github-aws-runners
diff --git a/‎.release/yarn.lock
Lines changed: 3 additions & 3 deletions b/‎.release/yarn.lock
Lines changed: 3 additions & 3 deletions
diff --git a/‎README.md
Lines changed: 121 additions & 93 deletions b/‎README.md
Lines changed: 121 additions & 93 deletions
diff --git a/‎examples/default/main.tf
Lines changed: 10 additions & 5 deletions b/‎examples/default/main.tf
Lines changed: 10 additions & 5 deletions
diff --git a/‎kms.tf
Lines changed: 0 additions & 15 deletions b/‎kms.tf
Lines changed: 0 additions & 15 deletions
diff --git a/‎main.tf
Lines changed: 23 additions & 11 deletions b/‎main.tf
Lines changed: 23 additions & 11 deletions
diff --git a/‎modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/package.json
Lines changed: 1 addition & 1 deletion b/‎modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/package.json
Lines changed: 1 addition & 1 deletion
@@ -4282,9 +4282,9 @@ supports-hyperlinks@^2.1.0:
     supports-color "^7.0.0"
 
 tar@^4.4.10, tar@^4.4.12, tar@^4.4.13:
-  version "4.4.13"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.13.tgz#43b364bc52888d555298637b10d60790254ab525"
-  integrity sha512-w2VwSrBoHa5BsSyH+KxEqeQBAllHhccyMFVHtGtdMpF4W7IRWfZjFiQceJPChOeTsSDVUpER2T8FA93pr0L+QA==
+  version "4.4.15"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.15.tgz#3caced4f39ebd46ddda4d6203d48493a919697f8"
+  integrity sha512-ItbufpujXkry7bHH9NpQyTXPbJ72iTlXgkBAYsAjDXk3Ds8t/3NfO5P4xZGy7u+sYuQUbimgzswX4uQIEeNVOA==
   dependencies:
     chownr "^1.1.1"
     fs-minipass "^1.2.5"
 
@@ -7,12 +7,17 @@ resource "random_password" "random" {
   length = 28
 }
 
-module "runners" {
-  source = "../../"
 
-  aws_region = local.aws_region
-  vpc_id     = module.vpc.vpc_id
-  subnet_ids = module.vpc.private_subnets
+################################################################################
+### Hybrid acccount
+################################################################################
+
+module "runners" {
+  source                          = "../../"
+  create_service_linked_role_spot = true
+  aws_region                      = local.aws_region
+  vpc_id                          = module.vpc.vpc_id
+  subnet_ids                      = module.vpc.private_subnets
 
   environment = local.environment
   tags = {
 
@@ -7,6 +7,13 @@ locals {
   runner_architecture  = substr(var.instance_type, 0, 2) == "a1" || substr(var.instance_type, 1, 2) == "6g" ? "arm64" : "x64"
 
   ami_filter = length(var.ami_filter) > 0 ? var.ami_filter : local.runner_architecture == "arm64" ? { name = ["amzn2-ami-hvm-2*-arm64-gp2"] } : { name = ["amzn2-ami-hvm-2.*-x86_64-ebs"] }
+
+  github_app_parameters = {
+    client_id     = module.ssm.parameters.github_app_client_id
+    client_secret = module.ssm.parameters.github_app_client_secret
+    id            = module.ssm.parameters.github_app_id
+    key_base64    = module.ssm.parameters.github_app_key_base64
+  }
 }
 
 resource "random_string" "random" {
@@ -26,26 +33,33 @@ resource "aws_sqs_queue" "queued_builds" {
   tags = var.tags
 }
 
+module "ssm" {
+  source = "./modules/ssm"
+
+  kms_key_arn = var.kms_key_arn
+  environment = var.environment
+  github_app  = var.github_app
+  tags        = local.tags
+}
+
 module "webhook" {
   source = "./modules/webhook"
 
   aws_region  = var.aws_region
   environment = var.environment
   tags        = local.tags
-  encryption = {
-    kms_key_id = local.kms_key_id
-    encrypt    = var.encrypt_secrets
-  }
+  kms_key_arn = var.kms_key_arn
 
-  sqs_build_queue           = aws_sqs_queue.queued_builds
-  github_app_webhook_secret = var.github_app.webhook_secret
+  sqs_build_queue               = aws_sqs_queue.queued_builds
+  github_app_webhook_secret_arn = module.ssm.parameters.github_app_webhook_secret.arn
 
   lambda_s3_bucket                 = var.lambda_s3_bucket
   webhook_lambda_s3_key            = var.webhook_lambda_s3_key
   webhook_lambda_s3_object_version = var.webhook_lambda_s3_object_version
   lambda_zip                       = var.webhook_lambda_zip
   lambda_timeout                   = var.webhook_lambda_timeout
   logging_retention_in_days        = var.logging_retention_in_days
+  runner_extra_labels              = var.runner_extra_labels
 
   role_path                 = var.role_path
   role_permissions_boundary = var.role_permissions_boundary
@@ -60,10 +74,6 @@ module "runners" {
   subnet_ids  = var.subnet_ids
   environment = var.environment
   tags        = local.tags
-  encryption = {
-    kms_key_id = local.kms_key_id
-    encrypt    = var.encrypt_secrets
-  }
 
   s3_bucket_runner_binaries   = module.runner_binaries.bucket
   s3_location_runner_binaries = local.s3_action_runner_url
@@ -78,7 +88,7 @@ module "runners" {
   ami_owners          = var.ami_owners
 
   sqs_build_queue                      = aws_sqs_queue.queued_builds
-  github_app                           = var.github_app
+  github_app_parameters                = local.github_app_parameters
   enable_organization_runners          = var.enable_organization_runners
   scale_down_schedule_expression       = var.scale_down_schedule_expression
   minimum_running_time_in_minutes      = var.minimum_running_time_in_minutes
@@ -118,6 +128,8 @@ module "runners" {
   runner_iam_role_managed_policy_arns = var.runner_iam_role_managed_policy_arns
 
   ghes_url = var.ghes_url
+
+  kms_key_arn = var.kms_key_arn
 }
 
 module "runner_binaries" {
 
@@ -17,7 +17,7 @@
   "devDependencies": {
     "@octokit/rest": "^18.5.2",
     "@types/jest": "^26.0.22",
-    "@types/node": "^15.12.2",
+    "@types/node": "^16.4.12",
     "@types/request": "^2.48.4",
     "@typescript-eslint/eslint-plugin": "^4.28.0",
     "@typescript-eslint/parser": "^4.17.0",