forked from philips-labs/terraform-aws-github-runner
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: migrate webhook runner configuration to SSM (philips-labs#3728)
This PR migrates the confugration for the webhook from environment variables to SSM to avoid the maximum size of environment variables is reached. ## Implementation The webhook will read the configuration from SSM as json string. As long the lambda is hot the configuration is cached to speed-up the lambda time. In cases of configuration changes Lambda resources will be re-created by Terraform to ensure no cached values are used. fix: philips-labs#3594 --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Niek Palm <npalm@users.noreply.github.com> Co-authored-by: Niek Palm <niek.palm@philips.com>
- Loading branch information
1 parent
1487f84
commit 32492e3
Showing
24 changed files
with
164 additions
and
73 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,39 @@ | ||
import { QueueConfig } from './sqs'; | ||
import { getParameter } from '@terraform-aws-github-runner/aws-ssm-util'; | ||
import { RunnerMatcherConfig } from './sqs'; | ||
import { logger } from '@terraform-aws-github-runner/aws-powertools-util'; | ||
|
||
export class Config { | ||
public repositoryAllowList: Array<string>; | ||
public queuesConfig: Array<QueueConfig>; | ||
public workflowJobEventSecondaryQueue; | ||
|
||
constructor() { | ||
const repositoryAllowListEnv = process.env.REPOSITORY_ALLOW_LIST || '[]'; | ||
this.repositoryAllowList = JSON.parse(repositoryAllowListEnv) as Array<string>; | ||
const queuesConfigEnv = process.env.RUNNER_CONFIG || '[]'; | ||
this.queuesConfig = JSON.parse(queuesConfigEnv) as Array<QueueConfig>; | ||
this.workflowJobEventSecondaryQueue = process.env.SQS_WORKFLOW_JOB_QUEUE || undefined; | ||
repositoryAllowList: Array<string>; | ||
static matcherConfig: Array<RunnerMatcherConfig> | undefined; | ||
static webhookSecret: string | undefined; | ||
workflowJobEventSecondaryQueue: string | undefined; | ||
|
||
constructor(repositoryAllowList: Array<string>, workflowJobEventSecondaryQueue: string | undefined) { | ||
this.repositoryAllowList = repositoryAllowList; | ||
|
||
this.workflowJobEventSecondaryQueue = workflowJobEventSecondaryQueue; | ||
} | ||
|
||
static async load(): Promise<Config> { | ||
const repositoryAllowListEnv = process.env.REPOSITORY_ALLOW_LIST ?? '[]'; | ||
const repositoryAllowList = JSON.parse(repositoryAllowListEnv) as Array<string>; | ||
// load parallel config if not cached | ||
if (!Config.matcherConfig) { | ||
const matcherConfigPath = | ||
process.env.PARAMETER_RUNNER_MATCHER_CONFIG_PATH ?? '/github-runner/runner-matcher-config'; | ||
const [matcherConfigVal, webhookSecret] = await Promise.all([ | ||
getParameter(matcherConfigPath), | ||
getParameter(process.env.PARAMETER_GITHUB_APP_WEBHOOK_SECRET), | ||
]); | ||
Config.webhookSecret = webhookSecret; | ||
Config.matcherConfig = JSON.parse(matcherConfigVal) as Array<RunnerMatcherConfig>; | ||
logger.debug('Loaded queues config', { matcherConfig: Config.matcherConfig }); | ||
} | ||
const workflowJobEventSecondaryQueue = process.env.SQS_WORKFLOW_JOB_QUEUE ?? undefined; | ||
return new Config(repositoryAllowList, workflowJobEventSecondaryQueue); | ||
} | ||
|
||
static reset(): void { | ||
Config.matcherConfig = undefined; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.