Merge pull request #2601 from philips-labs/develop

chore: Release

Author: npalm

.github/workflows/auto-approve-dependabot.yml

@@ -14,6 +14,6 @@ jobs:
     if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
     runs-on: ubuntu-latest
     steps:
-      - uses: hmarr/auto-approve-action@v2.4.0
+      - uses: hmarr/auto-approve-action@v3.1.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/release.yml

@@ -20,7 +20,7 @@ jobs:
         id: lambda
         env:
           LAMBDA: ${{ matrix.lambda }}
-        run: echo ::set-output name=name::${LAMBDA##*/}
+        run: echo "name=${LAMBDA##*/}" >> $GITHUB_OUTPUT
       - uses: actions/checkout@v3
       - name: Add zip
         run: apt update && apt install zip

.github/workflows/semantic-check.yml

@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - uses: amannn/action-semantic-pull-request@v4
+      - uses: amannn/action-semantic-pull-request@v5
         name: Check PR for Semantic Commit Message
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -329,6 +329,8 @@ export interface GithubWorkflowEvent {
 This extendible format allows to add more fields to be added if needed.
 You can configure the queue by setting properties to `workflow_job_events_queue_config`
 
+NOTE: By default, a runner AMI update requires a re-apply of this terraform config (the runner AMI ID is looked up by a terraform data source). To avoid this, you can use `ami_id_ssm_parameter_name` to have the scale-up lambda dynamically lookup the runner AMI ID from an SSM parameter at instance launch time. Said SSM parameter is managed outside of this module (e.g. by a runner AMI build workflow).
+
 ## Examples
 
 Examples are located in the [examples](./examples) directory. The following examples are provided:
@@ -419,6 +421,7 @@ We welcome any improvement to the standard module to make the default as secure
 |------|-------------|------|---------|:--------:|
 | <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | List of maps used to create the AMI filter for the action runner AMI. By default amazon linux 2 is used. | `map(list(string))` | `null` | no |
 | <a name="input_ami_owners"></a> [ami\_owners](#input\_ami\_owners) | The list of owners used to select the AMI of action runner instances. | `list(string)` | <pre>[<br>  "amazon"<br>]</pre> | no |
+| <a name="input_ami_id_ssm_parameter_name"></a> [ami\_id\_ssm\_parameter\_name](#input\_ami\_id\_ssm\_parameter\_name) | Optional SSM parameter that contains the runner AMI ID to launch instances from. Overrides `ami_filter`. The parameter value is managed outside of this module (e.g. in a runner AMI build workflow). This allows for AMI updates without having to re-apply this terraform config. | `string` | `null` | no |
 | <a name="input_aws_partition"></a> [aws\_partition](#input\_aws\_partition) | (optiona) partition in the arn namespace to use if not 'aws' | `string` | `"aws"` | no |
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region. | `string` | n/a | yes |
 | <a name="input_block_device_mappings"></a> [block\_device\_mappings](#input\_block\_device\_mappings) | The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`, `throughput`, `kms_key_id`, `snapshot_id`. | <pre>list(object({<br>    delete_on_termination = bool<br>    device_name           = string<br>    encrypted             = bool<br>    iops                  = number<br>    kms_key_id            = string<br>    snapshot_id           = string<br>    throughput            = number<br>    volume_size           = number<br>    volume_type           = string<br>  }))</pre> | <pre>[<br>  {<br>    "delete_on_termination": true,<br>    "device_name": "/dev/xvda",<br>    "encrypted": true,<br>    "iops": null,<br>    "kms_key_id": null,<br>    "snapshot_id": null,<br>    "throughput": null,<br>    "volume_size": 30,<br>    "volume_type": "gp3"<br>  }<br>]</pre> | no |

examples/prebuilt/main.tf

@@ -45,6 +45,10 @@ module "runners" {
   ami_filter       = { name = [var.ami_name_filter] }
   ami_owners       = [data.aws_caller_identity.current.account_id]
 
+  # Look up runner AMI ID from an AWS SSM parameter (overrides ami_filter at instance launch time)
+  # NOTE: the parameter must be managed outside of this module (e.g. in a runner AMI build workflow)
+  # ami_id_ssm_parameter_name = "my-runner-ami-id"
+
   # disable binary syncer since github agent is already installed in the AMI.
   enable_runner_binaries_syncer = false
 

main.tf

@@ -178,9 +178,10 @@ module "runners" {
   instance_max_spot_price       = var.instance_max_spot_price
   block_device_mappings         = var.block_device_mappings
 
-  runner_architecture = var.runner_architecture
-  ami_filter          = var.ami_filter
-  ami_owners          = var.ami_owners
+  runner_architecture       = var.runner_architecture
+  ami_filter                = var.ami_filter
+  ami_owners                = var.ami_owners
+  ami_id_ssm_parameter_name = var.ami_id_ssm_parameter_name
 
   sqs_build_queue                      = aws_sqs_queue.queued_builds
   github_app_parameters                = local.github_app_parameters

modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/package.json

@@ -15,26 +15,26 @@
     "format-check": "prettier --check \"**/*.ts\""
   },
   "devDependencies": {
-    "@octokit/rest": "^19.0.4",
-    "@trivago/prettier-plugin-sort-imports": "^3.3.0",
-    "@types/jest": "^27.5.0",
-    "@types/node": "^18.8.4",
+    "@octokit/rest": "^19.0.5",
+    "@trivago/prettier-plugin-sort-imports": "^3.4.0",
+    "@types/jest": "^29.1.2",
+    "@types/node": "^18.11.8",
     "@types/request": "^2.48.8",
     "@typescript-eslint/eslint-plugin": "^4.33.0",
     "@typescript-eslint/parser": "^4.33.0",
     "@vercel/ncc": "^0.34.0",
-    "aws-sdk": "^2.1231.0",
+    "aws-sdk": "^2.1243.0",
     "eslint": "^7.32.0",
     "eslint-plugin-prettier": "4.2.1",
-    "jest": "^29.1",
-    "jest-mock": "^29.1.2",
+    "jest": "^29.2",
+    "jest-mock": "^29.2.1",
     "prettier": "2.7.1",
     "ts-jest": "^29.0.3",
     "ts-node-dev": "^2.0.0",
     "typescript": "^4.8.4"
   },
   "dependencies": {
-    "axios": "^1.1.2",
+    "axios": "^1.1.3",
     "tslog": "^3.3.4"
   }
 }