Add support for using --no-default-labels

README.md

@@ -113,6 +113,9 @@ runner_org: false
 # Labels to apply to the runner
 runner_labels: []
 
+# Disable default labels (self-hosted, Linux, X64) and require custom labels. Set `runner_no_default_labels: true` and provide at least one label in `runner_labels` to use this feature.
+runner_no_default_labels: false
+
 # Group to add organization runner to
 runner_group: ""
 
@@ -262,34 +265,9 @@ In this example the Ansible role will uninstall the runner service and unregiste
 1. Install Python, Docker, and Ansible if you haven't already.
 2. Install Molecule and its Docker driver with pip:
 
-```bash
-pip install "molecule-plugins[docker]"
-```
-Sure, here's a basic example of how you might structure a README to explain how to test the `monolithprojects.github_actions_runner` Ansible role with Molecule:
-
-```markdown
-# monolithprojects.github_actions_runner
-
-This is an Ansible role for setting up GitHub Actions runners.
-
-## Testing with Molecule
-
-[Molecule](https://molecule.readthedocs.io/) is a testing framework for Ansible that we use to test the `monolithprojects.github_actions_runner` role.
-
-### Prerequisites
-
-- Python
-- Docker
-- Ansible
-- Molecule
-
-### Installation
-
-1. Install Python, Docker, and Ansible if you haven't already.
-2. Install Molecule and its Docker driver with pip:
-
 ```bash
 pip install molecule[docker]
+pip install "molecule-plugins[docker]"
 ```
 
 ### Running Tests

defaults/main.yml

@@ -45,6 +45,9 @@ runner_download_repository: "actions/runner"
 # Several arguments must be set as one string (i.e. "--ephemeral --my_special_fork")
 runner_extra_config_args: ""
 
+# Disable default labels (self-hosted, Linux, X64) and require custom labels. Set `runner_no_default_labels: true` and provide at least one label in `runner_labels` to use this feature.
+runner_no_default_labels: false
+
 # Name to assign to this runner in GitHub (System hostname as default)
 runner_name: "{{ ansible_facts.hostname }}"
 

molecule/no_default_labels/converge.yml

@@ -0,0 +1,17 @@
+---
+- name: Test no_default_labels scenario
+  hosts: all
+  become: yes
+  vars:
+    runner_user: ansible
+    github_repo: "{{ lookup('env', 'GITHUB_REPO') }}"
+    github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}"
+    runner_version: "latest"
+    runner_name: test_name
+    runner_no_default_labels: true
+    runner_labels:
+      - testlabel1    
+      - testlabel2
+  roles:
+    - role: monolithprojects.github_actions_runner
+

molecule/no_default_labels/molecule.yml

@@ -0,0 +1,39 @@
+---
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      verbosity: 0
+  playbooks:
+      converge: converge.yml
+      cleanup: ../default/cleanup.yml
+      verify: verify.yml
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: "${MOLECULE_IMAGE:-ubuntu22}-latest"
+    image: "${namespace:-monolithprojects}/systemd-${MOLECULE_IMAGE:-ubuntu22}:latest"
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:${MOLECULE_DOCKER_VOLUMES:-rw}" # Use "ro" for cgroup v1 and "rw" for cgroup v2
+    cgroupns_mode: ${MOLECULE_DOCKER_CGROUPS_MODE:-"host"} # Use "private" for cgroup v1 and "host" for cgroup v2
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    privileged: true
+    pre_build_image: true
+verifier:
+  name: ansible
+scenario:
+  name: no_default_labels
+  test_sequence:
+    - dependency
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - side_effect
+    - verify
+    - cleanup
+    - destroy

