From 2c44565b6531ed6500f276666f03701d7848612a Mon Sep 17 00:00:00 2001 From: Dev Shah Date: Thu, 24 Mar 2022 12:49:30 -0400 Subject: [PATCH 1/4] Add delay between subsequent AWS ssm calls --- modules/runners/lambdas/runners/src/aws/runners.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/runners/lambdas/runners/src/aws/runners.ts b/modules/runners/lambdas/runners/src/aws/runners.ts index f5f8e449a6..7f8bfdf460 100644 --- a/modules/runners/lambdas/runners/src/aws/runners.ts +++ b/modules/runners/lambdas/runners/src/aws/runners.ts @@ -203,6 +203,8 @@ export async function createRunner(runnerParameters: RunnerInputParameters): Pro logger.info('Created instance(s): ', instances.join(','), LogFields.print()); const ssm = new SSM(); + const delay = async (ms: number) => new Promise((resolve) => setTimeout(resolve, ms)); + for (const instance of instances) { await ssm .putParameter({ @@ -211,5 +213,6 @@ export async function createRunner(runnerParameters: RunnerInputParameters): Pro Type: 'SecureString', }) .promise(); + await delay(25); } } From 1a36daeb6f912764e852295e9921ced70d900b39 Mon Sep 17 00:00:00 2001 From: Dev Shah Date: Thu, 24 Mar 2022 12:58:59 -0400 Subject: [PATCH 2/4] Remove and modify workflows to work with our GA setup --- .github/workflows/auto-approve-dependabot.yml | 19 ------ .../lambda-runner-binaries-syncer.yml | 6 +- .github/workflows/lambda-runners.yml | 6 +- .github/workflows/lambda-webhook.yml | 6 +- .github/workflows/packer-build.yml | 9 ++- .github/workflows/terraform.yml | 67 ------------------- 6 files changed, 13 insertions(+), 100 deletions(-) delete mode 100644 .github/workflows/auto-approve-dependabot.yml delete mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/auto-approve-dependabot.yml b/.github/workflows/auto-approve-dependabot.yml deleted file mode 100644 index f6418e70ac..0000000000 --- a/.github/workflows/auto-approve-dependabot.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Auto approve dependabot - -# Warning: The pull_request_target event is granted a read/write repository -# token and can access secrets, even when it is triggered from a fork. Although -# the workflow runs in the context of the base of the pull request, you should -# make sure that you do not check out, build, or run untrusted code from the -# pull request with this event. Additionally, any caches share the same scope as -# the base branch, and to help prevent cache poisoning, you should not save the -# cache if there is a possibility that the cache contents were altered. -on: pull_request_target - -jobs: - approve: - if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' - runs-on: ubuntu-latest - steps: - - uses: hmarr/auto-approve-action@v2.1.0 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/lambda-runner-binaries-syncer.yml b/.github/workflows/lambda-runner-binaries-syncer.yml index 76fc7c4624..bdb86b5acf 100644 --- a/.github/workflows/lambda-runner-binaries-syncer.yml +++ b/.github/workflows/lambda-runner-binaries-syncer.yml @@ -2,7 +2,7 @@ name: Lambda Syncer on: push: branches: - - develop + - main pull_request: paths: - .github/workflows/lambda-runner-binaries-syncer.yml @@ -10,8 +10,8 @@ on: jobs: build: - runs-on: ubuntu-latest - container: node:14 + runs-on: self-hosted + container: public.ecr.aws/bitnami/node:14 defaults: run: working-directory: modules/runner-binaries-syncer/lambdas/runner-binaries-syncer diff --git a/.github/workflows/lambda-runners.yml b/.github/workflows/lambda-runners.yml index ddd5b37e75..20b376f040 100644 --- a/.github/workflows/lambda-runners.yml +++ b/.github/workflows/lambda-runners.yml @@ -2,7 +2,7 @@ name: Lambda Runners on: push: branches: - - develop + - main pull_request: paths: - .github/workflows/lambda-runners.yml @@ -10,8 +10,8 @@ on: jobs: build: - runs-on: ubuntu-latest - container: node:14 + runs-on: self-hosted + container: public.ecr.aws/bitnami/node:14 defaults: run: working-directory: modules/runners/lambdas/runners diff --git a/.github/workflows/lambda-webhook.yml b/.github/workflows/lambda-webhook.yml index 343a406d2c..7ae1df7344 100644 --- a/.github/workflows/lambda-webhook.yml +++ b/.github/workflows/lambda-webhook.yml @@ -2,7 +2,7 @@ name: Lambda Webhook on: push: branches: - - develop + - main pull_request: paths: - .github/workflows/lambda-webhook.yml @@ -10,8 +10,8 @@ on: jobs: build: - runs-on: ubuntu-latest - container: node:14 + runs-on: self-hosted + container: public.ecr.aws/bitnami/node:14 defaults: run: working-directory: modules/webhook/lambdas/webhook diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index