Apply SSM changes for multi-runner

npalm · npalm · commit 55cf8363a964 · 2022-11-04T10:05:00.000+01:00
diff --git a/examples/default/main.tf b/examples/default/main.tf
@@ -1,5 +1,5 @@
 locals {
-  environment = "default"
+  environment = var.environment != null ? var.environment : "default"
   aws_region  = "eu-west-1"
 }
 
@@ -85,4 +85,6 @@ module "runners" {
   scale_down_schedule_expression = "cron(* * * * ? *)"
   # enable this flag to publish webhook events to workflow job queue
   # enable_workflow_job_events_queue  = true
+
+  enable_user_data_debug_logging_runner = true
 }
diff --git a/examples/default/variables.tf b/examples/default/variables.tf
@@ -2,3 +2,8 @@
 variable "github_app_key_base64" {}
 
 variable "github_app_id" {}
+
+variable "environment" {
+  type    = string
+  default = null
+}
diff --git a/main.tf b/main.tf
@@ -117,7 +117,7 @@ module "ssm" {
   source = "./modules/ssm"
 
   kms_key_arn = var.kms_key_arn
-  path_prefix = local.ssm_root_path
+  path_prefix = "${local.ssm_root_path}/${var.ssm_paths.app}"
   github_app  = var.github_app
   tags        = local.tags
 }
diff --git a/modules/multi-runner/README.md b/modules/multi-runner/README.md
@@ -151,6 +151,7 @@ No requirements.
 | <a name="input_runners_lambda_zip"></a> [runners\_lambda\_zip](#input\_runners\_lambda\_zip) | File location of the lambda zip file for scaling runners. | `string` | `null` | no |
 | <a name="input_runners_scale_down_lambda_timeout"></a> [runners\_scale\_down\_lambda\_timeout](#input\_runners\_scale\_down\_lambda\_timeout) | Time out for the scale down lambda in seconds. | `number` | `60` | no |
 | <a name="input_runners_scale_up_lambda_timeout"></a> [runners\_scale\_up\_lambda\_timeout](#input\_runners\_scale\_up\_lambda\_timeout) | Time out for the scale up lambda in seconds. | `number` | `30` | no |
+| <a name="input_ssm_paths"></a> [ssm\_paths](#input\_ssm\_paths) | The root path used in SSM to store configuration and secreets. | <pre>object({<br>    root    = string<br>    app     = string<br>    runners = string<br>  })</pre> | <pre>{<br>  "app": "app",<br>  "root": "github-action-runners",<br>  "runners": "runners"<br>}</pre> | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | n/a | yes |
 | <a name="input_syncer_lambda_s3_key"></a> [syncer\_lambda\_s3\_key](#input\_syncer\_lambda\_s3\_key) | S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no |
 | <a name="input_syncer_lambda_s3_object_version"></a> [syncer\_lambda\_s3\_object\_version](#input\_syncer\_lambda\_s3\_object\_version) | S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. | `any` | `null` | no |
diff --git a/modules/multi-runner/main.tf b/modules/multi-runner/main.tf
@@ -14,6 +14,8 @@ locals {
 
   tmp_distinct_list_unique_os_and_arch = distinct([for i, config in local.runner_config : { "os_type" : config.runner_config.runner_os, "architecture" : config.runner_config.runner_architecture } if config.runner_config.enable_runner_binaries_syncer])
   unique_os_and_arch                   = { for i, v in local.tmp_distinct_list_unique_os_and_arch : "${v.os_type}_${v.architecture}" => v }
+
+  ssm_root_path = "/${var.ssm_paths.root}"
 }
 
 resource "random_string" "random" {
diff --git a/modules/multi-runner/runners.tf b/modules/multi-runner/runners.tf
@@ -12,6 +12,12 @@ module "runners" {
 
   s3_runner_binaries = each.value.runner_config.enable_runner_binaries_syncer ? local.runner_binaries_by_os_and_arch_map["${each.value.runner_config.runner_os}_${each.value.runner_config.runner_architecture}"] : {}
 
