Skip to content

Commit 55f332b

Browse files
authored
Merge branch 'main' into reject_user_action_when_org_enabled_v2
2 parents 10576a3 + 40cfba7 commit 55f332b

File tree

20 files changed

+1061
-866
lines changed

20 files changed

+1061
-866
lines changed

.github/workflows/stale.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
stale-pr-message: >
1919
This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed if no further activity occurs. Thank you for your contributions.
2020
21-
days-before-stale: 30
22-
days-before-close: 10
21+
days-before-stale: 90
22+
days-before-close: 14
2323
close-issue-label: "abandoned"
2424
exempt-issue-labels: "stale:exempt"

CHANGELOG.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,20 @@
11
# Changelog
22

3+
## [5.11.0](https://github.com/philips-labs/terraform-aws-github-runner/compare/v5.10.4...v5.11.0) (2024-05-22)
4+
5+
6+
### Features
7+
8+
* add variable to configure ebs optimization for runner instances ([479b779](https://github.com/philips-labs/terraform-aws-github-runner/commit/479b779a71c77a62dd28d247f8a74cb75ce083f0))
9+
* add variable to configure ebs optimization for runner instances ([#3901](https://github.com/philips-labs/terraform-aws-github-runner/issues/3901)) ([479b779](https://github.com/philips-labs/terraform-aws-github-runner/commit/479b779a71c77a62dd28d247f8a74cb75ce083f0))
10+
* Restrict instance SSM permissions ([#3918](https://github.com/philips-labs/terraform-aws-github-runner/issues/3918)) ([9399cf2](https://github.com/philips-labs/terraform-aws-github-runner/commit/9399cf29bec963dfa305f367f37c098a76130371))
11+
12+
13+
### Bug Fixes
14+
15+
* adding missing permissions to boundaries ([#3873](https://github.com/philips-labs/terraform-aws-github-runner/issues/3873)) ([93e8d27](https://github.com/philips-labs/terraform-aws-github-runner/commit/93e8d2746b647539212dbc65887ec748a1d734b7))
16+
* **lambda:** bump the aws group across 1 directory with 6 updates ([#3907](https://github.com/philips-labs/terraform-aws-github-runner/issues/3907)) ([50dda9a](https://github.com/philips-labs/terraform-aws-github-runner/commit/50dda9a465229bdb8d106e7ebc5d5b1de115a286))
17+
318
## [5.10.4](https://github.com/philips-labs/terraform-aws-github-runner/compare/v5.10.3...v5.10.4) (2024-05-06)
419

520

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -214,6 +214,7 @@ Talk to the forestkeepers in the `runners-channel` on Slack.
214214
| <a name="input_runner_name_prefix"></a> [runner\_name\_prefix](#input\_runner\_name\_prefix) | The prefix used for the GitHub runner name. The prefix will be used in the default start script to prefix the instance name when register the runner in GitHub. The value is availabe via an EC2 tag 'ghr:runner\_name\_prefix'. | `string` | `""` | no |
215215
| <a name="input_runner_os"></a> [runner\_os](#input\_runner\_os) | The EC2 Operating System type to use for action runner instances (linux,windows). | `string` | `"linux"` | no |
216216
| <a name="input_runner_run_as"></a> [runner\_run\_as](#input\_runner\_run\_as) | Run the GitHub actions agent as user. | `string` | `"ec2-user"` | no |
217+
| <a name="input_runners_ebs_optimized"></a> [runners\_ebs\_optimized](#input\_runners\_ebs\_optimized) | Enable EBS optimization for the runner instances. | `bool` | `false` | no |
217218
| <a name="input_runners_lambda_s3_key"></a> [runners\_lambda\_s3\_key](#input\_runners\_lambda\_s3\_key) | S3 key for runners lambda function. Required if using S3 bucket to specify lambdas. | `string` | `null` | no |
218219
| <a name="input_runners_lambda_s3_object_version"></a> [runners\_lambda\_s3\_object\_version](#input\_runners\_lambda\_s3\_object\_version) | S3 object version for runners lambda function. Useful if S3 versioning is enabled on source bucket. | `string` | `null` | no |
219220
| <a name="input_runners_lambda_zip"></a> [runners\_lambda\_zip](#input\_runners\_lambda\_zip) | File location of the lambda zip file for scaling runners. | `string` | `null` | no |

