From 055e2b08321eba15fbbd19cb736e1b944702b00e Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Fri, 20 May 2022 11:55:22 +0200 Subject: [PATCH 1/3] chore: Refactor master to main branch (#2068) --- .github/workflows/packer-build.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/terraform.yml | 2 +- .releaserc.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index b810ea39..5704a83b 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -2,7 +2,7 @@ name: "Packer checks" on: push: branches: - - master + - main - develop pull_request: paths: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 64529206..a660e5f9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,7 +3,7 @@ name: Release build on: push: branches: - - master + - main - develop workflow_dispatch: @@ -75,7 +75,7 @@ jobs: yarn release -d --repositoryUrl https://x-access-token:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY.git - name: Release - if: github.event_name != 'pull_request' && contains('refs/heads/master', github.ref) + if: github.event_name != 'pull_request' && contains('refs/heads/main', github.ref) env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} run: | diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index de689cd1..fe428a9f 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -2,7 +2,7 @@ name: "Terraform checks" on: push: branches: - - master + - main - develop pull_request: paths-ignore: diff --git a/.releaserc.json b/.releaserc.json index a6aa3bb3..574d3d03 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -1,7 +1,7 @@ { "branches": [ { - "name": "master" + "name": "main" }, { "name": "develop", From e2f9a2764f3c404cd2f8649db64253c9e886e2e7 Mon Sep 17 00:00:00 2001 From: Laura Martin Date: Fri, 20 May 2022 14:02:14 +0100 Subject: [PATCH 2/3] feat: Replace environment variable by prefix (#1858) We're looking at using this module to deploy multiple sets of runner types (x86_64 and arm architectures) but within the same conceptual "environment". We use the "Environment" tag throughout our tooling, but the constraints of using the "environment" variable for resource naming mean that we need to essentially supply different environment names (eg "env-amd64" and "env-arm64"), even though they are not in different environments. We also use the dot character (".") in our environment names, which isn't allowed in some resource names (eg SQS queue name). This PR replaces the "environmet" variable by "prefix" to prefix resources crated by the module. The prefix is also used to set the tag: "ghr:environment" with the value of prefix for lambda's to orchestrate the instnaces. You can still set the tag "environment" to all resources via the AWS provider. Co-authored-by: Niek Palm --- examples/arm64/main.tf | 2 +- examples/default/main.tf | 2 +- examples/ephemeral/main.tf | 2 +- examples/permissions-boundary/main.tf | 2 +- examples/prebuilt/main.tf | 2 +- examples/ubuntu/main.tf | 2 +- examples/windows/main.tf | 8 +++--- main.tf | 25 +++++++++---------- .../runner-binaries-syncer.tf | 12 ++++----- modules/runner-binaries-syncer/variables.tf | 12 +++++++++ modules/runners/README.md | 6 ++--- .../lambdas/runners/src/aws/runners.test.ts | 2 +- .../lambdas/runners/src/aws/runners.ts | 2 +- modules/runners/logging.tf | 4 +-- modules/runners/main.tf | 12 ++++----- modules/runners/policies-runner.tf | 8 +++--- modules/runners/pool.tf | 2 +- modules/runners/pool/main.tf | 12 ++++----- modules/runners/pool/variables.tf | 2 +- modules/runners/runner-config.tf | 6 ++--- modules/runners/scale-down.tf | 12 ++++----- modules/runners/scale-up.tf | 12 ++++----- modules/runners/variables.tf | 20 ++++++++++++--- modules/setup-iam-permissions/main.tf | 8 +++--- modules/setup-iam-permissions/variables.tf | 12 +++++++++ modules/ssm/ssm.tf | 6 ++--- modules/ssm/variables.tf | 12 +++++++++ modules/webhook/main.tf | 4 +-- modules/webhook/variables.tf | 12 +++++++++ modules/webhook/webhook.tf | 12 ++++----- variables.tf | 12 +++++++++ 31 files changed, 159 insertions(+), 88 deletions(-) diff --git a/examples/arm64/main.tf b/examples/arm64/main.tf index 1ea26c90..c541177c 100644 --- a/examples/arm64/main.tf +++ b/examples/arm64/main.tf @@ -19,7 +19,7 @@ module "runners" { vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets - environment = local.environment + prefix = local.environment tags = { Project = "ProjectX" } diff --git a/examples/default/main.tf b/examples/default/main.tf index 6ee90a15..d273cc05 100644 --- a/examples/default/main.tf +++ b/examples/default/main.tf @@ -19,7 +19,7 @@ module "runners" { vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets - environment = local.environment + prefix = local.environment tags = { Project = "ProjectX" } diff --git a/examples/ephemeral/main.tf b/examples/ephemeral/main.tf index 9abaef9e..89735a2e 100644 --- a/examples/ephemeral/main.tf +++ b/examples/ephemeral/main.tf @@ -16,7 +16,7 @@ module "runners" { vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets - environment = local.environment + prefix = local.environment tags = { Project = "ProjectX" } diff --git a/examples/permissions-boundary/main.tf b/examples/permissions-boundary/main.tf index 1d1eb792..c4fc4630 100644 --- a/examples/permissions-boundary/main.tf +++ b/examples/permissions-boundary/main.tf @@ -35,7 +35,7 @@ module "runners" { subnet_ids = module.vpc.private_subnets kms_key_arn = aws_kms_key.github.key_id - environment = local.environment + prefix = local.environment tags = { Project = "ProjectX" } diff --git a/examples/prebuilt/main.tf b/examples/prebuilt/main.tf index 710f6c1f..9134dfc4 100644 --- a/examples/prebuilt/main.tf +++ b/examples/prebuilt/main.tf @@ -15,7 +15,7 @@ module "runners" { vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets - environment = local.environment + prefix = local.environment github_app = { key_base64 = var.github_app_key_base64 diff --git a/examples/ubuntu/main.tf b/examples/ubuntu/main.tf index e03ac544..cad0e1ca 100644 --- a/examples/ubuntu/main.tf +++ b/examples/ubuntu/main.tf @@ -16,7 +16,7 @@ module "runners" { vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets - environment = local.environment + prefix = local.environment tags = { Project = "ProjectX" } diff --git a/examples/windows/main.tf b/examples/windows/main.tf index 0a1d770c..359b654c 100644 --- a/examples/windows/main.tf +++ b/examples/windows/main.tf @@ -10,10 +10,10 @@ resource "random_id" "random" { module "runners" { source = "../../" - aws_region = local.aws_region - vpc_id = module.vpc.vpc_id - subnet_ids = module.vpc.private_subnets - environment = local.environment + aws_region = local.aws_region + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + prefix = local.environment github_app = { key_base64 = var.github_app_key_base64 diff --git a/main.tf b/main.tf index c7f5601c..7f460be4 100644 --- a/main.tf +++ b/main.tf @@ -1,7 +1,6 @@ locals { tags = merge(var.tags, { - Environment = var.environment, - "ghr:environment" = format("%s", var.environment) + "ghr:environment" = var.prefix }) s3_action_runner_url = "s3://${module.runner_binaries.bucket.id}/${module.runner_binaries.runner_distribution_object_key}" @@ -50,7 +49,7 @@ resource "aws_sqs_queue_policy" "build_queue_policy" { } resource "aws_sqs_queue" "queued_builds" { - name = "${var.environment}-queued-builds${var.fifo_build_queue ? ".fifo" : ""}" + name = "${var.prefix}-queued-builds${var.fifo_build_queue ? ".fifo" : ""}" delay_seconds = var.delay_webhook_event visibility_timeout_seconds = var.runners_scale_up_lambda_timeout message_retention_seconds = var.job_queue_retention_in_seconds @@ -74,7 +73,7 @@ resource "aws_sqs_queue_policy" "build_queue_dlq_policy" { resource "aws_sqs_queue" "queued_builds_dlq" { count = var.redrive_build_queue.enabled ? 1 : 0 - name = "${var.environment}-queued-builds_dead_letter" + name = "${var.prefix}-queued-builds_dead_letter" tags = var.tags } @@ -83,7 +82,7 @@ module "ssm" { source = "./modules/ssm" kms_key_arn = var.kms_key_arn - environment = var.environment + prefix = var.prefix github_app = var.github_app tags = local.tags } @@ -92,7 +91,7 @@ module "webhook" { source = "./modules/webhook" aws_region = var.aws_region - environment = var.environment + prefix = var.prefix tags = local.tags kms_key_arn = var.kms_key_arn @@ -127,7 +126,7 @@ module "runners" { aws_partition = var.aws_partition vpc_id = var.vpc_id subnet_ids = var.subnet_ids - environment = var.environment + prefix = var.prefix tags = local.tags s3_bucket_runner_binaries = module.runner_binaries.bucket @@ -214,11 +213,11 @@ module "runners" { module "runner_binaries" { source = "./modules/runner-binaries-syncer" - aws_region = var.aws_region - environment = var.environment - tags = local.tags + aws_region = var.aws_region + prefix = var.prefix + tags = local.tags - distribution_bucket_name = "${var.environment}-dist-${random_string.random.result}" + distribution_bucket_name = "${var.prefix}-dist-${random_string.random.result}" runner_os = var.runner_os runner_architecture = var.runner_architecture @@ -244,10 +243,10 @@ module "runner_binaries" { } resource "aws_resourcegroups_group" "resourcegroups_group" { - name = "${var.environment}-group" + name = "${var.prefix}-group" resource_query { query = templatefile("${path.module}/templates/resource-group.json", { - environment = var.environment + environment = var.prefix }) } } diff --git a/modules/runner-binaries-syncer/runner-binaries-syncer.tf b/modules/runner-binaries-syncer/runner-binaries-syncer.tf index e73dad69..a7118a68 100644 --- a/modules/runner-binaries-syncer/runner-binaries-syncer.tf +++ b/modules/runner-binaries-syncer/runner-binaries-syncer.tf @@ -1,6 +1,6 @@ locals { lambda_zip = var.lambda_zip == null ? "${path.module}/lambdas/runner-binaries-syncer/runner-binaries-syncer.zip" : var.lambda_zip - role_path = var.role_path == null ? "/${var.environment}/" : var.role_path + role_path = var.role_path == null ? "/${var.prefix}/" : var.role_path gh_binary_os_label = { windows = "win", linux = "linux" @@ -13,7 +13,7 @@ resource "aws_lambda_function" "syncer" { s3_object_version = var.syncer_lambda_s3_object_version != null ? var.syncer_lambda_s3_object_version : null filename = var.lambda_s3_bucket == null ? local.lambda_zip : null source_code_hash = var.lambda_s3_bucket == null ? filebase64sha256(local.lambda_zip) : null - function_name = "${var.environment}-syncer" + function_name = "${var.prefix}-syncer" role = aws_iam_role.syncer_lambda.arn handler = "index.handler" runtime = "nodejs14.x" @@ -63,7 +63,7 @@ resource "aws_cloudwatch_log_group" "syncer" { } resource "aws_iam_role" "syncer_lambda" { - name = "${var.environment}-action-syncer-lambda-role" + name = "${var.prefix}-action-syncer-lambda-role" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary @@ -92,7 +92,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" { } resource "aws_iam_role_policy" "lambda_logging" { - name = "${var.environment}-lambda-logging-policy-syncer" + name = "${var.prefix}-lambda-logging-policy-syncer" role = aws_iam_role.syncer_lambda.id policy = templatefile("${path.module}/policies/lambda-cloudwatch.json", { @@ -101,7 +101,7 @@ resource "aws_iam_role_policy" "lambda_logging" { } resource "aws_iam_role_policy" "syncer" { - name = "${var.environment}-lambda-syncer-s3-policy" + name = "${var.prefix}-lambda-syncer-s3-policy" role = aws_iam_role.syncer_lambda.id policy = templatefile("${path.module}/policies/lambda-syncer.json", { @@ -110,7 +110,7 @@ resource "aws_iam_role_policy" "syncer" { } resource "aws_cloudwatch_event_rule" "syncer" { - name = "${var.environment}-syncer-rule" + name = "${var.prefix}-syncer-rule" schedule_expression = var.lambda_schedule_expression tags = var.tags } diff --git a/modules/runner-binaries-syncer/variables.tf b/modules/runner-binaries-syncer/variables.tf index 37023b04..436608a6 100644 --- a/modules/runner-binaries-syncer/variables.tf +++ b/modules/runner-binaries-syncer/variables.tf @@ -12,6 +12,18 @@ variable "tags" { variable "environment" { description = "A name that identifies the environment, used as prefix and for tagging." type = string + default = null + + validation { + condition = var.environment == null + error_message = "The \"environment\" variable is no longer used. To migrate, set the \"prefix\" variable to the original value of \"environment\" and optionally, add \"Environment\" to the \"tags\" variable map with the same value." + } +} + +variable "prefix" { + description = "The prefix used for naming resources" + type = string + default = "github-actions" } variable "distribution_bucket_name" { diff --git a/modules/runners/README.md b/modules/runners/README.md index 4c6b82a0..13fb5efd 100644 --- a/modules/runners/README.md +++ b/modules/runners/README.md @@ -130,7 +130,7 @@ yarn run dist | [enable\_runner\_detailed\_monitoring](#input\_enable\_runner\_detailed\_monitoring) | Enable detailed monitoring for runners | `bool` | `false` | no | | [enable\_ssm\_on\_runners](#input\_enable\_ssm\_on\_runners) | Enable to allow access to the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. | `bool` | n/a | yes | | [enabled\_userdata](#input\_enabled\_userdata) | Should the userdata script be enabled for the runner. Set this to false if you are using your own prebuilt AMI | `bool` | `true` | no | -| [environment](#input\_environment) | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes | +| [prefix](#input\_prefix) | The prefix used for naming resources | `string` | `github-actions` | no | | [ghes\_ssl\_verify](#input\_ghes\_ssl\_verify) | GitHub Enterprise SSL verification. Set to 'false' when custom certificate (chains) is used for GitHub Enterprise Server (insecure). | `bool` | `true` | no | | [ghes\_url](#input\_ghes\_url) | GitHub Enterprise Server URL. DO NOT SET IF USING PUBLIC GITHUB | `string` | `null` | no | | [github\_app\_parameters](#input\_github\_app\_parameters) | Parameter Store for GitHub App Parameters. | 
object({
    key_base64 = map(string)
    id         = map(string)
  })
| n/a | yes | @@ -171,7 +171,7 @@ yarn run dist | [runner\_extra\_labels](#input\_runner\_extra\_labels) | Extra labels for the runners (GitHub). Separate each label by a comma | `string` | `""` | no | | [runner\_group\_name](#input\_runner\_group\_name) | Name of the runner group. | `string` | `"Default"` | no | | [runner\_iam\_role\_managed\_policy\_arns](#input\_runner\_iam\_role\_managed\_policy\_arns) | Attach AWS or customer-managed IAM policies (by ARN) to the runner IAM role | `list(string)` | `[]` | no | -| [runner\_log\_files](#input\_runner\_log\_files) | (optional) List of logfiles to send to CloudWatch, will only be used if `enable_cloudwatch_agent` is set to true. Object description: `log_group_name`: Name of the log group, `prefix_log_group`: If true, the log group name will be prefixed with `/github-self-hosted-runners/`, `file_path`: path to the log file, `log_stream_name`: name of the log stream. | 
list(object({
    log_group_name   = string
    prefix_log_group = bool
    file_path        = string
    log_stream_name  = string
  }))
| `null` | no | +| [runner\_log\_files](#input\_runner\_log\_files) | (optional) List of logfiles to send to CloudWatch, will only be used if `enable_cloudwatch_agent` is set to true. Object description: `log_group_name`: Name of the log group, `prefix_log_group`: If true, the log group name will be prefixed with `/github-self-hosted-runners/`, `file_path`: path to the log file, `log_stream_name`: name of the log stream. | 
list(object({
    log_group_name   = string
    prefix_log_group = bool
    file_path        = string
    log_stream_name  = string
  }))
| `null` | no | | [runner\_os](#input\_runner\_os) | The EC2 Operating System type to use for action runner instances (linux,windows). | `string` | `"linux"` | no | | [runner\_run\_as](#input\_runner\_run\_as) | Run the GitHub actions agent as user. | `string` | `"ec2-user"` | no | | [runners\_lambda\_s3\_key](#input\_runners\_lambda\_s3\_key) | S3 key for runners lambda function. Required if using S3 bucket to specify lambdas. | `any` | `null` | no | @@ -183,7 +183,7 @@ yarn run dist | [scale\_up\_reserved\_concurrent\_executions](#input\_scale\_up\_reserved\_concurrent\_executions) | Amount of reserved concurrent executions for the scale-up lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. | `number` | `1` | no | | [sqs\_build\_queue](#input\_sqs\_build\_queue) | SQS queue to consume accepted build events. | 
object({
    arn = string
  })
