Switch VMSS runners to default GitHub runner group

potatoqualitee · potatoqualitee · commit e3f4671be09f · 2025-10-03T12:07:04.000+02:00
Removed custom 'azure-vmss-runners' group from Terraform and runner initialization scripts to simplify configuration and improve self-healing. Updated workflow and scripts to reflect use of the default runner group, as custom groups require org admin permissions and add unnecessary complexity for single-repository setups.
diff --git a/.github/workflows/vmss-deploy.yml b/.github/workflows/vmss-deploy.yml
@@ -47,6 +47,26 @@ jobs:
             -var="github_token=${{ secrets.VMSS_GH_PAT }}" \
             -out=tfplan
 
+      - name: Import existing resources (self-healing)
+        if: github.event_name == 'push'
+        continue-on-error: true
+        working-directory: ./gh-runners
+        run: |
+          # Import VNet if it exists outside Terraform state
+          terraform import azurerm_virtual_network.vnet /subscriptions/65a430fb-5a9a-49ff-969e-05d1beaa88fb/resourceGroups/dbatools-ci-runners/providers/Microsoft.Network/virtualNetworks/dbatools-runner-vmss-vnet 2>/dev/null || true
+
+          # Import subnet if it exists outside Terraform state
+          terraform import azurerm_subnet.subnet /subscriptions/65a430fb-5a9a-49ff-969e-05d1beaa88fb/resourceGroups/dbatools-ci-runners/providers/Microsoft.Network/virtualNetworks/dbatools-runner-vmss-vnet/subnets/dbatools-runner-vmss-subnet 2>/dev/null || true
+
+          # Import VMSS if it exists outside Terraform state
+          terraform import azurerm_windows_virtual_machine_scale_set.vmss /subscriptions/65a430fb-5a9a-49ff-969e-05d1beaa88fb/resourceGroups/dbatools-ci-runners/providers/Microsoft.Compute/virtualMachineScaleSets/dbatools-runner-vmss 2>/dev/null || true
+
+          # Import VMSS extension if it exists outside Terraform state
+          terraform import azurerm_virtual_machine_scale_set_extension.vmss /subscriptions/65a430fb-5a9a-49ff-969e-05d1beaa88fb/resourceGroups/dbatools-ci-runners/providers/Microsoft.Compute/virtualMachineScaleSets/dbatools-runner-vmss/extensions/CustomScriptExtension 2>/dev/null || true
+
+          # Import role assignment if it exists outside Terraform state
+          terraform import azurerm_role_assignment.vmss_kv_secrets_user /subscriptions/65a430fb-5a9a-49ff-969e-05d1beaa88fb/resourceGroups/dbatools-ci-runners/providers/Microsoft.KeyVault/vaults/dbatoolsci|Key_Vault_Secrets_User 2>/dev/null || true
+
       - name: Terraform Apply
         if: github.event_name == 'push'
         working-directory: ./gh-runners
@@ -61,6 +81,6 @@ jobs:
           echo "- Resource Group: dbatools-ci-runners" >> $GITHUB_STEP_SUMMARY
           echo "- VMSS Name: dbatools-runner-vmss" >> $GITHUB_STEP_SUMMARY
           echo "- Max Instances: 3" >> $GITHUB_STEP_SUMMARY
-          echo "- Runner Group: azure-vmss-runners" >> $GITHUB_STEP_SUMMARY
+          echo "- Runner Group: Default (no custom group)" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "Next: Scale VMSS to 1 instance to test runner registration" >> $GITHUB_STEP_SUMMARY
diff --git a/gh-runners/github_components.tf b/gh-runners/github_components.tf
@@ -3,10 +3,6 @@ data "github_repository" "dbatools" {
   full_name = "${var.github_organization}/${var.github_repository}"
 }
 
-# Create a runner group for VMSS runners
-resource "github_actions_runner_group" "vmss" {
-  name                       = "azure-vmss-runners"
-  visibility                 = "selected"
-  selected_repository_ids    = [data.github_repository.dbatools.repo_id]
-  allows_public_repositories = false
-}
+# Runner group removed - using default group for simplicity and self-healing
+# Custom runner groups require org admin permissions and add unnecessary complexity
+# for single-project setups. Runners will automatically use the "Default" group.
diff --git a/gh-runners/init.ps1 b/gh-runners/init.ps1
@@ -52,13 +52,12 @@ try {
     $KeyVaultName = "dbatoolsci"
     $GithubOrg = "dataplat"
     $Repository = "dbatools"
-    $RunnerGroup = "azure-vmss-runners"
 
     Write-Log "Configuration:"
     Write-Log "  - Key Vault: $KeyVaultName"
     Write-Log "  - Organization: $GithubOrg"
     Write-Log "  - Repository: $Repository"
-    Write-Log "  - Runner Group: $RunnerGroup"
+    Write-Log "  - Runner Group: Default (no custom group)"
     Write-Log "  - VM Name: $($env:COMPUTERNAME)"
 
     Write-Log "Retrieving GitHub PAT from Key Vault..."
@@ -110,7 +109,6 @@ try {
         "--url", "https://github.com/$GithubOrg/$Repository",
         "--token", $RegistrationToken,
         "--name", $env:COMPUTERNAME,
-        "--runnergroup", $RunnerGroup,
         "--labels", "self-hosted,azure-vmss,windows,sqlserver",
         "--work", "_work",
         "--ephemeral",
