From 7f47bdbd080b098ee5a3a984826b87224879d784 Mon Sep 17 00:00:00 2001
From: Matthias Kay <matthias.kay@hlag.com>
Date: Thu, 5 Dec 2024 10:07:17 +0100
Subject: [PATCH] feat: add variables to specify the AMI ids (#1214)

## Description

At the moment the latest AMI is read at deploy time. But to get an
immutable infrastructure we have to fix the AMI. This PR adds variables
to set the AMI id.
---
 data.tf              | 24 +++++++++++++-----------
 docker_autoscaler.tf |  2 +-
 main.tf              |  6 +++---
 variables.tf         | 38 ++++++++++++++++++++++++++++----------
 4 files changed, 45 insertions(+), 25 deletions(-)

diff --git a/data.tf b/data.tf
index d43a06b5..c0426af5 100644
--- a/data.tf
+++ b/data.tf
@@ -12,48 +12,50 @@ data "aws_availability_zone" "runners" {
   name = data.aws_subnet.runners.availability_zone
 }
 
-data "aws_ami" "runner" {
+data "aws_ami" "runner_by_filter" {
+  count = length(var.runner_ami_id) > 0 ? 0 : 1
+
+  owners      = var.runner_ami_owners
   most_recent = "true"
 
   dynamic "filter" {
     for_each = var.runner_ami_filter
+
     content {
       name   = filter.key
       values = filter.value
     }
   }
-
-  owners = var.runner_ami_owners
 }
 
-data "aws_ami" "docker-machine" {
-  count = var.runner_worker.type == "docker+machine" ? 1 : 0
+data "aws_ami" "docker_machine_by_filter" {
+  count = var.runner_worker.type == "docker+machine" && length(var.runner_worker_docker_machine_ami_id) == 0 ? 1 : 0
 
+  owners      = var.runner_worker_docker_machine_ami_owners
   most_recent = "true"
 
   dynamic "filter" {
     for_each = var.runner_worker_docker_machine_ami_filter
+
     content {
       name   = filter.key
       values = filter.value
     }
   }
-
-  owners = var.runner_worker_docker_machine_ami_owners
 }
 
-data "aws_ami" "docker-autoscaler" {
-  count = var.runner_worker.type == "docker-autoscaler" ? 1 : 0
+data "aws_ami" "docker_autoscaler_by_filter" {
+  count = var.runner_worker.type == "docker-autoscaler" && length(var.runner_worker_docker_autoscaler_ami_id) == 0 ? 1 : 0
 
+  owners      = var.runner_worker_docker_autoscaler_ami_owners
   most_recent = "true"
 
   dynamic "filter" {
     for_each = var.runner_worker_docker_autoscaler_ami_filter
+
     content {
       name   = filter.key
       values = filter.value
     }
   }
-
-  owners = var.runner_worker_docker_autoscaler_ami_owners
 }
diff --git a/docker_autoscaler.tf b/docker_autoscaler.tf
index dcff4f04..89385de8 100644
--- a/docker_autoscaler.tf
+++ b/docker_autoscaler.tf
@@ -62,7 +62,7 @@ resource "aws_launch_template" "this" {
 
   name          = "${local.name_runner_agent_instance}-worker-launch-template"
   user_data     = base64gzip(var.runner_worker_docker_autoscaler_instance.start_script)
-  image_id      = data.aws_ami.docker-autoscaler[0].id
+  image_id      = length(var.runner_worker_docker_autoscaler_ami_id) > 0 ? var.runner_worker_docker_autoscaler_ami_id : data.aws_ami.docker_autoscaler_by_filter[0].id
   instance_type = var.runner_worker_docker_autoscaler_asg.types[0]
   key_name      = aws_key_pair.autoscaler[0].key_name
   ebs_optimized = var.runner_worker_docker_autoscaler_instance.ebs_optimized
diff --git a/main.tf b/main.tf
index f7bfb55b..4d20478a 100644
--- a/main.tf
+++ b/main.tf
@@ -113,7 +113,7 @@ locals {
       runners_iam_instance_profile_name = var.runner_worker_docker_machine_role.profile_name
       runners_root_size                 = var.runner_worker_docker_machine_instance.root_size
       runners_volume_type               = var.runner_worker_docker_machine_instance.volume_type
-      runners_ami                       = var.runner_worker.type == "docker+machine" ? data.aws_ami.docker-machine[0].id : ""
+      runners_ami                       = var.runner_worker.type == "docker+machine" ? (length(var.runner_worker_docker_machine_ami_id) > 0 ? var.runner_worker_docker_machine_ami_id : data.aws_ami.docker_machine_by_filter[0].id) : ""
       use_fleet                         = var.runner_worker_docker_machine_fleet.enable
       launch_template                   = var.runner_worker_docker_machine_fleet.enable == true ? aws_launch_template.fleet_gitlab_runner[0].name : ""
       docker_machine_options            = length(local.docker_machine_options_string) == 1 ? "" : local.docker_machine_options_string
@@ -258,7 +258,7 @@ resource "aws_launch_template" "gitlab_runner_instance" {
   # checkov:skip=CKV_AWS_79:User can decide to enable Metadata service V2. V2 is the default.
   name_prefix = "${local.name_runner_agent_instance}-"
 