lambdas/functions/ami-housekeeper/package.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
"@types/jest": "^29.5.12",
2222
"@types/node": "^20.8.9",
2323
"@typescript-eslint/eslint-plugin": "^7.4.0",
24-
"@typescript-eslint/parser": "^6.21.0",
24+
"@typescript-eslint/parser": "^7.9.0",
2525
"@vercel/ncc": "^0.38.1",
2626
"aws-sdk-client-mock": "^3.0.0",
2727
"aws-sdk-client-mock-jest": "^3.0.0",
@@ -37,8 +37,8 @@
3737
"ts-node-dev": "^2.0.0"
3838
},
3939
"dependencies": {
40-
"@aws-sdk/client-ec2": "^3.568.0",
41-
"@aws-sdk/client-ssm": "^3.568.0",
40+
"@aws-sdk/client-ec2": "^3.575.0",
41+
"@aws-sdk/client-ssm": "^3.575.0",
4242
"@aws-sdk/types": "^3.433.0",
4343
"@terraform-aws-github-runner/aws-powertools-util": "*",
4444
"@terraform-aws-github-runner/aws-ssm-util": "*",

lambdas/functions/control-plane/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
"@types/jest": "^29.5.12",
2222
"@types/node": "^20.8.9",
2323
"@typescript-eslint/eslint-plugin": "^7.4.0",
24-
"@typescript-eslint/parser": "^6.21.0",
24+
"@typescript-eslint/parser": "^7.9.0",
2525
"@vercel/ncc": "^0.38.1",
2626
"aws-sdk-client-mock": "^3.0.0",
2727
"aws-sdk-client-mock-jest": "^3.0.0",
@@ -38,7 +38,7 @@
3838
"ts-node-dev": "^2.0.0"
3939
},
4040
"dependencies": {
41-
"@aws-sdk/client-ec2": "^3.568.0",
41+
"@aws-sdk/client-ec2": "^3.575.0",
4242
"@aws-sdk/types": "^3.433.0",
4343
"@middy/core": "^4.7.0",
4444
"@octokit/auth-app": "6.0.3",

lambdas/functions/control-plane/src/scale-runners/scale-up.test.ts

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -348,6 +348,12 @@ describe('scaleUp with GHES', () => {
348348
Name: '/github-action-runners/default/runners/config/i-12345',
349349
Value: 'TEST_JIT_CONFIG_ORG',
350350
Type: 'SecureString',
351+
Tags: [
352+
{
353+
Key: 'InstanceId',
354+
Value: 'i-12345',
355+
},
356+
],
351357
});
352358
});
353359

@@ -363,6 +369,12 @@ describe('scaleUp with GHES', () => {
363369
'--url https://github.enterprise.something/Codertocat --token 1234abcd ' +
364370
'--labels label1,label2 --runnergroup Default',
365371
Type: 'SecureString',
372+
Tags: [
373+
{
374+
Key: 'InstanceId',
375+
Value: 'i-12345',
376+
},
377+
],
366378
});
367379
});
368380
it.each(RUNNER_TYPES)(
@@ -718,6 +730,12 @@ describe('scaleUp with public GH', () => {
718730
Name: '/github-action-runners/default/runners/config/i-12345',
719731
Value: 'TEST_JIT_CONFIG_REPO',
720732
Type: 'SecureString',
733+
Tags: [
734+
{
735+
Key: 'InstanceId',
736+
Value: 'i-12345',
737+
},
738+
],
721739
});
722740
});
723741

