feat: add project assets

cruxstack · Aug 2, 2023 · 4f6c128 · 4f6c128
1 parent b0aa224
commit 4f6c128
Show file tree

Hide file tree

Showing 15 changed files with 745 additions and 40 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,27 +1,38 @@
-FROM mcr.microsoft.com/devcontainers/base:jammy
+FROM mcr.microsoft.com/vscode/devcontainers/base:jammy
 
-# Install AWS CLI
-RUN apt-get update && \
-    apt-get install -y unzip python3-pip && \
-    pip3 install --no-cache-dir --upgrade awscli && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
-
-# Install Docker CLI
-COPY --from=docker:dind /usr/local/bin/docker /usr/local/bin/
+# install aws
+RUN SYSTEM_ARCH=$(uname -m) \
+    && curl "https://awscli.amazonaws.com/awscli-exe-linux-${SYSTEM_ARCH}.zip" -o "awscliv2.zip" \
+    && unzip awscliv2.zip \
+    && aws/install \
+    && aws --version \
+    && rm -rf aws
 
-# Install Terraform
+# install terraform
 ENV TERRAFORM_VERSION=1.5.1
 ENV TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache
+RUN mkdir -p $TF_PLUGIN_CACHE_DIR
 RUN SYSTEM_ARCH=$(dpkg --print-architecture) \
-    && mkdir -p $TF_PLUGIN_CACHE_DIR \
     && curl -OL https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_${SYSTEM_ARCH}.zip \
     && unzip terraform_${TERRAFORM_VERSION}_linux_${SYSTEM_ARCH}.zip \
     && mv terraform /usr/local/bin/ \
     && terraform version \
     && rm terraform_${TERRAFORM_VERSION}_linux_${SYSTEM_ARCH}.zip
 
-# Verify Installs
+# install docker
+COPY --from=docker:dind /usr/local/bin/docker /usr/local/bin/
+
+# install pip
+RUN apt-get update
+RUN apt-get install -y \
+    python3-pip
+
+# install python packages
+RUN python3 -m pip install \
+    boto3 \
+    black
+
+# verify installs
 RUN terraform --version \
     && aws --version \
     && docker --version
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -4,8 +4,11 @@
   "features": {
     "ghcr.io/devcontainers/features/docker-in-docker:2.0.1": {},
   },
+  "mounts": [
+    "source=${localEnv:HOME}/.aws,target=/home/vscode/.aws,type=bind,consistency=cached"
+  ],
   "containerEnv": {
-    "TF_PLUGIN_CACHE_DIR": "/workspaces/terraform-aws-github-runner/.devcontainer/tmp/.terraform.d/"
+    "TF_PLUGIN_CACHE_DIR": "${containerWorkspaceFolder}/.devcontainer/tmp/.terraform.d/"
   },
   "customizations": {
     "vscode": {
@@ -17,21 +20,27 @@
         "editor.formatOnType": false,
         "editor.inlineSuggest.enabled": true,
         "terminal.integrated.shell.linux": "/bin/bash",
+        "python.formatting.provider": "black",
+        "python.defaultInterpreterPath": "/usr/bin/python3",
         "[markdown]": {
           "editor.rulers": [
             80
           ]
-        }
+        },
+        "[python]": {
+          "editor.defaultFormatter": "ms-python.black-formatter"
+        },
       },
       "extensions": [
         "darkriszty.markdown-table-prettify",
-        "dbaeumer.vscode-eslint",
         "editorconfig.editorconfig",
         "github.copilot",
+        "github.copilot-chat",
         "github.vscode-github-actions",
+        "github.vscode-pull-request-github",
         "hashicorp.terraform",
         "ms-azuretools.vscode-docker",
-        "tsandall.opa",
+        "ms-python.black-formatter",
         "VisualStudioExptTeam.vscodeintellicode",
       ],
     }

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -14,11 +14,10 @@ The development container is based on Ubuntu 22.04 (Jammy) and includes the
 following tools:
 
 - AWS CLI
-- Node.js
-- TypeScript
+- Python v3.8
+- Python Packages: `boto3`, `black`
 - Docker CLI
 - Terraform
-- Open Policy Agent
 
 ### Prerequisites
 

diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Brian Ojeda
+Copyright (c) 2023 CruxStack LLC
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -1,43 +1,73 @@
-# Terraform Module: AWS GitHub Runner
+# Terraform Module: AWS GitHub Action Runner
 
-This project is under development. See `dev` branch for latest activity.
+This Terraform module deploys autoscaling, self-hosted GitHub Action runners on
+dedicated EC2 instances. It is an extension of the popular [`philips-labs/github-runner/aws` module](https://github.com/philips-labs/terraform-aws-github-runner),
+ with additional features to add value to your GitHub Action runners.
 
