diff --git a/README.md b/README.md index 2ee2d7f50b..4d4491053c 100644 --- a/README.md +++ b/README.md @@ -318,6 +318,24 @@ No requirements. | aws | n/a | | random | n/a | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| runner_binaries | ./modules/runner-binaries-syncer | | +| runners | ./modules/runners | | +| webhook | ./modules/webhook | | + +## Resources + +| Name | +|------| +| [aws_kms_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | +| [aws_kms_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | +| [aws_resourcegroups_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/resourcegroups_group) | +| [aws_sqs_queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | +| [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | + ## Inputs | Name | Description | Type | Default | Required | @@ -329,7 +347,7 @@ No requirements. | cloudwatch\_config | (optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details. | `string` | `null` | no | | create\_service\_linked\_role\_spot | (optional) create the serviced linked role for spot instances that is required by the scale-up lambda. | `bool` | `false` | no | | enable\_cloudwatch\_agent | Enabling the cloudwatch agent on the ec2 runner instances, the runner contains default config. Configuration can be overridden via `cloudwatch_config`. | `bool` | `true` | no | -| enable\_organization\_runners | n/a | `bool` | n/a | yes | +| enable\_organization\_runners | Register runners to organization, instead of repo level | `bool` | `false` | no | | enable\_ssm\_on\_runners | Enable to allow access the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. | `bool` | `false` | no | | encrypt\_secrets | Encrypt secret variables for lambda's such as secrets and private keys. | `bool` | `true` | no | | environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | @@ -337,11 +355,12 @@ No requirements. | github\_app | GitHub app parameters, see your github app. Ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`). |
object({
key_base64 = string
id = string
client_id = string
client_secret = string
webhook_secret = string
})
| n/a | yes | | idle\_config | List of time period that can be defined as cron expression to keep a minimum amount of runners active instead of scaling down to 0. By defining this list you can ensure that in time periods that match the cron expression within 5 seconds a runner is kept idle. |
list(object({
cron = string
timeZone = string
idleCount = number
}))
| `[]` | no | | instance\_profile\_path | The path that will be added to the instance\_profile, if not set the environment name will be used. | `string` | `null` | no | -| instance\_type | Instance type for the action runner. | `string` | `"m5.large"` | no | +| instance\_type | [DEPRECATED] See instance\_types. | `string` | `"m5.large"` | no | +| instance\_types | List of instance types for the action runner. | `set(string)` | `null` | no | | key\_name | Key pair name | `string` | `null` | no | | kms\_key\_id | Custom KMS key to encrypted lambda secrets, if not provided and `encrypt_secrets` = `true` a KMS key will be created by the module. Secrets will be encrypted with a context `Environment = var.environment`. | `string` | `null` | no | | lambda\_s3\_bucket | S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly. | `any` | `null` | no | -| lambda\_security\_group\_ids | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | `[]` | no | +| lambda\_security\_group\_ids | List of security group IDs associated with the Lambda function. | `list(string)` | `[]` | no | | lambda\_subnet\_ids | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | `[]` | no | | logging\_retention\_in\_days | Specifies the number of days you want to retain log events for the lambda log group. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. | `number` | `180` | no | | manage\_kms\_key | Let the module manage the KMS key. | `bool` | `true` | no | @@ -372,6 +391,7 @@ No requirements. | userdata\_post\_install | Script to be ran after the GitHub Actions runner is installed on the EC2 instances | `string` | `""` | no | | userdata\_pre\_install | Script to be ran before the GitHub Actions runner is installed on the EC2 instances | `string` | `""` | no | | userdata\_template | Alternative user-data template, replacing the default template. By providing your own user\_data you have to take care of installing all required software, including the action runner. Variables userdata\_pre/post\_install are ignored. | `string` | `null` | no | +| volume\_size | Size of runner volume | `number` | `30` | no | | vpc\_id | The VPC for security groups of the action runners. | `string` | n/a | yes | | webhook\_lambda\_s3\_key | S3 key for webhook lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no | | webhook\_lambda\_s3\_object\_version | S3 object version for webhook lambda function. Useful if S3 versioning is enabled on source bucket. | `any` | `null` | no | @@ -385,7 +405,6 @@ No requirements. | binaries\_syncer | n/a | | runners | n/a | | webhook | n/a | - ## Contribution diff --git a/modules/runner-binaries-syncer/README.md b/modules/runner-binaries-syncer/README.md index afff5f7d4b..a167e567de 100644 --- a/modules/runner-binaries-syncer/README.md +++ b/modules/runner-binaries-syncer/README.md @@ -75,7 +75,7 @@ No Modules. | environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | | lambda\_s3\_bucket | S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly. | `any` | `null` | no | | lambda\_schedule\_expression | Scheduler expression for action runner binary syncer. | `string` | `"cron(27 * * * ? *)"` | no | -| lambda\_security\_group\_ids | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | `[]` | no | +| lambda\_security\_group\_ids | List of security group IDs associated with the Lambda