feat: Support runner groups (#496)

* Support runner groups

* Add runner group only for org runners

* Add runner group only for org runners

* Add runner group only for org runners

* review comments

Author: npalm

README.md

@@ -113,7 +113,7 @@ To apply the terraform module, the compiled lambdas (.zip files) need to be avai
 
 To read the files from S3, set the `lambda_s3_bucket` variable and the specific object key for each lambda.
 
-The lambdas can be downloaded maually from the [release page](https://github.com/philips-labs/terraform-aws-github-runner/releases) or using the [download-lambda](./modules/download-lambda) terraform module (requires `curl` to be installed on your machine). In the `download-lambda` directory, run `terraform init && terraform apply`. The lambdas will be saved to the same directory.
+The lambdas can be downloaded manually from the [release page](https://github.com/philips-labs/terraform-aws-github-runner/releases) or using the [download-lambda](./modules/download-lambda) terraform module (requires `curl` to be installed on your machine). In the `download-lambda` directory, run `terraform init && terraform apply`. The lambdas will be saved to the same directory.
 
 For local development you can build all the lambdas at once using `.ci/build.sh` or individually using `yarn dist`.
 
@@ -136,7 +136,7 @@ Note that `github_app.key_base64` needs to be the base64-encoded `.pem` file, i.
 ```terraform
 module "github-runner" {
   source  = "philips-labs/github-runner/aws"
-  version = "0.8.0"
+  version = "0.9.1"
 
   aws_region = "eu-west-1"
   vpc_id     = "vpc-123"
@@ -336,6 +336,7 @@ No requirements.
 | runner\_binaries\_syncer\_lambda\_timeout | Time out of the binaries sync lambda in seconds. | `number` | `300` | no |
 | runner\_binaries\_syncer\_lambda\_zip | File location of the binaries sync lambda zip file. | `string` | `null` | no |
 | runner\_extra\_labels | Extra labels for the runners (GitHub). Separate each label by a comma | `string` | `""` | no |
+| runner\_group\_name | Name of the runner group. | `string` | `"Default"` | no |
 | runner\_iam\_role\_managed\_policy\_arns | Attach AWS or customer-managed IAM policies (by ARN) to the runner IAM role | `list(string)` | `[]` | no |
 | runner\_log\_files | (optional) Replaces the module default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details. | <pre>list(object({<br>    log_group_name   = string<br>    prefix_log_group = bool<br>    file_path        = string<br>    log_stream_name  = string<br>  }))</pre> | <pre>[<br>  {<br>    "file_path": "/var/log/messages",<br>    "log_group_name": "messages",<br>    "log_stream_name": "{instance_id}",<br>    "prefix_log_group": true<br>  },<br>  {<br>    "file_path": "/var/log/user-data.log",<br>    "log_group_name": "user_data",<br>    "log_stream_name": "{instance_id}",<br>    "prefix_log_group": true<br>  },<br>  {<br>    "file_path": "/home/ec2-user/actions-runner/_diag/Runner_**.log",<br>    "log_group_name": "runner",<br>    "log_stream_name": "{instance_id}",<br>    "prefix_log_group": true<br>  }<br>]</pre> | no |
 | runners\_lambda\_s3\_key | S3 key for runners lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no |

modules/runners/README.md

@@ -95,8 +95,9 @@ No requirements.
 | runner\_architecture | The platform architecture of the runner instance\_type. | `string` | `"x64"` | no |
 | runner\_as\_root | Run the action runner under the root user. | `bool` | `false` | no |
 | runner\_extra\_labels | Extra labels for the runners (GitHub). Separate each label by a comma | `string` | `""` | no |
+| runner\_group\_name | Name of the runner group. | `string` | `"Default"` | no |
 | runner\_iam\_role\_managed\_policy\_arns | Attach AWS or customer-managed IAM policies (by ARN) to the runner IAM role | `list(string)` | `[]` | no |
-| runner\_log\_files | (optional) List of logfiles to send to cloudwatch, will onlybe usded if `enable_cloudwatch_agent` is set to true. Object description: `log_group_name`: Name of the log group, `prefix_log_group`: module will prefix the log group with `/github-self-hosted-runners/<var.environment>`, `file_path`: path to the log file, `log_stream_name`: name of the log stream. | <pre>list(object({<br>    log_group_name   = string<br>    prefix_log_group = bool<br>    file_path        = string<br>    log_stream_name  = string<br>  }))</pre> | <pre>[<br>  {<br>    "file_path": "/var/log/messages",<br>    "log_group_name": "messages",<br>    "log_stream_name": "{instance_id}",<br>    "prefix_log_group": true<br>  },<br>  {<br>    "file_path": "/var/log/user-data.log",<br>    "log_group_name": "user_data",<br>    "log_stream_name": "{instance_id}",<br>    "prefix_log_group": true<br>  },<br>  {<br>    "file_path": "/home/ec2-user/actions-runner/_diag/Runner_**.log",<br>    "log_group_name": "runner",<br>    "log_stream_name": "{instance_id}",<br>    "prefix_log_group": true<br>  }<br>]</pre> | no |
