@cloudsnorkel/cdk-github-runners 0.1.1 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. package/.gitattributes +6 -1
  2. package/.jsii +1383 -218
  3. package/API.md +1199 -101
  4. package/README.md +57 -42
  5. package/demo-thumbnail.jpg +0 -0
  6. package/lib/index.d.ts +3 -2
  7. package/lib/index.js +7 -1
  8. package/lib/lambdas/build-image/index.js +121 -0
  9. package/lib/lambdas/delete-runner/index.js +12 -7
  10. package/lib/lambdas/setup/index.js +177 -66
  11. package/lib/lambdas/status/index.js +3 -2
  12. package/lib/lambdas/token-retriever/index.js +3 -2
  13. package/lib/lambdas/update-lambda/index.js +55 -0
  14. package/lib/lambdas/webhook-handler/index.js +1 -0
  15. package/lib/providers/codebuild.d.ts +32 -3
  16. package/lib/providers/codebuild.js +58 -13
  17. package/lib/providers/common.d.ts +87 -7
  18. package/lib/providers/common.js +64 -4
  19. package/lib/providers/docker-images/codebuild/linux-arm64/Dockerfile +63 -0
  20. package/lib/providers/docker-images/codebuild/{Dockerfile → linux-x64/Dockerfile} +14 -5
  21. package/lib/providers/docker-images/fargate/linux-arm64/Dockerfile +45 -0
  22. package/lib/providers/docker-images/fargate/{runner.sh → linux-arm64/runner.sh} +0 -0
  23. package/lib/providers/docker-images/fargate/{Dockerfile → linux-x64/Dockerfile} +14 -5
  24. package/lib/providers/docker-images/fargate/linux-x64/runner.sh +5 -0
  25. package/lib/providers/docker-images/lambda/linux-arm64/Dockerfile +36 -0
  26. package/lib/providers/docker-images/lambda/{runner.js → linux-arm64/runner.js} +0 -0
  27. package/lib/providers/docker-images/lambda/{runner.sh → linux-arm64/runner.sh} +0 -0
  28. package/lib/providers/docker-images/lambda/linux-x64/Dockerfile +35 -0
  29. package/lib/providers/docker-images/lambda/linux-x64/runner.js +29 -0
  30. package/lib/providers/docker-images/lambda/linux-x64/runner.sh +12 -0
  31. package/lib/providers/fargate.d.ts +46 -2
  32. package/lib/providers/fargate.js +65 -10
  33. package/lib/providers/image-builders/codebuild.d.ts +178 -0
  34. package/lib/providers/image-builders/codebuild.js +354 -0
  35. package/lib/providers/image-builders/static.d.ts +29 -0
  36. package/lib/providers/image-builders/static.js +58 -0
  37. package/lib/providers/lambda.d.ts +27 -2
  38. package/lib/providers/lambda.js +88 -9
  39. package/lib/runner.d.ts +56 -22
  40. package/lib/runner.js +38 -30
  41. package/lib/secrets.d.ts +0 -1
  42. package/lib/secrets.js +1 -1
  43. package/lib/utils.d.ts +2 -2
  44. package/lib/utils.js +14 -3
  45. package/lib/webhook.d.ts +0 -1
  46. package/lib/webhook.js +2 -1
  47. package/package.json +10 -9
  48. package/changelog.md +0 -7
  49. package/lib/index.d.ts.map +0 -1
  50. package/lib/providers/codebuild.d.ts.map +0 -1
  51. package/lib/providers/common.d.ts.map +0 -1
  52. package/lib/providers/docker-images/lambda/Dockerfile +0 -27
  53. package/lib/providers/fargate.d.ts.map +0 -1
  54. package/lib/providers/lambda.d.ts.map +0 -1
  55. package/lib/runner.d.ts.map +0 -1
  56. package/lib/secrets.d.ts.map +0 -1
  57. package/lib/utils.d.ts.map +0 -1
  58. package/lib/webhook.d.ts.map +0 -1
  59. package/releasetag.txt +0 -1
  60. package/version.txt +0 -1
package/lib/providers/image-builders/static.js ADDED
@@ -0,0 +1,58 @@
1
+ "use strict";
2
+ var _a;
3
+ Object.defineProperty(exports, "__esModule", { value: true });
4
+ exports.StaticRunnerImage = void 0;
5
+ const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
6
+ const codebuild_1 = require("../codebuild");
7
+ const common_1 = require("../common");
8
+ const codebuild_2 = require("./codebuild");
9
+ /**
10
+ * Helper class with methods to use static images that are built outside the context of this project.
11
+ */
12
+ class StaticRunnerImage {
13
+ /**
14
+ * Create a builder (that doesn't actually build anything) from an existing image in an existing repository. The image must already have GitHub Actions runner installed. You are responsible to update it and remove it when done.
15
+ *
16
+ * @param repository ECR repository
17
+ * @param tag image tag
18
+ * @param architecture image architecture
19
+ * @param os image OS
20
+ */
21
+ static fromEcrRepository(repository, tag = 'latest', architecture = common_1.Architecture.X86_64, os = common_1.Os.LINUX) {
22
+ return {
23
+ bind() {
24
+ return {
25
+ imageRepository: repository,
26
+ imageTag: tag,
27
+ imageDigest: 'unknown',
28
+ architecture,
29
+ os,
30
+ };
31
+ },
32
+ };
33
+ }
34
+ /**
35
+ * Create a builder from an existing Docker Hub image. The image must already have GitHub Actions runner installed. You are responsible to update it and remove it when done.
36
+ *
37
+ * We create a CodeBuild image builder behind the scenes to copy the image over to ECR. This helps avoid Docker Hub rate limits and prevent failures.
38
+ *
39
+ * @param scope
40
+ * @param id
41
+ * @param image Docker Hub image with optional tag
42
+ * @param architecture image architecture
43
+ * @param os image OS
44
+ */
45
+ static fromDockerHub(scope, id, image, architecture = common_1.Architecture.X86_64, os = common_1.Os.LINUX) {
46
+ const builder = new codebuild_2.CodeBuildImageBuilder(scope, id, {
47
+ dockerfilePath: codebuild_1.CodeBuildRunner.LINUX_X64_DOCKERFILE_PATH,
48
+ architecture,
49
+ os,
50
+ });
51
+ builder.addPreBuildCommand(`echo "FROM ${image}" > Dockerfile`);
52
+ return builder;
53
+ }
54
+ }
55
+ exports.StaticRunnerImage = StaticRunnerImage;
56
+ _a = JSII_RTTI_SYMBOL_1;
57
+ StaticRunnerImage[_a] = { fqn: "@cloudsnorkel/cdk-github-runners.StaticRunnerImage", version: "0.3.1" };
58
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic3RhdGljLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3Byb3ZpZGVycy9pbWFnZS1idWlsZGVycy9zdGF0aWMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFFQSw0Q0FBK0M7QUFDL0Msc0NBQXlFO0FBQ3pFLDJDQUFvRDtBQUVwRDs7R0FFRztBQUNILE1BQWEsaUJBQWlCO0lBQzVCOzs7Ozs7O09BT0c7SUFDSSxNQUFNLENBQUMsaUJBQWlCLENBQUMsVUFBMkIsRUFBRSxNQUFjLFFBQVEsRUFBRSxZQUFZLEdBQUcscUJBQVksQ0FBQyxNQUFNLEVBQUUsRUFBRSxHQUFHLFdBQUUsQ0FBQyxLQUFLO1FBQ3BJLE9BQU87WUFDTCxJQUFJO2dCQUNGLE9BQU87b0JBQ0wsZUFBZSxFQUFFLFVBQVU7b0JBQzNCLFFBQVEsRUFBRSxHQUFHO29CQUNiLFdBQVcsRUFBRSxTQUFTO29CQUN0QixZQUFZO29CQUNaLEVBQUU7aUJBQ0gsQ0FBQztZQUNKLENBQUM7U0FDRixDQUFDO0lBQ0osQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSSxNQUFNLENBQUMsYUFBYSxDQUFDLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQWEsRUFBRSxZQUFZLEdBQUcscUJBQVksQ0FBQyxNQUFNLEVBQUUsRUFBRSxHQUFHLFdBQUUsQ0FBQyxLQUFLO1FBQ3hILE1BQU0sT0FBTyxHQUFHLElBQUksaUNBQXFCLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRTtZQUNuRCxjQUFjLEVBQUUsMkJBQWUsQ0FBQyx5QkFBeUI7WUFDekQsWUFBWTtZQUNaLEVBQUU7U0FDSCxDQUFDLENBQUM7UUFFSCxPQUFPLENBQUMsa0JBQWtCLENBQUMsY0FBYyxLQUFLLGdCQUFnQixDQUFDLENBQUM7UUFFaEUsT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQzs7QUE1Q0gsOENBNkNDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgYXdzX2VjciBhcyBlY3IgfSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcbmltcG9ydCB7IENvZGVCdWlsZFJ1bm5lciB9IGZyb20gJy4uL2NvZGVidWlsZCc7XG5pbXBvcnQgeyBBcmNoaXRlY3R1cmUsIElJbWFnZUJ1aWxkZXIsIE9zLCBSdW5uZXJJbWFnZSB9IGZyb20gJy4uL2NvbW1vbic7XG5pbXBvcnQgeyBDb2RlQnVpbGRJbWFnZUJ1aWxkZXIgfSBmcm9tICcuL2NvZGVidWlsZCc7XG5cbi8qKlxuICogSGVscGVyIGNsYXNzIHdpdGggbWV0aG9kcyB0byB1c2Ugc3RhdGljIGltYWdlcyB0aGF0IGFyZSBidWlsdCBvdXRzaWRlIHRoZSBjb250ZXh0IG9mIHRoaXMgcHJvamVjdC5cbiAqL1xuZXhwb3J0IGNsYXNzIFN0YXRpY1J1bm5lckltYWdlIHtcbiAgLyoqXG4gICAqIENyZWF0ZSBhIGJ1aWxkZXIgKHRoYXQgZG9lc24ndCBhY3R1YWxseSBidWlsZCBhbnl0aGluZykgZnJvbSBhbiBleGlzdGluZyBpbWFnZSBpbiBhbiBleGlzdGluZyByZXBvc2l0b3J5LiBUaGUgaW1hZ2UgbXVzdCBhbHJlYWR5IGhhdmUgR2l0SHViIEFjdGlvbnMgcnVubmVyIGluc3RhbGxlZC4gWW91IGFyZSByZXNwb25zaWJsZSB0byB1