@@ -734,6 +752,12 @@ describe('scaleUp with public GH', () => {
734752
Name: '/github-action-runners/default/runners/config/i-12345',
735753
Value: '--url https://github.com/Codertocat/hello-world --token 1234abcd --ephemeral',
736754
Type: 'SecureString',
755+
Tags: [
756+
{
757+
Key: 'InstanceId',
758+
Value: 'i-12345',
759+
},
760+
],
737761
});
738762
});
739763

@@ -751,6 +775,12 @@ describe('scaleUp with public GH', () => {
751775
Name: '/github-action-runners/default/runners/config/i-12345',
752776
Value: '--url https://github.com/Codertocat/hello-world --token 1234abcd --labels jit',
753777
Type: 'SecureString',
778+
Tags: [
779+
{
780+
Key: 'InstanceId',
781+
Value: 'i-12345',
782+
},
783+
],
754784
});
755785
});
756786

lambdas/functions/control-plane/src/scale-runners/scale-up.ts

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -376,7 +376,9 @@ async function createRegistrationTokenConfig(
376376
});
377377

378378
for (const instance of instances) {
379-
await putParameter(`${githubRunnerConfig.ssmTokenPath}/${instance}`, runnerServiceConfig.join(' '), true);
379+
await putParameter(`${githubRunnerConfig.ssmTokenPath}/${instance}`, runnerServiceConfig.join(' '), true, {
380+
tags: [{ Key: 'InstanceId', Value: instance }],
381+
});
380382
if (isDelay) {
381383
// Delay to prevent AWS ssm rate limits by being within the max throughput limit
382384
await delay(25);
@@ -419,7 +421,9 @@ async function createJitConfig(githubRunnerConfig: CreateGitHubRunnerConfig, ins
419421
logger.debug('Runner JIT config for ephemeral runner generated.', {
420422
instance: instance,
421423
});
422-
await putParameter(`${githubRunnerConfig.ssmTokenPath}/${instance}`, runnerConfig.data.encoded_jit_config, true);
424+
await putParameter(`${githubRunnerConfig.ssmTokenPath}/${instance}`, runnerConfig.data.encoded_jit_config, true, {
425+
tags: [{ Key: 'InstanceId', Value: instance }],
426+
});
423427
if (isDelay) {
424428
// Delay to prevent AWS ssm rate limits by being within the max throughput limit
425429
await delay(25);

lambdas/functions/gh-agent-syncer/package.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
"@types/node": "^20.8.9",
2424
"@types/request": "^2.48.11",
2525
"@typescript-eslint/eslint-plugin": "^7.4.0",
26-
"@typescript-eslint/parser": "^6.21.0",
26+
"@typescript-eslint/parser": "^7.9.0",
2727
"@vercel/ncc": "^0.38.1",
2828
"aws-sdk-client-mock": "^3.0.0",
2929
"aws-sdk-client-mock-jest": "^3.0.0",
@@ -37,8 +37,8 @@
3737
"typescript": "^5.4.5"
3838
},
3939
"dependencies": {
40-
"@aws-sdk/client-s3": "^3.568.0",
41-
"@aws-sdk/lib-storage": "^3.568.0",
40+
"@aws-sdk/client-s3": "^3.575.0",
41+
"@aws-sdk/lib-storage": "^3.575.0",
4242
"@aws-sdk/types": "^3.433.0",
4343
"@middy/core": "^4.7.0",
4444
"@terraform-aws-github-runner/aws-powertools-util": "*",

lambdas/functions/termination-watcher/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
"@types/jest": "^29.5.6",
2020
"@types/node": "^20.8.9",
2121
"@typescript-eslint/eslint-plugin": "^7.4.0",
22-
"@typescript-eslint/parser": "^6.21.0",
22+
"@typescript-eslint/parser": "^7.9.0",
2323
"@vercel/ncc": "^0.38.1",
2424
"aws-sdk-client-mock": "^3.0.0",
2525
"aws-sdk-client-mock-jest": "^3.0.0",
@@ -35,7 +35,7 @@
3535
"ts-node-dev": "^2.0.0"
3636
},
3737
"dependencies": {
38-
"@aws-sdk/client-ec2": "^3.568.0",
38+
"@aws-sdk/client-ec2": "^3.575.0",
3939
"@aws-sdk/types": "^3.433.0",
4040
"@middy/core": "^4.7.0",
4141
"@terraform-aws-github-runner/aws-powertools-util": "*",

