Skip to content

Commit

Permalink
Merge branch 'release/v0.5.0' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
@npalm
npalm committed Aug 25, 2020
2 parents 01821d6 + 1931122 commit 1bedcfa
Show file tree
Hide file tree
Showing 42 changed files with 2,449 additions and 1,374 deletions.
22 changes: 21 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [0.5.0] - 2020-08-25

### Added

- feat: Manage log groups via module. When upgrading you have to import the log groups by AWS into your state. See below the example commands for the default example.

```bash
terraform import module.runners.module.runner_binaries.aws_cloudwatch_log_group.syncer "/aws/lambda/default-syncer"
terraform import module.runners.module.runners.aws_cloudwatch_log_group.scale_up "/aws/lambda/default-scale-up"
terraform import module.runners.module.runners.aws_cloudwatch_log_group.scale_down "/aws/lambda/default-scale-down"
terraform import module.runners.module.webhook.aws_cloudwatch_log_group.webhook "/aws/lambda/default-webhook"
```

- feat: Added option to binaries syncer to upgrade to pre-releases, preventing any auto-updating on startup. Option `runner_allow_prerelease_binaries` is disabled by default. (#141, #165) @sjagoe

- feat: SSM policies are by default disabled, set `enable_ssm_on_runners` to `true` to enable access to the runner instances via SSM. (#143) @HenryNguyen5

- feat: Log full sqs event (#147) @HenryNguyen5

## [0.4.0] - 2020-08-10

### Added
Expand Down Expand Up @@ -50,7 +69,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

- First release.

[unreleased]: https://github.com/philips-labs/terraform-aws-github-runner/compare/v0.4.0..HEAD
[unreleased]: https://github.com/philips-labs/terraform-aws-github-runner/compare/v0.5.0..HEAD
[0.5.0]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.4.0..v0.5.0
[0.4.0]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.3.0..v0.4.0
[0.3.0]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.2.0..v0.3.0
[0.2.0]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.1.0..v0.2.0
Expand Down
13 changes: 8 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,20 +100,20 @@ First you need to download the lambda releases. The lambda code is available as
```terraform
module "lambdas" {
source = "philips-labs/github-runner/aws//modules/download-lambda"
version = "0.2.0"
version = "0.5.0"
lambdas = [
{
name = "webhook"
tag = "v0.3.0"
tag = "v0.5.0"
},
{
name = "runners"
tag = "v0.3.0"
tag = "v0.5.0"
},
{
name = "runner-binaries-syncer"
tag = "v0.3.0"
tag = "v0.5.0"
}
]
}
Expand All @@ -132,7 +132,7 @@ Next create a second terraform workspace and initiate the module, see the exampl
```terraform
module "github-runner" {
source = "philips-labs/github-runner/aws"
version = "0.2.0"
version = "0.5.0"
aws_region = "eu-west-1"
vpc_id = "vpc-123"
Expand Down Expand Up @@ -297,10 +297,12 @@ No requirements.
| instance_profile_path | The path that will be added to the instance_profile, if not set the environment name will be used. | `string` | `null` | no |
| instance_type | Instance type for the action runner. | `string` | `"m5.large"` | no |
| kms_key_id | Custom KMS key to encrypted lambda secrets, if not provided and `encrypt_secrets` = `true` a KMS key will be created by the module. Secrets will be encrypted with a context `Environment = var.environment`. | `string` | `null` | no |
| logging_retention_in_days | Specifies the number of days you want to retain log events for the lambda log group. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `7` | no |
| manage_kms_key | Let the module manage the KMS key. | `bool` | `true` | no |
| minimum_running_time_in_minutes | The time an ec2 action runner should be running at minimum before terminated if non busy. | `number` | `5` | no |
| role_path | The path that will be added to role path for created roles, if not set the environment name will be used. | `string` | `null` | no |
| role_permissions_boundary | Permissions boundary that will be added to the created roles. | `string` | `null` | no |
| runner_allow_prerelease_binaries | Allow the runners to update to prerelease binaries. | `bool` | `false` | no |
| runner_as_root | Run the action runner under the root user. | `bool` | `false` | no |
| runner_binaries_syncer_lambda_timeout | Time out of the binaries sync lambda in seconds. | `number` | `300` | no |
| runner_binaries_syncer_lambda_zip | File location of the binaries sync lambda zip file. | `string` | `null` | no |
Expand All @@ -317,6 +319,7 @@ No requirements.
| vpc_id | The VPC for security groups of the action runners. | `string` | n/a | yes |
| webhook_lambda_timeout | Time out of the webhook lambda in seconds. | `number` | `10` | no |
| webhook_lambda_zip | File location of the webhook lambda zip file. | `string` | `null` | no |
| enable_ssm_on_runners | Enable to allow access the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. | `bool` | `false` | no |