cGRhdGUgaXQgYW5kIHJlbW92ZSBpdCB3aGVuIGRvbmUuXG4gICAqXG4gICAqIEBwYXJhbSByZXBvc2l0b3J5IEVDUiByZXBvc2l0b3J5XG4gICAqIEBwYXJhbSB0YWcgaW1hZ2UgdGFnXG4gICAqIEBwYXJhbSBhcmNoaXRlY3R1cmUgaW1hZ2UgYXJjaGl0ZWN0dXJlXG4gICAqIEBwYXJhbSBvcyBpbWFnZSBPU1xuICAgKi9cbiAgcHVibGljIHN0YXRpYyBmcm9tRWNyUmVwb3NpdG9yeShyZXBvc2l0b3J5OiBlY3IuSVJlcG9zaXRvcnksIHRhZzogc3RyaW5nID0gJ2xhdGVzdCcsIGFyY2hpdGVjdHVyZSA9IEFyY2hpdGVjdHVyZS5YODZfNjQsIG9zID0gT3MuTElOVVgpOiBJSW1hZ2VCdWlsZGVyIHtcbiAgICByZXR1cm4ge1xuICAgICAgYmluZCgpOiBSdW5uZXJJbWFnZSB7XG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgaW1hZ2VSZXBvc2l0b3J5OiByZXBvc2l0b3J5LFxuICAgICAgICAgIGltYWdlVGFnOiB0YWcsXG4gICAgICAgICAgaW1hZ2VEaWdlc3Q6ICd1bmtub3duJyxcbiAgICAgICAgICBhcmNoaXRlY3R1cmUsXG4gICAgICAgICAgb3MsXG4gICAgICAgIH07XG4gICAgICB9LFxuICAgIH07XG4gIH1cblxuICAvKipcbiAgICogQ3JlYXRlIGEgYnVpbGRlciBmcm9tIGFuIGV4aXN0aW5nIERvY2tlciBIdWIgaW1hZ2UuIFRoZSBpbWFnZSBtdXN0IGFscmVhZHkgaGF2ZSBHaXRIdWIgQWN0aW9ucyBydW5uZXIgaW5zdGFsbGVkLiBZb3UgYXJlIHJlc3BvbnNpYmxlIHRvIHVwZGF0ZSBpdCBhbmQgcmVtb3ZlIGl0IHdoZW4gZG9uZS5cbiAgICpcbiAgICogV2UgY3JlYXRlIGEgQ29kZUJ1aWxkIGltYWdlIGJ1aWxkZXIgYmVoaW5kIHRoZSBzY2VuZXMgdG8gY29weSB0aGUgaW1hZ2Ugb3ZlciB0byBFQ1IuIFRoaXMgaGVscHMgYXZvaWQgRG9ja2VyIEh1YiByYXRlIGxpbWl0cyBhbmQgcHJldmVudCBmYWlsdXJlcy5cbiAgICpcbiAgICogQHBhcmFtIHNjb3BlXG4gICAqIEBwYXJhbSBpZFxuICAgKiBAcGFyYW0gaW1hZ2UgRG9ja2VyIEh1YiBpbWFnZSB3aXRoIG9wdGlvbmFsIHRhZ1xuICAgKiBAcGFyYW0gYXJjaGl0ZWN0dXJlIGltYWdlIGFyY2hpdGVjdHVyZVxuICAgKiBAcGFyYW0gb3MgaW1hZ2UgT1NcbiAgICovXG4gIHB1YmxpYyBzdGF0aWMgZnJvbURvY2tlckh1YihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBpbWFnZTogc3RyaW5nLCBhcmNoaXRlY3R1cmUgPSBBcmNoaXRlY3R1cmUuWDg2XzY0LCBvcyA9IE9zLkxJTlVYKTogSUltYWdlQnVpbGRlciB7XG4gICAgY29uc3QgYnVpbGRlciA9IG5ldyBDb2RlQnVpbGRJbWFnZUJ1aWxkZXIoc2NvcGUsIGlkLCB7XG4gICAgICBkb2NrZXJmaWxlUGF0aDogQ29kZUJ1aWxkUnVubmVyLkxJTlVYX1g2NF9ET0NLRVJGSUxFX1BBVEgsIC8vIGZha2UgRG9ja2VyZmlsZSB0aGF0IGdldHMgb3ZlcnJpZGRlbiBiZWxvd1xuICAgICAgYXJjaGl0ZWN0dXJlLFxuICAgICAgb3MsXG4gICAgfSk7XG5cbiAgICBidWlsZGVyLmFkZFByZUJ1aWxkQ29tbWFuZChgZWNobyBcIkZST00gJHtpbWFnZX1cIiA+IERvY2tlcmZpbGVgKTtcblxuICAgIHJldHVybiBidWlsZGVyO1xuICB9XG59Il19
package/lib/providers/lambda.d.ts CHANGED
@@ -1,8 +1,17 @@
1
1
  import * as cdk from 'aws-cdk-lib';
2
2
  import { aws_ec2 as ec2, aws_iam as iam, aws_lambda as lambda, aws_stepfunctions as stepfunctions } from 'aws-cdk-lib';
3
3
  import { Construct } from 'constructs';
4
- import { IRunnerProvider, RunnerRuntimeParameters, RunnerProviderProps } from './common';
4
+ import { IRunnerProvider, RunnerRuntimeParameters, RunnerProviderProps, IImageBuilder } from './common';
5
5
  export interface LambdaRunnerProps extends RunnerProviderProps {
6
+ /**
7
+ * Provider running an image to run inside CodeBuild with GitHub runner pre-configured.
8
+ *
9
+ * The default command (`CMD`) should be `["runner.handler"]` which points to an included `runner.js` with a function named `handler`. The function should start the GitHub runner.
10
+ *
11
+ * @see https://github.com/CloudSnorkel/cdk-github-runners/tree/main/src/providers/docker-images/lambda
12
+ * @default image builder with LambdaRunner.LINUX_X64_DOCKERFILE_PATH as Dockerfile
13
+ */
14
+ readonly imageBuilder?: IImageBuilder;
6
15
  /**
7
16
  * GitHub Actions label used for this provider.
8
17
  *
@@ -59,6 +68,22 @@ export interface LambdaRunnerProps extends RunnerProviderProps {
59
68
  * This construct is not meant to be used by itself. It should be passed in the providers property for GitHubRunners.
60
69
  */
61
70
  export declare class LambdaRunner extends Construct implements IRunnerProvider {
71
+ /**
72
+ * Path to Dockerfile for Linux x64 with all the requirement for Lambda runner. Use this Dockerfile unless you need to customize it further than allowed by hooks.
73
+ *
74
+ * Available build arguments that can be set in the image builder:
75
+ * * `BASE_IMAGE` sets the `FROM` line. This should be similar to public.ecr.aws/lambda/nodejs:14.
76
+ * * `EXTRA_PACKAGES` can be used to install additional packages.
77
+ */
78
+ static readonly LINUX_X64_DOCKERFILE_PATH: string;
79
+ /**
80
+ * Path to Dockerfile for Linux ARM64 with all the requirement for Lambda runner. Use this Dockerfile unless you need to customize it further than allowed by hooks.
81
+ *
82
+ * Available build arguments that can be set in the image builder:
83
+ * * `BASE_IMAGE` sets the `FROM` line. This should be similar to public.ecr.aws/lambda/nodejs:14.
84
+ * * `EXTRA_PACKAGES` can be used to install additional packages.
85
+ */
86
+ static readonly LINUX_ARM64_DOCKERFILE_PATH: string;
62
87
  /**
63
88
  * The function hosting the GitHub runner.
64
89
  */
@@ -92,5 +117,5 @@ export declare class LambdaRunner extends Construct implements IRunnerProvider {
92
117
  * @param parameters workflow job details
93
118
  */
94
119
  getStepFunctionTask(parameters: RunnerRuntimeParameters): stepfunctions.IChainable;
120
+ private addImageUpdater;
95
121
  }
96
- //# sourceMappingURL=lambda.d.ts.map
package/lib/providers/lambda.js CHANGED
@@ -8,7 +8,9 @@ const cdk = require("aws-cdk-lib");
8
8
  const aws_cdk_lib_1 = require("aws-cdk-lib");
9
9
  const aws_logs_1 = require("aws-cdk-lib/aws-logs");
10
10
  const constructs_1 = require("constructs");
11
+ const utils_1 = require("../utils");
11
12
  const common_1 = require("./common");
13
+ const codebuild_1 = require("./image-builders/codebuild");
12
14
  /**
13
15
  * GitHub Actions runner provider using Lambda to execute the actions.
14
16
  *
@@ -22,13 +24,27 @@ class LambdaRunner extends constructs_1.Construct {
22
24
  this.label = props.label || 'lambda';
23
25
  this.vpc = props.vpc;
24
26
  this.securityGroup = props.securityGroup;
27
+ const imageBuilder = props.imageBuilder ?? new codebuild_1.CodeBuildImageBuilder(this, 'Image Builder', {
28
+ dockerfilePath: LambdaRunner.LINUX_X64_DOCKERFILE_PATH,
29
+ });
30
+ const image = imageBuilder.bind();
31
+ let architecture;
32
+ if (image.os.is(common_1.Os.LINUX)) {
33
+ if (image.architecture.is(common_1.Architecture.X86_64)) {
34
+ architecture = aws_cdk_lib_1.aws_lambda.Architecture.X86_64;
35
+ }
36
+ if (image.architecture.is(common_1.Architecture.ARM64)) {
37
+ architecture = aws_cdk_lib_1.aws_lambda.Architecture.ARM_64;
38
+ }
39
+ }
40
+ if (!architecture) {
41
+ throw new Error(`Unable to find support Lambda architecture for ${image.os.name}/${image.architecture.name}`);
42
+ }
25
43
  this.function = new aws_cdk_lib_1.aws_lambda.DockerImageFunction(this, 'Function', {
26
- // https://docs.aws.amazon.com/lambda/latest/dg/images-create.html
27
- code: aws_cdk_lib_1.aws_lambda.DockerImageCode.fromImageAsset(path.join(__dirname, 'docker-images', 'lambda'), {
28
- buildArgs: {
29
- RUNNER_VERSION: props.runnerVersion ? props.runnerVersion.version : common_1.RunnerVersion.latest().version,
30
- },
31
- }),
44
+ description: `GitHub Actions runner for "${this.label}" label`,
45
+ // CDK requires "sha256:" literal prefix -- https://github.com/aws/aws-cdk/blob/ba91ca45ad759ab5db6da17a62333e2bc11e1075/packages/%40aws-cdk/aws-ecr/lib/repository.ts#L184
46
+ code: aws_cdk_lib_1.aws_lambda.DockerImageCode.fromEcr(image.imageRepository, { tagOrDigest: `sha256:${image.imageDigest}` }),
47
+ architecture,
32
48
  vpc: this.vpc,
33
49
  securityGroups: this.securityGroup && [this.securityGroup],
34
50
  vpcSubnets: props.subnetSelection,
@@ -38,6 +54,7 @@ class LambdaRunner extends constructs_1.Construct {
38
54
  logRetention: props.logRetention || aws_logs_1.RetentionDays.ONE_MONTH,
39
55
  });
40
56
  this.grantPrincipal = this.function.grantPrincipal;
57
+ this.addImageUpdater(image);
41
58
  }
42
59
  /**
43
60
  * The network connections associated with this resource.