| n/a | yes | | [subnet\_ids](#input\_subnet\_ids) | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | n/a | yes | -| [tags](#input\_tags) | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no | +| [tags](#input\_tags) | Map of tags that will be added to created resources. By default resources will be tagged with name. | `map(string)` | `{}` | no | | [userdata\_post\_install](#input\_userdata\_post\_install) | User-data script snippet to insert after GitHub action runner install | `string` | `""` | no | | [userdata\_pre\_install](#input\_userdata\_pre\_install) | User-data script snippet to insert before GitHub action runner install | `string` | `""` | no | | [userdata\_template](#input\_userdata\_template) | Alternative user-data template, replacing the default template. By providing your own user\_data you have to take care of installing all required software, including the action runner. Variables userdata\_pre/post\_install are ignored. | `string` | `null` | no | diff --git a/modules/runners/lambdas/runners/src/aws/runners.test.ts b/modules/runners/lambdas/runners/src/aws/runners.test.ts index 38ee9e79..a1875946 100644 --- a/modules/runners/lambdas/runners/src/aws/runners.test.ts +++ b/modules/runners/lambdas/runners/src/aws/runners.test.ts @@ -101,7 +101,7 @@ describe('list instances', () => { Filters: [ { Name: 'tag:Application', Values: ['github-action-runner'] }, { Name: 'instance-state-name', Values: ['running', 'pending'] }, - { Name: 'tag:Environment', Values: [ENVIRONMENT] }, + { Name: 'tag:ghr:environment', Values: [ENVIRONMENT] }, ], }); }); diff --git a/modules/runners/lambdas/runners/src/aws/runners.ts b/modules/runners/lambdas/runners/src/aws/runners.ts index f5f8e449..20a2d937 100644 --- a/modules/runners/lambdas/runners/src/aws/runners.ts +++ b/modules/runners/lambdas/runners/src/aws/runners.ts @@ -54,7 +54,7 @@ export async function listEC2Runners(filters: ListRunnerFilters | undefined = un if (filters) { if (filters.environment !== undefined) { - ec2Filters.push({ Name: 'tag:Environment', Values: [filters.environment] }); + ec2Filters.push({ Name: 'tag:ghr:environment', Values: [filters.environment] }); } if (filters.runnerType && filters.runnerOwner) { ec2Filters.push({ Name: `tag:Type`, Values: [filters.runnerType] }); diff --git a/modules/runners/logging.tf b/modules/runners/logging.tf index 9f4ab3ee..4051ad41 100644 --- a/modules/runners/logging.tf +++ b/modules/runners/logging.tf @@ -30,7 +30,7 @@ locals { ] ) logfiles = var.enable_cloudwatch_agent ? [for l in local.runner_log_files : { - "log_group_name" : l.prefix_log_group ? "/github-self-hosted-runners/${var.environment}/${l.log_group_name}" : "/${l.log_group_name}" + "log_group_name" : l.prefix_log_group ? "/github-self-hosted-runners/${var.prefix}/${l.log_group_name}" : "/${l.log_group_name}" "log_stream_name" : l.log_stream_name "file_path" : l.file_path }] : [] @@ -42,7 +42,7 @@ locals { resource "aws_ssm_parameter" "cloudwatch_agent_config_runner" { count = var.enable_cloudwatch_agent ? 1 : 0 - name = "${var.environment}-cloudwatch_agent_config_runner" + name = "${var.prefix}-cloudwatch_agent_config_runner" type = "String" value = var.cloudwatch_config != null ? var.cloudwatch_config : templatefile("${path.module}/templates/cloudwatch_config.json", { logfiles = jsonencode(local.logfiles) diff --git a/modules/runners/main.tf b/modules/runners/main.tf index f8fc25d9..a3d009c2 100644 --- a/modules/runners/main.tf +++ b/modules/runners/main.tf @@ -1,15 +1,15 @@ locals { tags = merge( { - "Name" = format("%s-action-runner", var.environment) + "Name" = format("%s-action-runner", var.prefix) }, var.tags, ) name_sg = var.overrides["name_sg"] == "" ? local.tags["Name"] : var.overrides["name_sg"] name_runner = var.overrides["name_runner"] == "" ? local.tags["Name"] : var.overrides["name_runner"] - role_path = var.role_path == null ? "/${var.environment}/" : var.role_path - instance_profile_path = var.instance_profile_path == null ? "/${var.environment}/" : var.instance_profile_path + role_path = var.role_path == null ? "/${var.prefix}/" : var.role_path + instance_profile_path = var.instance_profile_path == null ? "/${var.prefix}/" : var.instance_profile_path lambda_zip = var.lambda_zip == null ? "${path.module}/lambdas/runners/runners.zip" : var.lambda_zip userdata_template = var.userdata_template == null ? local.default_userdata_template[var.runner_os] : var.userdata_template kms_key_arn = var.kms_key_arn != null ? var.kms_key_arn : "" @@ -54,7 +54,7 @@ data "aws_ami" "runner" { } resource "aws_launch_template" "runner" { - name = "${var.environment}-action-runner" + name = "${var.prefix}-action-runner" dynamic "block_device_mappings" { for_each = var.block_device_mappings != null ? var.block_device_mappings : [] @@ -131,7 +131,7 @@ resource "aws_launch_template" "runner" { ghes_url = var.ghes_url ghes_ssl_verify = var.ghes_ssl_verify ## retain these for backwards compatibility - environment = var.environment + environment = var.prefix enable_cloudwatch_agent = var.enable_cloudwatch_agent ssm_key_cloudwatch_agent_config = var.enable_cloudwatch_agent ? aws_ssm_parameter.cloudwatch_agent_config_runner[0].name : "" })) : "" @@ -143,7 +143,7 @@ resource "aws_launch_template" "runner" { resource "aws_security_group" "runner_sg" { count = var.enable_managed_runner_security_group ? 