From f7f52ca211294377eb34eafa60ea2360db54c885 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 16 Nov 2022 21:06:04 +0100 Subject: [PATCH 1/6] chore(release): 2.0.0-next.1 [skip ci] * **ci:** * Add multi-runner capability ([#2472](https://github.com/philips-labs/terraform-aws-github-runner/issues/2472)) ([c08b335](https://github.com/philips-labs/terraform-aws-github-runner/commit/c08b335ade4e16a89d6e1068d7226c16b1eb1450)), closes [#2521](https://github.com/philips-labs/terraform-aws-github-runner/issues/2521) [#2519](https://github.com/philips-labs/terraform-aws-github-runner/issues/2519) * Experimental feature - Duplicate workflow job event to extra queue ([#2268](https://github.com/philips-labs/terraform-aws-github-runner/issues/2268)) ([ac046b8](https://github.com/philips-labs/terraform-aws-github-runner/commit/ac046b8eb2a0d2d5e2219ae9ee0023fd8bdf7460)) * Remove old scale down mechanism (< 0.19.0) ([#2519](https://github.com/philips-labs/terraform-aws-github-runner/issues/2519)) ([721d7c3](https://github.com/philips-labs/terraform-aws-github-runner/commit/721d7c3287fd3e0caa57942d0d830b072d90c433)) * Remove support check_run ([#2521](https://github.com/philips-labs/terraform-aws-github-runner/issues/2521)) ([272a293](https://github.com/philips-labs/terraform-aws-github-runner/commit/272a293613d3a1da360f0d61bff92d16ea64216c)) * **ci:** Enable ci for next branch ([48769ca](https://github.com/philips-labs/terraform-aws-github-runner/commit/48769cacc53657ac740537a9dc63d4628b8c2562)), closes [#2472](https://github.com/philips-labs/terraform-aws-github-runner/issues/2472) [#2517](https://github.com/philips-labs/terraform-aws-github-runner/issues/2517) [#2521](https://github.com/philips-labs/terraform-aws-github-runner/issues/2521) [#2517](https://github.com/philips-labs/terraform-aws-github-runner/issues/2517) [#2519](https://github.com/philips-labs/terraform-aws-github-runner/issues/2519) [#2517](https://github.com/philips-labs/terraform-aws-github-runner/issues/2517) --- CHANGELOG.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eed56723c9..ad3a7ff51c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -130,11 +130,11 @@ See the [GitHub release](https://github.com/philips-labs/terraform-aws-github-ru ## [1.13.0](https://github.com/philips-labs/terraform-aws-github-runner/compare/v1.12.0...v1.13.0) (2022-10-14) - ### Features * Experimental feature - Duplicate workflow job event to extra queue ([#2268](https://github.com/philips-labs/terraform-aws-github-runner/issues/2268)) ([985e722](https://github.com/philips-labs/terraform-aws-github-runner/commit/985e722229ce464235d206484df3d989db03e143)) + ## [1.12.0](https://github.com/philips-labs/terraform-aws-github-runner/compare/v1.11.0...v1.12.0) (2022-10-12) @@ -836,7 +836,7 @@ See the [GitHub release](https://github.com/philips-labs/terraform-aws-github-ru - Fix missing permissions for CloudWatch Agent #445 @bennettp123 - Swap scale up/scale down timeout description #468 @jonico - Fix for invalid configuration #466 @jonico -- Add ssm:GetParameter to runner-ssm-parameters #446 @bennettp123 +- Add ssm:GetParameter to runner-ssm-parameters #446 @bennettp123 - Replace crypto #429 - Scale up lambda deprecated attribute #410 @@ -873,17 +873,17 @@ terraform state rm $RESOURCE ### Added - Allow operator to pass in a list of managed IAM policy ARNs for the runner role #361 @jpalomaki -- expand options for sourcing lambda to include S3 #292 @eky5006 +- expand options for sourcing lambda to include S3 #292 @eky5006 ## [0.6.0] - 2020-10-10 ### Added -- Only allow tagging and termination of runner instances #201 @jpalomaki +- Only allow tagging and termination of runner instances #201 @jpalomaki ### Fixed -- Fix pagination with