@@ -53,7 +70,7 @@ class LambdaRunner extends constructs_1.Construct {
53
70
  * @param parameters workflow job details
54
71
  */
55
72
  getStepFunctionTask(parameters) {
56
- return new aws_cdk_lib_1.aws_stepfunctions_tasks.LambdaInvoke(this, 'Lambda Runner', {
73
+ return new aws_cdk_lib_1.aws_stepfunctions_tasks.LambdaInvoke(this, this.label, {
57
74
  lambdaFunction: this.function,
58
75
  payload: aws_cdk_lib_1.aws_stepfunctions.TaskInput.fromObject({
59
76
  token: parameters.runnerTokenPath,
@@ -65,8 +82,70 @@ class LambdaRunner extends constructs_1.Construct {
65
82
  }),
66
83
  });
67
84
  }
85
+ addImageUpdater(image) {
86
+ // Lambda needs to be pointing to a specific image digest and not just a tag.
87
+ // Whenever we update the tag to a new digest, we need to update the lambda.
88
+ let stack = cdk.Stack.of(this);
89
+ const updater = utils_1.BundledNodejsFunction.singleton(this, 'update-lambda', {
90
+ description: 'Function that updates a GitHub Actions runner function with the latest image digest after the image has been rebuilt',
91
+ timeout: cdk.Duration.seconds(30),
92
+ initialPolicy: [
93
+ new aws_cdk_lib_1.aws_iam.PolicyStatement({
94
+ actions: ['lambda:UpdateFunctionCode'],
95
+ resources: [this.function.functionArn],
96
+ }),
97
+ new aws_cdk_lib_1.aws_iam.PolicyStatement({
98
+ actions: ['cloudformation:DescribeStacks'],
99
+ resources: [stack.formatArn({
100
+ service: 'cloudformation',
101
+ resource: 'stack',
102
+ resourceName: `${stack.stackName}/*`,
103
+ })],
104
+ }),
105
+ ],
106
+ });
107
+ let lambdaTarget = new aws_cdk_lib_1.aws_events_targets.LambdaFunction(updater, {
108
+ event: aws_cdk_lib_1.aws_events.RuleTargetInput.fromObject({
109
+ lambdaName: this.function.functionName,
110
+ repositoryUri: image.imageRepository.repositoryUri,
111
+ repositoryTag: image.imageTag,
112
+ stackName: stack.stackName,
113
+ }),
114
+ });
115
+ const rule = image.imageRepository.onEvent('Push rule', {
116
+ description: 'Update GitHub Actions runner Lambda on ECR image push',
117
+ eventPattern: {
118
+ detailType: ['ECR Image Action'],
119
+ detail: {
120
+ 'action-type': ['PUSH'],
121
+ 'repository-name': [image.imageRepository.repositoryName],
122
+ 'image-tag': ['latest'],
123
+ 'result': ['SUCCESS'],
124
+ },
125
+ },
126
+ target: lambdaTarget,
127
+ });
128
+ // the event never triggers without this - not sure why
129
+ rule.node.defaultChild.addDeletionOverride('Properties.EventPattern.resources');
130
+ }
68
131
  }
69
132
  exports.LambdaRunner = LambdaRunner;
70
133
  _a = JSII_RTTI_SYMBOL_1;
71
- LambdaRunner[_a] = { fqn: "@cloudsnorkel/cdk-github-runners.LambdaRunner", version: "0.1.1" };
72
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGFtYmRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3Byb3ZpZGVycy9sYW1iZGEudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2QkFBNkI7QUFDN0IsbUNBQW1DO0FBQ25DLDZDQU1xQjtBQUNyQixtREFBcUQ7QUFDckQsMkNBQXVDO0FBQ3ZDLHFDQUF3RztBQTBEeEc7Ozs7OztHQU1HO0FBQ0gsTUFBYSxZQUFhLFNBQVEsc0JBQVM7SUEwQnpDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBd0I7UUFDaEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQyxLQUFLLElBQUksUUFBUSxDQUFDO1FBQ3JDLElBQUksQ0FBQyxHQUFHLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQztRQUNyQixJQUFJLENBQUMsYUFBYSxHQUFHLEtBQUssQ0FBQyxhQUFhLENBQUM7UUFFekMsSUFBSSxDQUFDLFFBQVEsR0FBRyxJQUFJLHdCQUFNLENBQUMsbUJBQW1CLENBQzVDLElBQUksRUFDSixVQUFVLEVBQ1Y7WUFDRSxrRUFBa0U7WUFDbEUsSUFBSSxFQUFFLHdCQUFNLENBQUMsZUFBZSxDQUFDLGNBQWMsQ0FDekMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsZUFBZSxFQUFFLFFBQVEsQ0FBQyxFQUMvQztnQkFDRSxTQUFTLEVBQUU7b0JBQ1QsY0FBYyxFQUFFLEtBQUssQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxzQkFBYSxDQUFDLE1BQU0sRUFBRSxDQUFDLE9BQU87aUJBQ25HO2FBQ0YsQ0FDRjtZQUNELEdBQUcsRUFBRSxJQUFJLENBQUMsR0FBRztZQUNiLGNBQWMsRUFBRSxJQUFJLENBQUMsYUFBYSxJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQztZQUMxRCxVQUFVLEVBQUUsS0FBSyxDQUFDLGVBQWU7WUFDakMsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPLElBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ2xELFVBQVUsRUFBRSxLQUFLLENBQUMsVUFBVSxJQUFJLElBQUk7WUFDcEMsb0JBQW9CLEVBQUUsS0FBSyxDQUFDLG9CQUFvQixJQUFJLEdBQUcsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUMxRSxZQUFZLEVBQUUsS0FBSyxDQUFDLFlBQVksSUFBSSx3QkFBYSxDQUFDLFNBQVM7U0FDNUQsQ0FDRixDQUFDO1FBRUYsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLGNBQWMsQ0FBQztJQUNyRCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxJQUFXLFdBQVc7UUFDcEIsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsbUJBQW1CLENBQUMsVUFBbUM7UUFDckQsT0FBTyxJQUFJLHFDQUFtQixDQUFDLFlBQVksQ0FDekMsSUFBSSxFQUNKLGVBQWUsRUFDZjtZQUNFLGNBQWMsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUM3QixPQUFPLEVBQUUsK0JBQWEsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDO2dCQUMxQyxLQUFLLEVBQUUsVUFBVSxDQUFDLGVBQWU7Z0JBQ2pDLFVBQVUsRUFBRSxVQUFVLENBQUMsY0FBYztnQkFDckMsS0FBSyxFQUFFLElBQUksQ0FBQyxLQUFLO2dCQUNqQixZQUFZLEVBQUUsVUFBVSxDQUFDLGdCQUFnQjtnQkFDekMsS0FBSyxFQUFFLFVBQVUsQ0FBQyxTQUFTO2dCQUMzQixJQUFJLEVBQUUsVUFBVSxDQUFDLFFBQVE7YUFDMUIsQ0FBQztTQUNILENBQ0YsQ0FBQztJQUNKLENBQUM7O0FBekZILG9DQTBGQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIHBhdGggZnJvbSAncGF0aCc7XG5pbXBvcnQgKiBhcyBjZGsgZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHtcbiAgYXdzX2VjMiBhcyBlYzIsXG4gIGF3c19pYW0gYXMgaWFtLFxuICBhd3NfbGFtYmRhIGFzIGxhbWJkYSxcbiAgYXdzX3N0ZXBmdW5jdGlvbnMgYXMgc3RlcGZ1bmN0aW9ucyxcbiAgYXdzX3N0ZXBmdW5jdGlvbnNfdGFza3MgYXMgc3RlcGZ1bmN0aW9uc190YXNrcyxcbn0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHsgUmV0ZW50aW9uRGF5cyB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1sb2dzJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuaW1wb3J0IHsgSVJ1bm5lclByb3ZpZGVyLCBSdW5uZXJSdW50aW1lUGFyYW1ldGVycywgUnVubmVyUHJvdmlkZXJQcm9wcywgUnVubmVyVmVyc2lvbiB9IGZyb20gJy4vY29tbW9uJztcblxuZXhwb3J0IGludGVyZmFjZSBMYW1iZGFSdW5uZXJQcm9wcyBleHRlbmRzIFJ1bm5lclByb3ZpZGVyUHJvcHMge1xuICAvKipcbiAgICogR2l0SHViIEFjdGlvbnMgbGFiZWwgdXNlZCBmb3IgdGhpcyBwcm92aWRlci5cbiAgICpcbiAgICogQGRlZmF1bHQgJ2xhbWJkYSdcbiAgICovXG4gIHJlYWRvbmx5IGxhYmVsPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBUaGUgYW1vdW50IG9mIG1lbW9yeSwgaW4gTUIsIHRoYXQgaXMgYWxsb2NhdGVkIHRvIHlvdXIgTGFtYmRhIGZ1bmN0aW9uLlxuICAgKiBMYW1iZGEgdXNlcyB0aGlzIHZhbHVlIHRvIHByb3BvcnRpb25hbGx5IGFsbG9jYXRlIHRoZSBhbW91bnQgb2YgQ1BVXG4gICAqIHBvd2VyLiBGb3IgbW9yZSBpbmZvcm1hdGlvbiwgc2VlIFJlc291cmNlIE1vZGVsIGluIHRoZSBBV1MgTGFtYmRhXG4gICAqIERldmVsb3BlciBHdWlkZS5cbiAgICpcbiAgICogQGRlZmF1bHQgMjA0OFxuICAgKi9cbiAgcmVhZG9ubHkgbWVtb3J5U2l6ZT86IG51bWJlcjtcblxuICAvKipcbiAgKiBUaGUgc2l6ZSBvZiB0aGUgZnVuY3Rpb27igJlzIC90bXAgZGlyZWN0b3J5IGluIE1pQi5cbiAgKlxuICAqIEBkZWZhdWx0IDEwIEdpQlxuICAqL1xuICByZWFkb25seSBlcGhlbWVyYWxTdG9yYWdlU2l6ZT86IGNkay5TaXplO1xuXG4gIC8qKlxuICAgKiBUaGUgZnVuY3Rpb24gZXhlY3V0aW9uIHRpbWUgKGluIHNlY29uZHMpIGFmdGVyIHdoaWNoIExhbWJkYSB0ZXJtaW5hdGVzXG4gICAqIHRoZSBmdW5jdGlvbi4gQmVjYXVzZSB0aGUgZXhlY3V0aW9uIHRpbWUgYWZmZWN0cyBjb3N0LCBzZXQgdGhpcyB2YWx1ZVxuICAgKiBiYXNlZCBvbiB0aGUgZnVuY3Rpb24ncyBleHBlY3RlZCBleGVjdXRpb24gdGltZS5cbiAgICpcbiAgICogQGRlZmF1bHQgRHVyYXRpb24ubWludXRlcygxNSlcbiAgICovXG4gIHJlYWRvbmx5IHRpbWVvdXQ/OiBjZGsuRHVyYXRpb247XG5cbiAgLyoqXG4gICogVlBDIHRvIGxhdW5jaCB0aGUgcnVubmVycyBpbi5cbiAgKlxuICAqIEBkZWZhdWx0IG5vIFZQQ1xuICAqL1xuICByZWFkb25seSB2cGM/OiBlYzIuSVZwYztcblxuICAvKipcbiAgKiBTZWN1cml0eSBHcm91cCB0byBhc3NpZ24gdG8gdGhpcyBpbnN0YW5jZS5cbiAgKlxuICAqIEBkZWZhdWx0IHB1YmxpYyBsYW1iZGEgd2l0aCBubyBzZWN1cml0eSBncm91cFxuICAqL1xuICByZWFkb25seSBzZWN1cml0eUdyb3VwPzogZWMyLklTZWN1cml0eUdyb3VwO1xuXG4gIC8qKlxuICAqIFdoZXJlIHRvIHBsYWNlIHRoZSBuZXR3b3JrIGludGVyZmFjZXMgd2l0aGluIHRoZSBWUEMuXG4gICpcbiAgKiBAZGVmYXVsdCBubyBzdWJuZXRcbiAgKi9cbiAgcmVhZG9ubHkgc3VibmV0U2VsZWN0aW9uPzogZWMyLlN1Ym5ldFNlbGVjdGlvbjtcbn1cblxuLyoqXG4gKiBHaXRIdWIgQWN0aW9ucyBydW5uZXIgcHJvdmlkZXIgdXNpbmcgTGFtYmRhIHRvIGV4ZWN1dGUgdGhlIGFjdGlvbnMuXG4gKlxuICogQ3JlYXRlcyBhIERvY2tlci1iYXNlZCBmdW5jdGlvbiB0aGF0IGdldHMgZXhlY3V0ZWQgZm9yIGVhY2ggam9iLlxuICpcbiAqIFRoaXMgY29uc3RydWN0IGlzIG5vdCBtZWFudCB0byBiZSB1c2VkIGJ5IGl0c2VsZi4gSXQgc2hvdWxkIGJlIHBhc3NlZCBpbiB0aGUgcHJvdmlkZXJzIHByb3BlcnR5IGZvciBHaXRIdWJSdW5uZXJzLlxuICovXG5leHBvcnQgY2xhc3MgTGFtYmRhUnVubmVyIGV4dGVuZHMgQ29uc3RydWN0IGltcGxlbWVudHMgSVJ1bm5lclByb3ZpZGVyIHtcbiAgLyoqXG4gICAqIFRoZSBmdW5jdGlvbiBob3N0aW5nIHRoZSBHaXRIdWIgcnVubmVyLlxuICAgKi9cbiAgcmVhZG9ubHkgZnVuY3Rpb246IGxhbWJkYS5GdW5jdGlvbjtcblxuICAvKipcbiAgICogTGFiZWwgYXNzb2NpYXRlZCB3aXRoIHRoaXMgcHJvdmlkZXIuXG4gICAqL1xuICByZWFkb25seSBsYWJlbDogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBWUEMgdXNlZCBmb3IgaG9zdGluZyB0aGUgZnVuY3Rpb24uXG4gICAqL1xuICByZWFkb25seSB2cGM/OiBlYzIuSVZwYztcblxuICAvKipcbiAgICogU2VjdXJpdHkgZ3JvdXAgYXR0YWNoZWQgdG8gdGhlIGZ1bmN0aW9uLlxuICAgKi9cbiAgcmVhZG9ubHkgc2VjdXJpdHlHcm91cD86IGVjMi5JU2VjdXJpdHlHcm91cDtcblxuICAvKipcbiAgICogR3JhbnQgcHJpbmNpcGFsIHVzZWQgdG8gYWRkIHBlcm1pc3Npb25zIHRvIHRoZSBydW5uZXIgcm9sZS5cbiAgICovXG4gIHJlYWRvbmx5IGdyYW50UHJpbmNpcGFsOiBpYW0uSVByaW5jaXBhbDtcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogTGFtYmRhUnVubmVyUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgdGhpcy5sYWJlbCA9IHByb3BzLmxhYmVsIHx8ICdsYW1iZGEnO1xuICAgIHRoaXMudnBjID0gcHJvcHMudnBjO1xuICAgIHRoaXMuc2VjdXJpdHlHcm91cCA9IHByb3BzLnNlY3VyaXR5R3JvdXA7XG5cbiAgICB0aGlzLmZ1bmN0aW9uID0gbmV3IGxhbWJkYS5Eb2NrZXJJbWFnZUZ1bmN0aW9uKFxuICAgICAgdGhpcyxcbiAgICAgICdGdW5jdGlvbicsXG4gICAgICB7XG4gICAgICAgIC8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9sYW1iZGEvbGF0ZXN0L2RnL2ltYWdlcy1jcmVhdGUuaHRtbFxuICAgICAgICBjb2RlOiBsYW1iZGEuRG9ja2VySW1hZ2VDb2RlLmZyb21JbWFnZUFzc2V0KFxuICAgICAgICAgIHBhdGguam9pbihfX2Rpcm5hbWUsICdkb2NrZXItaW1hZ2VzJywgJ2xhbWJkYScpLFxuICAgICAgICAgIHtcbiAgICAgICAgICAgIGJ1aWxkQXJnczoge1xuICAgICAgICAgICAgICBSVU5ORVJfVkVSU0lPTjogcHJvcHMucnVubmVyVmVyc2lvbiA/IHByb3BzLnJ1bm5lclZlcnNpb24udmVyc2lvbiA6IFJ1bm5lclZlcnNpb24ubGF0ZXN0KCkudmVyc2lvbixcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgfSxcbiAgICAgICAgKSxcbiAgICAgICAgdnBjOiB0aGlzLnZwYyxcbiAgICAgICAgc2VjdXJpdHlHcm91cHM6IHRoaXMuc2VjdXJpdHlHcm91cCAmJiBbdGhpcy5zZWN1cml0eUdyb3VwXSxcbiAgICAgICAgdnBjU3VibmV0czogcHJvcHMuc3VibmV0U2VsZWN0aW9uLFxuICAgICAgICB0aW1lb3V0OiBwcm9wcy50aW1lb3V0IHx8IGNkay5EdXJhdGlvbi5taW51dGVzKDE1KSxcbiAgICAgICAgbWVtb3J5U2l6ZTogcHJvcHMubWVtb3J5U2l6ZSB8fCAyMDQ4LFxuICAgICAgICBlcGhlbWVyYWxTdG9yYWdlU2l6ZTogcHJvcHMuZXBoZW1lcmFsU3RvcmFnZVNpemUgfHwgY2RrLlNpemUuZ2liaWJ5dGVzKDEwKSxcbiAgICAgICAgbG9nUmV0ZW50aW9uOiBwcm9wcy5sb2dSZXRlbnRpb24gfHwgUmV0ZW50aW9uRGF5cy5PTkVfTU9OVEgsXG4gICAgICB9LFxuICAgICk7XG5cbiAgICB0aGlzLmdyYW50UHJpbmNpcGFsID0gdGhpcy5mdW5jdGlvbi5ncmFudFByaW5jaXBhbDtcbiAgfVxuXG4gIC8qKlxuICAgKiBUaGUgbmV0d29yayBjb25uZWN0aW9ucyBhc3NvY2lhdGVkIHdpdGggdGhpcyByZXNvdXJjZS5cbiAgICovXG4gIHB1YmxpYyBnZXQgY29ubmVjdGlvbnMoKTogZWMyLkNvbm5lY3Rpb25zIHtcbiAgICByZXR1cm4gdGhpcy5mdW5jdGlvbi5jb25uZWN0aW9ucztcbiAgfVxuXG4gIC8qKlxuICAgKiBHZW5lcmF0ZSBzdGVwIGZ1bmN0aW9uIHRhc2socykgdG8gc3RhcnQgYSBuZXcgcnVubmVyLlxuICAgKlxuICAgKiBDYWxsZWQgYnkgR2l0aHViUnVubmVycyBhbmQgc2hvdWxkbid0IGJlIGNhbGxlZCBtYW51YWxseS5cbiAgICpcbiAgICogQHBhcmFtIHBhcmFtZXRlcnMgd29ya2Zsb3cgam9iIGRldGFpbHNcbiAgICovXG4gIGdldFN0ZXBGdW5jdGlvblRhc2socGFyYW1ldGVyczogUnVubmVyUnVudGltZVBhcmFtZXRlcnMpOiBzdGVwZnVuY3Rpb25zLklDaGFpbmFibGUge1xuICAgIHJldHVybiBuZXcgc3RlcGZ1bmN0aW9uc190YXNrcy5MYW1iZGFJbnZva2UoXG4gICAgICB0aGlzLFxuICAgICAgJ0xhbWJkYSBSdW5uZXInLFxuICAgICAge1xuICAgICAgICBsYW1iZGFGdW5jdGlvbjogdGhpcy5mdW5jdGlvbixcbiAgICAgICAgcGF5bG9hZDogc3RlcGZ1bmN0aW9ucy5UYXNrSW5wdXQuZnJvbU9iamVjdCh7XG4gICAgICAgICAgdG9rZW46IHBhcmFtZXRlcnMucnVubmVyVG9rZW5QYXRoLFxuICAgICAgICAgIHJ1bm5lck5hbWU6IHBhcmFtZXRlcnMucnVubmVyTmFtZVBhdGgsXG4gICAgICAgICAgbGFiZWw6IHRoaXMubGFiZWwsXG4gICAgICAgICAgZ2l0aHViRG9tYWluOiBwYXJhbWV0ZXJzLmdpdGh1YkRvbWFpblBhdGgsXG4gICAgICAgICAgb3duZXI6IHBhcmFtZXRlcnMub3duZXJQYXRoLFxuICAgICAgICAgIHJlcG86IHBhcmFtZXRlcnMucmVwb1BhdGgsXG4gICAgICAgIH0pLFxuICAgICAgfSxcbiAgICApO1xuICB9XG59Il19
134
+ LambdaRunner[_a] = { fqn: "@cloudsnorkel/cdk-github-runners.LambdaRunner", version: "0.3.1" };
135
+ /**
136
+ * Path to Dockerfile for Linux x64 with all the requirement for Lambda runner. Use this Dockerfile unless you need to customize it further than allowed by hooks.
