diff --git a/LICENSE b/LICENSE index 8e35e01d..e1d27b23 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2023 Pepperize UG (haftungsbeschränkt) +Copyright (c) 2024 Pepperize UG (haftungsbeschränkt) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/src/runner/manager.ts b/src/runner/manager.ts index dcf4af18..77a0fb9c 100644 --- a/src/runner/manager.ts +++ b/src/runner/manager.ts @@ -201,12 +201,23 @@ export class GitlabRunnerAutoscalingManager extends Construct { }, ], }), + ECRLogin: PolicyDocument.fromJson({ + Version: "2012-10-17", + Statement: [ + { + Effect: "Allow", + Action: ["ecr:BatchGetImage", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer"], + Resource: "*", + }, + ], + }), }, }); this.userData = UserData.forLinux({}); this.userData.addCommands( - `yum update -y aws-cfn-bootstrap` // !/bin/bash -xe + `yum update -y aws-cfn-bootstrap`, // !/bin/bash -xe + `yum install -y amazon-ecr-credential-helper` ); // https://github.com/awslabs/amazon-ecr-credential-helper diff --git a/test/runner/__snapshots__/manager.test.ts.snap b/test/runner/__snapshots__/manager.test.ts.snap index 84c96130..407a5407 100644 --- a/test/runner/__snapshots__/manager.test.ts.snap +++ b/test/runner/__snapshots__/manager.test.ts.snap @@ -238,6 +238,23 @@ Object { }, "PolicyName": "Runners", }, + Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "ecr:BatchGetImage", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "ECRLogin", + }, ], }, "Type": "AWS::IAM::Role", diff --git a/test/runner/__snapshots__/runner.test.ts.snap b/test/runner/__snapshots__/runner.test.ts.snap index a6b03c05..5ba9a4fb 100644 --- a/test/runner/__snapshots__/runner.test.ts.snap +++ b/test/runner/__snapshots__/runner.test.ts.snap @@ -553,6 +553,7 @@ token = \\"", Array [ "#!/bin/bash yum update -y aws-cfn-bootstrap +yum install -y amazon-ecr-credential-helper # fingerprint: f928611447f57f37 ( set +e @@ -754,6 +755,23 @@ yum update -y aws-cfn-bootstrap }, "PolicyName": "Runners", }, + Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "ecr:BatchGetImage", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "ECRLogin", + }, ], }, "Type": "AWS::IAM::Role", @@ -1761,6 +1779,7 @@ token = \\"", Array [ "#!/bin/bash yum update -y aws-cfn-bootstrap +yum install -y amazon-ecr-credential-helper # fingerprint: 8d35c76383269b1a ( set +e @@ -1962,6 +1981,23 @@ yum update -y aws-cfn-bootstrap }, "PolicyName": "Runners", }, + Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "ecr:BatchGetImage", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "ECRLogin", + }, ], }, "Type": "AWS::IAM::Role", @@ -3325,6 +3361,7 @@ token = \\"", Array [ "#!/bin/bash yum update -y aws-cfn-bootstrap +yum install -y amazon-ecr-credential-helper # fingerprint: 7a9eacc3e399a1c8 ( set +e @@ -3528,6 +3565,23 @@ yum update -y aws-cfn-bootstrap }, "PolicyName": "Runners", }, + Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "ecr:BatchGetImage", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "ECRLogin", + }, ], }, "Type": "AWS::IAM::Role", @@ -4872,6 +4926,7 @@ token = \\"", Array [ "#!/bin/bash yum update -y aws-cfn-bootstrap +yum install -y amazon-ecr-credential-helper # fingerprint: fe8cb4550968c746 ( set +e @@ -5064,6 +5119,23 @@ yum update -y aws-cfn-bootstrap }, "PolicyName": "Runners", }, + Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": Array [ + "ecr:BatchGetImage", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + ], + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "ECRLogin", + }, ], }, "Type": "AWS::IAM::Role",