1 : 0 - name_prefix = "${var.environment}-github-actions-runner-sg" + name_prefix = "${var.prefix}-github-actions-runner-sg" description = "Github Actions Runner security group" vpc_id = var.vpc_id diff --git a/modules/runners/policies-runner.tf b/modules/runners/policies-runner.tf index 2e6351ac..5ba9004b 100644 --- a/modules/runners/policies-runner.tf +++ b/modules/runners/policies-runner.tf @@ -1,7 +1,7 @@ data "aws_caller_identity" "current" {} resource "aws_iam_role" "runner" { - name = "${var.environment}-runner-role" + name = "${var.prefix}-runner-role" assume_role_policy = templatefile("${path.module}/policies/instance-role-trust-policy.json", {}) path = local.role_path permissions_boundary = var.role_permissions_boundary @@ -9,7 +9,7 @@ resource "aws_iam_role" "runner" { } resource "aws_iam_instance_profile" "runner" { - name = "${var.environment}-runner-profile" + name = "${var.prefix}-runner-profile" role = aws_iam_role.runner.name path = local.instance_profile_path } @@ -26,8 +26,8 @@ resource "aws_iam_role_policy" "ssm_parameters" { role = aws_iam_role.runner.name policy = templatefile("${path.module}/policies/instance-ssm-parameters-policy.json", { - arn_ssm_parameters_prefix = "arn:${var.aws_partition}:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/${var.environment}-*" - arn_ssm_parameters_path = "arn:${var.aws_partition}:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/${var.environment}/*" + arn_ssm_parameters_prefix = "arn:${var.aws_partition}:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/${var.prefix}-*" + arn_ssm_parameters_path = "arn:${var.aws_partition}:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/${var.prefix}/*" } ) } diff --git a/modules/runners/pool.tf b/modules/runners/pool.tf index 593ace1b..c8c54ce2 100644 --- a/modules/runners/pool.tf +++ b/modules/runners/pool.tf @@ -4,7 +4,7 @@ module "pool" { source = "./pool" config = { - environment = var.environment + prefix = var.prefix ghes = { ssl_verify = var.ghes_ssl_verify url = var.ghes_url diff --git a/modules/runners/pool/main.tf b/modules/runners/pool/main.tf index 3a4b1e7f..3c5d77de 100644 --- a/modules/runners/pool/main.tf +++ b/modules/runners/pool/main.tf @@ -5,7 +5,7 @@ resource "aws_lambda_function" "pool" { s3_object_version = var.config.lambda.s3_object_version != null ? var.config.lambda.s3_object_version : null filename = var.config.lambda.s3_bucket == null ? var.config.lambda.zip : null source_code_hash = var.config.lambda.s3_bucket == null ? filebase64sha256(var.config.lambda.zip) : null - function_name = "${var.config.environment}-pool" + function_name = "${var.config.prefix}-pool" role = aws_iam_role.pool.arn handler = "index.adjustPool" runtime = "nodejs14.x" @@ -18,7 +18,7 @@ resource "aws_lambda_function" "pool" { variables = { DISABLE_RUNNER_AUTOUPDATE = var.config.runner.disable_runner_autoupdate ENABLE_EPHEMERAL_RUNNERS = var.config.runner.ephemeral - ENVIRONMENT = var.config.environment + ENVIRONMENT = var.config.prefix GHES_URL = var.config.ghes.url INSTANCE_ALLOCATION_STRATEGY = var.config.instance_allocation_strategy INSTANCE_MAX_SPOT_PRICE = var.config.instance_max_spot_price @@ -54,7 +54,7 @@ resource "aws_cloudwatch_log_group" "pool" { } resource "aws_iam_role" "pool" { - name = "${var.config.environment}-action-pool-lambda-role" + name = "${var.config.prefix}-action-pool-lambda-role" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = var.config.role_path permissions_boundary = var.config.role_permissions_boundary @@ -62,7 +62,7 @@ resource "aws_iam_role" "pool" { } resource "aws_iam_role_policy" "pool" { - name = "${var.config.environment}-lambda-pool-policy" + name = "${var.config.prefix}-lambda-pool-policy" role = aws_iam_role.pool.name policy = templatefile("${path.module}/policies/lambda-pool.json", { arn_runner_instance_role = var.config.runner.role.arn @@ -73,7 +73,7 @@ resource "aws_iam_role_policy" "pool" { } resource "aws_iam_role_policy" "pool_logging" { - name = "${var.config.environment}-lambda-logging" + name = "${var.config.prefix}-lambda-logging" role = aws_iam_role.pool.name policy = templatefile("${path.module}/../policies/lambda-cloudwatch.json", { log_group_arn = aws_cloudwatch_log_group.pool.arn @@ -101,7 +101,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" { resource "aws_cloudwatch_event_rule" "pool" { count = length(var.config.pool) - name = "${var.config.environment}-pool-${count.index}-rule" + name = "${var.config.prefix}-pool-${count.index}-rule" schedule_expression = var.config.pool[count.index].schedule_expression tags = var.config.tags } diff --git a/modules/runners/pool/variables.tf b/modules/runners/pool/variables.tf index 579a37f9..29ee1d2f 100644 --- a/modules/runners/pool/variables.tf +++ b/modules/runners/pool/variables.tf @@ -41,7 +41,7 @@ variable "config" { instance_target_capacity_type = string instance_allocation_strategy = string instance_max_spot_price = string - environment = string + prefix = string pool = list(object({ schedule_expression = string size = number diff --git a/modules/runners/runner-config.tf b/modules/runners/runner-config.tf index 591ab90b..e4745a1a 100644 --- a/modules/runners/runner-config.tf +++ b/modules/runners/runner-config.tf @@ -1,19 +1,19 @@ resource "aws_ssm_parameter" "runner_config_run_as" { - name = "/${var.environment}/runner/run-as" + name = "/${var.prefix}/runner/run-as" type = "String" value = var.runner_as_root ? "root" : var.runner_run_as tags = local.tags } resource "aws_ssm_parameter" "runner_agent_mode" { - name = "/${var.environment}/runner/agent-mode" + name = "/${var.prefix}/runner/agent-mode" type = "String" value = var.enable_ephemeral_runners ? "ephemeral" : "persistent" tags = local.tags } resource "aws_ssm_parameter" "runner_enable_cloudwatch" { - name = "/${var.environment}/runner/enable-cloudwatch" + name = "/${var.prefix}/runner/enable-cloudwatch" type = "String" value = var.enable_cloudwatch_agent tags = local.tags diff --git a/modules/runners/scale-down.tf b/modules/runners/scale-down.tf index a1c30fcf..34a77e90 100644 --- a/modules/runners/scale-down.tf +++ b/modules/runners/scale-down.tf @@ -11,7 +11,7 @@ resource "aws_lambda_function" "scale_down" { s3_object_version = var.runners_lambda_s3_object_version != null ? var.runners_lambda_s3_object_version : null filename = var.lambda_s3_bucket == null ? local.lambda_zip : null source_code_hash = var.lambda_s3_bucket == null ? filebase64sha256(local.lambda_zip) : null - function_name = "${var.environment}-scale-down" + function_name = "${var.prefix}-scale-down" role = aws_iam_role.scale_down.arn handler = "index.scaleDownHandler" runtime = "nodejs14.x" @@ -21,7 +21,7 @@ resource "aws_lambda_function" "scale_down" { environment { variables = { - ENVIRONMENT = var.environment + ENVIRONMENT = var.prefix GHES_URL = var.ghes_url LOG_LEVEL = var.log_level LOG_TYPE = var.log_type @@ -51,7 +51,7 @@ resource "aws_cloudwatch_log_group" "scale_down" { } resource "aws_cloudwatch_event_rule" "scale_down" { - name = "${var.environment}-scale-down-rule" + name = "${var.prefix}-scale-down-rule" schedule_expression = var.scale_down_schedule_expression tags = var.tags } @@ -70,7 +70,7 @@ resource "aws_lambda_permission" "scale_down" { } resource "aws_iam_role" "scale_down" { - name = "${var.environment}-action-scale-down-lambda-role" + name = "${var.prefix}-action-scale-down-lambda-role" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary @@ -78,7 +78,7 @@ resource "aws_iam_role" "scale_down" { } resource "aws_iam_role_policy" "scale_down" { - name = "${var.environment}-lambda-scale-down-policy" + name = "${var.prefix}-lambda-scale-down-policy" role = aws_iam_role.scale_down.name policy = templatefile("${path.module}/policies/lambda-scale-down.json", { github_app_id_arn = var.github_app_parameters.id.arn @@ -88,7 +88,7 @@ resource "aws_iam_role_policy" "scale_down" { } resource "aws_iam_role_policy" "scale_down_logging" { - name = "${var.environment}-lambda-logging" + name = "${var.prefix}-lambda-logging" role = aws_iam_role.scale_down.name policy = templatefile("${path.module}/policies/lambda-cloudwatch.json", { log_group_arn = aws_cloudwatch_log_group.scale_down.arn diff --git a/modules/runners/scale-up.tf b/modules/runners/scale-up.tf index 00a1d7e1..6e39308a 100644 --- a/modules/runners/scale-up.tf +++ b/modules/runners/scale-up.tf @@ -4,7 +4,7 @@ resource "aws_lambda_function" "scale_up" { s3_object_version = var.runners_lambda_s3_object_version != null ? var.runners_lambda_s3_object_version : null filename = var.lambda_s3_bucket == null ? local.lambda_zip : null source_code_hash = var.lambda_s3_bucket == null ? filebase64sha256(local.lambda_zip) : null - function_name = "${var.environment}-scale-up" + function_name = "${var.prefix}-scale-up" role = aws_iam_role.scale_up.arn handler = "index.scaleUpHandler" runtime = "nodejs14.x" @@ -19,7 +19,7 @@ resource "aws_lambda_function" "scale_up" { ENABLE_EPHEMERAL_RUNNERS = var.enable_ephemeral_runners ENABLE_JOB_QUEUED_CHECK = local.enable_job_queued_check ENABLE_ORGANIZATION_RUNNERS = var.enable_organization_runners - ENVIRONMENT = var.environment + ENVIRONMENT = var.prefix GHES_URL = var.ghes_url INSTANCE_ALLOCATION_STRATEGY = var.instance_allocation_strategy INSTANCE_MAX_SPOT_PRICE = var.instance_max_spot_price @@ -69,7 +69,7 @@ resource "aws_lambda_permission" "scale_runners_lambda" { } resource "aws_iam_role" "scale_up" { - name = "${var.environment}-action-scale-up-lambda-role" + name = "${var.prefix}-action-scale-up-lambda-role" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary @@ -77,7 +77,7 @@ resource "aws_iam_role" "scale_up" { } resource "aws_iam_role_policy" "scale_up" { - name = "${var.environment}-lambda-scale-up-policy" + name = "${var.prefix}-lambda-scale-up-policy" role = aws_iam_role.scale_up.name policy = templatefile("${path.module}/policies/lambda-scale-up.json", { arn_runner_instance_role = aws_iam_role.runner.arn @@ -90,7 +90,7 @@ resource "aws_iam_role_policy" "scale_up" { resource "aws_iam_role_policy" "scale_up_logging" { - name = "${var.environment}-lambda-logging" + name = "${var.prefix}-lambda-logging" role = aws_iam_role.scale_up.name policy = templatefile("${path.module}/policies/lambda-cloudwatch.json", { log_group_arn = aws_cloudwatch_log_group.scale_up.arn @@ -99,7 +99,7 @@ resource "aws_iam_role_policy" "scale_up_logging" { resource "aws_iam_role_policy" "service_linked_role" { count = var.create_service_linked_role_spot ? 1 : 0 - name = "${var.environment}-service_linked_role" + name = "${var.prefix}-service_linked_role" role = aws_iam_role.scale_up.name policy = templatefile("${path.module}/policies/service-linked-role-create-policy.json", { aws_partition = var.aws_partition }) } diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf index 91b77806..6fabdf3a 100644 --- a/modules/runners/variables.tf +++ b/modules/runners/variables.tf @@ -24,7 +24,7 @@ variable "overrides" { } variable "tags" { - description = "Map of tags that will be added to created resources. By default resources will be tagged with name and environment." + description = "Map of tags that will be added to created resources. By default resources will be tagged with name." type = map(string) default = {} } @@ -32,6 +32,18 @@ variable "tags" { variable "environment" { description = "A name that identifies the environment, used as prefix and for tagging." type = string + default = null + + validation { + condition = var.environment == null + error_message = "The \"environment\" variable is no longer used. To migrate, set the \"prefix\" variable to the original value of \"environment\" and optionally, add \"Environment\" to the \"tags\" variable map with the same value." + } +} + +variable "prefix" { + description = "The prefix used for naming resources" + type = string + default = "github-actions" } variable "s3_bucket_runner_binaries" { @@ -243,13 +255,13 @@ variable "role_permissions_boundary" { } variable "role_path" { - description = "The path that will be added to the role; if not