Summary
Implement Stage 5 (Container Hooks) for the Ansible-first reboot.
Scope
- Create the runner_hooks role
- Install Node.js LTS
- Install @actions/runner-container-hooks npm package
- Create hook wrapper scaffolding at /opt/runner-hooks/
- Configure runner systemd unit with ACTIONS_RUNNER_CONTAINER_HOOKS environment variable
- Validate container isolation (jobs run in containers, not on host)
Key Capabilities
- All jobs execute in isolated Docker containers
- Clean environment per job (no host access)
- Foundation for device and cache injection (Stage 6)
- Hook wrapper extensible for future enhancements
Acceptance
- Node.js LTS installed and available
- Hook package installed at /opt/runner-hooks/node_modules/@actions/runner-container-hooks
- Hook wrapper index.js created and executable
- Systemd unit includes ACTIONS_RUNNER_CONTAINER_HOOKS env var
- Test job submitted runs inside a container (verifiable via docker ps)
- Job has no access to host files
- Runner appears online in GitHub Actions Settings
- Role is idempotent
Summary
Implement Stage 5 (Container Hooks) for the Ansible-first reboot.
Scope
Key Capabilities
Acceptance