## Outputs

Expand Down
6 changes: 3 additions & 3 deletions examples/default/lambdas-download/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,15 @@ module "lambdas" {
lambdas = [
{
name = "webhook"
tag = "v0.3.0"
tag = "v0.5.0"
},
{
name = "runners"
tag = "v0.3.0"
tag = "v0.5.0"
},
{
name = "runner-binaries-syncer"
tag = "v0.3.0"
tag = "v0.5.0"
}
]
}
Expand Down
3 changes: 3 additions & 0 deletions examples/default/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ module "runners" {
enable_organization_runners = false
runner_extra_labels = "default,example"

# enable access to the runners via SSM
enable_ssm_on_runners = true

# Uncommet idle config to have idle runners from 9 to 5 in time zone Amsterdam
# idle_config = [{
# cron = "* * 9-17 * * *"
Expand Down
6 changes: 3 additions & 3 deletions examples/permissions-boundary/lambdas-download/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,15 @@ module "lambdas" {
lambdas = [
{
name = "webhook"
tag = "v0.3.0"
tag = "v0.5.0"
},
{
name = "runners"
tag = "v0.3.0"
tag = "v0.5.0"
},
{
name = "runner-binaries-syncer"
tag = "v0.3.0"
tag = "v0.5.0"
}
]
}
Expand Down
15 changes: 10 additions & 5 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,9 @@ module "webhook" {
sqs_build_queue = aws_sqs_queue.queued_builds
github_app_webhook_secret = var.github_app.webhook_secret

lambda_zip = var.webhook_lambda_zip
lambda_timeout = var.webhook_lambda_timeout
lambda_zip = var.webhook_lambda_zip
lambda_timeout = var.webhook_lambda_timeout
logging_retention_in_days = var.logging_retention_in_days

role_path = var.role_path
role_permissions_boundary = var.role_permissions_boundary
Expand Down Expand Up @@ -75,10 +76,12 @@ module "runners" {
runner_as_root = var.runner_as_root
runners_maximum_count = var.runners_maximum_count
idle_config = var.idle_config
enable_ssm_on_runners = var.enable_ssm_on_runners

lambda_zip = var.runners_lambda_zip
lambda_timeout_scale_up = var.runners_scale_up_lambda_timeout
lambda_timeout_scale_down = var.runners_scale_down_lambda_timeout
logging_retention_in_days = var.logging_retention_in_days

instance_profile_path = var.instance_profile_path
role_path = var.role_path
Expand All @@ -97,10 +100,12 @@ module "runner_binaries" {

distribution_bucket_name = "${var.environment}-dist-${random_string.random.result}"

runner_architecture = substr(var.instance_type, 0, 2) == "a1" || substr(var.instance_type, 1, 2) == "6g" ? "arm64" : "x64"
runner_architecture = substr(var.instance_type, 0, 2) == "a1" || substr(var.instance_type, 1, 2) == "6g" ? "arm64" : "x64"
runner_allow_prerelease_binaries = var.runner_allow_prerelease_binaries