+  ssm_paths = {
+    root   = "${local.ssm_root_path}/${var.prefix}-${each.key}"
+    tokens = "${var.ssm_paths.runners}/tokens"
+    config = "${var.ssm_paths.runners}/config"
+  }
+
   runner_os                     = each.value.runner_config.runner_os
   instance_types                = each.value.runner_config.instance_types
   instance_target_capacity_type = each.value.runner_config.instance_target_capacity_type
diff --git a/modules/multi-runner/ssm.tf b/modules/multi-runner/ssm.tf
@@ -2,7 +2,7 @@ module "ssm" {
   source = "../ssm"
 
   kms_key_arn = var.kms_key_arn
-  prefix      = var.prefix
+  path_prefix = "${local.ssm_root_path}/${var.ssm_paths.app}"
   github_app  = var.github_app
   tags        = local.tags
 }
diff --git a/modules/multi-runner/variables.tf b/modules/multi-runner/variables.tf
@@ -489,3 +489,17 @@ variable "pool_lambda_reserved_concurrent_executions" {
   type        = number
   default     = 1
 }
+
+variable "ssm_paths" {
+  description = "The root path used in SSM to store configuration and secreets."
+  type = object({
+    root    = string
+    app     = string
+    runners = string
+  })
+  default = {
+    root    = "github-action-runners"
+    runners = "runners"
+    app     = "app"
+  }
+}
diff --git a/modules/multi-runner/webhook.tf b/modules/multi-runner/webhook.tf
@@ -4,8 +4,11 @@ module "webhook" {
   tags        = local.tags
   kms_key_arn = var.kms_key_arn
 
-  runner_config                 = local.runner_config
-  github_app_webhook_secret_arn = module.ssm.parameters.github_app_webhook_secret.arn
+  runner_config = local.runner_config
+
+  github_app_parameters = {
+    webhook_secret = module.ssm.parameters.github_app_webhook_secret
+  }
 
   lambda_s3_bucket                              = var.lambda_s3_bucket
   webhook_lambda_s3_key                         = var.webhook_lambda_s3_key
diff --git a/modules/runners/lambdas/runners/yarn.lock b/modules/runners/lambdas/runners/yarn.lock
@@ -3704,6 +3704,30 @@ jest-snapshot@^29.2.1:
     pretty-format "^29.2.1"
     semver "^7.3.5"
 
+jest-util@^29.0.0:
+  version "29.1.2"
+  resolved "https://registry.yarnpkg.com/jest-util/-/jest-util-29.1.2.tgz#ac5798e93cb6a6703084e194cfa0898d66126df1"
+  integrity sha512-vPCk9F353i0Ymx3WQq3+a4lZ07NXu9Ca8wya6o4Fe4/aO1e1awMMprZ3woPFpKwghEOW+UXgd15vVotuNN9ONQ==
+  dependencies:
+    "@jest/types" "^29.1.2"
+    "@types/node" "*"
+    chalk "^4.0.0"
+    ci-info "^3.2.0"
+    graceful-fs "^4.2.9"
+    picomatch "^2.2.3"
+
+jest-util@^29.2.0:
+  version "29.2.0"
+  resolved "https://registry.yarnpkg.com/jest-util/-/jest-util-29.2.0.tgz#797935697e83a5722aeba401ed6cd01264295566"
+  integrity sha512-8M1dx12ujkBbnhwytrezWY0Ut79hbflwodE+qZKjxSRz5qt4xDp6dQQJaOCFvCmE0QJqp9KyEK33lpPNjnhevw==
+  dependencies:
+    "@jest/types" "^29.2.0"
+    "@types/node" "*"
+    chalk "^4.0.0"
+    ci-info "^3.2.0"
+    graceful-fs "^4.2.9"
+    picomatch "^2.2.3"
+
 jest-util@^29.2.1:
   version "29.2.1"
   resolved "https://registry.yarnpkg.com/jest-util/-/jest-util-29.2.1.tgz#f26872ba0dc8cbefaba32c34f98935f6cf5fc747"
diff --git a/modules/runners/templates/start-runner.sh b/modules/runners/templates/start-runner.sh
@@ -23,16 +23,16 @@ echo "Retrieved ghr:ssm_config_path tag - ($ssm_config_path)"
 parameters=$(aws ssm get-parameters-by-path --path "$ssm_config_path" --region "$region" --query "Parameters[*].{Name:Name,Value:Value}")
 echo "Retrieved parameters from AWS SSM ($parameters)"
 
