosted worker.
Configure basic CI/CD settings
The CI/CD process is configured in the .sourcecraft/ci.yaml file.
The presented CI/CD configuration consists of the following workflows:
create-vm: Creates a VM with a self-hosted worker.delete-vm: Deletes a VM with a self-hosted worker.test-task-and-delete-vm-async: Runs a test task on a self-hosted worker and deletes the VM asynchronously.
Note
The create-vm and delete-vm workflows run on standard SourceCraft cloud workers. The test-task-and-delete-vm-async process runs on a self-hosted worker.
Adjust the CI/CD configuration for your needs or use an existing one.
Set your VM parameters
The VM configuration for a self-hosted worker is specified in the env variable section in the .sourcecraft/ci.yaml file:
COMPUTE_INSTANCE_NAME: VM name and host name, e.g.,self-hosted-worker.VPC_SUBNET_NAME: Name of the subnet created earlier the VM will reside in, e.g.,default-ru-central1-d.CREATE_BOOT_DISK: Disk image from which the VM will be created, e.g.,image-folder-id=standard-images,image-family=ubuntu-2204-lts(Ubuntu 22.04 LTS). See also Getting a list of public images.PLATFORM: VM platform, e.g.,standard-v3.MEMORY: Amount of RAM, e.g.,64GB.CORES: Number of vCPU cores, e.g.,8.CORE_FRACTION: Guaranteed share of vCPUs, e.g.,100.PREEMPTIBLE: Whether or not to use a preemptible VM, e.g.,false.SSH_PUB: Previously created secret with the public part of the SSH key in${{ secrets.<secret_name> }}format. Set in case you need to connect to a VM with a self-hosted worker.
A VM user with the builder login is created within the metadata.yaml file.
users:
- name: builder
sudo: 'ALL=(ALL) NOPASSWD:ALL'
shell: /bin/bash
ssh_authorized_keys:
- ${SSH_PUB}
Adjust the VM configuration for your needs or use an existing one.
Create a script to install a self-hosted worker and other software on the VM
To install an executable of a self-hosted worker or other software, e.g., Docker, the metadata.yaml file is used:
- path: "/usr/local/etc/startup.sh"
permissions: "755"
content: |
#!/bin/bash
# install self-hosted-processor
apt-get update
apt-get install -y musl
curl \
--silent \
--show-error \
--location \
https://storage.yandexcloud.net/src-processor-downloads/self-hosted-processor-latest/linux/amd64/self-hosted-processor \
--output self-hosted-processor
chmod +x self-hosted-processor
mv self-hosted-processor /home/builder/sourcecraft
chmod 777 -R /home/builder/sourcecraft
# install docker
apt install ca-certificates curl software-properties-common apt-transport-https -y
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
usermod -aG docker builder
In a newly deployed VM, the /usr/local/etc/startup.sh bash script is created and executed, which installs the self-hosted worker executable and Docker.
Adjust the installation script for your needs or use an existing one.
Configure a self-hosted worker
The config.yaml worker configuration file is also configured in the metadata.yaml file:
write_files:
- path: "/home/builder/sourcecraft/config.yaml"
permissions: "644"
content: |
executor_type: shell
self_hosted:
root_dir: /home/builder/sourcecraft/tmp
max_slots: 3
logger_type: json
logger_level: info
endpoint:
host: ci.sourcecraft.tech
port: 443
ssl_no_verify: false
auth:
pat: ${PAT}
Test the worker
Create a VM with a self-hosted worker
Manually run the create-vm workflow.
You can follow the creation process using the cube logs. If the workflow completes successfully, you can see the new VM in the Yandex Cloud management console using the link from the create-vm cube log.
Run a test workflow
- Manually run the
test-task-and-delete-vm-asyncworkflow. - In
test-task, check the logs of thetest-workerandtest-dockercubes:- The
test-workercube logs should present the results of theuname -aandfree -hcommands run directly on the worker. - The
test-dockercube logs should present the version of the Yandex Cloud CLI that will be run in the Docker container.
- The
After test-task is completed, the delete (delete-vm-async) task will be started, which will attempt to delete the VM in asynchronous mode. You can see the deletion result in the Yandex Cloud management console using the link from the delete-vm cube log.
How to delete the resources you created
To stop paying for the resources you created, manually run the delete-vm workflow or delete the self-hosted worker VM in the Yandex Cloud interface.
Optionally, delete the network and subnet.