listing self-hosted runners #202 @HenryNguyen5 +- Fix pagination with listing self-hosted runners #202 @HenryNguyen5 ## [0.5.0] - 2020-08-25 From 62c5b6717504bcfad0758646f4d8d068d3adc659 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 16 Nov 2022 21:07:35 +0100 Subject: [PATCH 2/6] feat: Added publishing to workflow_job event queue for multi runner module. (#2570) * feat: Remove support check_run (#2521) * chore: Remove support check_run * format, lint * feat: Remove old scale down mechanism (< 0.19.0) (#2519) fix: Remove old cleanup mechanism (< 0.19.0) * chore: Enable pre releases for next branch * feat: Add multi-runner capability (#2472) * feat: Remove support check_run (#2521) * chore: Remove support check_run * format, lint * feat: Remove old scale down mechanism (< 0.19.0) (#2519) fix: Remove old cleanup mechanism (< 0.19.0) * feat: added changes for multi runner. * fix: region. * fix: more fixes. * tuple to list. * fixes. * fixes. * fixes. * fixes. * fixes. * fixes. * fix: formatting. * fix: formatting. * fix: formatting. * fix: moved some blocks outside runner config. * fix: few more updates * fix: liniting. * fix: updated example output * changed runner group name. * fix: updated the tests. * fix: addressed review comments. * fix: linting issues. * fix: formatting. * fix: updated tf version. * fix: Remove removed prerelease option * Add ubuntu runner to example * refactor: use each instead of count * fix: few small issues. * refactor: syncer to count for multi runner * fix: comments. * fix: added Readme. * fix: errors. * move variable to runner config * fix: updated the readme. * Add todos * feat: added windows runner configuration, completed todos and added the weight for runner config matchers. * chore: Update docs * fix: reverted tf versions. * fix: addressed comments. * fix: missed. * fix: formatting. * Update terraform versions in CI * Update terraform versions in CI * Update docs * fix: coverage. * Update docs * improve test coverage webhook * Apply suggestions from code review * fix: formatting. * fix: fixed merge issues. * fix: syntax. Co-authored-by: Niek Palm Co-authored-by: Niek Palm Co-authored-by: navdeepg2021 * chore(ci): Enable ci for next branch BREAKING CHANGE: - Add option to deploy multiple runner at once, see for details: #2472 #2517 - Drop support check_run event, see for details: #2521 #2517 - Remove pre 0.19.0 scale down mechanism, see details: #2519 #2517 * chore(release): 2.0.0-next.1 [skip ci] * **ci:** * Add multi-runner capability ([#2472](https://github.com/philips-labs/terraform-aws-github-runner/issues/2472)) ([c08b335](https://github.com/philips-labs/terraform-aws-github-runner/commit/c08b335ade4e16a89d6e1068d7226c16b1eb1450)), closes [#2521](https://github.com/philips-labs/terraform-aws-github-runner/issues/2521) [#2519](https://github.com/philips-labs/terraform-aws-github-runner/issues/2519) * Experimental feature - Duplicate workflow job event to extra queue ([#2268](https://github.com/philips-labs/terraform-aws-github-runner/issues/2268)) ([ac046b8](https://github.com/philips-labs/terraform-aws-github-runner/commit/ac046b8eb2a0d2d5e2219ae9ee0023fd8bdf7460)) * Remove old scale down mechanism (< 0.19.0) ([#2519](https://github.com/philips-labs/terraform-aws-github-runner/issues/2519)) ([721d7c3](https://github.com/philips-labs/terraform-aws-github-runner/commit/721d7c3287fd3e0caa57942d0d830b072d90c433)) * Remove support check_run ([#2521](https://github.com/philips-labs/terraform-aws-github-runner/issues/2521)) ([272a293](https://github.com/philips-labs/terraform-aws-github-runner/commit/272a293613d3a1da360f0d61bff92d16ea64216c)) * **ci:** Enable ci for next branch ([48769ca](https://github.com/philips-labs/terraform-aws-github-runner/commit/48769cacc53657ac740537a9dc63d4628b8c2562)), closes [#2472](https://github.com/philips-labs/terraform-aws-github-runner/issues/2472) [#2517](https://github.com/philips-labs/terraform-aws-github-runner/issues/2517) [#2521](https://github.com/philips-labs/terraform-aws-github-runner/issues/2521) [#2517](https://github.com/philips-labs/terraform-aws-github-runner/issues/2517) [#2519](https://github.com/philips-labs/terraform-aws-github-runner/issues/2519) [#2517](https://github.com/philips-labs/terraform-aws-github-runner/issues/2517) * chore: fix release workflow * fix: added changes for publishing events to secondary queue. Co-authored-by: Niek Palm Co-authored-by: Niek Palm Co-authored-by: navdeepg2021 Co-authored-by: semantic-release-bot feat: added publishing to workflow_job event queue for multi runner module. (#2570) * feat: Remove support check_run (#2521) * chore: Remove support check_run * format, lint * feat: Remove old scale down mechanism (< 0.19.0) (#2519) fix: Remove old cleanup mechanism (< 0.19.0) * chore: Enable pre releases for next branch * feat: Add multi-runner capability (#2472) * feat: Remove support check_run (#2521) * chore: Remove support check_run * format, lint * feat: Remove old scale down mechanism (< 0.19.0) (#2519) fix: Remove old cleanup mechanism (< 0.19.0) * feat: added changes for multi runner. * fix: region. * fix: more fixes. * tuple to list. * fixes. * fixes. * fixes. * fixes. * fixes. * fixes. * fix: formatting. * fix: formatting. * fix: formatting. * fix: moved some blocks outside runner config. * fix: few more updates * fix: liniting. * fix: updated example output * changed runner group name. * fix: updated the tests. * fix: addressed review comments. * fix: linting issues. * fix: formatting. * fix: updated tf version. * fix: Remove removed prerelease option * Add ubuntu runner to example * refactor: use each instead of count * fix: few small issues. * refactor: syncer to count for multi runner * fix: comments. * fix: added Readme. * fix: errors. * move variable to runner config * fix: updated the readme. * Add todos * feat: added windows runner configuration, completed todos and added the weight for runner config matchers. * chore: Update docs * fix: reverted tf versions. * fix: addressed comments. * fix: missed. * fix: formatting. * Update terraform versions in CI * Update terraform versions in CI * Update docs * fix: coverage. * Update docs * improve test coverage webhook * Apply suggestions from code review * fix: formatting. * fix: fixed merge issues. * fix: syntax. Co-authored-by: Niek Palm Co-authored-by: Niek Palm Co-authored-by: navdeepg2021 * chore(ci): Enable ci for next branch BREAKING CHANGE: - Add option to deploy multiple runner at once, see for details: #2472 #2517 - Drop support check_run event, see for details: #2521 #2517 - Remove pre 0.19.0 scale down mechanism, see details: #2519 #2517 * chore(release): 2.0.0-next.1 [skip ci] * **ci:** * Add multi-runner capability ([#2472](https://github.com/philips-labs/terraform-aws-github-runner/issues/2472)) ([c08b335](https://github.com/philips-labs/terraform-aws-github-runner/commit/c08b335ade4e16a89d6e1068d7226c16b1eb1450)), closes [#2521](https://github.com/philips-labs/terraform-aws-github-runner/issues/2521) [#2519](https://github.com/philips-labs/terraform-aws-github-runner/issues/2519) * Experimental feature - Duplicate workflow job event to extra queue ([#2268](https://github.com/philips-labs/terraform-aws-github-runner/issues/2268)) ([ac046b8](https://github.com/philips-labs/terraform-aws-github-runner/commit/ac046b8eb2a0d2d5e2219ae9ee0023fd8bdf7460)) * Remove old scale down mechanism (< 