datalens-tech
diff --git a/‎.github/workflows/tofu-apply.yml‎
Lines changed: 0 additions & 7 deletions b/‎.github/workflows/tofu-apply.yml‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎.github/workflows/tofu-lint.yml‎
Lines changed: 0 additions & 6 deletions b/‎.github/workflows/tofu-lint.yml‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎.github/workflows/tofu-plan.yml‎
Lines changed: 0 additions & 6 deletions b/‎.github/workflows/tofu-plan.yml‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎scripts/tofu.sh‎
Lines changed: 1 addition & 10 deletions b/‎scripts/tofu.sh‎
Lines changed: 1 addition & 10 deletions
diff --git a/‎terraform/.terraform.lock.hcl‎
Lines changed: 42 additions & 20 deletions b/‎terraform/.terraform.lock.hcl‎
Lines changed: 42 additions & 20 deletions
diff --git a/‎terraform/github-runner-config.yaml‎
Lines changed: 24 additions & 11 deletions b/‎terraform/github-runner-config.yaml‎
Lines changed: 24 additions & 11 deletions
@@ -24,13 +24,6 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 2
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - uses: opentofu/setup-opentofu@v1
-        with:
-          tofu_version: 1.8.2
-      - uses: nightstory/setup-yc@v1
       - run: |
           ../scripts/tofu.sh --tofurc --cleanup --init --silent --apply --approve
         working-directory: ./terraform
 
@@ -18,12 +18,6 @@ jobs:
       - datalens-opensource
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - uses: opentofu/setup-opentofu@v1
-        with:
-          tofu_version: 1.8.2
       - run: |
           ../scripts/tofu.sh --lint
         working-directory: ./terraform
@@ -24,12 +24,6 @@ jobs:
       - datalens-opensource
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - uses: opentofu/setup-opentofu@v1
-        with:
-          tofu_version: 1.8.2
       - run: |
           ../scripts/tofu.sh --tofurc --cleanup --init --silent --plan --plan-out "../plan.tfplan" --plan-md
         working-directory: ./terraform
 
@@ -310,16 +310,7 @@ if [ "${IS_LOCK}" == "true" ]; then
     -platform=linux_amd64 \
     -platform=linux_arm64 \
     -platform=darwin_arm64 \
-    -platform=darwin_amd64 \
-    hashicorp/dns \
-    hashicorp/helm \
-    hashicorp/http \
-    hashicorp/local \
-    hashicorp/random \
-    hashicorp/time \
-    hashicorp/tls \
-    hashicorp/kubernetes \
-    registry.terraform.io/yandex-cloud/yandex
+    -platform=darwin_amd64
 fi
 
 echo ""
 