137
+ *
138
+ * Available build arguments that can be set in the image builder:
139
+ * * `BASE_IMAGE` sets the `FROM` line. This should be similar to public.ecr.aws/lambda/nodejs:14.
140
+ * * `EXTRA_PACKAGES` can be used to install additional packages.
141
+ */
142
+ LambdaRunner.LINUX_X64_DOCKERFILE_PATH = path.join(__dirname, 'docker-images', 'lambda', 'linux-x64');
143
+ /**
144
+ * Path to Dockerfile for Linux ARM64 with all the requirement for Lambda runner. Use this Dockerfile unless you need to customize it further than allowed by hooks.
145
+ *
146
+ * Available build arguments that can be set in the image builder:
147
+ * * `BASE_IMAGE` sets the `FROM` line. This should be similar to public.ecr.aws/lambda/nodejs:14.
148
+ * * `EXTRA_PACKAGES` can be used to install additional packages.
149
+ */
150
+ LambdaRunner.LINUX_ARM64_DOCKERFILE_PATH = path.join(__dirname, 'docker-images', 'lambda', 'linux-arm64');
151
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGFtYmRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3Byb3ZpZGVycy9sYW1iZGEudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2QkFBNkI7QUFDN0IsbUNBQW1DO0FBQ25DLDZDQVFxQjtBQUNyQixtREFBcUQ7QUFDckQsMkNBQXVDO0FBQ3ZDLG9DQUFpRDtBQUNqRCxxQ0FBdUk7QUFDdkksMERBQW1FO0FBb0VuRTs7Ozs7O0dBTUc7QUFDSCxNQUFhLFlBQWEsU0FBUSxzQkFBUztJQTRDekMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUF3QjtRQUNoRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLElBQUksQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFDLEtBQUssSUFBSSxRQUFRLENBQUM7UUFDckMsSUFBSSxDQUFDLEdBQUcsR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDO1FBQ3JCLElBQUksQ0FBQyxhQUFhLEdBQUcsS0FBSyxDQUFDLGFBQWEsQ0FBQztRQUV6QyxNQUFNLFlBQVksR0FBRyxLQUFLLENBQUMsWUFBWSxJQUFJLElBQUksaUNBQXFCLENBQUMsSUFBSSxFQUFFLGVBQWUsRUFBRTtZQUMxRixjQUFjLEVBQUUsWUFBWSxDQUFDLHlCQUF5QjtTQUN2RCxDQUFDLENBQUM7UUFDSCxNQUFNLEtBQUssR0FBRyxZQUFZLENBQUMsSUFBSSxFQUFFLENBQUM7UUFFbEMsSUFBSSxZQUE2QyxDQUFDO1FBQ2xELElBQUksS0FBSyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsV0FBRSxDQUFDLEtBQUssQ0FBQyxFQUFFO1lBQ3pCLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUMscUJBQVksQ0FBQyxNQUFNLENBQUMsRUFBRTtnQkFDOUMsWUFBWSxHQUFHLHdCQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQzthQUMzQztZQUNELElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUMscUJBQVksQ0FBQyxLQUFLLENBQUMsRUFBRTtnQkFDN0MsWUFBWSxHQUFHLHdCQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQzthQUMzQztTQUNGO1FBRUQsSUFBSSxDQUFDLFlBQVksRUFBRTtZQUNqQixNQUFNLElBQUksS0FBSyxDQUFDLGtEQUFrRCxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7U0FDL0c7UUFFRCxJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksd0JBQU0sQ0FBQyxtQkFBbUIsQ0FDNUMsSUFBSSxFQUNKLFVBQVUsRUFDVjtZQUNFLFdBQVcsRUFBRSw4QkFBOEIsSUFBSSxDQUFDLEtBQUssU0FBUztZQUM5RCwyS0FBMks7WUFDM0ssSUFBSSxFQUFFLHdCQUFNLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsZUFBZSxFQUFFLEVBQUUsV0FBVyxFQUFFLFVBQVUsS0FBSyxDQUFDLFdBQVcsRUFBRSxFQUFFLENBQUM7WUFDM0csWUFBWTtZQUNaLEdBQUcsRUFBRSxJQUFJLENBQUMsR0FBRztZQUNiLGNBQWMsRUFBRSxJQUFJLENBQUMsYUFBYSxJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQztZQUMxRCxVQUFVLEVBQUUsS0FBSyxDQUFDLGVBQWU7WUFDakMsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPLElBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ2xELFVBQVUsRUFBRSxLQUFLLENBQUMsVUFBVSxJQUFJLElBQUk7WUFDcEMsb0JBQW9CLEVBQUUsS0FBSyxDQUFDLG9CQUFvQixJQUFJLEdBQUcsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztZQUMxRSxZQUFZLEVBQUUsS0FBSyxDQUFDLFlBQVksSUFBSSx3QkFBYSxDQUFDLFNBQVM7U0FDNUQsQ0FDRixDQUFDO1FBRUYsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLGNBQWMsQ0FBQztRQUVuRCxJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQzlCLENBQUM7SUFFRDs7T0FFRztJQUNILElBQVcsV0FBVztRQUNwQixPQUFPLElBQUksQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDO0lBQ25DLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxtQkFBbUIsQ0FBQyxVQUFtQztRQUNyRCxPQUFPLElBQUkscUNBQW1CLENBQUMsWUFBWSxDQUN6QyxJQUFJLEVBQ0osSUFBSSxDQUFDLEtBQUssRUFDVjtZQUNFLGNBQWMsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUM3QixPQUFPLEVBQUUsK0JBQWEsQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDO2dCQUMxQyxLQUFLLEVBQUUsVUFBVSxDQUFDLGVBQWU7Z0JBQ2pDLFVBQVUsRUFBRSxVQUFVLENBQUMsY0FBYztnQkFDckMsS0FBSyxFQUFFLElBQUksQ0FBQyxLQUFLO2dCQUNqQixZQUFZLEVBQUUsVUFBVSxDQUFDLGdCQUFnQjtnQkFDekMsS0FBSyxFQUFFLFVBQVUsQ0FBQyxTQUFTO2dCQUMzQixJQUFJLEVBQUUsVUFBVSxDQUFDLFFBQVE7YUFDMUIsQ0FBQztTQUNILENBQ0YsQ0FBQztJQUNKLENBQUM7SUFFTyxlQUFlLENBQUMsS0FBa0I7UUFDeEMsNkVBQTZFO1FBQzdFLDRFQUE0RTtRQUU1RSxJQUFJLEtBQUssR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUUvQixNQUFNLE9BQU8sR0FBRyw2QkFBcUIsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLGVBQWUsRUFBRTtZQUNyRSxXQUFXLEVBQUUsc0hBQXNIO1lBQ25JLE9BQU8sRUFBRSxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDakMsYUFBYSxFQUFFO2dCQUNiLElBQUkscUJBQUcsQ0FBQyxlQUFlLENBQUM7b0JBQ3RCLE9BQU8sRUFBRSxDQUFDLDJCQUEyQixDQUFDO29CQUN0QyxTQUFTLEVBQUUsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQztpQkFDdkMsQ0FBQztnQkFDRixJQUFJLHFCQUFHLENBQUMsZUFBZSxDQUFDO29CQUN0QixPQUFPLEVBQUUsQ0FBQywrQkFBK0IsQ0FBQztvQkFDMUMsU0FBUyxFQUFFLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQzs0QkFDMUIsT0FBTyxFQUFFLGdCQUFnQjs0QkFDekIsUUFBUSxFQUFFLE9BQU87NEJBQ2pCLFlBQVksRUFBRSxHQUFHLEtBQUssQ0FBQyxTQUFTLElBQUk7eUJBQ3JDLENBQUMsQ0FBQztpQkFDSixDQUFDO2FBQ0g7U0FDRixDQUFDLENBQUM7UUFFSCxJQUFJLFlBQVksR0FBRyxJQUFJLGdDQUFjLENBQUMsY0FBYyxDQUFDLE9BQU8sRUFBRTtZQUM1RCxLQUFLLEVBQUUsd0JBQU0sQ0FBQyxlQUFlLENBQUMsVUFBVSxDQUFDO2dCQUN2QyxVQUFVLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxZQUFZO2dCQUN0QyxhQUFhLEVBQUUsS0FBSyxDQUFDLGVBQWUsQ0FBQyxhQUFhO2dCQUNsRCxhQUFhLEVBQUUsS0FBSyxDQUFDLFFBQVE7Z0JBQzdCLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUzthQUMzQixDQUFDO1NBQ0gsQ0FBQyxDQUFDO1FBRUgsTUFBTSxJQUFJLEdBQUcsS0FBSyxDQUFDLGVBQWUsQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFO1lBQ3RELFdBQVcsRUFBRSx1REFBdUQ7WUFDcEUsWUFBWSxFQUFFO2dCQUNaLFVBQVUsRUFBRSxDQUFDLGtCQUFrQixDQUFDO2dCQUNoQyxNQUFNLEVBQUU7b0JBQ04sYUFBYSxFQUFFLENBQUMsTUFBTSxDQUFDO29CQUN2QixpQkFBaUIsRUFBRSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQUMsY0FBYyxDQUFDO29CQUN6RCxXQUFXLEVBQUUsQ0FBQyxRQUFRLENBQUM7b0JBQ3ZCLFFBQVEsRUFBRSxDQUFDLFNBQVMsQ0FBQztpQkFDdEI7YUFDRjtZQUNELE1BQU0sRUFBRSxZQUFZO1NBQ3JCLENBQUMsQ0FBQztRQUVILHVEQUF1RDtRQUN0RCxJQUFJLENBQUMsSUFBSSxDQUFDLFlBQStCLENBQUMsbUJBQW1CLENBQUMsbUNBQW1DLENBQUMsQ0FBQztJQUN0RyxDQUFDOztBQS9LSCxvQ0FnTEM7OztBQS9LQzs7Ozs7O0dBTUc7QUFDb0Isc0NBQXlCLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsZUFBZSxFQUFFLFFBQVEsRUFBRSxXQUFXLENBQUMsQ0FBQztBQUVoSDs7Ozs7O0dBTUc7QUFDb0Isd0NBQTJCLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsZUFBZSxFQUFFLFFBQVEsRUFBRSxhQUFhLENBQUMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIHBhdGggZnJvbSAncGF0aCc7XG5pbXBvcnQgKiBhcyBjZGsgZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHtcbiAgYXdzX2VjMiBhcyBlYzIsXG4gIGF3c19ldmVudHMgYXMgZXZlbnRzLFxuICBhd3NfZXZlbnRzX3RhcmdldHMgYXMgZXZlbnRzX3RhcmdldHMsXG4gIGF3c19pYW0gYXMgaWFtLFxuICBhd3NfbGFtYmRhIGFzIGxhbWJkYSxcbiAgYXdzX3N0ZXBmdW5jdGlvbnMgYXMgc3RlcGZ1bmN0aW9ucyxcbiAgYXdzX3N0ZXBmdW5jdGlvbnNfdGFza3MgYXMgc3RlcGZ1bmN0aW9uc190YXNrcyxcbn0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHsgUmV0ZW50aW9uRGF5cyB9IGZyb20gJ2F3cy1jZGstbGliL2F3cy1sb2dzJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuaW1wb3J0IHsgQnVuZGxlZE5vZGVqc0Z1bmN0aW9uIH0gZnJvbSAnLi4vdXRpbHMnO1xuaW1wb3J0IHsgSVJ1bm5lclByb3ZpZGVyLCBSdW5uZXJSdW50aW1lUGFyYW1ldGVycywgUnVubmVyUHJvdmlkZXJQcm9wcywgSUltYWdlQnVpbGRlciwgT3MsIEFyY2hpdGVjdHVyZSwgUnVubmVySW1hZ2UgfSBmcm9tICcuL2NvbW1vbic7XG5pbXBvcnQgeyBDb2RlQnVpbGRJbWFnZUJ1aWxkZXIgfSBmcm9tICcuL2ltYWdlLWJ1aWxkZXJzL2NvZGVidWlsZCc7XG5cbmV4cG9ydCBpbnRlcmZhY2UgTGFtYmRhUnVubmVyUHJvcHMgZXh0ZW5kcyBSdW5uZXJQcm92aWRlclByb3BzIHtcbiAgLyoqXG4gICAqIFByb3ZpZGVyIHJ1bm5pbmcgYW4gaW1hZ2UgdG8gcnVuIGluc2lkZSBDb2RlQnVpbGQgd2l0aCBHaXRIdWIgcnVubmVyIHByZS1jb25maWd1cmVkLlxuICAgKlxuICAgKiBUaGUgZGVmYXVsdCBjb21tYW5kIChgQ01EYCkgc2hvdWxkIGJlIGBbXCJydW5uZXIuaGFuZGxlclwiXWAgd2hpY2ggcG9pbnRzIHRvIGFuIGluY2x1ZGVkIGBydW5uZXIuanNgIHdpdGggYSBmdW5jdGlvbiBuYW1lZCBgaGFuZGxlcmAuIFRoZSBmdW5jdGlvbiBzaG91bGQgc3RhcnQgdGhlIEdpdEh1YiBydW5uZXIuXG4gICAqXG4gICAqIEBzZWUgaHR0cHM6Ly9naXRodWIuY29tL0Nsb3VkU25vcmtlbC9jZGstZ2l0aHViLXJ1bm5lcnMvdHJlZS9tYWluL3NyYy9wcm92aWRlcnMvZG9ja2VyLWltYWdlcy9sYW1iZGFcbiAgICogQGRlZmF1bHQgaW1hZ2UgYnVpbGRlciB3aXRoIExhbWJkYVJ1bm5lci5MSU5VWF9YNjRfRE9DS0VSRklMRV9QQVRIIGFzIERvY2tlcmZpbGVcbiAgICovXG4gIHJlYWRvbmx5IGltYWdlQnVpbGRlcj86IElJbWFnZUJ1aWxkZXI7XG5cbiAgLyoqXG4gICAqIEdpdEh1YiBBY3Rpb25zIGxhYmVsIHVzZWQgZm9yIHRoaXMgcHJvdmlkZXIuXG4gICAqXG4gICAqIEBkZWZhdWx0ICdsYW1iZGEnXG4gICAqL1xuICByZWFkb25seSBsYWJlbD86IHN0cmluZztcblxuICAvKipcbiAgICogVGhlIGFtb3VudCBvZiBtZW1vcnksIGluIE1CLCB0aGF0IGlzIGFsbG9jYXRlZCB0byB5b3VyIExhbWJkYSBmdW5jdGlvbi5cbiAgICogTGFtYmRhIHVzZXMgdGhpcyB2YWx1ZSB0byBwcm9wb3J0aW9uYWxseSBhbGxvY2F0ZSB0aGUgYW1vdW50IG9mIENQVVxuICAgKiBwb3dlci4gRm9yIG1vcmUgaW5mb3JtYXRpb24sIHNlZSBSZXNvdXJjZSBNb2RlbCBpbiB0aGUgQVdTIExhbWJkYVxuICAgKiBEZXZlbG9wZXIgR3VpZGUuXG4gICAqXG4gICAqIEBkZWZhdWx0IDIwNDhcbiAgICovXG4gIHJlYWRvbmx5IG1lbW9yeVNpemU/OiBudW1iZXI7XG5cbiAgLyoqXG4gICogVGhlIHNpemUgb2YgdGhlIGZ1bmN0aW9u4oCZcyAvdG1wIGRpcmVjdG9yeSBpbiBNaUIuXG4gICpcbiAgKiBAZGVmYXVsdCAxMCBHaUJcbiAgKi9cbiAgcmVhZG9ubHkgZXBoZW1lcmFsU3RvcmFnZVNpemU/OiBjZGsuU2l6ZTtcblxuICAvKipcbiAgICogVGhlIGZ1bmN0aW9uIGV4ZWN1dGlvbiB0aW1lIChpbiBzZWNvbmRzKSBhZnRlciB3aGljaCBMYW1iZGEgdGVybWluYXRlc1xuICAgKiB0aGUgZnVuY3Rpb24uIEJlY2F1c2UgdGhlIGV4ZWN1dGlvbiB0aW1lIGFmZmVjdHMgY29zdCwgc2V0IHRoaXMgdmFsdWVcbiAgICogYmFzZWQgb24gdGhlIGZ1bmN0aW9uJ3MgZXhwZWN0ZWQgZXhlY3V0aW9uIHRpbWUuXG4gICAqXG4gICAqIEBkZWZhdWx0IER1cmF0aW9uLm1pbnV0ZXMoMTUpXG4gICAqL1xuICByZWFkb25seSB0aW1lb3V0PzogY2RrLkR1cmF0aW9uO1xuXG4gIC8qKlxuICAqIFZQQyB0byBsYXVuY2ggdGhlIHJ1bm5lcnMgaW4uXG4gICpcbiAgKiBAZGVmYXVsdCBubyBWUENcbiAgKi9cbiAgcmVhZG9ubHkgdnBjPzogZWMyLklWcGM7XG5cbiAgLyoqXG4gICogU2VjdXJpdHkgR3JvdXAgdG8gYXNzaWduIHRvIHRoaXMgaW5zdGFuY2UuXG4gICpcbiAgKiBAZGVmYXVsdCBwdWJsaWMgbGFtYmRhIHdpdGggbm8gc2VjdXJpdHkgZ3JvdXBcbiAgKi9cbiAgcmVhZG9ubHkgc2VjdXJpdHlHcm91cD86IGVjMi5JU2VjdXJpdHlHcm91cDtcblxuICAvKipcbiAgKiBXaGVyZSB0byBwbGFjZSB0aGUgbmV0d29yayBpbnRlcmZhY2VzIHdpdGhpbiB0aGUgVlBDLlxuICAqXG4gICogQGRlZmF1bHQgbm8gc3VibmV0XG4gICovXG4gIHJlYWRvbmx5IHN1Ym5ldFNlbGVjdGlvbj86IGVjMi5TdWJuZXRTZWxlY3Rpb247XG59XG5cbi8qKlxuICogR2l0SHViIEFjdGlvbnMgcnVubmVyIHByb3ZpZGVyIHVzaW5nIExhbWJkYSB0byBleGVjdXRlIHRoZSBhY3Rpb25zLlxuICpcbiAqIENyZWF0ZXMgYSBEb2NrZXItYmFzZWQgZnVuY3Rpb24gdGhhdCBnZXRzIGV4ZWN1dGVkIGZvciBlYWNoIGpvYi5cbiAqXG4gKiBUaGlzIGNvbnN0cnVjdCBpcyBub3QgbWVhbnQgdG8gYmUgdXNlZCBieSBpdHNlbGYuIEl0IHNob3VsZCBiZSBwYXNzZWQgaW4gdGhlIHByb3ZpZGVycyBwcm9wZXJ0eSBmb3IgR2l0SHViUnVubmVycy5cbiAqL1xuZXhwb3J0IGNsYXNzIExhbWJkYVJ1bm5lciBleHRlbmRzIENvbnN0cnVjdCBpbXBsZW1lbnRzIElSdW5uZXJQcm92aWRlciB7XG4gIC8qKlxuICAgKiBQYXRoIHRvIERvY2tlcmZpbGUgZm9yIExpbnV4IHg2NCB3aXRoIGFsbCB0aGUgcmVxdWlyZW1lbnQgZm9yIExhbWJkYSBydW5uZXIuIFVzZSB0aGlzIERvY2tlcmZpbGUgdW5sZXNzIHlvdSBuZWVkIHRvIGN1c3RvbWl6ZSBpdCBmdXJ0aGVyIHRoYW4gYWxsb3dlZCBieSBob29rcy5cbiAgICpcbiAgICogQXZhaWxhYmxlIGJ1aWxkIGFyZ3VtZW50cyB0aGF0IGNhbiBiZSBzZXQgaW4gdGhlIGltYWdlIGJ1aWxkZXI6XG4gICAqICogYEJBU0VfSU1BR0VgIHNldHMgdGhlIGBGUk9NYCBsaW5lLiBUaGlzIHNob3VsZCBiZSBzaW1pbGFyIHRvIHB1YmxpYy5lY3IuYXdzL2xhbWJkYS9ub2RlanM6MTQuXG4gICAqICogYEVYVFJBX1BBQ0tBR0VTYCBjYW4gYmUgdXNlZCB0byBpbnN0YWxsIGFkZGl0aW9uYWwgcGFja2FnZXMuXG4gICAqL1xuICBwdWJsaWMgc3RhdGljIHJlYWRvbmx5IExJTlVYX1g2NF9ET0NLRVJGSUxFX1BBVEggPSBwYXRoLmpvaW4oX19kaXJuYW1lLCAnZG9ja2VyLWltYWdlcycsICdsYW1iZGEnLCAnbGludXgteDY0Jyk7XG5cbiAgLyoqXG4gICAqIFBhdGggdG8gRG9ja2VyZmlsZSBmb3IgTGludXggQVJNNjQgd2l0aCBhbGwgdGhlIHJlcXVpcmVtZW50IGZvciBMYW1iZGEgcnVubmVyLiBVc2UgdGhpcyBEb2NrZXJmaWxlIHVubGVzcyB5b3UgbmVlZCB0byBjdXN0b21pemUgaXQgZnVydGhlciB0aGFuIGFsbG93ZWQgYnkgaG9va3MuXG4gICAqXG4gICAqIEF2YWlsYWJsZSBidWlsZCBhcmd1bWVudHMgdGhhdCBjYW4gYmUgc2V0IGluIHRoZSBpbWFnZSBidWlsZGVyOlxuICAgKiAqIGBCQVNFX0lNQUdFYCBzZXRzIHRoZSBgRlJPTWAgbGluZS4gVGhpcyBzaG91bGQgYmUgc2ltaWxhciB0byBwdWJsaWMuZWNyLmF3cy9sYW1iZGEvbm9kZWpzOjE0LlxuICAgKiAqIGBFWFRSQV9QQUNLQUdFU2AgY2FuIGJlIHVzZWQgdG8gaW5zdGFsbCBhZGRpdGlvbmFsIHBhY2thZ2VzLlxuICAgKi9cbiAgcHVibGljIHN0YXRpYyByZWFkb25seSBMSU5VWF9BUk02NF9ET0NLRVJGSUxFX1BBVEggPSBwYXRoLmpvaW4oX19kaXJuYW1lLCAnZG9ja2VyLWltYWdlcycsICdsYW1iZGEnLCAnbGludXgtYXJtNjQnKTtcblxuICAvKipcbiAgICogVGhlIGZ1bmN0aW9uIGhvc3RpbmcgdGhlIEdpdEh1YiBydW5uZXIuXG4gICAqL1xuICByZWFkb25seSBmdW5jdGlvbjogbGFtYmRhLkZ1bmN0aW9uO1xuXG4gIC8qKlxuICAgKiBMYWJlbCBhc3NvY2lhdGVkIHdpdGggdGhpcyBwcm92aWRlci5cbiAgICovXG4gIHJlYWRvbmx5IGxhYmVsOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFZQQyB1c2VkIGZvciBob3N0aW5nIHRoZSBmdW5jdGlvbi5cbiAgICovXG4gIHJlYWRvbmx5IHZwYz86IGVjMi5JVnBjO1xuXG4gIC8qKlxuICAgKiBTZWN1cml0eSBncm91cCBhdHRhY2hlZCB0byB0aGUgZnVuY3Rpb24uXG4gICAqL1xuICByZWFkb25seSBzZWN1cml0eUdyb3VwPzogZWMyLklTZWN1cml0eUdyb3VwO1xuXG4gIC8qKlxuICAgKiBHcmFudCBwcmluY2lwYWwgdXNlZCB0byBhZGQgcGVybWlzc2lvbnMgdG8gdGhlIHJ1bm5lciByb2xlLlxuICAgKi9cbiAgcmVhZG9ubHkgZ3JhbnRQcmluY2lwYWw6IGlhbS5JUHJpbmNpcGFsO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBMYW1iZGFSdW5uZXJQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICB0aGlzLmxhYmVsID0gcHJvcHMubGFiZWwgfHwgJ2xhbWJkYSc7XG4gICAgdGhpcy52cGMgPSBwcm9wcy52cGM7XG4gICAgdGhpcy5zZWN1cml0eUdyb3VwID0gcHJvcHMuc2VjdXJpdHlHcm91cDtcblxuICAgIGNvbnN0IGltYWdlQnVpbGRlciA9IHByb3BzLmltYWdlQnVpbGRlciA/PyBuZXcgQ29kZUJ1aWxkSW1hZ2VCdWlsZGVyKHRoaXMsICdJbWFnZSBCdWlsZGVyJywge1xuICAgICAgZG9ja2VyZmlsZVBhdGg6IExhbWJkYVJ1bm5lci5MSU5VWF9YNjRfRE9DS0VSRklMRV9QQVRILFxuICAgIH0pO1xuICAgIGNvbnN0IGltYWdlID0gaW1hZ2VCdWlsZGVyLmJpbmQoKTtcblxuICAgIGxldCBhcmNoaXRlY3R1cmU6IGxhbWJkYS5BcmNoaXRlY3R1cmUgfCB1bmRlZmluZWQ7XG4gICAgaWYgKGltYWdlLm9zLmlzKE9zLkxJTlVYKSkge1xuICAgICAgaWYgKGltYWdlLmFyY2hpdGVjdHVyZS5pcyhBcmNoaXRlY3R1cmUuWDg2XzY0KSkge1xuICAgICAgICBhcmNoaXRlY3R1cmUgPSBsYW1iZGEuQXJjaGl0ZWN0dXJlLlg4Nl82NDtcbiAgICAgIH1cbiAgICAgIGlmIChpbWFnZS5hcmNoaXRlY3R1cmUuaXMoQXJjaGl0ZWN0dXJlLkFSTTY0KSkge1xuICAgICAgICBhcmNoaXRlY3R1cmUgPSBsYW1iZGEuQXJjaGl0ZWN0dXJlLkFSTV82NDtcbiAgICAgIH1cbiAgICB9XG5cbiAgICBpZiAoIWFyY2hpdGVjdHVyZSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBVbmFibGUgdG8gZmluZCBzdXBwb3J0IExhbWJkYSBhcmNoaXRlY3R1cmUgZm9yICR7aW1hZ2Uub3MubmFtZX0vJHtpbWFnZS5hcmNoaXRlY3R1cmUubmFtZX1gKTtcbiAgICB9XG5cbiAgICB0aGlzLmZ1bmN0aW9uID0gbmV3IGxhbWJkYS5Eb2NrZXJJbWFnZUZ1bmN0aW9uKFxuICAgICAgdGhpcyxcbiAgICAgICdGdW5jdGlvbicsXG4gICAgICB7XG4gICAgICAgIGRlc2NyaXB0aW9uOiBgR2l0SHViIEFjdGlvbnMgcnVubmVyIGZvciBcIiR7dGhpcy5sYWJlbH1cIiBsYWJlbGAsXG4gICAgICAgIC8vIENESyByZXF1aXJlcyBcInNoYTI1NjpcIiBsaXRlcmFsIHByZWZpeCAtLSBodHRwczovL2dpdGh1Yi5jb20vYXdzL2F3cy1jZGsvYmxvYi9iYTkxY2E0NWFkNzU5YWI1ZGI2ZGExN2E2MjMzM2UyYmMxMWUxMDc1L3BhY2thZ2VzLyU0MGF3cy1jZGsvYXdzLWVjci9saWIvcmVwb3NpdG9yeS50cyNMMTg0XG4gICAgICAgIGNvZGU6IGxhbWJkYS5Eb2NrZXJJbWFnZUNvZGUuZnJvbUVjcihpbWFnZS5pbWFnZVJlcG9zaXRvcnksIHsgdGFnT3JEaWdlc3Q6IGBzaGEyNTY6JHtpbWFnZS5pbWFnZURpZ2VzdH1gIH0pLFxuICAgICAgICBhcmNoaXRlY3R1cmUsXG4gICAgICAgIHZwYzogdGhpcy52cGMsXG4gICAgICAgIHNlY3VyaXR5R3JvdXBzOiB0aGlzLnNlY3VyaXR5R3JvdXAgJiYgW3RoaXMuc2VjdXJpdHlHcm91cF0sXG4gICAgICAgIHZwY1N1Ym5ldHM6IHByb3BzLnN1Ym5ldFNlbGVjdGlvbixcbiAgICAgICAgdGltZW91dDogcHJvcHMudGltZW91dCB8fCBjZGsuRHVyYXRpb24ubWludXRlcygxNSksXG4gICAgICAgIG1lbW9yeVNpemU6IHByb3BzLm1lbW9yeVNpemUgfHwgMjA0OCxcbiAgICAgICAgZXBoZW1lcmFsU3RvcmFnZVNpemU6IHByb3BzLmVwaGVtZXJhbFN0b3JhZ2VTaXplIHx8IGNkay5TaXplLmdpYmlieXRlcygxMCksXG4gICAgICAgIGxvZ1JldGVudGlvbjogcHJvcHMubG9nUmV0ZW50aW9uIHx8IFJldGVudGlvbkRheXMuT05FX01PTlRILFxuICAgICAgfSxcbiAgICApO1xuXG4gICAgdGhpcy5ncmFudFByaW5jaXBhbCA9IHRoaXMuZnVuY3Rpb24uZ3JhbnRQcmluY2lwYWw7XG5cbiAgICB0aGlzLmFkZEltYWdlVXBkYXRlcihpbWFnZSk7XG4gIH1cblxuICAvKipcbiAgICogVGhlIG5ldHdvcmsgY29ubmVjdGlvbnMgYXNzb2NpYXRlZCB3aXRoIHRoaXMgcmVzb3VyY2UuXG4gICAqL1xuICBwdWJsaWMgZ2V0IGNvbm5lY3Rpb25zKCk6IGVjMi5Db25uZWN0aW9ucyB7XG4gICAgcmV0dXJuIHRoaXMuZnVuY3Rpb24uY29ubmVjdGlvbnM7XG4gIH1cblxuICAvKipcbiAgICogR2VuZXJhdGUgc3RlcCBmdW5jdGlvbiB0YXNrKHMpIHRvIHN0YXJ0IGEgbmV3IHJ1bm5lci5cbiAgICpcbiAgICogQ2FsbGVkIGJ5IEdpdGh1YlJ1bm5lcnMgYW5kIHNob3VsZG4ndCBiZSBjYWxsZWQgbWFudWFsbHkuXG4gICAqXG4gICAqIEBwYXJhbSBwYXJhbWV0ZXJzIHdvcmtmbG93