+| runner\_log\_files | (optional) List of logfiles to send to cloudwatch, will only be used if `enable_cloudwatch_agent` is set to true. Object description: `log_group_name`: Name of the log group, `prefix_log_group`: If true, the log group name will be prefixed with `/github-self-hosted-runners/<var.environment>`, `file_path`: path to the log file, `log_stream_name`: name of the log stream. | <pre>list(object({<br>    log_group_name   = string<br>    prefix_log_group = bool<br>    file_path        = string<br>    log_stream_name  = string<br>  }))</pre> | <pre>[<br>  {<br>    "file_path": "/var/log/messages",<br>    "log_group_name": "messages",<br>    "log_stream_name": "{instance_id}",<br>    "prefix_log_group": true<br>  },<br>  {<br>    "file_path": "/var/log/user-data.log",<br>    "log_group_name": "user_data",<br>    "log_stream_name": "{instance_id}",<br>    "prefix_log_group": true<br>  },<br>  {<br>    "file_path": "/home/ec2-user/actions-runner/_diag/Runner_**.log",<br>    "log_group_name": "runner",<br>    "log_stream_name": "{instance_id}",<br>    "prefix_log_group": true<br>  }<br>]</pre> | no |
 | runners\_lambda\_s3\_key | S3 key for runners lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no |
 | runners\_lambda\_s3\_object\_version | S3 object version for runners lambda function. Useful if S3 versioning is enabled on source bucket. | `any` | `null` | no |
 | runners\_maximum\_count | The maximum number of runners that will be created. | `number` | `3` | no |

modules/runners/lambdas/runners/src/lambda.ts

@@ -1,6 +1,6 @@
 import { scaleUp } from './scale-runners/scale-up';
 import { scaleDown } from './scale-runners/scale-down';
-import { SQSEvent } from 'aws-lambda';
+import { SQSEvent, ScheduledEvent } from 'aws-lambda';
 
 module.exports.scaleUp = async (event: SQSEvent, context: any, callback: any) => {
   console.dir(event, { depth: 5 });
@@ -15,7 +15,7 @@ module.exports.scaleUp = async (event: SQSEvent, context: any, callback: any) =>
   }
 };
 
-module.exports.scaleDown = async (event: any, context: any, callback: any) => {
+module.exports.scaleDown = async (event: ScheduledEvent, context: any, callback: any) => {
   try {
     scaleDown();
     return callback(null);

modules/runners/lambdas/runners/src/scale-runners/scale-up.test.ts

@@ -127,6 +127,18 @@ describe('scaleUp with GHES', () => {
         repoName: undefined,
       });
     });
+
+    it('creates a runner with labels in s specific group', async () => {
+      process.env.RUNNER_EXTRA_LABELS = 'label1,label2';
+      process.env.RUNNER_GROUP_NAME = 'TEST_GROUP';
+      await scaleUp('aws:sqs', TEST_DATA);
+      expect(createRunner).toBeCalledWith({
+        environment: 'unit-test-environment',
+        runnerConfig: `--url https://github.enterprise.something/${TEST_DATA.repositoryOwner} --token 1234abcd --labels label1,label2 --runnergroup TEST_GROUP`,
+        orgName: TEST_DATA.repositoryOwner,
+        repoName: undefined,
+      });
+    });
   });
 
   describe('on repo level', () => {
@@ -166,6 +178,18 @@ describe('scaleUp with GHES', () => {
         repoName: `${TEST_DATA.repositoryOwner}/${TEST_DATA.repositoryName}`,
       });
     });
+
+    it('creates a runner and ensure the group argument is ignored', async () => {
+      process.env.RUNNER_EXTRA_LABELS = 'label1,label2';
+      process.env.RUNNER_GROUP_NAME = 'TEST_GROUP_IGNORED';
+      await scaleUp('aws:sqs', TEST_DATA);
+      expect(createRunner).toBeCalledWith({
+        environment: 'unit-test-environment',
+        runnerConfig: `--url https://github.enterprise.something/${TEST_DATA.repositoryOwner}/${TEST_DATA.repositoryName} --token 1234abcd --labels label1,label2`,
+        orgName: undefined,
+        repoName: `${TEST_DATA.repositoryOwner}/${TEST_DATA.repositoryName}`,
+      });
+    });
   });
 });
 
@@ -228,6 +252,18 @@ describe('scaleUp with public GH', () => {
         repoName: undefined,
       });
     });
+
+    it('creates a runner with labels in s specific group', async () => {
+      process.env.RUNNER_EXTRA_LABELS = 'label1,label2';