b810ea3908..00e42b5535 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -2,8 +2,7 @@ name: "Packer checks" on: push: branches: - - master - - develop + - main pull_request: paths: - "images/**" @@ -11,14 +10,14 @@ on: - "module/runners/templates/**" env: - AWS_REGION: eu-west-1 + AWS_REGION: us-east-2 jobs: verify_packer: name: Verify packer - runs-on: ubuntu-latest + runs-on: self-hosted container: - image: hashicorp/packer:1.7.8 + image: public.ecr.aws/hashicorp/packer:1.7.8 strategy: matrix: image: ["linux-amzn2", "windows-core-2019", "ubuntu-focal"] diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index 30d5b632ae..0000000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,67 +0,0 @@ -name: "Terraform checks" -on: - push: - branches: - - master - - develop - pull_request: - paths-ignore: - - "modules/*/lambdas/**" - -env: - AWS_REGION: eu-west-1 -jobs: - verify_module: - name: Verify module - strategy: - matrix: - terraform: [1.1.3, 'latest'] - runs-on: ubuntu-latest - container: - image: hashicorp/terraform:${{ matrix.terraform }} - steps: - - name: "Checkout" - uses: actions/checkout@v3 - - name: "Fake zip files" # Validate will fail if it cannot find the zip files - run: | - touch modules/webhook/lambdas/webhook/webhook.zip - touch modules/runners/lambdas/runners/runners.zip - touch modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/runner-binaries-syncer.zip - - name: terraform init - run: terraform init -get -backend=false -input=false - - if: contains(matrix.terraform, '1.1.') - name: check terraform formatting - run: terraform fmt -recursive -check=true -write=false - - if: contains(matrix.terraform, 'latest') # check formatting for the latest release but avoid failing the build - name: check terraform formatting - run: terraform fmt -recursive -check=true -write=false - continue-on-error: true - - name: validate terraform - run: terraform validate - - verify_examples: - name: Verify examples - strategy: - fail-fast: false - matrix: - terraform: [1.0.11, 1.1.3, 'latest'] - example: ["default", "ubuntu", "prebuilt", "arm64", "ephemeral", "windows"] - defaults: - run: - working-directory: examples/${{ matrix.example }} - runs-on: ubuntu-latest - container: - image: hashicorp/terraform:${{ matrix.terraform }} - steps: - - uses: actions/checkout@v3 - - name: terraform init - run: terraform init -get -backend=false -input=false - - if: contains(matrix.terraform, '1.1.') - name: check terraform formatting - run: terraform fmt -recursive -check=true -write=false - - if: contains(matrix.terraform, 'latest') # check formatting for the latest release but avoid failing the build - name: check terraform formatting - run: terraform fmt -recursive -check=true -write=false - continue-on-error: true - - name: validate terraform011 - run: terraform validate From 4bbdac3dc28eda3900f1bbb2a375bd5e86ffbd7a Mon Sep 17 00:00:00 2001 From: Dev Shah <94870799+devshah1@users.noreply.github.com> Date: Fri, 25 Mar 2022 16:39:52 -0400 Subject: [PATCH 3/4] PIN-1603: Cleanup (#17) --- .../lambda-runner-binaries-syncer.yml | 30 ------ .github/workflows/lambda-runners.yml | 34 ------ .github/workflows/lambda-webhook.yml | 30 ------ .github/workflows/packer-build.yml | 38 ------- .github/workflows/release.yml | 102 ------------------ 5 files changed, 234 deletions(-) delete mode 100644 .github/workflows/lambda-runner-binaries-syncer.yml delete mode 100644 .github/workflows/lambda-runners.yml delete mode 100644 .github/workflows/lambda-webhook.yml delete mode 100644 .github/workflows/packer-build.yml delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/lambda-runner-binaries-syncer.yml b/.github/workflows/lambda-runner-binaries-syncer.yml deleted file mode 100644 index bdb86b5acf..0000000000 --- a/.github/workflows/lambda-runner-binaries-syncer.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Lambda Syncer -on: - push: - branches: - - main - pull_request: - paths: - - .github/workflows/lambda-runner-binaries-syncer.yml - - "modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/**" - -jobs: - build: - runs-on: self-hosted - container: public.ecr.aws/bitnami/node:14 - defaults: - run: - working-directory: modules/runner-binaries-syncer/lambdas/runner-binaries-syncer - - steps: - - uses: actions/checkout@v3 - - name: Install dependencies - run: yarn install - - name: Run prettier - run: yarn format-check - - name: Run linter - run: yarn lint - - name: Run tests - run: yarn test - - name: Build distribution - run: yarn build diff --git a/.github/workflows/lambda-runners.yml b/.github/workflows/lambda-runners.yml deleted file mode 100644 index 20b376f040..0000000000 --- a/.github/workflows/lambda-runners.