lambdas/functions/webhook/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
"@types/jest": "^29.5.12",
2424
"@types/node": "^20.8.9",
2525
"@typescript-eslint/eslint-plugin": "^7.4.0",
26-
"@typescript-eslint/parser": "^6.21.0",
26+
"@typescript-eslint/parser": "^7.9.0",
2727
"@vercel/ncc": "0.38.1",
2828
"body-parser": "^1.20.2",
2929
"eslint": "^8.56.0",
@@ -38,7 +38,7 @@
3838
"typescript": "^5.4.5"
3939
},
4040
"dependencies": {
41-
"@aws-sdk/client-sqs": "^3.568.0",
41+
"@aws-sdk/client-sqs": "^3.575.0",
4242
"@middy/core": "^4.7.0",
4343
"@octokit/rest": "^20.0.1",
4444
"@octokit/types": "^12.5.0",

lambdas/libs/aws-powertools-util/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
"@types/jest": "^29.5.12",
2222
"@types/node": "^20.8.9",
2323
"@typescript-eslint/eslint-plugin": "^7.4.0",
24-
"@typescript-eslint/parser": "^6.21.0",
24+
"@typescript-eslint/parser": "^7.9.0",
2525
"@vercel/ncc": "0.38.1",
2626
"body-parser": "^1.20.2",
2727
"eslint": "^8.56.0",

lambdas/libs/aws-ssm-util/package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
"@types/jest": "^29.5.12",
2222
"@types/node": "^20.8.9",
2323
"@typescript-eslint/eslint-plugin": "^7.4.0",
24-
"@typescript-eslint/parser": "^6.21.0",
24+
"@typescript-eslint/parser": "^7.9.0",
2525
"@vercel/ncc": "0.38.1",
2626
"body-parser": "^1.20.2",
2727
"eslint": "^8.56.0",
@@ -36,7 +36,7 @@
3636
"typescript": "^5.4.5"
3737
},
3838
"dependencies": {
39-
"@aws-sdk/client-ssm": "^3.568.0",
39+
"@aws-sdk/client-ssm": "^3.575.0",
4040
"@aws-sdk/types": "^3.433.0",
4141
"@terraform-aws-github-runner/aws-powertools-util": "*"
4242
},
Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { GetParameterCommand, PutParameterCommand, SSMClient } from '@aws-sdk/client-ssm';
1+
import { GetParameterCommand, PutParameterCommand, SSMClient, Tag } from '@aws-sdk/client-ssm';
22
import { getTracedAWSV3Client } from '@terraform-aws-github-runner/aws-powertools-util';
33

44
export async function getParameter(parameter_name: string): Promise<string> {
@@ -7,13 +7,19 @@ export async function getParameter(parameter_name: string): Promise<string> {
77
?.Value as string;
88
}
99

10-
export async function putParameter(parameter_name: string, parameter_value: string, secure: boolean): Promise<void> {
10+
export async function putParameter(
11+
parameter_name: string,
12+
parameter_value: string,
13+
secure: boolean,
14+
options: { tags?: Tag[] } = {},
15+
): Promise<void> {
1116
const client = getTracedAWSV3Client(new SSMClient({ region: process.env.AWS_REGION }));
1217
await client.send(
1318
new PutParameterCommand({
1419
Name: parameter_name,
1520
Value: parameter_value,
1621
Type: secure ? 'SecureString' : 'String',
22+
Tags: options.tags,
1723
}),
1824
);
1925
}

0 commit comments

Comments
 (0)