lambda_zip = var.runner_binaries_syncer_lambda_zip
lambda_timeout = var.runner_binaries_syncer_lambda_timeout
lambda_zip = var.runner_binaries_syncer_lambda_zip
lambda_timeout = var.runner_binaries_syncer_lambda_timeout
logging_retention_in_days = var.logging_retention_in_days

role_path = var.role_path
role_permissions_boundary = var.role_permissions_boundary
Expand Down
23 changes: 16 additions & 7 deletions modules/download-lambda/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,33 +10,42 @@ module "lambdas" {
lambdas = [
{
name = "webhook"
tag = "v0.3.0"
tag = "v0.5.0"
},
{
name = "runners"
tag = "v0.3.0"
tag = "v0.5.0"
},
{
name = "runner-binaries-syncer"
tag = "v0.3.0"
tag = "v0.5.0"
}
]
}
```

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

No requirements.

## Providers

| Name | Version |
| ---- | ------- |
| null | n/a |

## Inputs

| Name | Description | Type | Default | Required |
| ------- | ------------------------------------- | :----: | :-----: | :------: |
| lambdas | Name and tag for lambdas to download. | object | n/a | yes |
| Name | Description | Type | Default | Required |
| ------- | ------------------------------------- | --------------------------------------------------------------------------- | ------- | :------: |
| lambdas | Name and tag for lambdas to download. | <pre>list(object({<br> name = string<br> tag = string<br> }))</pre> | n/a | yes |

## Outputs

| Name | Description |
| ----- | ----------- |
| files | |
| files | n/a |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

Expand Down
2 changes: 2 additions & 0 deletions modules/runner-binaries-syncer/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,10 @@ No requirements.
| lambda\_schedule\_expression | Scheduler expression for action runner binary syncer. | `string` | `"cron(27 * * * ? *)"` | no |
| lambda\_timeout | Time out of the lambda in seconds. | `number` | `300` | no |
| lambda\_zip | File location of the lambda zip file. | `string` | `null` | no |
| logging\_retention\_in\_days | Specifies the number of days you want to retain log events for the lambda log group. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `7` | no |
| role\_path | The path that will be added to the role, if not set the environment name will be used. | `string` | `null` | no |
| role\_permissions\_boundary | Permissions boundary that will be added to the created role for the lambda. | `string` | `null` | no |
| runner\_allow\_prerelease\_binaries | Allow the runners to update to prerelease binaries. | `bool` | `false` | no |
| runner\_architecture | The platform architecture for the runner instance (x64, arm64), defaults to 'x64' | `string` | `"x64"` | no |
| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no |

Expand Down
17 changes: 10 additions & 7 deletions modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,16 +15,19 @@
"devDependencies": {
"@octokit/rest": "^18.0.3",
"@types/jest": "^26.0.9",
"@types/node": "^14.0.27",
"@types/node": "^14.6.0",
"@types/request": "^2.48.4",
"@typescript-eslint/eslint-plugin": "^2.30.0",
"@typescript-eslint/parser": "^2.30.0",
"@typescript-eslint/eslint-plugin": "^3.10.0",
"@typescript-eslint/parser": "^3.9.0",
"@zeit/ncc": "^0.22.1",
"aws-sdk": "^2.729.0",
"aws-sdk": "^2.739.0",
"eslint": "^6.8.0",
"jest": "^26.1.0",
"ts-jest": "^26.1.2",
"ts-node-dev": "^1.0.0-pre.51",
"jest": "^26.4.2",
"ts-jest": "^26.2.0",
"ts-node-dev": "^1.0.0-pre.60",
"typescript": "^3.9.6"
},
"dependencies": {
"yn": "^4.0.0"
}
}
1 change: 1 addition & 0 deletions modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/src/lambda.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import { handle } from './syncer/handler';

// eslint-disable-next-line
module.exports.handler = async (event: any, context: any, callback: any): Promise<any> => {
await handle();
return callback();
Expand Down
Loading

0 comments on commit 1bedcfa

Please sign in to comment.