"]
enabled_userdata = false
diff --git a/examples/prebuilt/main.tf b/examples/prebuilt/main.tf
index 9134dfc464..7b135555b1 100644
--- a/examples/prebuilt/main.tf
+++ b/examples/prebuilt/main.tf
@@ -15,7 +15,8 @@ module "runners" {
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
- prefix = local.environment
+ prefix = local.environment
+ enable_organization_runners = false
github_app = {
key_base64 = var.github_app_key_base64
@@ -36,6 +37,9 @@ module "runners" {
ami_filter = { name = [var.ami_name_filter] }
ami_owners = [data.aws_caller_identity.current.account_id]
+ # disable binary syncer since github agent is already installed in the AMI.
+ enable_runner_binaries_syncer = false
+
# enable access to the runners via SSM
enable_ssm_on_runners = true
diff --git a/examples/prebuilt/outputs.tf b/examples/prebuilt/outputs.tf
index c50214f566..a922cb4f5c 100644
--- a/examples/prebuilt/outputs.tf
+++ b/examples/prebuilt/outputs.tf
@@ -1,9 +1,3 @@
-output "runners" {
- value = {
- lambda_syncer_name = module.runners.binaries_syncer.lambda.function_name
- }
-}
-
output "webhook_endpoint" {
value = module.runners.webhook.endpoint
}
diff --git a/images/linux-amzn2/github_agent.linux.pkr.hcl b/images/linux-amzn2/github_agent.linux.pkr.hcl
index 2c7a92f04d..54ef6664f6 100644
--- a/images/linux-amzn2/github_agent.linux.pkr.hcl
+++ b/images/linux-amzn2/github_agent.linux.pkr.hcl
@@ -10,7 +10,7 @@ packer {
variable "runner_version" {
description = "The version (no v prefix) of the runner software to install https://github.com/actions/runner/releases"
type = string
- default = "2.286.1"
+ default = "2.295.0"
}
variable "region" {
diff --git a/main.tf b/main.tf
index feee260e79..93345da007 100644
--- a/main.tf
+++ b/main.tf
@@ -3,7 +3,6 @@ locals {
"ghr:environment" = var.prefix
})
- s3_action_runner_url = var.enable_runner_binaries_syncer ? "s3://${module.runner_binaries[0].bucket.id}/${module.runner_binaries[0].runner_distribution_object_key}" : null
github_app_parameters = {
id = module.ssm.parameters.github_app_id
key_base64 = module.ssm.parameters.github_app_key_base64
@@ -134,8 +133,14 @@ module "runners" {
prefix = var.prefix
tags = local.tags
- s3_bucket_runner_binaries = var.enable_runner_binaries_syncer ? module.runner_binaries[0].bucket : null
- s3_location_runner_binaries = local.s3_action_runner_url
+ # s3_bucket_runner_binaries = var.enable_runner_binaries_syncer ? module.runner_binaries[0].bucket : null
+ # s3_location_runner_binaries = local.s3_action_runner_url
+ # var.enable_runner_binaries_syncer ? "s3://${module.runner_binaries[0].bucket.id}/${module.runner_binaries[0].runner_distribution_object_key}" : null
+ s3_runner_binaries = var.enable_runner_binaries_syncer ? {
+ arn = module.runner_binaries[0].bucket.arn
+ id = module.runner_binaries[0].bucket.id
+ key = module.runner_binaries[0].runner_distribution_object_key
+ } : null
runner_os = var.runner_os
instance_types = var.instance_types
diff --git a/modules/runners/README.md b/modules/runners/README.md
index 1778f34269..6fb103555a 100644
--- a/modules/runners/README.md
+++ b/modules/runners/README.md
@@ -127,6 +127,7 @@ yarn run dist
| [enable\_job\_queued\_check](#input\_enable\_job\_queued\_check) | Only scale if the job event received by the scale up lambda is is in the state queued. By default enabled for non ephemeral runners and disabled for ephemeral. Set this variable to overwrite the default behavior. | `bool` | `null` | no |
| [enable\_managed\_runner\_security\_group](#input\_enable\_managed\_runner\_security\_group) | Enabling the default managed security group creation. Unmanaged security groups can be specified via `runner_additional_security_group_ids`. | `bool` | `true` | no |
| [enable\_organization\_runners](#input\_enable\_organization\_runners) | n/a | `bool` | n/a | yes |
+| [enable\_runner\_binaries\_syncer](#input\_enable\_runner\_binaries\_syncer) | Option to disable the lambda to sync GitHub runner distribution, usefull when using a pre-build AMI. | `bool` | `true` | no |
| [enable\_runner\_detailed\_monitoring](#input\_enable\_runner\_detailed\_monitoring) | Enable detailed monitoring for runners | `bool` | `false` | no |
| [enable\_ssm\_on\_runners](#input\_enable\_ssm\_on\_runners) | Enable to allow access to the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. | `bool` | n/a | yes |
| [enabled\_userdata](#input\_enabled\_userdata) | Should the userdata script be enabled for the runner. Set this to false if you are using your own prebuilt AMI | `bool` | `true` | no |