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Lambda Runners -on: - push: - branches: - - main - pull_request: - paths: - - .github/workflows/lambda-runners.yml - - "modules/runners/lambdas/runners/**" - -jobs: - build: - runs-on: self-hosted - container: public.ecr.aws/bitnami/node:14 - defaults: - run: - working-directory: modules/runners/lambdas/runners - - steps: - - uses: actions/checkout@v3 - - name: Install dependencies - run: yarn install - - name: Run prettier - run: yarn format-check - - name: Run linter - run: yarn lint - - name: Run tests - run: yarn test - - name: Run two tests in isolation - run: | - yarn run test src/scale-runners/scale-up.test.ts -t 'scaleUp with GHES on org level creates a runner with labels in s specific group' --coverage=false - yarn run test src/scale-runners/scale-up.test.ts -t 'scaleUp with public GH on org level creates a runner with labels in s specific group' --coverage=false - - name: Build distribution - run: yarn build diff --git a/.github/workflows/lambda-webhook.yml b/.github/workflows/lambda-webhook.yml deleted file mode 100644 index 7ae1df7344..0000000000 --- a/.github/workflows/lambda-webhook.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Lambda Webhook -on: - push: - branches: - - main - pull_request: - paths: - - .github/workflows/lambda-webhook.yml - - "modules/webhook/lambdas/webhook/**" - -jobs: - build: - runs-on: self-hosted - container: public.ecr.aws/bitnami/node:14 - defaults: - run: - working-directory: modules/webhook/lambdas/webhook - - steps: - - uses: actions/checkout@v3 - - name: Install dependencies - run: yarn install - - name: Run prettier - run: yarn format-check - - name: Run linter - run: yarn lint - - name: Run tests - run: yarn test - - name: Build distribution - run: yarn build diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml deleted file mode 100644 index 00e42b5535..0000000000 --- a/.github/workflows/packer-build.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: "Packer checks" -on: - push: - branches: - - main - pull_request: - paths: - - "images/**" - - ".github/workflows/packer-build.yml" - - "module/runners/templates/**" - -env: - AWS_REGION: us-east-2 - -jobs: - verify_packer: - name: Verify packer - runs-on: self-hosted - container: - image: public.ecr.aws/hashicorp/packer:1.7.8 - strategy: - matrix: - image: ["linux-amzn2", "windows-core-2019", "ubuntu-focal"] - defaults: - run: - working-directory: images/${{ matrix.image }} - steps: - - name: "Checkout" - uses: actions/checkout@v3 - - - name: packer init - run: packer init . - - - name: check packer formatting - run: packer fmt -recursive -check=true . - - - name: packer validate - run: packer validate . diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 440da35854..0000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,102 +0,0 @@ -name: Release build - -on: - push: - branches: - - master - - develop - workflow_dispatch: - -jobs: - prepare: - name: Create dist - runs-on: ubuntu-latest - container: node:14 - strategy: - matrix: - lambda: ["modules/webhook/lambdas/webhook", "modules/runner-binaries-syncer/lambdas/runner-binaries-syncer", "modules/runners/lambdas/runners"] - steps: - - name: Extract lambda name - id: lambda - env: - LAMBDA: ${{ matrix.lambda }} - run: echo ::set-output name=name::${LAMBDA##*/} - - uses: actions/checkout@v3 - - name: Add zip - run: apt update && apt install zip - - name: Build dist - working-directory: ${{ matrix.lambda }} - run: yarn install && yarn run test && yarn dist - - uses: actions/upload-artifact@v2 - with: - name: ${{ steps.lambda.outputs.name }} - path: ${{ matrix.lambda }}/${{ steps.lambda.outputs.name }}.zip - retention-days: 1 - - release: - name: release - runs-on: ubuntu-latest - needs: - prepare - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - persist-credentials: false - - uses: actions/download-artifact@v2 - with: - name: webhook - path: artifacts - - uses: actions/download-artifact@v2 - with: - name: runners - path: artifacts - - uses: actions/download-artifact@v2 - with: - name: runner-binaries-syncer - path: artifacts - - - name: Get installation token - uses: npalm/action-app-token@v1.0.0 - id: app-token - with: - appId: ${{ secrets.FOREST_RELEASER_APP_ID }} - appPrivateKeyBase64: ${{ secrets.FOREST_RELEASER_APP_PRIVATE_KEY_BASE64 }} - appInstallationType: repo - appInstallationValue: ${{ github.repository }} - - - name: Dry run release - if: github.event_name != 'pull_request' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Read only token - run: | - cp .release/* . - yarn - yarn release -d --repositoryUrl https://x-access-token:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY.git - - - name: Release - if: github.event_name != 'pull_request' && contains('refs/heads/master', github.ref) - env: - GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} - run: | - cp .release/* . - yarn - yarn release --repositoryUrl https://x-access-token:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY.git - - provenance: - name: Generate provenance - runs-on: ubuntu-20.04 - needs: - release - if: startsWith(github.ref, 'refs/tags/') - - steps: - - name: Generate provenance for release - uses: philips-labs/slsa-provenance-action@v0.7.2 - with: - artifact_path: release-assets - output_path: 'build.provenance' - tag_name: "${{ github.ref_name }}" - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - From 35a389a77540bf4f5d9ae680ad408fc5d0add593 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Nov 2023 19:49:58 +0000 Subject: [PATCH 4/4] chore: Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/lambda-runner-binaries-syncer.yml | 2 +- .github/workflows/lambda-runners.yml | 2 +- .github/workflows/lambda-webhook.yml | 2 +- .github/workflows/packer-build.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/semantic-check.yml | 2 +- .github/workflows/terraform.yml | 4 ++-- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/lambda-runner-binaries-syncer.yml b/.github/workflows/lambda-runner-binaries-syncer.yml index 5d79154c2f..86f849d46f 100644 --- a/.github/workflows/lambda-runner-binaries-syncer.yml +++ b/.github/workflows/lambda-runner-binaries-syncer.yml @@ -21,7 +21,7 @@ jobs: working-directory: modules/runner-binaries-syncer/lambdas/runner-binaries-syncer steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install dependencies run: yarn install - name: Run prettier diff --git a/.github/workflows/lambda-runners.yml b/.github/workflows/lambda-runners.yml index 0728d21c80..683d032ee3 100644 --- a/.github/workflows/lambda-runners.yml +++ b/.github/workflows/lambda-runners.yml @@ -21,7 +21,7 @@ jobs: working-directory: modules/runners/lambdas/runners steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install dependencies run: yarn install - name: Run prettier diff --git a/.github/workflows/lambda-webhook.yml b/.github/workflows/lambda-webhook.yml index 062670e5b0..682793a594 100644 --- a/.github/workflows/lambda-webhook.yml +++ b/.github/workflows/lambda-webhook.yml @@ -21,7 +21,7 @@ jobs: working-directory: modules/webhook/lambdas/webhook steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install dependencies run: yarn install - name: Run prettier diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index 5704a83bf3..1985cd0076 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -27,7 +27,7 @@ jobs: working-directory: images/${{ matrix.image }} steps: - name: "Checkout" - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: packer init run: packer init . diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a5aa5d2b48..c80075ac55 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: env: LAMBDA: ${{ matrix.lambda }} run: echo ::set-output name=name::${LAMBDA##*/} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Add zip run: apt update && apt install zip - name: Build dist @@ -39,7 +39,7 @@ jobs: needs: prepare steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/semantic-check.yml b/.github/workflows/semantic-check.yml index a266070197..90abeeea50 100644 --- a/.github/workflows/semantic-check.yml +++ b/.github/workflows/semantic-check.yml @@ -16,7 +16,7 @@ jobs: name: Semantic Commit Message Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: amannn/action-semantic-pull-request@v4 name: Check PR for Semantic Commit Message diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index fe428a9f1b..2e48462deb 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -21,7 +21,7 @@ jobs: image: hashicorp/terraform:${{ matrix.terraform }} steps: - name: "Checkout" - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: "Fake zip files" # Validate will fail if it cannot find the zip files run: | touch modules/webhook/lambdas/webhook/webhook.zip @@ -54,7 +54,7 @@ jobs: container: image: hashicorp/terraform:${{ matrix.terraform }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: terraform init run: terraform init -get -backend=false -input=false - if: contains(matrix.terraform, '1.1.')