forked from github-aws-runners/terraform-aws-github-runner
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
124 lines (99 loc) · 3.26 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
locals {
environment = var.environment != null ? var.environment : "default"
aws_region = "eu-west-1"
}
resource "random_id" "random" {
byte_length = 20
}
module "base" {
source = "../base"
prefix = local.environment
aws_region = local.aws_region
}
module "runners" {
source = "../../"
create_service_linked_role_spot = true
aws_region = local.aws_region
vpc_id = module.base.vpc.vpc_id
subnet_ids = module.base.vpc.private_subnets
prefix = local.environment
tags = {
Project = "ProjectX"
}
github_app = {
key_base64 = var.github_app.key_base64
id = var.github_app.id
webhook_secret = random_id.random.hex
}
# configure the block device mappings, default for Amazon Linux2
# block_device_mappings = [{
# device_name = "/dev/xvda"
# delete_on_termination = true
# volume_type = "gp3"
# volume_size = 10
# encrypted = true
# iops = null
# }]
# Grab zip files via lambda_download
# webhook_lambda_zip = "../lambdas-download/webhook.zip"
# runner_binaries_syncer_lambda_zip = "../lambdas-download/runner-binaries-syncer.zip"
# runners_lambda_zip = "../lambdas-download/runners.zip"
enable_organization_runners = true
runner_extra_labels = ["default", "example"]
# enable access to the runners via SSM
enable_ssm_on_runners = true
# use S3 or KMS SSE to runners S3 bucket
# runner_binaries_s3_sse_configuration = {
# rule = {
# apply_server_side_encryption_by_default = {
# sse_algorithm = "AES256"
# }
# }
# }
# enable S3 versioning for runners S3 bucket
# runner_binaries_s3_versioning = "Enabled"
# Uncommet idle config to have idle runners from 9 to 5 in time zone Amsterdam
# idle_config = [{
# cron = "* * 9-17 * * *"
# timeZone = "Europe/Amsterdam"
# idleCount = 1
# }]
# Let the module manage the service linked role
# create_service_linked_role_spot = true
instance_types = ["m5.large", "c5.large"]
# override delay of events in seconds
delay_webhook_event = 5
runners_maximum_count = 1
# set up a fifo queue to remain order
enable_fifo_build_queue = true
# override scaling down
scale_down_schedule_expression = "cron(* * * * ? *)"
# enable this flag to publish webhook events to workflow job queue
# enable_workflow_job_events_queue = true
enable_user_data_debug_logging_runner = true
# prefix GitHub runners with the environment name
runner_name_prefix = "${local.environment}_"
# Enable debug logging for the lambda functions
# log_level = "debug"
enable_ami_housekeeper = true
ami_housekeeper_cleanup_config = {
ssmParameterNames = ["*/ami-id"]
minimumDaysOld = 10
amiFilters = [
{
Name = "name"
Values = ["*al2023*"]
}
]
}
}
module "webhook_github_app" {
source = "../../modules/webhook-github-app"
depends_on = [module.runners]
github_app = {
key_base64 = var.github_app.key_base64
id = var.github_app.id
webhook_secret = random_id.random.hex
}
webhook_endpoint = module.runners.webhook.endpoint
}