0.19.0) ([#2519](https://github.com/philips-labs/terraform-aws-github-runner/issues/2519)) ([721d7c3](https://github.com/philips-labs/terraform-aws-github-runner/commit/721d7c3287fd3e0caa57942d0d830b072d90c433)) * Remove support check_run ([#2521](https://github.com/philips-labs/terraform-aws-github-runner/issues/2521)) ([272a293](https://github.com/philips-labs/terraform-aws-github-runner/commit/272a293613d3a1da360f0d61bff92d16ea64216c)) * **ci:** Enable ci for next branch ([48769ca](https://github.com/philips-labs/terraform-aws-github-runner/commit/48769cacc53657ac740537a9dc63d4628b8c2562)), closes [#2472](https://github.com/philips-labs/terraform-aws-github-runner/issues/2472) [#2517](https://github.com/philips-labs/terraform-aws-github-runner/issues/2517) [#2521](https://github.com/philips-labs/terraform-aws-github-runner/issues/2521) [#2517](https://github.com/philips-labs/terraform-aws-github-runner/issues/2517) [#2519](https://github.com/philips-labs/terraform-aws-github-runner/issues/2519) [#2517](https://github.com/philips-labs/terraform-aws-github-runner/issues/2517) * chore: fix release workflow * fix: added changes for publishing events to secondary queue. Co-authored-by: Niek Palm Co-authored-by: Niek Palm Co-authored-by: navdeepg2021 Co-authored-by: semantic-release-bot --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ad3a7ff51c..828edd62bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -134,7 +134,6 @@ See the [GitHub release](https://github.com/philips-labs/terraform-aws-github-ru * Experimental feature - Duplicate workflow job event to extra queue ([#2268](https://github.com/philips-labs/terraform-aws-github-runner/issues/2268)) ([985e722](https://github.com/philips-labs/terraform-aws-github-runner/commit/985e722229ce464235d206484df3d989db03e143)) - ## [1.12.0](https://github.com/philips-labs/terraform-aws-github-runner/compare/v1.11.0...v1.12.0) (2022-10-12) From 2a199f899404068be006f07086aab7b9e2135fa5 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Tue, 29 Nov 2022 16:49:15 +0100 Subject: [PATCH 3/6] chore: Manually release. --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a0bbd02118..79f7d94bba 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,6 +37,7 @@ jobs: release: name: release + needs: prepare runs-on: ubuntu-latest needs: prepare From dd252a5c1c3f575666a7d2477db08bd73418b6fc Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Wed, 28 Dec 2022 18:03:03 +0100 Subject: [PATCH 4/6] chore: Rename variables --- README.md | 8 +++++--- examples/arm64/main.tf | 2 +- examples/default/main.tf | 2 +- main.tf | 14 +++++++------- variables.deprecated.tf | 32 ++++++++++++++++++++++++++++++++ variables.tf | 4 ++-- 6 files changed, 48 insertions(+), 14 deletions(-) create mode 100644 variables.deprecated.tf diff --git a/README.md b/README.md index 66bd4ce375..cacae0b1c4 100644 --- a/README.md +++ b/README.md @@ -325,7 +325,7 @@ You can configure runners to be ephemeral, runners will be used only for one job - The scale down lambda is still active, and should only remove orphan instances. But there is no strict check in place. So ensure you configure the `minimum_running_time_in_minutes` to a value that is high enough to got your runner booted and connected to avoid it got terminated before executing a job. - The messages sent from the webhook lambda to scale-up lambda are by default delayed delayed by SQS, to give available runners to option to start the job before the decision is made to scale more runners. For ephemeral runners there is no need to wait. Set `delay_webhook_event` to `0`. - All events on the queue will lead to a new runner crated by the lambda. By setting `enable_job_queued_check` to `true` you can enforce only create a runner if the event has a correlated queued