fix: Changed the ami filters to ensure that AMI is available before i…

…ts used in launch template. (#3220) * fix: Fixed default filters for the AMI. * docs: auto update terraform docs * fix: additional changes. * docs: auto update terraform docs * fix: reverted extra variables. * docs: auto update terraform docs * fix: more changes. * docs: auto update terraform docs * fix: missed. --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Niek Palm <[email protected]>
github-aws-runners · Jul 18, 2023 · 0bcfbc7 · 0bcfbc7
1 parent 116ea58
commit 0bcfbc7
Show file tree

Hide file tree

Showing 10 changed files with 28 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -486,7 +486,7 @@ We welcome any improvement to the standard module to make the default as secure
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used. | `map(list(string))` | `null` | no |
+| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | Map of lists used to create the AMI filter for the action runner AMI. | `map(list(string))` | <pre>{<br>  "state": [<br>    "available"<br>  ]<br>}</pre> | no |
 | <a name="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name) | Externally managed SSM parameter (of data type aws:ec2:image) that contains the AMI ID to launch runner instances from. Overrides ami\_filter | `string` | `null` | no |
 | <a name="input_ami_kms_key_arn"></a> [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn) | Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI | `string` | `null` | no |
 | <a name="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners) | The list of owners used to select the AMI of action runner instances. | `list(string)` | <pre>[<br>  "amazon"<br>]</pre> | no |

diff --git a/examples/ephemeral/main.tf b/examples/ephemeral/main.tf
@@ -71,7 +71,7 @@ module "runners" {
 
   # configure your pre-built AMI
   # enable_userdata = false
-  # ami_filter       = { name = ["github-runner-amzn2-x86_64-*"] }
+  # ami_filter       = { name = ["github-runner-amzn2-x86_64-*"], state = ["available"] }
   # data "aws_caller_identity" "current" {}
   # ami_owners       = [data.aws_caller_identity.current.account_id]
 

diff --git a/examples/multi-runner/templates/runner-configs/linux-x64-ubuntu.yaml b/examples/multi-runner/templates/runner-configs/linux-x64-ubuntu.yaml
@@ -1,8 +1,8 @@
 matcherConfig:
   exactMatch: true
   labelMatchers:
-    - [ self-hosted, linux, x64, ubuntu-latest ]
-    - [ self-hosted, linux, x64, ubuntu-2204 ]
+    - [self-hosted, linux, x64, ubuntu-latest]
+    - [self-hosted, linux, x64, ubuntu-2204]
 fifo: true
 delay_webhook_event: 0
 redrive_build_queue:
@@ -28,6 +28,8 @@ runner_config:
   ami_filter:
     name:
       - ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*
+    state:
+      - available
   block_device_mappings:
     - device_name: /dev/sda1
       delete_on_termination: true

diff --git a/examples/multi-runner/templates/runner-configs/windows-x64.yaml b/examples/multi-runner/templates/runner-configs/windows-x64.yaml
@@ -18,4 +18,6 @@ runner_config:
   runner_boot_time_in_minutes: 20
   ami_filter:
     name:
-      - Windows_Server-2022-English-Core-ContainersLatest-*
+      - Windows_Server-2022-English-Core-ContainersLatest-*
+    state:
+      - available
diff --git a/examples/prebuilt/README.md b/examples/prebuilt/README.md
@@ -58,7 +58,7 @@ Assuming you have built the `linux-amzn2` image which has a pre-defined AMI name
 module "runners" {
   ...
   # set the name of the ami to use
-  ami_filter        = { name = ["github-runner-amzn2-x86_64-2021*"] }
+  ami_filter  = { name = ["github-runner-amzn2-x86_64-2021*"], state = ["available"] }
   # provide the owner id of
   ami_owners        = ["<your owner id>"]
 

diff --git a/examples/prebuilt/main.tf b/examples/prebuilt/main.tf
@@ -42,7 +42,7 @@ module "runners" {
 
   # configure your pre-built AMI
   enable_userdata = false
-  ami_filter      = { name = [var.ami_name_filter] }
+  ami_filter      = { name = [var.ami_name_filter], state = ["available"] }
   ami_owners      = [data.aws_caller_identity.current.account_id]
 
   # Look up runner AMI ID from an AWS SSM parameter (overrides ami_filter at instance launch time)

diff --git a/examples/ubuntu/main.tf b/examples/ubuntu/main.tf
@@ -51,13 +51,14 @@ module "runners" {
   ami_owners        = ["099720109477"] # Canonical's Amazon account ID
 
   ami_filter = {
-    name = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
+    name  = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"],
+    state = ["available"]
   }
 
   # Custom build AMI, no custom userdata needed.
   # option 2: Build custom AMI see ../../images/ubuntu-focal
   #           disable lines above (option 1) and enable the ones below
-  # ami_filter = { name = ["github-runner-ubuntu-focal-amd64-*"] }
+  # ami_filter = { name = ["github-runner-ubuntu-focal-amd64-*"], state = ["available"] }
   # data "aws_caller_identity" "current" {}
   # ami_owners = [data.aws_caller_identity.current.account_id]
 

diff --git a/modules/runners/README.md b/modules/runners/README.md
@@ -121,7 +121,7 @@ yarn run dist
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | Map of lists used to create the AMI filter for the action runner AMI. | `map(list(string))` | `null` | no |
+| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | Map of lists used to create the AMI filter for the action runner AMI. | `map(list(string))` | <pre>{<br>  "state": [<br>    "available"<br>  ]<br>}</pre> | no |
 | <a name="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name) | Externally managed SSM parameter (of data type aws:ec2:image) that contains the AMI ID to launch runner instances from. Overrides ami\_filter | `string` | `null` | no |
 | <a name="input_ami_kms_key_arn"></a> [ami\_kms\_key\_arn](#input\_ami\_kms\_key\_arn) | Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI | `string` | `null` | no |
 | <a name="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners) | The list of owners used to select the AMI of action runner instances. | `list(string)` | <pre>[<br>  "amazon"<br>]</pre> | no |

diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf
@@ -127,7 +127,12 @@ variable "instance_types" {
 variable "ami_filter" {
   description = "Map of lists used to create the AMI filter for the action runner AMI."
   type        = map(list(string))
-  default     = null
+  default     = { state = ["available"] }
+  validation {
+    // check the availability of the AMI
+    condition     = contains(keys(var.ami_filter), "state")
+    error_message = "The \"ami_filter\" variable must contain the \"state\" key with the value \"available\"."
+  }
 }
 
 variable "ami_owners" {

diff --git a/variables.tf b/variables.tf
@@ -302,9 +302,14 @@ variable "block_device_mappings" {
 }
 
 variable "ami_filter" {
-  description = "List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used."
+  description = "Map of lists used to create the AMI filter for the action runner AMI."
   type        = map(list(string))
-  default     = null
+  default     = { state = ["available"] }
+  validation {
+    // check the availability of the AMI
+    condition     = contains(keys(var.ami_filter), "state")
+    error_message = "The \"ami_filter\" variable must contain the \"state\" key with the value \"available\"."
+  }
 }
 
 variable "ami_owners" {