-  image_id               = data.aws_ami.runner.id
+  image_id               = length(var.runner_ami_id) > 0 ? var.runner_ami_id : data.aws_ami.runner_by_filter[0].id
   user_data              = base64gzip(local.template_user_data)
   instance_type          = var.runner_instance.type
   update_default_version = true
@@ -376,7 +376,7 @@ resource "aws_launch_template" "fleet_gitlab_runner" {
   name_prefix = "${local.name_runner_agent_instance}-worker-"
 
   key_name               = aws_key_pair.fleet[0].key_name
-  image_id               = data.aws_ami.docker-machine[0].id
+  image_id               = length(var.runner_worker_docker_machine_ami_id) > 0 ? var.runner_worker_docker_machine_ami_id : data.aws_ami.docker_machine_by_filter[0].id
   user_data              = base64gzip(var.runner_worker_docker_machine_instance.start_script)
   instance_type          = var.runner_worker_docker_machine_instance.types[0] # it will be override by the fleet
   update_default_version = true
diff --git a/variables.tf b/variables.tf
index ee813d7c..c5e17374 100644
--- a/variables.tf
+++ b/variables.tf
@@ -149,6 +149,12 @@ variable "runner_ami_owners" {
   default     = ["amazon"]
 }
 
+variable "runner_ami_id" {
+  description = "The AMI ID of the Runner instance."
+  type        = string
+  default     = ""
+}
+
 variable "runner_networking" {
   description = <<-EOT
     allow_incoming_ping = Allow ICMP Ping to the Runner. Specify `allow_incoming_ping_security_group_ids` too!
@@ -770,7 +776,7 @@ variable "runner_worker_docker_machine_security_group_description" {
 }
 
 variable "runner_worker_docker_machine_ami_filter" {
-  description = "List of maps used to create the AMI filter for the Runner Worker."
+  description = "List of maps used to create the AMI filter for the Runner Worker (docker-machine)."
   type        = map(list(string))
 
   default = {
@@ -778,8 +784,22 @@ variable "runner_worker_docker_machine_ami_filter" {
   }
 }
 
+variable "runner_worker_docker_machine_ami_owners" {
+  description = "The list of owners used to select the AMI of the Runner Worker (docker-machine)."
+  type        = list(string)
+
+  # Canonical
+  default = ["099720109477"]
+}
+
+variable "runner_worker_docker_machine_ami_id" {
+  description = "The ID of the AMI to use for the Runner Worker (docker-machine)."
+  type        = string
+  default     = ""
+}
+
 variable "runner_worker_docker_autoscaler_ami_filter" {
-  description = "List of maps used to create the AMI filter for the Runner Worker."
+  description = "List of maps used to create the AMI filter for the Runner Worker (autoscaler)."
   type        = map(list(string))
 
   default = {
@@ -787,20 +807,18 @@ variable "runner_worker_docker_autoscaler_ami_filter" {
   }
 }
 
-variable "runner_worker_docker_machine_ami_owners" {
-  description = "The list of owners used to select the AMI of the Runner Worker."
+variable "runner_worker_docker_autoscaler_ami_owners" {
+  description = "The list of owners used to select the AMI of the Runner Worker (autoscaler)."
   type        = list(string)
 
   # Canonical
   default = ["099720109477"]
 }
 
-variable "runner_worker_docker_autoscaler_ami_owners" {
-  description = "The list of owners used to select the AMI of the Runner Worker."
-  type        = list(string)
-
-  # Canonical
-  default = ["099720109477"]
+variable "runner_worker_docker_autoscaler_ami_id" {
+  description = "The ID of the AMI to use for the Runner Worker (autoscaler)."
+  type        = string
+  default     = ""
 }
 
 variable "runner_worker_docker_machine_instance" {