-run_as=$(echo "$parameters" | jq -r '.[] | select(.Name == "($ssm_config_path)/run-as") | .Value')
+run_as=$(echo "$parameters" | jq -r '.[] | select(.Name == "'$ssm_config_path'/run-as") | .Value')
 echo "Retrieved /$ssm_config_path/run-as parameter - ($run_as)"
 
-enable_cloudwatch_agent=$(echo "$parameters" | jq --arg ssm_config_path "$ssm_config_path" -r '.[] | select(.Name == "\($ssm_config_path)/enable-cloudwatch") | .Value')
+enable_cloudwatch_agent=$(echo "$parameters" | jq --arg ssm_config_path "$ssm_config_path" -r '.[] | select(.Name == "'$ssm_config_path'/enable-cloudwatch") | .Value')
 echo "Retrieved /$ssm_config_path/enable-cloudwatch parameter - ($enable_cloudwatch_agent)"
 
-agent_mode=$(echo "$parameters" | jq --arg ssm_config_path "$ssm_config_path" -r '.[] | select(.Name == "\($ssm_config_path)/agent-mode") | .Value')
+agent_mode=$(echo "$parameters" | jq --arg ssm_config_path "$ssm_config_path" -r '.[] | select(.Name == "'$ssm_config_path'/agent-mode") | .Value')
 echo "Retrieved /$ssm_config_path/agent-mode parameter - ($agent_mode)"
 
-token_path=$(echo "$parameters" | jq --arg ssm_config_path "$ssm_config_path" -r '.[] | select(.Name == "\($ssm_config_path)/token_path") | .Value')
+token_path=$(echo "$parameters" | jq --arg ssm_config_path "$ssm_config_path" -r '.[] | select(.Name == "'$ssm_config_path'/token_path") | .Value')
 echo "Retrieved /$ssm_config_path/token_path parameter - ($token_path)"
 
 if [[ "$enable_cloudwatch_agent" == "true" ]]; then

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`locals {`
`2`		`- environment = "default"`
	`2`	`+ environment = var.environment != null ? var.environment : "default"`
`3`	`3`	`aws_region = "eu-west-1"`
`4`	`4`	`}`
`5`	`5`
`@@ -85,4 +85,6 @@ module "runners" {`
`85`	`85`	`scale_down_schedule_expression = "cron(* * * * ? *)"`
`86`	`86`	`# enable this flag to publish webhook events to workflow job queue`
`87`	`87`	`# enable_workflow_job_events_queue = true`
	`88`	`+`
	`89`	`+ enable_user_data_debug_logging_runner = true`
`88`	`90`	`}`
Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,7 @@ module "ssm" {`
`117`	`117`	`source = "./modules/ssm"`
`118`	`118`
`119`	`119`	`kms_key_arn = var.kms_key_arn`
`120`		`- path_prefix = local.ssm_root_path`
	`120`	`+ path_prefix = "${local.ssm_root_path}/${var.ssm_paths.app}"`
`121`	`121`	`github_app = var.github_app`
`122`	`122`	`tags = local.tags`
`123`	`123`	`}`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,8 @@ locals {`
`14`	`14`
`15`	`15`	`tmp_distinct_list_unique_os_and_arch = distinct([for i, config in local.runner_config : { "os_type" : config.runner_config.runner_os, "architecture" : config.runner_config.runner_architecture } if config.runner_config.enable_runner_binaries_syncer])`
`16`	`16`	`unique_os_and_arch = { for i, v in local.tmp_distinct_list_unique_os_and_arch : "${v.os_type}_${v.architecture}" => v }`
	`17`	`+`
	`18`	`+ ssm_root_path = "/${var.ssm_paths.root}"`
`17`	`19`	`}`
`18`	`20`
`19`	`21`	`resource "random_string" "random" {`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ module "ssm" {`
`2`	`2`	`source = "../ssm"`
`3`	`3`
`4`	`4`	`kms_key_arn = var.kms_key_arn`
`5`		`- prefix = var.prefix`
	`5`	`+ path_prefix = "${local.ssm_root_path}/${var.ssm_paths.app}"`
`6`	`6`	`github_app = var.github_app`
`7`	`7`	`tags = local.tags`
`8`	`8`	`}`