feat!: replace Amazon Linux 2 by Amazon Linux 2023 as default Linux A…

…MI (#3437)

Replaces Amazon lLnux 2 (default) by Amazon Linux 2023. Impact for anyone relying on the default setup provided by the module.

---------

Co-authored-by: Niek Palm <npalm@users.noreply.github.com>

.github/workflows/packer-build.yml

@@ -19,7 +19,7 @@ jobs:
       image: index.docker.io/hashicorp/packer@sha256:297bbbbbbf3ce9e0431ac1e8f02934b20e1197613f877b55dfdb1ebfd94eb748 # ratchet:index.docker.io/hashicorp/packer:1.8.6
     strategy:
       matrix:
-        image: ["linux-amzn2", "windows-core-2019", "windows-core-2022", "ubuntu-focal", "ubuntu-jammy", "ubuntu-jammy-arm64"]
+        image: ["linux-al2023", "windows-core-2019", "windows-core-2022", "ubuntu-focal", "ubuntu-jammy", "ubuntu-jammy-arm64"]
     defaults:
       run:
         working-directory: images/${{ matrix.image }}

README.md

@@ -528,7 +528,7 @@ We welcome any improvement to the standard module to make the default as secure
 | <a name="input_instance_max_spot_price"></a> [instance\_max\_spot\_price](#input\_instance\_max\_spot\_price) | Max price price for spot instances per hour. This variable will be passed to the create fleet as max spot price for the fleet. | `string` | `null` | no |
 | <a name="input_instance_profile_path"></a> [instance\_profile\_path](#input\_instance\_profile\_path) | The path that will be added to the instance\_profile, if not set the environment name will be used. | `string` | `null` | no |
 | <a name="input_instance_target_capacity_type"></a> [instance\_target\_capacity\_type](#input\_instance\_target\_capacity\_type) | Default lifecycle used for runner instances, can be either `spot` or `on-demand`. | `string` | `"spot"` | no |
-| <a name="input_instance_types"></a> [instance\_types](#input\_instance\_types) | List of instance types for the action runner. Defaults are based on runner\_os (amzn2 for linux and Windows Server Core for win). | `list(string)` | <pre>[<br>  "m5.large",<br>  "c5.large"<br>]</pre> | no |
+| <a name="input_instance_types"></a> [instance\_types](#input\_instance\_types) | List of instance types for the action runner. Defaults are based on runner\_os (al2023 for linux and Windows Server Core for win). | `list(string)` | <pre>[<br>  "m5.large",<br>  "c5.large"<br>]</pre> | no |
 | <a name="input_job_queue_retention_in_seconds"></a> [job\_queue\_retention\_in\_seconds](#input\_job\_queue\_retention\_in\_seconds) | The number of seconds the job is held in the queue before it is purged. | `number` | `86400` | no |
 | <a name="input_key_name"></a> [key\_name](#input\_key\_name) | Key pair name | `string` | `null` | no |
 | <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | Optional CMK Key ARN to be used for Parameter Store. This key must be in the current account. | `string` | `null` | no |

examples/ephemeral/main.tf

@@ -71,7 +71,7 @@ module "runners" {
 
   # configure your pre-built AMI
   # enable_userdata = false
-  # ami_filter       = { name = ["github-runner-amzn2-x86_64-*"], state = ["available"] }
+  # ami_filter       = { name = ["github-runner-al2023-x86_64-*"], state = ["available"] }
   # data "aws_caller_identity" "current" {}
   # ami_owners       = [data.aws_caller_identity.current.account_id]
 

examples/prebuilt/README.md

@@ -13,7 +13,7 @@ Steps for the full setup, such as creating a GitHub app can be found in the root
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | The amis to search.  Use the default for the provided amazon linux image, `github-runner-windows-core-2019-*` for the provided Windows image | `string` | `github-runner-amzn2-x86_64-2021*` | no |
+| <a name="input_ami_filter"></a> [ami\_filter](#input\_ami\_filter) | The amis to search.  Use the default for the provided amazon linux image, `github-runner-windows-core-2019-*` for the provided Windows image | `string` | `github-runner-al2023-x86_64-2023*` | no |
 | <a name="input_github_app_key_base64"></a> [github\_app\_key\_base64](#input\_github\_app\_key\_base64) | The base64 encoded private key you downloaded from GitHub when creating the app | `string` | | yes |
 | <a name="input_github_app_id"></a> [github\_app\_id](#input\_github\_app\_id) | The id of the app you created on GitHub | `string` | | yes |
 | <a name="input_region"></a> [region](#input\_region) | The target aws region | `string` | `eu-west-1` | no |
@@ -52,13 +52,13 @@ You will need to build your image. This example deployment uses the image exampl
 
 To use your image in the terraform modules you will need to set some values on the module.
 