+      process.env.RUNNER_GROUP_NAME = 'TEST_GROUP';
+      await scaleUp('aws:sqs', TEST_DATA);
+      expect(createRunner).toBeCalledWith({
+        environment: 'unit-test-environment',
+        runnerConfig: `--url https://github.com/${TEST_DATA.repositoryOwner} --token 1234abcd --labels label1,label2 --runnergroup TEST_GROUP`,
+        orgName: TEST_DATA.repositoryOwner,
+        repoName: undefined,
+      });
+    });
   });
 
   describe('on repo level', () => {
@@ -267,5 +303,17 @@ describe('scaleUp with public GH', () => {
         repoName: `${TEST_DATA.repositoryOwner}/${TEST_DATA.repositoryName}`,
       });
     });
+
+    it('creates a runner and ensure the group argument is ignored', async () => {
+      process.env.RUNNER_EXTRA_LABELS = 'label1,label2';
+      process.env.RUNNER_GROUP_NAME = 'TEST_GROUP_IGNORED';
+      await scaleUp('aws:sqs', TEST_DATA);
+      expect(createRunner).toBeCalledWith({
+        environment: 'unit-test-environment',
+        runnerConfig: `--url https://github.com/${TEST_DATA.repositoryOwner}/${TEST_DATA.repositoryName} --token 1234abcd --labels label1,label2`,
+        orgName: undefined,
+        repoName: `${TEST_DATA.repositoryOwner}/${TEST_DATA.repositoryName}`,
+      });
+    });
   });
 });

modules/runners/lambdas/runners/src/scale-runners/scale-up.ts

@@ -15,6 +15,7 @@ export const scaleUp = async (eventSource: string, payload: ActionRequestMessage
   const enableOrgLevel = yn(process.env.ENABLE_ORGANIZATION_RUNNERS, { default: true });
   const maximumRunners = parseInt(process.env.RUNNERS_MAXIMUM_COUNT || '3');
   const runnerExtraLabels = process.env.RUNNER_EXTRA_LABELS;
+  const runnerGroup = process.env.RUNNER_GROUP_NAME;
   const environment = process.env.ENVIRONMENT as string;
   const ghesBaseUrl = process.env.GHES_URL as string;
 
@@ -58,11 +59,12 @@ export const scaleUp = async (eventSource: string, payload: ActionRequestMessage
       const token = registrationToken.data.token;
 
       const labelsArgument = runnerExtraLabels !== undefined ? `--labels ${runnerExtraLabels}` : '';
+      const runnerGroupArgument = runnerGroup !== undefined ? ` --runnergroup ${runnerGroup}` : '';
       const configBaseUrl = ghesBaseUrl ? ghesBaseUrl : 'https://github.com';
       await createRunner({
         environment: environment,
         runnerConfig: enableOrgLevel
-          ? `--url ${configBaseUrl}/${payload.repositoryOwner} --token ${token} ${labelsArgument}`
+          ? `--url ${configBaseUrl}/${payload.repositoryOwner} --token ${token} ${labelsArgument}${runnerGroupArgument}`
           : `--url ${configBaseUrl}/${payload.repositoryOwner}/${payload.repositoryName} --token ${token} ${labelsArgument}`,
         orgName: orgName,
         repoName: repoName,

modules/runners/scale-up.tf

@@ -37,15 +37,14 @@ resource "aws_lambda_function" "scale_up" {
       GITHUB_APP_KEY_BASE64       = local.github_app_key_base64
       KMS_KEY_ID                  = var.encryption.kms_key_id
       RUNNER_EXTRA_LABELS         = var.runner_extra_labels
+      RUNNER_GROUP_NAME           = var.runner_group_name
       RUNNERS_MAXIMUM_COUNT       = var.runners_maximum_count
       LAUNCH_TEMPLATE_NAME        = aws_launch_template.runner.name
       LAUNCH_TEMPLATE_VERSION     = aws_launch_template.runner.latest_version
       SUBNET_IDS                  = join(",", var.subnet_ids)
     }
   }
 
-
-
   dynamic "vpc_config" {
     for_each = var.lambda_subnet_ids != null && var.lambda_security_group_ids != null ? [true] : []
     content {
@@ -111,4 +110,4 @@ resource "aws_iam_role_policy_attachment" "scale_up_vpc_execution_role" {
   count      = length(var.lambda_subnet_ids) > 0 ? 1 : 0
   role       = aws_iam_role.scale_up.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
-}
+}

modules/runners/variables.tf

@@ -135,6 +135,12 @@ variable "runner_extra_labels" {
   default     = ""
 }
 
+variable "runner_group_name" {
+  description = "Name of the runner group."
+  type        = string
+  default     = "Default"
+}
+
 variable "lambda_zip" {
   description = "File location of the lambda zip file."
   type        = string

variables.tf

@@ -57,6 +57,12 @@ variable "runner_extra_labels" {
   default     = ""
 }
 
+variable "runner_group_name" {
+  description = "Name of the runner group."
+  type        = string
+  default     = "Default"
+}
+
 variable "webhook_lambda_zip" {
   description = "File location of the webhook lambda zip file."
   type        = string