You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jan 16, 2025. It is now read-only.
| <aname="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter)| List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used. |`map(list(string))`|`{}`| no |
376
+
| <aname="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter)| List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used. |`map(list(string))`|`null`| no |
377
377
| <aname="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners)| The list of owners used to select the AMI of action runner instances. |`list(string)`| <pre>[<br> "amazon"<br>]</pre> | no |
| <aname="input_block_device_mappings"></a> [block\_device\_mappings](#input\_block\_device\_mappings)| The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`|`map(string)`|`{}`| no |
@@ -384,25 +384,27 @@ In case the setup does not work as intended follow the trace of events:
384
384
| <aname="input_enable_cloudwatch_agent"></a> [enable\_cloudwatch\_agent](#input\_enable\_cloudwatch\_agent)| Enabling the cloudwatch agent on the ec2 runner instances, the runner contains default config. Configuration can be overridden via `cloudwatch_config`. |`bool`|`true`| no |
385
385
| <aname="input_enable_organization_runners"></a> [enable\_organization\_runners](#input\_enable\_organization\_runners)| Register runners to organization, instead of repo level |`bool`|`false`| no |
386
386
| <aname="input_enable_ssm_on_runners"></a> [enable\_ssm\_on\_runners](#input\_enable\_ssm\_on\_runners)| Enable to allow access the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. |`bool`|`false`| no |
387
+
| <aname="input_enabled_userdata"></a> [enabled\_userdata](#input\_enabled\_userdata)| Should the userdata script be enabled for the runner. Set this to false if you are using your own prebuilt AMI |`bool`|`true`| no |
387
388
| <aname="input_environment"></a> [environment](#input\_environment)| A name that identifies the environment, used as prefix and for tagging. |`string`| n/a | yes |
388
389
| <aname="input_ghes_ssl_verify"></a> [ghes\_ssl\_verify](#input\_ghes\_ssl\_verify)| GitHub Enterprise SSL verification. Set to 'false' when custom certificate (chains) is used for GitHub Enterprise Server (insecure). |`bool`|`true`| no |
389
390
| <aname="input_ghes_url"></a> [ghes\_url](#input\_ghes\_url)| GitHub Enterprise Server URL. Example: https://github.internal.co - DO NOT SET IF USING PUBLIC GITHUB |`string`|`null`| no |
390
391
| <aname="input_github_app"></a> [github\_app](#input\_github\_app)| GitHub app parameters, see your github app. Ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`). | <pre>object({<br> key_base64 = string<br> id = string<br> webhook_secret = string<br> })</pre> | n/a | yes |
391
392
| <aname="input_idle_config"></a> [idle\_config](#input\_idle\_config)| List of time period that can be defined as cron expression to keep a minimum amount of runners active instead of scaling down to 0. By defining this list you can ensure that in time periods that match the cron expression within 5 seconds a runner is kept idle. | <pre>list(object({<br> cron = string<br> timeZone = string<br> idleCount = number<br> }))</pre> |`[]`| no |
392
393
| <aname="input_instance_profile_path"></a> [instance\_profile\_path](#input\_instance\_profile\_path)| The path that will be added to the instance\_profile, if not set the environment name will be used. |`string`|`null`| no |
393
394
| <aname="input_instance_type"></a> [instance\_type](#input\_instance\_type)|[DEPRECATED] See instance\_types. |`string`|`"m5.large"`| no |
394
-
| <aname="input_instance_types"></a> [instance\_types](#input\_instance\_types)| List of instance types for the action runner. |`list(string)`|`null`| no |
395
+
| <aname="input_instance_types"></a> [instance\_types](#input\_instance\_types)| List of instance types for the action runner. Defaults are based on runner\_os (amzn2 for linux and Windows Server Core for win). |`list(string)`|`null`| no |
395
396
| <aname="input_job_queue_retention_in_seconds"></a> [job\_queue\_retention\_in\_seconds](#input\_job\_queue\_retention\_in\_seconds)| The number of seconds the job is held in the queue before it is purged |`number`|`86400`| no |
396
397
| <aname="input_key_name"></a> [key\_name](#input\_key\_name)| Key pair name |`string`|`null`| no |
397
398
| <aname="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn)| Optional CMK Key ARN to be used for Parameter Store. This key must be in the current account. |`string`|`null`| no |
399
+
| <aname="input_lambda_principals"></a> [lambda\_principals](#input\_lambda\_principals)| (Optional) add extra principals to the role created for execution of the lambda, e.g. for local testing. | <pre>list(object({<br> type = string<br> identifiers = list(string)<br> }))</pre> |`[]`| no |
398
400