@@ -1,6 +1,6 @@
 #cloud-config
 runcmd:
-  - apt update && apt install -y jq zip unzip curl wget git docker.io docker-compose-v2
+  - apt update && apt install -y jq zip unzip curl wget git devscripts docker.io docker-compose-v2 docker-buildx
   # install github cli
   - mkdir -p -m 755 /etc/apt/keyrings
   - wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null
@@ -12,40 +12,53 @@ runcmd:
   - apt install -y nodejs python3 python-is-python3 g++ make
   # install task cli
   - su - root -c "curl -o ./task-install.sh -L https://taskfile.dev/install.sh"
-  - su - root -c "chmod +x ./task-install.sh && ./task-install.sh -d -b /usr/local/bin"
+  - su - root -c "chmod +x ./task-install.sh && ./task-install.sh -b /usr/local/bin -d 'v${TASK_VERSION}'"
   # install aws cli
-  - su - root -c "curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscli.zip"
+  - su - root -c "curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWSCLI_VERSION}.zip -o awscli.zip"
   - su - root -c "unzip awscli.zip && ./aws/install --update && rm -rf awscli.zip && rm -rf ./aws"
   # install yc cli
   - su - root -c "curl -o ./yc-install.sh -L https://storage.yandexcloud.net/yandexcloud-yc/install.sh"
-  - su - root -c "chmod +x ./yc-install.sh && ./yc-install.sh -i /tmp/yc -n && rm -rf ./yc-install.sh && mv /tmp/yc/bin/yc /usr/bin/yc"
+  - su - root -c "chmod +x ./yc-install.sh && CLI_VERSION='${YC_VERSION}' ./yc-install.sh -i /tmp/yc -n && rm -rf ./yc-install.sh && mv /tmp/yc/bin/yc /usr/bin/yc"
   # install mc cli
   - su - root -c "curl https://dl.min.io/client/mc/release/linux-amd64/mc --create-dirs -o /usr/bin/mc"
   - su - root -c "chmod +x /usr/bin/mc"
   # install opentofu cli
-  - su - root -c "curl -O -L https://github.com/opentofu/opentofu/releases/download/v1.8.4/tofu_1.8.4_linux_amd64.zip"
-  - su - root -c "unzip tofu_1.8.4_linux_amd64.zip tofu -d /usr/bin/ && rm -f tofu_1.8.4_linux_amd64.zip && chmod +x /usr/bin/tofu"
+  - su - root -c "curl -O -L https://github.com/opentofu/opentofu/releases/download/v${OPENTOFU_VERSION}/tofu_${OPENTOFU_VERSION}_linux_amd64.zip"
+  - su - root -c "unzip tofu_${OPENTOFU_VERSION}_linux_amd64.zip tofu -d /usr/bin/ && rm -f tofu_${OPENTOFU_VERSION}_linux_amd64.zip && chmod +x /usr/bin/tofu"
   # install kubectl cli
-  - su - root -c "curl -L https://dl.k8s.io/release/v1.31.5/bin/linux/amd64/kubectl -o /usr/bin/kubectl"
+  - su - root -c "curl -L https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl -o /usr/bin/kubectl"
   - su - root -c "chmod +x /usr/bin/kubectl"
   # install helm cli
-  - su - root -c "curl -O -L https://get.helm.sh/helm-v3.17.1-linux-amd64.tar.gz"
-  - su - root -c "tar -xvzf helm-v3.17.1-linux-amd64.tar.gz && rm -rf helm-v3.17.1-linux-amd64.tar.gz && mv linux-amd64/helm /usr/bin/helm && rm -rf linux-amd64 && chmod +x /usr/bin/helm"
+  - su - root -c "curl -O -L https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz"
+  - su - root -c "tar -xvzf helm-v${HELM_VERSION}-linux-amd64.tar.gz && rm -rf helm-v${HELM_VERSION}-linux-amd64.tar.gz && mv linux-amd64/helm /usr/bin/helm && rm -rf linux-amd64 && chmod +x /usr/bin/helm"
   # install yq cli
-  - su - root -c "curl -O -L https://github.com/mikefarah/yq/releases/download/v4.45.1/yq_linux_amd64.tar.gz"
+  - su - root -c "curl -O -L https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64.tar.gz"
   - su - root -c "tar -xvzf yq_linux_amd64.tar.gz && rm -rf yq_linux_amd64.tar.gz && mv yq_linux_amd64 /usr/bin/yq && chmod +x /usr/bin/yq"
+  # install trivy cli
+  - su - root -c "curl -o ./trivy.tar.gz -L https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"
+  - su - root -c "tar -xvzf trivy.tar.gz && rm -rf trivy.tar.gz && mv trivy /usr/bin/trivy && chmod +x /usr/bin/trivy"
+  # install shellformat cli
+  - su - root -c "curl -L https://github.com/mvdan/sh/releases/download/v${SHFMT_VERSION}/shfmt_v${SHFMT_VERSION}_linux_amd64 -o /usr/bin/shfmt"
+  - su - root -c "chmod +x /usr/bin/shfmt"
+  # install shellcheck cli
+  - su - root -c "curl -O -L https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz"
+  - su - root -c "tar -xvf shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz && rm -rf shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz && mv shellcheck-v${SHELLCHECK_VERSION}/shellcheck /usr/bin/shellcheck && chmod +x /usr/bin/shellcheck"
+  # install yamlfmt cli
+  - su - root -c "curl -O -L https://github.com/google/yamlfmt/releases/download/v${YAMLFMT_VERSION}/yamlfmt_${YAMLFMT_VERSION}_Linux_x86_64.tar.gz"
+  - su - root -c "tar -xvf yamlfmt_${YAMLFMT_VERSION}_Linux_x86_64.tar.gz && rm -rf yamlfmt_${YAMLFMT_VERSION}_Linux_x86_64.tar.gz && mv yamlfmt /usr/bin/yamlfmt && chmod +x /usr/bin/yamlfmt"
   # add non root user
   - useradd -m github --shell /bin/bash && usermod -aG docker github
   - su - github -c "mkdir -p /home/github/actions-runner"
   # install playwright
   - su - root -c "PLAYWRIGHT_BROWSERS_PATH=/home/github/.cache/ms-playwright PLAYWRIGHT_DOWNLOAD_HOST=https://storage.yandexcloud.net/playwright npx -y playwright@${PLAYWRIGHT_VERSION} install --with-deps chromium"
+  - su - root -c "chown -R github:github /home/github/.cache"
   # remove DejaVuSans fonts
   - apt purge -y fonts-dejavu-core fonts-dejavu-mono
   # install github runner agent
   - export RUNNER_ARCH=x64
   - export RUNNER_TOKEN=$(yc lockbox payload get --id ${LOCKBOX_ID} --key ${LOCKBOX_KEY})
   - su - github -c "cd /home/github/actions-runner && curl -O -L https://github.com/actions/runner/releases/download/v${VERSION}/actions-runner-linux-$${RUNNER_ARCH}-${VERSION}.tar.gz"
   - su - github -c "cd /home/github/actions-runner && tar xzf ./actions-runner-linux-$${RUNNER_ARCH}-${VERSION}.tar.gz && rm -rf ./actions-runner-linux-$${RUNNER_ARCH}-${VERSION}.tar.gz"
-  - su - github -c "cd /home/github/actions-runner && ./config.sh --unattended --url https://github.com/${OWNER} --token $${RUNNER_TOKEN} --name github-runner-${LABEL}-ind-${IND} --runnergroup default --work _work --labels cloud,${LABEL},${LABEL}-ind-${IND}"
+  - su - github -c "cd /home/github/actions-runner && ./config.sh --unattended --url https://github.com/${OWNER} --token $${RUNNER_TOKEN} --name github-runner-${LABEL}-ind-${IND} --runnergroup ${RUNNER_GROUP} --replace --work _work --labels cloud,${LABEL},${LABEL}-ind-${IND}"
   - su - root -c "cd /home/github/actions-runner && ./svc.sh install github"
   - su - root -c "cd /home/github/actions-runner && ./svc.sh start"