-Assuming you have built the `linux-amzn2` image which has a pre-defined AMI name in the following format `github-runner-amzn2-x86_64-YYYYMMDDhhmm` you can use the following values.
+Assuming you have built the `linux-al2023` image which has a pre-defined AMI name in the following format `github-runner-al2023-x86_64-YYYYMMDDhhmm` you can use the following values.
 
 ```hcl
 module "runners" {
   ...
   # set the name of the ami to use
-  ami_filter  = { name = ["github-runner-amzn2-x86_64-2021*"], state = ["available"] }
+  ami_filter        = { name = ["github-runner-al2023-x86_64-2023*"], state = ["available"] }
   # provide the owner id of
   ami_owners        = ["<your owner id>"]
 
@@ -128,7 +128,7 @@ terraform output webhook_secret
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ami_name_filter"></a> [ami\_name\_filter](#input\_ami\_name\_filter) | n/a | `string` | `"github-runner-amzn2-x86_64-*"` | no |
+| <a name="input_ami_name_filter"></a> [ami\_name\_filter](#input\_ami\_name\_filter) | n/a | `string` | `"github-runner-al2023-x86_64-*"` | no |
 | <a name="input_github_app"></a> [github\_app](#input\_github\_app) | GitHub for API usages. | <pre>object({<br>    id         = string<br>    key_base64 = string<br>  })</pre> | n/a | yes |
 | <a name="input_runner_os"></a> [runner\_os](#input\_runner\_os) | n/a | `string` | `"linux"` | no |
 

examples/prebuilt/variables.tf

@@ -14,5 +14,5 @@ variable "runner_os" {
 
 variable "ami_name_filter" {
   type    = string
-  default = "github-runner-amzn2-x86_64-*"
+  default = "github-runner-al2023-x86_64-*"
 }

images/README.md

@@ -4,14 +4,14 @@ The images inside this folder are pre-built images designed to shorten the boot
 
 These images share the same scripting as used in the user-data mechanism in `/modules/runners/templates/`. We use a `templatefile` mechanism to insert the relevant script fragments into the scripts used for provisioning the images.
 
-The examples in `linux-amzn2` and `windows-core-2019` also upload a `start-runner` script that uses the exact same startup process as used in the user-data mechanism. This means that the image created here does not need any extra scripts injected or changes to boot up and connect to GH.
+The examples in `linux-al2023` and `windows-core-2019` also upload a `start-runner` script that uses the exact same startup process as used in the user-data mechanism. This means that the image created here does not need any extra scripts injected or changes to boot up and connect to GH.
 
 ## Building your own
 
 To build these images you first need to install packer.
 You will also need an amazon account and to have provisioned your credentials for packer to consume.
 
-Assuming you are building the `linux-amzn2` image. Then run the following from within the `linux-amzn2` folder
+Assuming you are building the `linux-al2023` image. Then run the following from within the `linux-al2023` folder
 
 ```bash
 packer init .
@@ -25,12 +25,12 @@ Your image will then begin to build inside AWS and when finished you will be pro
 
 To use your image in the terraform modules you will need to set some values on the module.
 
-Assuming you have built the `linux-amzn2` image which has a pre-defined AMI name in the following format `github-runner-amzn2-x86_64-YYYYMMDDhhmm` you can use the following values.
+Assuming you have built the `linux-al2023` image which has a pre-defined AMI name in the following format `github-runner-al2023-x86_64-YYYYMMDDhhmm` you can use the following values.
 
 ```hcl
 # set the name of the ami to use
-ami_filter        = { name = ["github-runner-amzn2-x86_64-2021*"] }
-# provide the owner id of 
+ami_filter        = { name = ["github-runner-al2023-x86_64-2023*"] }
+# provide the owner id of
 ami_owners        = ["<your owner id>"]
 
 enable_userdata = false

images/linux-amzn2/github_agent.linux.pkr.hcl → images/linux-al2023/github_agent.linux.pkr.hcl

@@ -96,7 +96,7 @@ locals {
 }
 
 source "amazon-ebs" "githubrunner" {
-  ami_name                                  = "github-runner-amzn2-x86_64-${formatdate("YYYYMMDDhhmm", timestamp())}"
+  ami_name                                  = "github-runner-al2023-x86_64-${formatdate("YYYYMMDDhhmm", timestamp())}"
   instance_type                             = var.instance_type
   region                                    = var.region
   security_group_id                         = var.security_group_id
@@ -106,7 +106,7 @@ source "amazon-ebs" "githubrunner" {
 
   source_ami_filter {
     filters = {
-      name                = "amzn2-ami-kernel-5.*-hvm-*-x86_64-gp2"
+      name                = "al2023-ami-2023.*-kernel-6.*-x86_64"
       root-device-type    = "ebs"
       virtualization-type = "hvm"
     }
@@ -118,7 +118,7 @@ source "amazon-ebs" "githubrunner" {
     var.global_tags,
     var.ami_tags,
     {
-      OS_Version    = "amzn2"
+      OS_Version    = "al2023"
       Release       = "Latest"
       Base_AMI_Name = "{{ .SourceAMIName }}"
   })
@@ -144,9 +144,9 @@ build {
   provisioner "shell" {
     environment_vars = []
     inline = concat([
-      "sudo yum update -y",
-      "sudo yum install -y amazon-cloudwatch-agent curl jq git",
-      "sudo amazon-linux-extras install docker",
+      "sudo dnf upgrade-minimal -y",
+      "sudo dnf install -y amazon-cloudwatch-agent jq git docker",
+      "sudo dnf install -y --allowerasing curl",
       "sudo systemctl enable docker.service",
       "sudo systemctl enable containerd.service",
       "sudo service docker start",