set, the environment name will be used." + description = "The path that will be added to the role; if not set, the prefix will be used." type = string default = null } variable "instance_profile_path" { - description = "The path that will be added to the instance_profile, if not set the environment name will be used." + description = "The path that will be added to the instance_profile, if not set the prefix will be used." type = string default = null } @@ -357,7 +369,7 @@ variable "cloudwatch_config" { } variable "runner_log_files" { - description = "(optional) List of logfiles to send to CloudWatch, will only be used if `enable_cloudwatch_agent` is set to true. Object description: `log_group_name`: Name of the log group, `prefix_log_group`: If true, the log group name will be prefixed with `/github-self-hosted-runners/`, `file_path`: path to the log file, `log_stream_name`: name of the log stream." + description = "(optional) List of logfiles to send to CloudWatch, will only be used if `enable_cloudwatch_agent` is set to true. Object description: `log_group_name`: Name of the log group, `prefix_log_group`: If true, the log group name will be prefixed with `/github-self-hosted-runners/`, `file_path`: path to the log file, `log_stream_name`: name of the log stream." type = list(object({ log_group_name = string prefix_log_group = bool diff --git a/modules/setup-iam-permissions/main.tf b/modules/setup-iam-permissions/main.tf index a577dfd4..ce390310 100644 --- a/modules/setup-iam-permissions/main.tf +++ b/modules/setup-iam-permissions/main.tf @@ -1,7 +1,7 @@ data "aws_caller_identity" "current" {} resource "aws_iam_role" "deploy" { - name = "${var.environment}-terraform" + name = "${var.prefix}-terraform" permissions_boundary = aws_iam_policy.deploy_boundary.arn assume_role_policy = templatefile("${path.module}/policies/assume-role-for-account.json", { @@ -11,7 +11,7 @@ resource "aws_iam_role" "deploy" { } resource "aws_iam_policy" "boundary" { - name = "${var.environment}-boundary" + name = "${var.prefix}-boundary" path = "/${var.namespaces.boundary_namespace}/" policy = templatefile("${path.module}/policies/boundary.json", { @@ -22,7 +22,7 @@ resource "aws_iam_policy" "boundary" { } resource "aws_iam_policy" "deploy" { - name = "${var.environment}-terraform" + name = "${var.prefix}-terraform" path = "/" policy = templatefile("${path.module}/policies/deploy-policy.json", { @@ -36,7 +36,7 @@ resource "aws_iam_role_policy_attachment" "deploy" { } resource "aws_iam_policy" "deploy_boundary" { - name = "${var.environment}-terraform-boundary" + name = "${var.prefix}-terraform-boundary" path = "/${var.namespaces.boundary_namespace}/" policy = templatefile("${path.module}/policies/deploy-boundary.json", { diff --git a/modules/setup-iam-permissions/variables.tf b/modules/setup-iam-permissions/variables.tf index a67d5664..833ee873 100644 --- a/modules/setup-iam-permissions/variables.tf +++ b/modules/setup-iam-permissions/variables.tf @@ -1,6 +1,18 @@ variable "environment" { description = "A name that identifies the environment, used as prefix and for tagging." type = string + default = null + + validation { + condition = var.environment == null + error_message = "The \"environment\" variable is no longer used. To migrate, set the \"prefix\" variable to the original value of \"environment\" and optionally, add \"Environment\" to the \"tags\" variable map with the same value." + } +} + +variable "prefix" { + description = "The prefix used for naming resources" + type = string + default = "github-actions" } variable "namespaces" { diff --git a/modules/ssm/ssm.tf b/modules/ssm/ssm.tf index 91f1d17c..9b4d96cb 100644 --- a/modules/ssm/ssm.tf +++ b/modules/ssm/ssm.tf @@ -1,5 +1,5 @@ resource "aws_ssm_parameter" "github_app_id" { - name = "/actions_runner/${var.environment}/github_app_id" + name = "/actions_runner/${var.prefix}/github_app_id" type = "SecureString" value = var.github_app.id key_id = local.kms_key_arn @@ -7,7 +7,7 @@ resource "aws_ssm_parameter" "github_app_id" { } resource "aws_ssm_parameter" "github_app_key_base64" { - name = "/actions_runner/${var.environment}/github_app_key_base64" + name = "/actions_runner/${var.prefix}/github_app_key_base64" type = "SecureString" value = var.github_app.key_base64 key_id = local.kms_key_arn @@ -15,7 +15,7 @@ resource "aws_ssm_parameter" "github_app_key_base64" { } resource "aws_ssm_parameter" "github_app_webhook_secret" { - name = "/actions_runner/${var.environment}/github_app_webhook_secret" + name = "/actions_runner/${var.prefix}/github_app_webhook_secret" type = "SecureString" value = var.github_app.webhook_secret key_id = local.kms_key_arn diff --git a/modules/ssm/variables.tf b/modules/ssm/variables.tf index 7528d072..4078ad6d 100644 --- a/modules/ssm/variables.tf +++ b/modules/ssm/variables.tf @@ -10,6 +10,18 @@ variable "github_app" { variable "environment" { description = "A name that identifies the environment, used as prefix and for tagging." type = string + default = null + + validation { + condition = var.environment == null + error_message = "The \"environment\" variable is no longer used. To migrate, set the \"prefix\" variable to the original value of \"environment\" and optionally, add \"Environment\" to the \"tags\" variable map with the same value." + } +} + +variable "prefix" { + description = "The prefix used for naming resources" + type = string + default = "github-actions" } variable "kms_key_arn" { diff --git a/modules/webhook/main.tf b/modules/webhook/main.tf index ad536051..b3309131 100644 --- a/modules/webhook/main.tf +++ b/modules/webhook/main.tf @@ -1,11 +1,11 @@ locals { webhook_endpoint = "webhook" - role_path = var.role_path == null ? "/${var.environment}/" : var.role_path + role_path = var.role_path == null ? "/${var.prefix}/" : var.role_path lambda_zip = var.lambda_zip == null ? "${path.module}/lambdas/webhook/webhook.zip" : var.lambda_zip } resource "aws_apigatewayv2_api" "webhook" { - name = "${var.environment}-github-action-webhook" + name = "${var.prefix}-github-action-webhook" protocol_type = "HTTP" tags = var.tags } diff --git a/modules/webhook/variables.tf b/modules/webhook/variables.tf index d719ad45..9753fbae 100644 --- a/modules/webhook/variables.tf +++ b/modules/webhook/variables.tf @@ -6,6 +6,18 @@ variable "aws_region" { variable "environment" { description = "A name that identifies the environment, used as prefix and for tagging." type = string + default = null + + validation { + condition = var.environment == null + error_message = "The \"environment\" variable is no longer used. To migrate, set the \"prefix\" variable to the original value of \"environment\" and optionally, add \"Environment\" to the \"tags\" variable map with the same value." + } +} + +variable "prefix" { + description = "The prefix used for naming resources" + type = string + default = "github-actions" } variable "github_app_webhook_secret_arn" { diff --git a/modules/webhook/webhook.tf b/modules/webhook/webhook.tf index 25e9c4d6..2e3c6836 100644 --- a/modules/webhook/webhook.tf +++ b/modules/webhook/webhook.tf @@ -4,7 +4,7 @@ resource "aws_lambda_function" "webhook" { s3_object_version = var.webhook_lambda_s3_object_version != null ? var.webhook_lambda_s3_object_version : null filename = var.lambda_s3_bucket == null ? local.lambda_zip : null source_code_hash = var.lambda_s3_bucket == null ? filebase64sha256(local.lambda_zip) : null - function_name = "${var.environment}-webhook" + function_name = "${var.prefix}-webhook" role = aws_iam_role.webhook_lambda.arn handler = "index.githubWebhook" runtime = "nodejs14.x" @@ -13,7 +13,7 @@ resource "aws_lambda_function" "webhook" { environment { variables = { ENABLE_WORKFLOW_JOB_LABELS_CHECK = var.enable_workflow_job_labels_check - ENVIRONMENT = var.environment + ENVIRONMENT = var.prefix LOG_LEVEL = var.log_level LOG_TYPE = var.log_type REPOSITORY_WHITE_LIST = jsonencode(var.repository_white_list) @@ -53,7 +53,7 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" { } resource "aws_iam_role" "webhook_lambda" { - name = "${var.environment}-action-webhook-lambda-role" + name = "${var.prefix}-action-webhook-lambda-role" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role_policy.json path = local.role_path permissions_boundary = var.role_permissions_boundary @@ -61,7 +61,7 @@ resource "aws_iam_role" "webhook_lambda" { } resource "aws_iam_role_policy" "webhook_logging" { - name = "${var.environment}-lambda-logging-policy" + name = "${var.prefix}-lambda-logging-policy" role = aws_iam_role.webhook_lambda.name policy = templatefile("${path.module}/policies/lambda-cloudwatch.json", { log_group_arn = aws_cloudwatch_log_group.webhook.arn @@ -69,7 +69,7 @@ resource "aws_iam_role_policy" "webhook_logging" { } resource "aws_iam_role_policy" "webhook_sqs" { - name = "${var.environment}-lambda-webhook-publish-sqs-policy" + name = "${var.prefix}-lambda-webhook-publish-sqs-policy" role = aws_iam_role.webhook_lambda.name policy = templatefile("${path.module}/policies/lambda-publish-sqs-policy.json", { @@ -78,7 +78,7 @@ resource "aws_iam_role_policy" "webhook_sqs" { } resource "aws_iam_role_policy" "webhook_ssm" { - name = "${var.environment}-lambda-webhook-publish-ssm-policy" + name = "${var.prefix}-lambda-webhook-publish-ssm-policy" role = aws_iam_role.webhook_lambda.name policy = templatefile("${path.module}/policies/lambda-ssm.json", { diff --git a/variables.tf b/variables.tf index fc0102c6..a837afb8 100644 --- a/variables.tf +++ b/variables.tf @@ -22,6 +22,18 @@ variable "tags" { variable "environment" { description = "A name that identifies the environment, used as prefix and for tagging." type = string + default = null + + validation { + condition = var.environment == null + error_message = "The \"environment\" variable is no longer used. To migrate, set the \"prefix\" variable to the original value of \"environment\" and optionally, add \"Environment\" to the \"tags\" variable map with the same value." + } +} + +variable "prefix" { + description = "The prefix used for naming resources" + type = string + default = "github-actions" } variable "enable_organization_runners" { From 30dd8afcfcf26904f7cca869cb41025b46fa3dae Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 20 May 2022 13:31:33 +0000 Subject: [PATCH 3/3] chore(release): 1.2.0 [skip ci] ## [1.2.0](https://github.com/philips-labs/terraform-aws-github-runner/compare/v1.1.1...v1.2.0) (2022-05-20) ### Features * Replace environment variable by prefix ([#1858](https://github.com/philips-labs/terraform-aws-github-runner/issues/1858)) ([e2f9a27](https://github.com/philips-labs/terraform-aws-github-runner/commit/e2f9a2764f3c404cd2f8649db64253c9e886e2e7)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index af06f5a5..9e140fb5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## [1.2.0](https://github.com/philips-labs/terraform-aws-github-runner/compare/v1.1.1...v1.2.0) (2022-05-20) + + +### Features + +* Replace environment variable by prefix ([#1858](https://github.com/philips-labs/terraform-aws-github-runner/issues/1858)) ([e2f9a27](https://github.com/philips-labs/terraform-aws-github-runner/commit/e2f9a2764f3c404cd2f8649db64253c9e886e2e7)) + ### [1.1.1](https://github.com/philips-labs/terraform-aws-github-runner/compare/v1.1.0...v1.1.1) (2022-05-17)