job. Setting this can avoid creating useless runners, for example whn jobs got cancelled before a runner is created. We suggest to use this in combination with a pool. -- To ensure runners are created in the same order GitHub sends the events we use by default a FIFO queue, this is mainly relevant for repo level runners. For ephemeral runners you can set `fifo_build_queue` to `false`. +- To ensure runners are created in the same order GitHub sends the events we use by default a FIFO queue, this is mainly relevant for repo level runners. For ephemeral runners you can set `enable_enable_fifo_build_queue` to `false`. - Error related to scaling should be retried via SQS. You can configure `job_queue_retention_in_seconds` `redrive_build_queue` to tune the behavior. We have no mechanism to avoid events will never processed, which means potential no runner could be created and the job in GitHub can time out in 6 hours. The example for [ephemeral runners](./examples/ephemeral) is based on the [default example](./examples/default). Have look on the diff to see the major configuration differences. @@ -455,18 +455,20 @@ We welcome any improvement to the standard module to make the default as secure | [delay\_webhook\_event](#input\_delay\_webhook\_event) | The number of seconds the event accepted by the webhook is invisible on the queue before the scale up lambda will receive the event. | `number` | `30` | no | | [disable\_runner\_autoupdate](#input\_disable\_runner\_autoupdate) | Disable the auto update of the github runner agent. Be-aware there is a grace period of 30 days, see also the [GitHub article](https://github.blog/changelog/2022-02-01-github-actions-self-hosted-runners-can-now-disable-automatic-updates/) | `bool` | `false` | no | | [enable\_cloudwatch\_agent](#input\_enable\_cloudwatch\_agent) | Enabling the cloudwatch agent on the ec2 runner instances, the runner contains default config. Configuration can be overridden via `cloudwatch_config`. | `bool` | `true` | no | +| [enable\_enable\_fifo\_build\_queue](#input\_enable\_enable\_fifo\_build\_queue) | Enable a FIFO queue to remain the order of events received by the webhook. Suggest to set to true for repo level runners. | `bool` | `false` | no | | [enable\_ephemeral\_runners](#input\_enable\_ephemeral\_runners) | Enable ephemeral runners, runners will only be used once. | `bool` | `false` | no | | [enable\_job\_queued\_check](#input\_enable\_job\_queued\_check) | Only scale if the job event received by the scale up lambda is is in the state queued. By default enabled for non ephemeral runners and disabled for ephemeral. Set this variable to overwrite the default behavior. | `bool` | `null` | no | | [enable\_managed\_runner\_security\_group](#input\_enable\_managed\_runner\_security\_group) | Enabling the default managed security group creation. Unmanaged security groups can be specified via `runner_additional_security_group_ids`. | `bool` | `true` | no | | [enable\_organization\_runners](#input\_enable\_organization\_runners) | Register runners to organization, instead of repo level | `bool` | `false` | no | | [enable\_runner\_binaries\_syncer](#input\_enable\_runner\_binaries\_syncer) | Option to disable the lambda to sync GitHub runner distribution, useful when using a pre-build AMI. | `bool` | `true` | no | | [enable\_runner\_detailed\_monitoring](#input\_enable\_runner\_detailed\_monitoring) | Should detailed monitoring be enabled for the runner. Set this to true if you want to use detailed monitoring. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html for details. | `bool` | `false` | no | +| [enable\_runner\_workflow\_job\_labels\_check\_all](#input\_enable\_runner\_workflow\_job\_labels\_check\_all) | If set to true all labels in the workflow job must match the GitHub labels (os, architecture and `self-hosted`). When false if __any__ label matches it will trigger the webhook. `runner_enable_workflow_job_labels_check` must be true for this to take effect. | `bool` | `true` | no | | [enable\_ssm\_on\_runners](#input\_enable\_ssm\_on\_runners) | Enable to allow access the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. | `bool` | `false` | no | | [enable\_user\_data\_debug\_logging\_runner](#input\_enable\_user\_data\_debug\_logging\_runner) | Option to enable debug logging for user-data, this logs all secrets as well. | `bool` | `false` | no | | [enable\_userdata](#input\_enable\_userdata) | Should the userdata script be enabled for the runner. Set this to false if you are using your own prebuilt AMI. | `bool` | `true` | no | | [enable\_workflow\_job\_events\_queue](#input\_enable\_workflow\_job\_events\_queue) | Enabling this experimental feature will create a secondory sqs queue to wich a copy of the workflow\_job event will be delivered. | `bool` | `false` | no | | [environment](#input\_environment) | DEPRECATED, no longer used. See `prefix` | `string` | `null` | no | -| [fifo\_build\_queue](#input\_fifo\_build\_queue) | Enable a FIFO queue to remain the order of events received by the webhook. Suggest to set to true for repo level runners. | `bool` | `false` | no | +| [fifo\_build\_queue](#input\_fifo\_build\_queue) | DEPCRECATED: Replaced by `enable_fifo_build_queue`. | `string` | `null` | no | | [ghes\_ssl\_verify](#input\_ghes\_ssl\_verify) | GitHub Enterprise SSL verification. Set to 'false' when custom certificate (chains) is used for GitHub Enterprise Server (insecure). | `bool` | `true` | no | | [ghes\_url](#input\_ghes\_url) | GitHub Enterprise Server URL. Example: https://github.internal.co - DO NOT SET IF USING PUBLIC GITHUB | `string` | `null` | no | | [github\_app](#input\_github\_app) | GitHub app parameters, see your github app. Ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`). |
object({
key_base64 = string
id = string
webhook_secret = string
})
| n/a | yes | @@ -512,7 +514,7 @@ We welcome any improvement to the standard module to make the default as secure | [runner\_boot\_time\_in\_minutes](#input\_runner\_boot\_time\_in\_minutes) | The minimum time for an EC2 runner to boot and register as a runner. | `number` | `5` | no | | [runner\_ec2\_tags](#input\_runner\_ec2\_tags) | Map of tags that will be added to the launch template instance tag specifications. | `map(string)` | `{}` | no | | [runner\_egress\_rules](#input\_runner\_egress\_rules) | List of egress rules for the GitHub runner instances. |
list(object({
cidr_blocks = list(string)
ipv6_cidr_blocks = list(string)
prefix_list_ids = list(string)
from_port = number
protocol = string
security_groups = list(string)
self = bool
to_port = number
description = string
}))
|
[
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 0,
"ipv6_cidr_blocks": [
"::/0"
],
"prefix_list_ids": null,
"protocol": "-1",
"security_groups": null,
"self": null,
"to_port": 0
}
]
| no | -| [runner\_enable\_workflow\_job\_labels\_check\_all](#input\_runner\_enable\_workflow\_job\_labels\_check\_all) | If set to true all labels in the workflow job must match the GitHub labels (os, architecture and `self-hosted`). When false if __any__ label matches it will trigger the webhook. `runner_enable_workflow_job_labels_check` must be true for this to take effect. | `bool` | `true` | no | +| [runner\_enable\_workflow\_job\_labels\_check\_all](#input\_runner\_enable\_workflow\_job\_labels\_check\_all) | DEPCRECATED: Replaced by `enable_runner_workflow_job_labels_check_all`. | `string` | `null` | no | | [runner\_extra\_labels](#input\_runner\_extra\_labels) | Extra (custom) labels for the runners (GitHub). Separate each label by a comma. Labels checks on the webhook can be enforced by setting `enable_workflow_job_labels_check`. GitHub read-only labels should not be provided. | `string` | `""` | no | | [runner\_group\_name](#input\_runner\_group\_name) | Name of the runner group. | `string` | `"Default"` | no | | [runner\_iam\_role\_managed\_policy\_arns](#input\_runner\_iam\_role\_managed\_policy\_arns) | Attach AWS or customer-managed IAM policies (by ARN) to the runner IAM role | `list(string)` | `[]` | no | diff --git a/examples/arm64/main.tf b/examples/arm64/main.tf index ff7d57f225..473f3923eb 100644 --- a/examples/arm64/main.tf +++ b/examples/arm64/main.tf @@ -70,7 +70,7 @@ module "runners" { runners_maximum_count = 1 # set up a fifo queue to remain order - fifo_build_queue = true + enable_enable_fifo_build_queue = true # override scaling down scale_down_schedule_expression = "cron(* * * * ? *)" diff --git a/examples/default/main.tf b/examples/default/main.tf index 79f798c4e7..d1703b09e1 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -79,7 +79,7 @@ module "runners" { runners_maximum_count = 1 # set up a fifo queue to remain order - fifo_build_queue = true + enable_enable_fifo_build_queue = true # override scaling down scale_down_schedule_expression = "cron(* * * * ? *)" diff --git a/main.tf b/main.tf index 8bc327b17a..ce84cacf89 100644 --- a/main.tf +++ b/main.tf @@ -59,13 +59,13 @@ resource "aws_sqs_queue_policy" "webhook_events_workflow_job_queue_policy" { } resource "aws_sqs_queue" "queued_builds" { - name = "${var.prefix}-queued-builds${var.fifo_build_queue ? ".fifo" : ""}" + name = "${var.prefix}-queued-builds${var.enable_enable_fifo_build_queue ? ".fifo" : ""}" delay_seconds = var.delay_webhook_event visibility_timeout_seconds = var.runners_scale_up_lambda_timeout message_retention_seconds = var.job_queue_retention_in_seconds - fifo_queue = var.fifo_build_queue + fifo_queue = var.enable_enable_fifo_build_queue receive_wait_time_seconds = 0 - content_based_deduplication = var.fifo_build_queue + content_based_deduplication = var.enable_enable_fifo_build_queue redrive_policy = var.redrive_build_queue.enabled ? jsonencode({ deadLetterTargetArn = aws_sqs_queue.queued_builds_dlq[0].arn, maxReceiveCount = var.redrive_build_queue.maxReceiveCount @@ -104,12 +104,12 @@ resource "aws_sqs_queue_policy" "build_queue_dlq_policy" { resource "aws_sqs_queue" "queued_builds_dlq" { count = var.redrive_build_queue.enabled ? 1 : 0 - name = "${var.prefix}-queued-builds_dead_letter${var.fifo_build_queue ? ".fifo" : ""}" + name = "${var.prefix}-queued-builds_dead_letter${var.enable_enable_fifo_build_queue ? ".fifo" : ""}" sqs_managed_sse_enabled = var.queue_encryption.sqs_managed_sse_enabled kms_master_key_id = var.queue_encryption.kms_master_key_id kms_data_key_reuse_period_seconds = var.queue_encryption.kms_data_key_reuse_period_seconds - fifo_queue = var.fifo_build_queue + fifo_queue = var.enable_enable_fifo_build_queue tags = var.tags } @@ -133,10 +133,10 @@ module "webhook" { (aws_sqs_queue.queued_builds.id) = { id : aws_sqs_queue.queued_builds.id arn : aws_sqs_queue.queued_builds.arn - fifo : var.fifo_build_queue + fifo : var.enable_enable_fifo_build_queue matcherConfig : { labelMatchers : [split(",", local.runner_labels)] - exactMatch : var.runner_enable_workflow_job_labels_check_all + exactMatch : var.enable_runner_workflow_job_labels_check_all } } } diff --git a/variables.deprecated.tf b/variables.deprecated.tf new file mode 100644 index 0000000000..11387592ee --- /dev/null +++ b/variables.deprecated.tf @@ -0,0 +1,32 @@ +variable "enabled_userdata" { + description = "DEPCRECATED: Replaced