Request for Azure Self-hosted Runners

[emvaldes]

We are currently in the process of investigating the possibility to use the CDC GitHub offerings for custom self-hosted runners with access to Azure Infrastructure. If this results in a positive outcome, we might simply be able to remove all these contraptions that we currently have in place.

Having these convoluted strategies removed will not only simplify the architecture of these GitHub Workflows/Actions but also potentially reduce the latency of these operations. We should be able to remove the use of VPN, IP Whitelisting, Okta authentication, etc. so that we can have a more streamlined set of procedures.

• Identify the availability of self-hosted/custom runners and the level of integration they can provide to access the Azure Infrastructure with well defined access policies that will allow us to address our needs/requirements.
• Determine what is required/needed to enable these runners.
• We need to be extremely cautious in not altering the default GitHub provisioning of runners for the existing processes so no disruption will be affecting these services.
• We must determine what is involved in implementing the use of self-hosted runners strategy and if they can be performing their role seamlessly replacing the current systems.
• Implement a prototyping repository to use self-hosted/custom runners and determine the level of access and complexity they could bring into the process (hopefully none).
• Identify any Firewall rules from these self-hosted/custom runners to our specific Azure environment (needs to be locked down but remain functional). These pathway can only be effective if it addresses the existing limitations we face.
• Create a migration path to implement these self-hosted/custom runners into the existing Prime-ReportStream repository while making sure that we can have a rollback path to restore the existing default runners.

Notes: We will begin conversations with Mr. Boris Ning (tpz7). He should be able to get us a functional setup with a testing repo and self-hosted/custom runners to start building out our own pipelines. In terms of the connectivity from the runners to your environment(s), we will likely need FWCRs to cover that connectivity.

• DoD: What are the milestones that define this issue as resolved/completed?
• When the use of self-hosted/custom runners has proven that all current complexities are removed and the integration with Azure's infrastructure is streamlined for simplicity.
• Self-hosted/custom runners are fully functional

[emvaldes]

There are no existing self-hosted/custom runners associated with this repository. Which leads me to believe that if we can manage to get a functional runner directly connected to Azure with the right/appropriate credentials to access the specific infrastructure (account restricted), we could simplify our existing infrastructure access and management complexities.

[emvaldes]

The following references will assist us in documenting these services.

• https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners
• https://docs.github.com/en/actions/hosting-your-own-runners