You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+10-3Lines changed: 10 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -304,10 +304,11 @@ For time zones please check [TZ database name column](https://en.wikipedia.org/w
304
304
Currently a beta feature! You can configure runners to be ephemeral, runners will be used only for one job. The feature should be used in conjunction with listening for the workflow job event. Please consider the following:
305
305
306
306
- The scale down lambda is still active, and should only remove orphan instances. But there is no strict check in place. So ensure you configure the `minimum_running_time_in_minutes` to a value that is high enough to got your runner booted and connected to avoid it got terminated before executing a job.
307
-
- The messages sent from the webhook lambda to scale-up lambda are by default delayed delayed by SQS, to give available runners to option to start the job before the decision is made to scale more runners. For ephemeral runners there is no need to wait. Set `delay_webhook_event` to `0`.
307
+
- The messages sent from the webhook lambda to scale-up lambda are by default delayed delayed by SQS, to give available runners to option to start the job before the decision is made to scale more runners. For ephemeral runners there is no need to wait. Set `delay_webhook_event` to `0`.
308
+
- All events on the queue will lead to a new runner crated by the lambda. By setting `enable_job_queued_check` to `true` you can enforce only create a runner if the event has a correlated queued job. Setting this can avoid creating useless runners, for example whn jobs got cancelled before a runner is created. We suggest to use this in combination with a pool.
308
309
- To ensure runners are created in the same order GitHub sends the events we use by default a FIFO queue, this is mainly relevant for repo level runners. For ephemeral runners you can set `fifo_build_queue` to `false`.
309
310
- Error related to scaling should be retried via SQS. You can configure `job_queue_retention_in_seconds``redrive_build_queue` to tune the behavior. We have no mechanism to avoid events will never processed, which means potential no runner could be created and the job in GitHub can time out in 6 hours.
310
-
311
+
311
312
The example for [ephemeral runners](./examples/ephemeral) is based on the [default example](./examples/default). Have look on the diff to see the major configuration differences.
312
313
313
314
### Prebuilt Images
@@ -387,22 +388,27 @@ In case the setup does not work as intended follow the trace of events:
|[aws_iam_policy_document.deny_unsecure_transport](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document)| data source |
391
395
392
396
## Inputs
393
397
394
398
| Name | Description | Type | Default | Required |
| <aname="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter)| List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used. |`map(list(string))`|`null`| no |
397
401
| <aname="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners)| The list of owners used to select the AMI of action runner instances. |`list(string)`| <pre>[<br> "amazon"<br>]</pre> | no |
402
+
| <aname="input_aws_partition"></a> [aws\_partition](#input\_aws\_partition)| (optiona) partition in the arn namespace to use if not 'aws' |`string`|`"aws"`| no |
| <aname="input_block_device_mappings"></a> [block\_device\_mappings](#input\_block\_device\_mappings)| The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`|`map(string)`|`{}`| no |
404
+
| <aname="input_block_device_mappings"></a> [block\_device\_mappings](#input\_block\_device\_mappings)| The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`|<pre>list(object({<br> device_name = string<br> delete_on_termination = bool<br> volume_type = string<br> volume_size = number<br> encrypted = bool<br> iops = number<br> }))</pre>|`[]`| no |
400
405
| <aname="input_cloudwatch_config"></a> [cloudwatch\_config](#input\_cloudwatch\_config)| (optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details. |`string`|`null`| no |
401
406
| <aname="input_create_service_linked_role_spot"></a> [create\_service\_linked\_role\_spot](#input\_create\_service\_linked\_role\_spot)| (optional) create the serviced linked role for spot instances that is required by the scale-up lambda. |`bool`|`false`| no |
402
407
| <aname="input_delay_webhook_event"></a> [delay\_webhook\_event](#input\_delay\_webhook\_event)| The number of seconds the event accepted by the webhook is invisible on the queue before the scale up lambda will receive the event. |`number`|`30`| no |
403
408
| <aname="input_disable_runner_autoupdate"></a> [disable\_runner\_autoupdate](#input\_disable\_runner\_autoupdate)| Disable the auto update of the github runner agent. Be-aware there is a grace period of 30 days, see also the [GitHub article](https://github.blog/changelog/2022-02-01-github-actions-self-hosted-runners-can-now-disable-automatic-updates/)|`bool`|`false`| no |
404
409
| <aname="input_enable_cloudwatch_agent"></a> [enable\_cloudwatch\_agent](#input\_enable\_cloudwatch\_agent)| Enabling the cloudwatch agent on the ec2 runner instances, the runner contains default config. Configuration can be overridden via `cloudwatch_config`. |`bool`|`true`| no |
