From c69b16d2005ef46c211486ca878a610d70fb279b Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Fri, 4 Dec 2020 09:46:50 +0100 Subject: [PATCH] Release v0.7.0 --- CHANGELOG.md | 12 +- README.md | 112 +++++++++--------- examples/default/lambdas-download/main.tf | 6 +- .../lambdas-download/main.tf | 6 +- modules/download-lambda/README.md | 22 ++-- 5 files changed, 84 insertions(+), 74 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d95d427f13..f5da0f7a9e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] + +## [0.7.0] - 2020-12-04 +### Changed +- Small clarifications in the README #368 @lrytz + +### Added +- Allow operator to pass in a list of managed IAM policy ARNs for the runner role #361 @jpalomaki +- expand options for sourcing lambda to include S3 #292 @eky5006 + ## [0.6.0] - 2020-10-10 ### Added @@ -81,7 +90,8 @@ terraform import module.runners.module.webhook.aws_cloudwatch_log_group.webhook - First release. -[unreleased]: https://github.com/philips-labs/terraform-aws-github-runner/compare/v0.6.0..HEAD +[unreleased]: https://github.com/philips-labs/terraform-aws-github-runner/compare/v0.7.0..HEAD +[0.7.0]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.6.0..v0.7.0 [0.6.0]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.5.0..v0.6.0 [0.5.0]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.4.0..v0.5.0 [0.4.0]: https://github.com/philips-labs/terraform-aws-github-runner/releases/tag/v0.3.0..v0.4.0 diff --git a/README.md b/README.md index c5f181334c..c4d5339df3 100644 --- a/README.md +++ b/README.md @@ -126,7 +126,7 @@ Note that `github_app.key_base64` needs to be the base64-encoded `.pem` file, i. ```terraform module "github-runner" { source = "philips-labs/github-runner/aws" - version = "0.6.0" + version = "0.7.0" aws_region = "eu-west-1" vpc_id = "vpc-123" @@ -285,67 +285,67 @@ No requirements. ## Providers -| Name | Version | -|------|---------| -| aws | n/a | -| random | n/a | +| Name | Version | +| ------ | ------- | +| aws | n/a | +| random | n/a | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| ami\_filter | List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used. | `map(list(string))` | `{}` | no | -| ami\_owners | The list of owners used to select the AMI of action runner instances. | `list(string)` | 
[
  "amazon"
]
| no | -| aws\_region | AWS region. | `string` | n/a | yes | -| block\_device\_mappings | The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no | -| create\_service\_linked\_role\_spot | (optional) create the serviced linked role for spot instances that is required by the scale-up lambda. | `bool` | `false` | no | -| enable\_organization\_runners | n/a | `bool` | n/a | yes | -| enable\_ssm\_on\_runners | Enable to allow access the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. | `bool` | `false` | no | -| encrypt\_secrets | Encrypt secret variables for lambda's such as secrets and private keys. | `bool` | `true` | no | -| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | -| github\_app | GitHub app parameters, see your github app. Ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`). | 
object({
    key_base64     = string
    id             = string
    client_id      = string
    client_secret  = string
    webhook_secret = string
  })
| n/a | yes | -| idle\_config | List of time period that can be defined as cron expression to keep a minimum amount of runners active instead of scaling down to 0. By defining this list you can ensure that in time periods that match the cron expression within 5 seconds a runner is kept idle. | 
list(object({
    cron      = string
    timeZone  = string
    idleCount = number
  }))
| `[]` | no | -| instance\_profile\_path | The path that will be added to the instance\_profile, if not set the environment name will be used. | `string` | `null` | no | -| instance\_type | Instance type for the action runner. | `string` | `"m5.large"` | no | -| kms\_key\_id | Custom KMS key to encrypted lambda secrets, if not provided and `encrypt_secrets` = `true` a KMS key will be created by the module. Secrets will be encrypted with a context `Environment = var.environment`. | `string` | `null` | no | -| lambda\_s3\_bucket | S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly. | `any` | `null` | no | -| logging\_retention\_in\_days | Specifies the number of days you want to retain log events for the lambda log group. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `7` | no | -| manage\_kms\_key | Let the module manage the KMS key. | `bool` | `true` | no | -| minimum\_running\_time\_in\_minutes | The time an ec2 action runner should be running at minimum before terminated if non busy. | `number` | `5` | no | -| role\_path | The path that will be added to role path for created roles, if not set the environment name will be used. | `string` | `null` | no | -| role\_permissions\_boundary | Permissions boundary that will be added to the created roles. | `string` | `null` | no | -| runner\_allow\_prerelease\_binaries | Allow the runners to update to prerelease binaries. | `bool` | `false` | no | -| runner\_as\_root | Run the action runner under the root user. | `bool` | `false` | no | -| runner\_binaries\_syncer\_lambda\_timeout | Time out of the binaries sync lambda in seconds. | `number` | `300` | no | -| runner\_binaries\_syncer\_lambda\_zip | File location of the binaries sync lambda zip file. | `string` | `null` | no | -| runner\_extra\_labels | Extra labels for the runners (GitHub). Separate each label by a comma | `string` | `""` | no | -| runners\_lambda\_s3\_key | S3 key for runners lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no | -| runners\_lambda\_s3\_object\_version | S3 object version for runners lambda function. Useful if S3 versioning is enabled on source bucket. | `any` | `null` | no | -| runners\_lambda\_zip | File location of the lambda zip file for scaling runners. | `string` | `null` | no | -| runners\_maximum\_count | The maximum number of runners that will be created. | `number` | `3` | no | -| runners\_scale\_down\_lambda\_timeout | Time out for the scale up lambda in seconds. | `number` | `60` | no | -| runners\_scale\_up\_lambda\_timeout | Time out for the scale down lambda in seconds. | `number` | `60` | no | -| scale\_down\_schedule\_expression | Scheduler expression to check every x for scale down. | `string` | `"cron(*/5 * * * ? *)"` | no | -| subnet\_ids | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | n/a | yes | -| syncer\_lambda\_s3\_key | S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no | -| syncer\_lambda\_s3\_object\_version | S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. | `any` | `null` | no | -| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no | -| userdata\_post\_install | Script to be ran after the GitHub Actions runner is installed on the EC2 instances | `string` | `""` | no | -| userdata\_pre\_install | Script to be ran before the GitHub Actions runner is installed on the EC2 instances | `string` | `""` | no | -| userdata\_template | Alternative user-data template, replacing the default template. By providing your own user\_data you have to take care of installing all required software, including the action runner. Variables userdata\_pre/post\_install are ignored. | `string` | `null` | no | -| vpc\_id | The VPC for security groups of the action runners. | `string` | n/a | yes | -| webhook\_lambda\_s3\_key | S3 key for webhook lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no | -| webhook\_lambda\_s3\_object\_version | S3 object version for webhook lambda function. Useful if S3 versioning is enabled on source bucket. | `any` | `null` | no | -| webhook\_lambda\_timeout | Time out of the webhook lambda in seconds. | `number` | `10` | no | -| webhook\_lambda\_zip | File location of the webhook lambda zip file. | `string` | `null` | no | +| Name | Description | Type | Default | Required | +| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | :------: | +| ami\_filter | List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used. | `map(list(string))` | `{}` | no | +| ami\_owners | The list of owners used to select the AMI of action runner instances. | `list(string)` | 
[
  "amazon"
]
| no | +| aws\_region | AWS region. | `string` | n/a | yes | +| block\_device\_mappings | The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no | +| create\_service\_linked\_role\_spot | (optional) create the serviced linked role for spot instances that is required by the scale-up lambda. | `bool` | `false` | no | +| enable\_organization\_runners | n/a | `bool` | n/a | yes | +| enable\_ssm\_on\_runners | Enable to allow access the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. | `bool` | `false` | no | +| encrypt\_secrets | Encrypt secret variables for lambda's such as secrets and private keys. | `bool` | `true` | no | +| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | +| github\_app | GitHub app parameters, see your github app. Ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`). | 
object({
    key_base64     = string
    id             = string
    client_id      = string
    client_secret  = string
    webhook_secret = string
  })
| n/a | yes | +| idle\_config | List of time period that can be defined as cron expression to keep a minimum amount of runners active instead of scaling down to 0. By defining this list you can ensure that in time periods that match the cron expression within 5 seconds a runner is kept idle. | 
list(object({
    cron      = string
    timeZone  = string
    idleCount = number
  }))
| `[]` | no | +| instance\_profile\_path | The path that will be added to the instance\_profile, if not set the environment name will be used. | `string` | `null` | no | +| instance\_type | Instance type for the action runner. | `string` | `"m5.large"` | no | +| kms\_key\_id | Custom KMS key to encrypted lambda secrets, if not provided and `encrypt_secrets` = `true` a KMS key will be created by the module. Secrets will be encrypted with a context `Environment = var.environment`. | `string` | `null` | no | +| lambda\_s3\_bucket | S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly. | `any` | `null` | no | +| logging\_retention\_in\_days | Specifies the number of days you want to retain log events for the lambda log group. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `7` | no | +| manage\_kms\_key | Let the module manage the KMS key. | `bool` | `true` | no | +| minimum\_running\_time\_in\_minutes | The time an ec2 action runner should be running at minimum before terminated if non busy. | `number` | `5` | no | +| role\_path | The path that will be added to role path for created roles, if not set the environment name will be used. | `string` | `null` | no | +| role\_permissions\_boundary | Permissions boundary that will be added to the created roles. | `string` | `null` | no | +| runner\_allow\_prerelease\_binaries | Allow the runners to update to prerelease binaries. | `bool` | `false` | no | +| runner\_as\_root | Run the action runner under the root user. | `bool` | `false` | no | +| runner\_binaries\_syncer\_lambda\_timeout | Time out of the binaries sync lambda in seconds. | `number` | `300` | no | +| runner\_binaries\_syncer\_lambda\_zip | File location of the binaries sync lambda zip file. | `string` | `null` | no | +| runner\_extra\_labels | Extra labels for the runners (GitHub). Separate each label by a comma | `string` | `""` | no | +| runners\_lambda\_s3\_key | S3 key for runners lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no | +| runners\_lambda\_s3\_object\_version | S3 object version for runners lambda function. Useful if S3 versioning is enabled on source bucket. | `any` | `null` | no | +| runners\_lambda\_zip | File location of the lambda zip file for scaling runners. | `string` | `null` | no | +| runners\_maximum\_count | The maximum number of runners that will be created. | `number` | `3` | no | +| runners\_scale\_down\_lambda\_timeout | Time out for the scale up lambda in seconds. | `number` | `60` | no | +| runners\_scale\_up\_lambda\_timeout | Time out for the scale down lambda in seconds. | `number` | `60` | no | +| scale\_down\_schedule\_expression | Scheduler expression to check every x for scale down. | `string` | `"cron(*/5 * * * ? *)"` | no | +| subnet\_ids | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | n/a | yes | +| syncer\_lambda\_s3\_key | S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no | +| syncer\_lambda\_s3\_object\_version | S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. | `any` | `null` | no | +| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no | +| userdata\_post\_install | Script to be ran after the GitHub Actions runner is installed on the EC2 instances | `string` | `""` | no | +| userdata\_pre\_install | Script to be ran before the GitHub Actions runner is installed on the EC2 instances | `string` | `""` | no | +| userdata\_template | Alternative user-data template, replacing the default template. By providing your own user\_data you have to take care of installing all required software, including the action runner. Variables userdata\_pre/post\_install are ignored. | `string` | `null` | no | +| vpc\_id | The VPC for security groups of the action runners. | `string` | n/a | yes | +| webhook\_lambda\_s3\_key | S3 key for webhook lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no | +| webhook\_lambda\_s3\_object\_version | S3 object version for webhook lambda function. Useful if S3 versioning is enabled on source bucket. | `any` | `null` | no | +| webhook\_lambda\_timeout | Time out of the webhook lambda in seconds. | `number` | `10` | no | +| webhook\_lambda\_zip | File location of the webhook lambda zip file. | `string` | `null` | no | ## Outputs -| Name | Description | -|------|-------------| -| binaries\_syncer | n/a | -| runners | n/a | -| webhook | n/a | +| Name | Description | +| ---------------- | ----------- | +| binaries\_syncer | n/a | +| runners | n/a | +| webhook | n/a | diff --git a/examples/default/lambdas-download/main.tf b/examples/default/lambdas-download/main.tf index 798bb5e6e4..a5136d4ba4 100644 --- a/examples/default/lambdas-download/main.tf +++ b/examples/default/lambdas-download/main.tf @@ -3,15 +3,15 @@ module "lambdas" { lambdas = [ { name = "webhook" - tag = "v0.6.0" + tag = "v0.7.0" }, { name = "runners" - tag = "v0.6.0" + tag = "v0.7.0" }, { name = "runner-binaries-syncer" - tag = "v0.6.0" + tag = "v0.7.0" } ] } diff --git a/examples/permissions-boundary/lambdas-download/main.tf b/examples/permissions-boundary/lambdas-download/main.tf index 798bb5e6e4..a5136d4ba4 100644 --- a/examples/permissions-boundary/lambdas-download/main.tf +++ b/examples/permissions-boundary/lambdas-download/main.tf @@ -3,15 +3,15 @@ module "lambdas" { lambdas = [ { name = "webhook" - tag = "v0.6.0" + tag = "v0.7.0" }, { name = "runners" - tag = "v0.6.0" + tag = "v0.7.0" }, { name = "runner-binaries-syncer" - tag = "v0.6.0" + tag = "v0.7.0" } ] } diff --git a/modules/download-lambda/README.md b/modules/download-lambda/README.md index 26bb0208fd..706f1ccf43 100644 --- a/modules/download-lambda/README.md +++ b/modules/download-lambda/README.md @@ -10,15 +10,15 @@ module "lambdas" { lambdas = [ { name = "webhook" - tag = "v0.6.0" + tag = "v0.7.0" }, { name = "runners" - tag = "v0.6.0" + tag = "v0.7.0" }, { name = "runner-binaries-syncer" - tag = "v0.6.0" + tag = "v0.7.0" } ] } @@ -32,20 +32,20 @@ No requirements. ## Providers | Name | Version | -|------|---------| -| null | n/a | +| ---- | ------- | +| null | n/a | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| lambdas | Name and tag for lambdas to download. | 
list(object({
    name = string
    tag  = string
  }))
| n/a | yes | +| Name | Description | Type | Default | Required | +| ------- | ------------------------------------- | --------------------------------------------------------------------------- | ------- | :------: | +| lambdas | Name and tag for lambdas to download. | 
list(object({
    name = string
    tag  = string
  }))
| n/a | yes | ## Outputs -| Name | Description | -|------|-------------| -| files | n/a | +| Name | Description | +| ----- | ----------- | +| files | n/a |