by `enable_userdata`." + type = string + default = null + + validation { + condition = anytrue([var.enabled_userdata == null]) + error_message = "DEPCRECATED, replaced by `enable_userdata`." + } +} + +variable "runner_enable_workflow_job_labels_check_all" { + description = "DEPCRECATED: Replaced by `enable_runner_workflow_job_labels_check_all`." + type = string + default = null + + validation { + condition = anytrue([var.runner_enable_workflow_job_labels_check_all == null]) + error_message = "DEPCRECATED, replaced by `enable_runner_workflow_job_labels_check_all`." + } +} + +variable "fifo_build_queue" { + description = "DEPCRECATED: Replaced by `enable_fifo_build_queue`." + type = string + default = null + + validation { + condition = anytrue([var.fifo_build_queue == null]) + error_message = "DEPCRECATED, replaced by `enable_fifo_build_queue`." + } +} diff --git a/variables.tf b/variables.tf index 5b61d015b5..6feeabf683 100644 --- a/variables.tf +++ b/variables.tf @@ -534,7 +534,7 @@ variable "log_level" { } } -variable "runner_enable_workflow_job_labels_check_all" { +variable "enable_runner_workflow_job_labels_check_all" { description = "If set to true all labels in the workflow job must match the GitHub labels (os, architecture and `self-hosted`). When false if __any__ label matches it will trigger the webhook. `runner_enable_workflow_job_labels_check` must be true for this to take effect." type = bool default = true @@ -595,7 +595,7 @@ variable "lambda_principals" { default = [] } -variable "fifo_build_queue" { +variable "enable_enable_fifo_build_queue" { description = "Enable a FIFO queue to remain the order of events received by the webhook. Suggest to set to true for repo level runners." type = bool default = false From ba9d5ea6ec20c50db7aabbcd39445376baffe916 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Fri, 30 Dec 2022 09:32:01 +0100 Subject: [PATCH 5/6] update docs --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index cacae0b1c4..041fa8d992 100644 --- a/README.md +++ b/README.md @@ -467,6 +467,7 @@ We welcome any improvement to the standard module to make the default as secure | [enable\_user\_data\_debug\_logging\_runner](#input\_enable\_user\_data\_debug\_logging\_runner) | Option to enable debug logging for user-data, this logs all secrets as well. | `bool` | `false` | no | | [enable\_userdata](#input\_enable\_userdata) | Should the userdata script be enabled for the runner. Set this to false if you are using your own prebuilt AMI. | `bool` | `true` | no | | [enable\_workflow\_job\_events\_queue](#input\_enable\_workflow\_job\_events\_queue) | Enabling this experimental feature will create a secondory sqs queue to wich a copy of the workflow\_job event will be delivered. | `bool` | `false` | no | +| [enabled\_userdata](#input\_enabled\_userdata) | DEPCRECATED: Replaced by `enable_userdata`. | `string` | `null` | no | | [environment](#input\_environment) | DEPRECATED, no longer used. See `prefix` | `string` | `null` | no | | [fifo\_build\_queue](#input\_fifo\_build\_queue) | DEPCRECATED: Replaced by `enable_fifo_build_queue`. | `string` | `null` | no | | [ghes\_ssl\_verify](#input\_ghes\_ssl\_verify) | GitHub Enterprise SSL verification. Set to 'false' when custom certificate (chains) is used for GitHub Enterprise Server (insecure). | `bool` | `true` | no | From 8617bac218079c4cc7d865da78c39ed633b0e091 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Fri, 30 Dec 2022 16:43:14 +0100 Subject: [PATCH 6/6] fix workflow --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 79f7d94bba..a0bbd02118 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,7 +37,6 @@ jobs: release: name: release - needs: prepare runs-on: ubuntu-latest needs: prepare