405
410
| <aname="input_enable_ephemeral_runners"></a> [enable\_ephemeral\_runners](#input\_enable\_ephemeral\_runners)| Enable ephemeral runners, runners will only be used once. |`bool`|`false`| no |
411
+
| <aname="input_enable_job_queued_check"></a> [enable\_job\_queued\_check](#input\_enable\_job\_queued\_check)| Only scale if the job event received by the scale up lambda is is in the state queued. By default enabled for non ephemeral runners and disabled for ephemeral. Set this variable to overwrite the default behavior. |`bool`|`null`| no |
406
412
| <aname="input_enable_managed_runner_security_group"></a> [enable\_managed\_runner\_security\_group](#input\_enable\_managed\_runner\_security\_group)| Enabling the default managed security group creation. Unmanaged security groups can be specified via `runner_additional_security_group_ids`. |`bool`|`true`| no |
407
413
| <aname="input_enable_organization_runners"></a> [enable\_organization\_runners](#input\_enable\_organization\_runners)| Register runners to organization, instead of repo level |`bool`|`false`| no |
408
414
| <aname="input_enable_ssm_on_runners"></a> [enable\_ssm\_on\_runners](#input\_enable\_ssm\_on\_runners)| Enable to allow access the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. |`bool`|`false`| no |
@@ -428,6 +434,7 @@ In case the setup does not work as intended follow the trace of events:
428
434
| <aname="input_lambda_subnet_ids"></a> [lambda\_subnet\_ids](#input\_lambda\_subnet\_ids)| List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. |`list(string)`|`[]`| no |
429
435
| <aname="input_log_level"></a> [log\_level](#input\_log\_level)| Logging level for lambda logging. Valid values are 'silly', 'trace', 'debug', 'info', 'warn', 'error', 'fatal'. |`string`|`"info"`| no |
430
436
| <aname="input_log_type"></a> [log\_type](#input\_log\_type)| Logging format for lambda logging. Valid values are 'json', 'pretty', 'hidden'. |`string`|`"pretty"`| no |
437
+
| <aname="input_logging_kms_key_id"></a> [logging\_kms\_key\_id](#input\_logging\_kms\_key\_id)| Specifies the kms key id to encrypt the logs with |`string`|`null`| no |
431
438
| <aname="input_logging_retention_in_days"></a> [logging\_retention\_in\_days](#input\_logging\_retention\_in\_days)| Specifies the number of days you want to retain log events for the lambda log group. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. |`number`|`180`| no |
432
439
| <aname="input_market_options"></a> [market\_options](#input\_market\_options)| DEPCRECATED: Replaced by `instance_target_capacity_type`. |`string`|`null`| no |
433
440
| <aname="input_minimum_running_time_in_minutes"></a> [minimum\_running\_time\_in\_minutes](#input\_minimum\_running\_time\_in\_minutes)| The time an ec2 action runner should be running at minimum before terminated if not busy. |`number`|`null`| no |
Copy file name to clipboardExpand all lines: images/linux-amzn2/github_agent.linux.pkr.hcl
+21-8Lines changed: 21 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -31,6 +31,12 @@ variable "subnet_id" {
31
31
default=null
32
32
}
33
33
34
+
variable"associate_public_ip_address" {
35
+
description="If using a non-default VPC, there is no public IP address assigned to the EC2 instance. If you specified a public subnet, you probably want to set this to true. Otherwise the EC2 instance won't have access to the internet"
36
+
type=string
37
+
default=null
38
+
}
39
+
34
40
variable"instance_type" {
35
41
description="The instance type Packer will use for the builder"
36
42
type=string
@@ -66,15 +72,22 @@ variable "snapshot_tags" {
66
72
default={}
67
73
}
68
74
75
+
variable"custom_shell_commands" {
76
+
description="Additional commands to run on the EC2 instance, to customize the instance, like installing packages"
Copy file name to clipboardExpand all lines: images/ubuntu-focal/github_agent.ubuntu.pkr.hcl
+21-7Lines changed: 21 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -31,6 +31,12 @@ variable "subnet_id" {
31
31
default=null
32
32
}
33
33
34
+
variable"associate_public_ip_address" {
35
+
description="If using a non-default VPC, there is no public IP address assigned to the EC2 instance. If you specified a public subnet, you probably want to set this to true. Otherwise the EC2 instance won't have access to the internet"
36
+
type=string
37
+
default=null
38
+
}
39
+
34
40
variable"instance_type" {
35
41
description="The instance type Packer will use for the builder"
36
42
type=string
@@ -66,12 +72,20 @@ variable "snapshot_tags" {
66
72
default={}
67
73
}
68
74
75
+
variable"custom_shell_commands" {
76
+
description="Additional commands to run on the EC2 instance, to customize the instance, like installing packages"
description="If using a non-default VPC, there is no public IP address assigned to the EC2 instance. If you specified a public subnet, you probably want to set this to true. Otherwise the EC2 instance won't have access to the internet"
30
+
type=string
31
+
default=null
32
+
}
33
+
34
+
variable"custom_shell_commands" {
35
+
description="Additional commands to run on the EC2 instance, to customize the instance, like installing packages"
0 commit comments