@@ -180,8 +181,7 @@ yarn run dist
| [runners\_lambda\_s3\_key](#input\_runners\_lambda\_s3\_key) | S3 key for runners lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no |
| [runners\_lambda\_s3\_object\_version](#input\_runners\_lambda\_s3\_object\_version) | S3 object version for runners lambda function. Useful if S3 versioning is enabled on source bucket. | `any` | `null` | no |
| [runners\_maximum\_count](#input\_runners\_maximum\_count) | The maximum number of runners that will be created. | `number` | `3` | no |
-| [s3\_bucket\_runner\_binaries](#input\_s3\_bucket\_runner\_binaries) | n/a | object({
arn = string
})
| n/a | yes |
-| [s3\_location\_runner\_binaries](#input\_s3\_location\_runner\_binaries) | S3 location of runner distribution. | `string` | n/a | yes |
+| [s3\_runner\_binaries](#input\_s3\_runner\_binaries) | Bucket details for cached GitHub binary. | object({
arn = string
id = string
key = string
})
| n/a | yes |
| [scale\_down\_schedule\_expression](#input\_scale\_down\_schedule\_expression) | Scheduler expression to check every x for scale down. | `string` | `"cron(*/5 * * * ? *)"` | no |
| [scale\_up\_reserved\_concurrent\_executions](#input\_scale\_up\_reserved\_concurrent\_executions) | Amount of reserved concurrent executions for the scale-up lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. | `number` | `1` | no |
| [sqs\_build\_queue](#input\_sqs\_build\_queue) | SQS queue to consume accepted build events. | object({
arn = string
})
| n/a | yes |
diff --git a/modules/runners/main.tf b/modules/runners/main.tf
index d1455ea501..7fea4e8940 100644
--- a/modules/runners/main.tf
+++ b/modules/runners/main.tf
@@ -122,11 +122,10 @@ resource "aws_launch_template" "runner" {
)
}
-
user_data = var.enabled_userdata ? base64encode(templatefile(local.userdata_template, {
pre_install = var.userdata_pre_install
install_runner = templatefile(local.userdata_install_runner[var.runner_os], {
- S3_LOCATION_RUNNER_DISTRIBUTION = var.enable_runner_binaries_syncer ? var.s3_location_runner_binaries : ""
+ S3_LOCATION_RUNNER_DISTRIBUTION = var.enable_runner_binaries_syncer ? "s3://${var.s3_runner_binaries.id}/${var.s3_runner_binaries.key}" : ""
RUNNER_ARCHITECTURE = var.runner_architecture
})
post_install = var.userdata_post_install
diff --git a/modules/runners/policies-runner.tf b/modules/runners/policies-runner.tf
index 920c7e0c92..49f6b903de 100644
--- a/modules/runners/policies-runner.tf
+++ b/modules/runners/policies-runner.tf
@@ -39,7 +39,7 @@ resource "aws_iam_role_policy" "dist_bucket" {
role = aws_iam_role.runner.name
policy = templatefile("${path.module}/policies/instance-s3-policy.json",
{
- s3_arn = var.s3_bucket_runner_binaries.arn
+ s3_arn = "${var.s3_runner_binaries.arn}/${var.s3_runner_binaries.key}"
}
)
}
diff --git a/modules/runners/policies/instance-s3-policy.json b/modules/runners/policies/instance-s3-policy.json
index 68d21ebce6..65d8f84b22 100644
--- a/modules/runners/policies/instance-s3-policy.json
+++ b/modules/runners/policies/instance-s3-policy.json
@@ -5,7 +5,7 @@
"Sid": "githubActionDist",
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:GetObjectAcl"],
- "Resource": ["${s3_arn}/*"]
+ "Resource": ["${s3_arn}"]
}
]
}
diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf
index ed2b10b4aa..60c1d25e62 100644
--- a/modules/runners/variables.tf
+++ b/modules/runners/variables.tf
@@ -46,17 +46,15 @@ variable "prefix" {
default = "github-actions"
}
-variable "s3_bucket_runner_binaries" {
+variable "s3_runner_binaries" {
+ description = "Bucket details for cached GitHub binary."
type = object({
arn = string
+ id = string
+ key = string
})
}
-variable "s3_location_runner_binaries" {
- description = "S3 location of runner distribution."
- type = string
-}
-
variable "block_device_mappings" {
description = "The EC2 instance block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`, `throughput`, `kms_key_id`, `snapshot_id`."
type = list(object({
diff --git a/outputs.tf b/outputs.tf
index 691448d5f2..70e1759247 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -17,7 +17,7 @@ output "binaries_syncer" {
value = var.enable_runner_binaries_syncer ? {
lambda = module.runner_binaries[0].lambda
lambda_role = module.runner_binaries[0].lambda_role
- location = local.s3_action_runner_url
+ location = "s3://${module.runner_binaries[0].bucket.id}/module.runner_binaries[0].bucket.key"
bucket = module.runner_binaries[0].bucket
} : null
}