molecule/no_default_labels/requirements.yml

@@ -0,0 +1,5 @@
+---
+
+roles:
+- name: robertdebock.epel
+  version: 3.0.1

molecule/no_default_labels/verify.yml

@@ -0,0 +1,44 @@
+---
+- name: Validate Repo runners
+  user: ansible
+  hosts: all
+  gather_facts: yes
+  become: yes
+  vars:
+    runner_user: ansible
+    github_repo: "{{ lookup('env', 'GITHUB_REPO') }}"
+    github_account: "{{ lookup('env', 'GITHUB_ACCOUNT') }}"
+    github_api_url: "https://api.github.com"
+    access_token: "{{ lookup('env', 'PERSONAL_ACCESS_TOKEN') }}"
+    runner_name: "{{ ansible_facts.hostname }}"
+
+  tasks:
+    - name: Check currently registered runners
+      ansible.builtin.uri:
+        url: "{{ github_api_url }}/repos/{{ github_owner | default(github_account) }}/{{ github_repo }}/actions/runners"
+        headers:
+          Authorization: "token {{ access_token }}"
+          Accept: "application/vnd.github.v3+json"
+        method: GET
+        status_code: 200
+        force_basic_auth: yes
+      register: registered_runners
+
+    - name: Check Runner
+      ansible.builtin.assert:
+        that:
+          - registered_runners.json.runners.0.status == "online"
+        quiet: true
+
+    - debug:
+        var: registered_runners.json.runners.0
+
+    - name: Set fact - current labels
+      ansible.builtin.set_fact:
+        current_labels: "{{ registered_runners.json.runners.0 | json_query('labels[*].name') | list }}"
+
+    - name: Check Labels (skipped if labels are OK)
+      ansible.builtin.assert:
+        that:
+          - current_labels == ['testlabel1', 'testlabel2']
+        fail_msg: "Expected only the custom labels 'testlabel1' and 'testlabel2', but got {{ current_labels }}"

tasks/assert.yml

@@ -39,3 +39,10 @@
     fail_msg: "runner_user_win_password was not defined, but it is required on a windows system"
   run_once: true
   when: github_actions_system == "win"
+
+- name: Check runner_labels is not empty if runner_no_default_labels is true (RUN ONCE)
+  ansible.builtin.assert:
+    that:
+      - not (runner_no_default_labels | bool) or (runner_labels is defined and runner_labels | length > 0)
+    fail_msg: "runner_labels must be set and not empty when runner_no_default_labels is true."
+  run_once: true

tasks/install_runner_unix.yml

@@ -82,6 +82,7 @@
     --labels {{ runner_labels | join(',') }} \
     --runnergroup {{ runner_group }} \
     --unattended \
+    {{ '--no-default-labels' if runner_no_default_labels | bool else '' }} \
     {{ runner_extra_config_args }}"
   args:
     chdir: "{{ runner_dir }}"
@@ -120,6 +121,7 @@
     --name '{{ runner_name }}' \
     --labels {{ runner_labels | join(',') }} \
     --unattended \
+    {{ '--no-default-labels' if runner_no_default_labels | bool else '' }} \
     {{ runner_extra_config_args }} \
     --replace"
   args:

tasks/install_runner_win.yml

@@ -78,8 +78,9 @@
     --runasservice \
     --windowslogonaccount {{ runner_user }} \
     --windowslogonpassword {{ runner_user_win_password }} \
-    --unattended \
-    {{ runner_extra_config_args }}"
+  --unattended \
+  {{ '--no-default-labels' if runner_no_default_labels | bool else '' }} \
+  {{ runner_extra_config_args }}"
   args:
     chdir: "{{ runner_dir }}"
   changed_when: true
@@ -101,9 +102,10 @@
     --runasservice \
     --windowslogonaccount {{ runner_user }} \
     --windowslogonpassword {{ runner_user_win_password }} \
-    --unattended \
-    {{ runner_extra_config_args }} \
-    --replace"
+  --unattended \
+  {{ '--no-default-labels' if runner_no_default_labels | bool else '' }} \
+  {{ runner_extra_config_args }} \
+  --replace"
   args:
     chdir: "{{ runner_dir }}"
   changed_when: true