| <aname="input_lambda_s3_bucket"></a> [lambda\_s3\_bucket](#input\_lambda\_s3\_bucket)| S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly. |`any`|`null`| no |
399
401
| <aname="input_lambda_security_group_ids"></a> [lambda\_security\_group\_ids](#input\_lambda\_security\_group\_ids)| List of security group IDs associated with the Lambda function. |`list(string)`|`[]`| no |
400
402
| <aname="input_lambda_subnet_ids"></a> [lambda\_subnet\_ids](#input\_lambda\_subnet\_ids)| List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. |`list(string)`|`[]`| no |
401
403
| <aname="input_log_level"></a> [log\_level](#input\_log\_level)| Logging level for lambda logging. Valid values are 'silly', 'trace', 'debug', 'info', 'warn', 'error', 'fatal'. |`string`|`"info"`| no |
402
404
| <aname="input_log_type"></a> [log\_type](#input\_log\_type)| Logging format for lambda logging. Valid values are 'json', 'pretty', 'hidden'. |`string`|`"pretty"`| no |
403
405
| <aname="input_logging_retention_in_days"></a> [logging\_retention\_in\_days](#input\_logging\_retention\_in\_days)| Specifies the number of days you want to retain log events for the lambda log group. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. |`number`|`180`| no |
404
406
| <aname="input_market_options"></a> [market\_options](#input\_market\_options)| Market options for the action runner instances. Setting the value to `null` let the scaler create on-demand instances instead of spot instances. |`string`|`"spot"`| no |
405
-
| <aname="input_minimum_running_time_in_minutes"></a> [minimum\_running\_time\_in\_minutes](#input\_minimum\_running\_time\_in\_minutes)| The time an ec2 action runner should be running at minimum before terminated if not busy. |`number`|`5`| no |
407
+
| <aname="input_minimum_running_time_in_minutes"></a> [minimum\_running\_time\_in\_minutes](#input\_minimum\_running\_time\_in\_minutes)| The time an ec2 action runner should be running at minimum before terminated if not busy. |`number`|`null`| no |
406
408
| <aname="input_repository_white_list"></a> [repository\_white\_list](#input\_repository\_white\_list)| List of repositories allowed to use the github app |`list(string)`|`[]`| no |
407
409
| <aname="input_role_path"></a> [role\_path](#input\_role\_path)| The path that will be added to role path for created roles, if not set the environment name will be used. |`string`|`null`| no |
408
410
| <aname="input_role_permissions_boundary"></a> [role\_permissions\_boundary](#input\_role\_permissions\_boundary)| Permissions boundary that will be added to the created roles. |`string`|`null`| no |
@@ -418,8 +420,9 @@ In case the setup does not work as intended follow the trace of events:
418
420
| <aname="input_runner_extra_labels"></a> [runner\_extra\_labels](#input\_runner\_extra\_labels)| Extra labels for the runners (GitHub). Separate each label by a comma |`string`|`""`| no |
419
421
| <aname="input_runner_group_name"></a> [runner\_group\_name](#input\_runner\_group\_name)| Name of the runner group. |`string`|`"Default"`| no |
420
422
| <aname="input_runner_iam_role_managed_policy_arns"></a> [runner\_iam\_role\_managed\_policy\_arns](#input\_runner\_iam\_role\_managed\_policy\_arns)| Attach AWS or customer-managed IAM policies (by ARN) to the runner IAM role |`list(string)`|`[]`| no |
| <aname="input_runner_log_files"></a> [runner\_log\_files](#input\_runner\_log\_files)| (optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details. | <pre>list(object({<br> log_group_name = string<br> prefix_log_group = bool<br> file_path = string<br> log_stream_name = string<br> }))</pre> |`null`| no |
422
424
| <aname="input_runner_metadata_options"></a> [runner\_metadata\_options](#input\_runner\_metadata\_options)| Metadata options for the ec2 runner instances. |`map(any)`| <pre>{<br> "http_endpoint": "enabled",<br> "http_put_response_hop_limit": 1,<br> "http_tokens": "optional"<br>}</pre> | no |
425
+
| <aname="input_runner_os"></a> [runner\_os](#input\_runner\_os)| The Operating System to use for GitHub Actions Runners (linux,win) |`string`|`"linux"`| no |
423
426
| <aname="input_runners_lambda_s3_key"></a> [runners\_lambda\_s3\_key](#input\_runners\_lambda\_s3\_key)| S3 key for runners lambda function. Required if using S3 bucket to specify lambdas. |`any`|`null`| no |
424
427
| <aname="input_runners_lambda_s3_object_version"></a> [runners\_lambda\_s3\_object\_version](#input\_runners\_lambda\_s3\_object\_version)| S3 object version for runners lambda function. Useful if S3 versioning is enabled on source bucket. |`any`|`null`| no |
425
428
| <aname="input_runners_lambda_zip"></a> [runners\_lambda\_zip](#input\_runners\_lambda\_zip)| File location of the lambda zip file for scaling runners. |`string`|`null`| no |
@@ -432,7 +435,6 @@ In case the setup does not work as intended follow the trace of events:
432
435
| <aname="input_syncer_lambda_s3_key"></a> [syncer\_lambda\_s3\_key](#input\_syncer\_lambda\_s3\_key)| S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. |`any`|`null`| no |
433
436
| <aname="input_syncer_lambda_s3_object_version"></a> [syncer\_lambda\_s3\_object\_version](#input\_syncer\_lambda\_s3\_object\_version)| S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. |`any`|`null`| no |
434
437
| <aname="input_tags"></a> [tags](#input\_tags)| Map of tags that will be added to created resources. By default resources will be tagged with name and environment. |`map(string)`|`{}`| no |
435
-
| <aname="input_enabled_userdata"></a> [enabled_userdata](#input\_enabled_userdata)| Should the userdata script be enabled for the runner. Set this to false if you are using your own prebuilt AMI |`bool`|`true`| no |
436
438
| <aname="input_userdata_post_install"></a> [userdata\_post\_install](#input\_userdata\_post\_install)| Script to be ran after the GitHub Actions runner is installed on the EC2 instances |`string`|`""`| no |
437
439
| <aname="input_userdata_pre_install"></a> [userdata\_pre\_install](#input\_userdata\_pre\_install)| Script to be ran before the GitHub Actions runner is installed on the EC2 instances |`string`|`""`| no |
438
440
| <aname="input_userdata_template"></a> [userdata\_template](#input\_userdata\_template)| Alternative user-data template, replacing the default template. By providing your own user\_data you have to take care of installing all required software, including the action runner. Variables userdata\_pre/post\_install are ignored. |`string`|`null`| no |
This README provides guidance for testing the lambda locally / and or in AWS. This guide assumes you are familiar with AWS, lambda and Node. If not mentioned explicitly, comments provided should be executed from the root of the lambda package.
4
+
5
+
## Testing in AWS
6
+
7
+
Just navigate to the Lambda in the AWS Console and trigger a test event. Provide an event that matches the required input. For lambdas that does not require a specific event, just send any event.
8
+
9
+
10
+
## Testing locally
11
+
12
+
Testing locally can be done in two ways; using AWS SAM framework or run via a wrapper to simulate the event to invoke the lambda. Both setups require that the mandatory input environment variables be set, and AWS resources on which the lambda depends are available. We advise for testing the lambda locally to first create your own deployment of the whole module to AWS, this will simplify the setup of dependent AWS resources. For example, based on the de [default example](../../../../examples/default/).
13
+
14
+
Local test setup instructions are available for the following lambda's:
15
+
16
+
-[runner-binary-syncer](./moduele/../../modules/runner-binaries-syncer/lambdas/runner-binaries-syncer) - This lambda does not need any input, no event is required. Supported via SAM and local Node.
17
+
18
+
### Extend deployment configuration
19
+
20
+
Add the code below to your Terraform deployment to allow your principal to use the Lambda role and retrieve the lambda configuration. Update your Terraform deployment and apply the changes.
21
+
22
+
```hcl
23
+
data "aws_caller_identity" "current" {}
24
+
25
+
module "runners" {
26
+
27
+
...
28
+
29
+
# Assume you have a profile with Admin privileges, allow you to switch to the Lambda role
Once you have updated your Terraform deployment you need to read the lambda configuration into your environment. Run the commands below in your Terraform workspace folder.
for x in $LAMBDA_ENV ; do echo setting $x; export $x; done
48
+
```
49
+
50
+
### Testing with SAM
51
+
52
+
This setup requires AWS SAM CLI and Docker is installed locally. First update the AWS config (`~/.aws/config`) so you can use easily switch to the role used by the lambda.
53
+
54
+
```properties
55
+
[profile gh-development]
56
+
source_profile=<OPTIONAL_SOURCE_PROFILE>
57
+
region=<DEFAULT_REGION>
58
+
role_arn=<ARN_CHECK_TF_OUTPUT>
59
+
```
60
+
61
+
Now you can set the profile and region as environment variables or pass as argument to SAM.
62
+
63
+
```
64
+
export AWS_REGION=<region>
65
+
export AWS_PROFILE=gh-development
66
+
```
67
+
68
+
For SAM a `template.yml` defines the lambda for running locally. Thats all, now build your lambda with `yarn run dist` and then invoke the lambda with `sam local invoke`.
69
+
70
+
71
+
### With Node
72
+
73
+
Instead of using SAM you can use Node with `ts-node-dev` to test the code locally. The drawback is that you have to setup AWS credentials in your shell. Also, you are dependent on a tiny wrapper (`local.ts`), and your local Node version.
74
+
75
+
The AWS SDK does not seem to handle environment variables for profiles, the only option to pass the role is via credentials. You can get credentials via STS for the role.
0 commit comments