function. | `list(string)` | `[]` | no | | lambda\_subnet\_ids | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | `[]` | no | | lambda\_timeout | Time out of the lambda in seconds. | `number` | `300` | no | | lambda\_zip | File location of the lambda zip file. | `string` | `null` | no | diff --git a/modules/runner-binaries-syncer/variables.tf b/modules/runner-binaries-syncer/variables.tf index 30abf258f7..d2daafec3f 100644 --- a/modules/runner-binaries-syncer/variables.tf +++ b/modules/runner-binaries-syncer/variables.tf @@ -89,7 +89,7 @@ variable "lambda_subnet_ids" { } variable "lambda_security_group_ids" { - description = "List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`." + description = "List of security group IDs associated with the Lambda function." type = list(string) default = [] -} \ No newline at end of file +} diff --git a/modules/runners/README.md b/modules/runners/README.md index 4eef97d998..f29b1fb4eb 100644 --- a/modules/runners/README.md +++ b/modules/runners/README.md @@ -58,6 +58,33 @@ No requirements. |------|---------| | aws | n/a | +## Modules + +No Modules. + +## Resources + +| Name | +|------| +| [aws_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | +| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | +| [aws_cloudwatch_event_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | +| [aws_cloudwatch_event_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | +| [aws_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | +| [aws_iam_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | +| [aws_kms_ciphertext](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_ciphertext) | +| [aws_kms_grant](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_grant) | +| [aws_lambda_event_source_mapping](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | +| [aws_lambda_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | +| [aws_lambda_permission](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | +| [aws_launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | +| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | +| [aws_ssm_parameter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | + ## Inputs | Name | Description | Type | Default | Required | @@ -77,10 +104,11 @@ No requirements. | github\_app | GitHub app parameters, see your github app. Ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`). |
object({
key_base64 = string
id = string
client_id = string
client_secret = string
})
| n/a | yes | | idle\_config | List of time period that can be defined as cron expression to keep a minimum amount of runners active instead of scaling down to 0. By defining this list you can ensure that in time periods that match the cron expression within 5 seconds a runner is kept idle. |
list(object({
cron = string
timeZone = string
idleCount = number
}))
| `[]` | no | | instance\_profile\_path | The path that will be added to the instance\_profile, if not set the environment name will be used. | `string` | `null` | no | -| instance\_type | Default instance type for the action runner. | `string` | `"m5.large"` | no | +| instance\_type | [DEPRECATED] See instance\_types. | `string` | `"m5.large"` | no | +| instance\_types | List of instance types for the action runner. | `set(string)` | `null` | no | | key\_name | Key pair name | `string` | `null` | no | | lambda\_s3\_bucket | S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly. | `any` | `null` | no | -| lambda\_security\_group\_ids | List of subnets in which the lambda will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | `[]` | no | +| lambda\_security\_group\_ids | List of security group IDs associated with the Lambda function. | `list(string)` | `[]` | no | | lambda\_subnet\_ids | List of subnets in which the lambda will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | `[]` | no | | lambda\_timeout\_scale\_down | Time out for the scale down lambda in seconds. | `number` | `60` | no | | lambda\_timeout\_scale\_up | Time out for the scale up lambda in seconds. | `number` | `60` | no | @@ -110,6 +138,7 @@ No requirements. | userdata\_post\_install | User-data script snippet to insert after GitHub acton runner install | `string` | `""` | no | | userdata\_pre\_install | User-data script snippet to insert before GitHub acton runner install | `string` | `""` | no | | userdata\_template | Alternative user-data template, replacing the default template. By providing your own user\_data you have to take care of installing all required software, including the action runner. Variables userdata\_pre/post\_install are ignored. | `string` | `null` | no | +| volume\_size | Size of runner volume | `number` | `30` | no | | vpc\_id | The VPC for the security groups. | `string` | n/a | yes | ## Outputs @@ -122,7 +151,6 @@ No requirements. | role\_runner | n/a | | role\_scale\_down | n/a | | role\_scale\_up | n/a | - ## Philips Forest diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf index 0516f0b1e4..bc45150726 100644 --- a/modules/runners/variables.tf +++ b/modules/runners/variables.tf @@ -312,7 +312,7 @@ variable "lambda_subnet_ids" { } variable "lambda_security_group_ids" { - description = "List of subnets in which the lambda will be launched, the subnets needs to be subnets in the `vpc_id`." + description = "List of security group IDs associated with the Lambda function." type = list(string) default = [] } diff --git a/variables.tf b/variables.tf index 21773e9f25..2b914d5ffa 100644 --- a/variables.tf +++ b/variables.tf @@ -326,7 +326,7 @@ variable "lambda_subnet_ids" { } variable "lambda_security_group_ids" { - description = "List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`." + description = "List of security group IDs associated with the Lambda function." type = list(string) default = [] }