-## Prerequisites
+## Features
 
-- Terraform v0.13.0 or newer
-- An AWS account
+- **Auto-Scaling Runners**: Automatically scales the number of runners based on
+  demand.
+- **Ephemeral Runners**: Provides an option to use ephemeral runners that are
+  destroyed after use.
+- **Tag-Based Runner Assignment**: Uses tags to assign runners to specific
+  tasks.
+- **Custom Runner Configuration**: Allows custom configuration of runners,
+  including instance types, AMIs, and more.
+- **Instance Store RAID**: If more than 2 instance stores are detected, they are
+  combined into a `RAID0` configuration for improved performance.
+- **Automated Docker Login**: If custom Docker authentication is configured, the
+  runners will automatically perform a `docker login`.
 
 ## Usage
 
 ```hcl
 module "github_runner" {
-  source  = "sgtoj/teleport-cluster/aws"
+  source  = "cruxstack/github-runner/aws"
   version = "x.x.x"
 
-  # TBD
+  github_app_secrets = {
+    id  = "your_github_app_id"
+    key = "your_github_app_key"
+  }
+
+  github_organization = "your_github_organization_name"
 }
 ```
 
-## Requirements
-
-- Terraform 0.13.0 or later
-- AWS provider
-
 ## Inputs
 
 In addition to the variables documented below, this module includes several
 other optional variables (e.g., `name`, `tags`, etc.) provided by the
 `cloudposse/label/null` module. Please refer to the [`cloudposse/label` documentation](https://registry.terraform.io/modules/cloudposse/label/null/latest) for more details on these variables.
 
-| Name                                 | Description                                                                                                   |                 Type                 | Default  | Required |
-|--------------------------------------|---------------------------------------------------------------------------------------------------------------|:------------------------------------:|:--------:|:--------:|
-| `placehold`               | N/A           |                string                |   null   |    No    |
+| Name                                 | Description                                                                                 | Type           | Default                               | Required |
+|--------------------------------------|---------------------------------------------------------------------------------------------|----------------|---------------------------------------|:--------:|
+| `github_app_secrets`                 | Object containing `id` and `key` for the GitHub app.                                        | `object`       | n/a                                   |   yes    |
+| `github_organization`                | Name of the GitHub organization.                                                            | `string`       | n/a                                   |   yes    |
+| `github_app_webhook_password`        | Password for the GitHub app webhook. An empty string implies a randomly generated password. | `string`       | `""`                                  |    no    |
+| `github_organization_runner_enabled` | Toggle to activate runners for all projects in the organization.                            | `bool`         | `true`                                |    no    |
+| `runner_ephemeral_mode_enabled`      | Toggle to activate ephemeral runners.                                                       | `bool`         | `false`                               |    no    |
+| `runner_version`                     | Version of the GitHub Action runner.                                                        | `string`       | n/a                                   |   yes    |
+| `runner_os`                          | Operating system for the GitHub Action runner.                                              | `string`       | `"linux"`                             |    no    |
+| `instance_ami_name`                  | Name of the Amazon Machine Image (AMI) for the GitHub Action runner.                        | `string`       | `"al2023-ami-2023.*-kernel-*-x86_64"` |    no    |
+| `instance_types`                     | Set of instance types for the action runner.                                                | `set(string)`  | `["m5ad.large", "m5d.large"]`         |    no    |
+| `instance_lifecycle_type`            | Lifecycle type for action runner instances. Options: `spot` or `on-demand`.                 | `string`       | `"spot"`                              |    no    |
+| `log_retention`                      | Retention period (in days) for logs in CloudWatch.                                          | `number`       | `90`                                  |    no    |
+| `vpc_id`                             | ID of the Virtual Private Cloud (VPC).                                                      | `string`       | n/a                                   |   yes    |
+| `vpc_subnet_ids`                     | List of subnet IDs within the VPC.                                                          | `list(string)` | n/a                                   |   yes    |
+| `aws_region_name`                    | AWS region.                                                                                 | `string`       | `""`                                  |    no    |
+| `aws_account_id`                     | AWS account ID.                                                                             | `string`       | `""`                                  |    no    |
+| `aws_kv_namespace`                   | Namespace or prefix for AWS SSM parameters and similar resources.                           | `string`       | `""`                                  |    no    |
 
 ## Outputs
 
-| Name                                | Description                                                                   |
-|-------------------------------------|-------------------------------------------------------------------------------|
-| `placehold`                   |  N/A                                      |
+| Name               | Description                                     |
+|--------------------|-------------------------------------------------|
+| `runners`          | Information about the runner resources created. |
+| `webhook_endpoint` | Endpoint for the webhook resources.             |
+| `webhook_password` | Password for the webhook resources.             |
+
 
 ## Contributing