IGpvYiBkZXRhaWxzXG4gICAqL1xuICBnZXRTdGVwRnVuY3Rpb25UYXNrKHBhcmFtZXRlcnM6IFJ1bm5lclJ1bnRpbWVQYXJhbWV0ZXJzKTogc3RlcGZ1bmN0aW9ucy5JQ2hhaW5hYmxlIHtcbiAgICByZXR1cm4gbmV3IHN0ZXBmdW5jdGlvbnNfdGFza3MuTGFtYmRhSW52b2tlKFxuICAgICAgdGhpcyxcbiAgICAgIHRoaXMubGFiZWwsXG4gICAgICB7XG4gICAgICAgIGxhbWJkYUZ1bmN0aW9uOiB0aGlzLmZ1bmN0aW9uLFxuICAgICAgICBwYXlsb2FkOiBzdGVwZnVuY3Rpb25zLlRhc2tJbnB1dC5mcm9tT2JqZWN0KHtcbiAgICAgICAgICB0b2tlbjogcGFyYW1ldGVycy5ydW5uZXJUb2tlblBhdGgsXG4gICAgICAgICAgcnVubmVyTmFtZTogcGFyYW1ldGVycy5ydW5uZXJOYW1lUGF0aCxcbiAgICAgICAgICBsYWJlbDogdGhpcy5sYWJlbCxcbiAgICAgICAgICBnaXRodWJEb21haW46IHBhcmFtZXRlcnMuZ2l0aHViRG9tYWluUGF0aCxcbiAgICAgICAgICBvd25lcjogcGFyYW1ldGVycy5vd25lclBhdGgsXG4gICAgICAgICAgcmVwbzogcGFyYW1ldGVycy5yZXBvUGF0aCxcbiAgICAgICAgfSksXG4gICAgICB9LFxuICAgICk7XG4gIH1cblxuICBwcml2YXRlIGFkZEltYWdlVXBkYXRlcihpbWFnZTogUnVubmVySW1hZ2UpIHtcbiAgICAvLyBMYW1iZGEgbmVlZHMgdG8gYmUgcG9pbnRpbmcgdG8gYSBzcGVjaWZpYyBpbWFnZSBkaWdlc3QgYW5kIG5vdCBqdXN0IGEgdGFnLlxuICAgIC8vIFdoZW5ldmVyIHdlIHVwZGF0ZSB0aGUgdGFnIHRvIGEgbmV3IGRpZ2VzdCwgd2UgbmVlZCB0byB1cGRhdGUgdGhlIGxhbWJkYS5cblxuICAgIGxldCBzdGFjayA9IGNkay5TdGFjay5vZih0aGlzKTtcblxuICAgIGNvbnN0IHVwZGF0ZXIgPSBCdW5kbGVkTm9kZWpzRnVuY3Rpb24uc2luZ2xldG9uKHRoaXMsICd1cGRhdGUtbGFtYmRhJywge1xuICAgICAgZGVzY3JpcHRpb246ICdGdW5jdGlvbiB0aGF0IHVwZGF0ZXMgYSBHaXRIdWIgQWN0aW9ucyBydW5uZXIgZnVuY3Rpb24gd2l0aCB0aGUgbGF0ZXN0IGltYWdlIGRpZ2VzdCBhZnRlciB0aGUgaW1hZ2UgaGFzIGJlZW4gcmVidWlsdCcsXG4gICAgICB0aW1lb3V0OiBjZGsuRHVyYXRpb24uc2Vjb25kcygzMCksXG4gICAgICBpbml0aWFsUG9saWN5OiBbXG4gICAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbJ2xhbWJkYTpVcGRhdGVGdW5jdGlvbkNvZGUnXSxcbiAgICAgICAgICByZXNvdXJjZXM6IFt0aGlzLmZ1bmN0aW9uLmZ1bmN0aW9uQXJuXSxcbiAgICAgICAgfSksXG4gICAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbJ2Nsb3VkZm9ybWF0aW9uOkRlc2NyaWJlU3RhY2tzJ10sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbc3RhY2suZm9ybWF0QXJuKHtcbiAgICAgICAgICAgIHNlcnZpY2U6ICdjbG91ZGZvcm1hdGlvbicsXG4gICAgICAgICAgICByZXNvdXJjZTogJ3N0YWNrJyxcbiAgICAgICAgICAgIHJlc291cmNlTmFtZTogYCR7c3RhY2suc3RhY2tOYW1lfS8qYCxcbiAgICAgICAgICB9KV0sXG4gICAgICAgIH0pLFxuICAgICAgXSxcbiAgICB9KTtcblxuICAgIGxldCBsYW1iZGFUYXJnZXQgPSBuZXcgZXZlbnRzX3RhcmdldHMuTGFtYmRhRnVuY3Rpb24odXBkYXRlciwge1xuICAgICAgZXZlbnQ6IGV2ZW50cy5SdWxlVGFyZ2V0SW5wdXQuZnJvbU9iamVjdCh7XG4gICAgICAgIGxhbWJkYU5hbWU6IHRoaXMuZnVuY3Rpb24uZnVuY3Rpb25OYW1lLFxuICAgICAgICByZXBvc2l0b3J5VXJpOiBpbWFnZS5pbWFnZVJlcG9zaXRvcnkucmVwb3NpdG9yeVVyaSxcbiAgICAgICAgcmVwb3NpdG9yeVRhZzogaW1hZ2UuaW1hZ2VUYWcsXG4gICAgICAgIHN0YWNrTmFtZTogc3RhY2suc3RhY2tOYW1lLFxuICAgICAgfSksXG4gICAgfSk7XG5cbiAgICBjb25zdCBydWxlID0gaW1hZ2UuaW1hZ2VSZXBvc2l0b3J5Lm9uRXZlbnQoJ1B1c2ggcnVsZScsIHtcbiAgICAgIGRlc2NyaXB0aW9uOiAnVXBkYXRlIEdpdEh1YiBBY3Rpb25zIHJ1bm5lciBMYW1iZGEgb24gRUNSIGltYWdlIHB1c2gnLFxuICAgICAgZXZlbnRQYXR0ZXJuOiB7XG4gICAgICAgIGRldGFpbFR5cGU6IFsnRUNSIEltYWdlIEFjdGlvbiddLFxuICAgICAgICBkZXRhaWw6IHtcbiAgICAgICAgICAnYWN0aW9uLXR5cGUnOiBbJ1BVU0gnXSxcbiAgICAgICAgICAncmVwb3NpdG9yeS1uYW1lJzogW2ltYWdlLmltYWdlUmVwb3NpdG9yeS5yZXBvc2l0b3J5TmFtZV0sXG4gICAgICAgICAgJ2ltYWdlLXRhZyc6IFsnbGF0ZXN0J10sXG4gICAgICAgICAgJ3Jlc3VsdCc6IFsnU1VDQ0VTUyddLFxuICAgICAgICB9LFxuICAgICAgfSxcbiAgICAgIHRhcmdldDogbGFtYmRhVGFyZ2V0LFxuICAgIH0pO1xuXG4gICAgLy8gdGhlIGV2ZW50IG5ldmVyIHRyaWdnZXJzIHdpdGhvdXQgdGhpcyAtIG5vdCBzdXJlIHdoeVxuICAgIChydWxlLm5vZGUuZGVmYXVsdENoaWxkIGFzIGV2ZW50cy5DZm5SdWxlKS5hZGREZWxldGlvbk92ZXJyaWRlKCdQcm9wZXJ0aWVzLkV2ZW50UGF0dGVybi5yZXNvdXJjZXMnKTtcbiAgfVxufVxuIl19
package/lib/runner.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ import { aws_ec2 as ec2 } from 'aws-cdk-lib';
1
2
  import { Construct } from 'constructs';
2
3
  import { IRunnerProvider } from './providers/common';
3
4
  import { Secrets } from './secrets';
@@ -5,18 +6,56 @@ import { Secrets } from './secrets';
5
6
  * Properties for GitHubRunners
6
7
  */
7
8
  export interface GitHubRunnersProps {
8
- /**
9
- * Label of default provider in case the workflow job doesn't specify any known label. A provider with that label must be configured.
10
- *
11
- * @default 'codebuild'
12
- */
13
- readonly defaultProviderLabel?: string;
14
9
  /**
15
10
  * List of runner providers to use. At least one provider is required. Provider will be selected when its label matches the labels requested by the workflow job.
16
11
  *
17
12
  * @default CodeBuild, Lambda and Fargate runners with all the defaults (no VPC or default account VPC)
18
13
  */
19
14
  readonly providers?: IRunnerProvider[];
15
+ /**
16
+ * VPC used for all management functions. Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.
17
+ */
18
+ readonly vpc?: ec2.IVpc;
19
+ /**
20
+ * VPC subnets used for all management functions. Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.
21
+ */
22
+ readonly vpcSubnets?: ec2.SubnetSelection;
23
+ /**
24
+ * Allow management functions to run in public subnets. Lambda Functions in a public subnet can NOT access the internet.
25
+ *
26
+ * @default false
27
+ */
28
+ readonly allowPublicSubnet?: boolean;
29
+ /**
30
+ * Security group attached to all management functions. Use this with to provide access to GitHub Enterprise Server hosted inside a VPC.
31
+ */
32
+ readonly securityGroup?: ec2.ISecurityGroup;
33
+ /**
34
+ * Path to a directory containing a file named certs.pem containing any additional certificates required to trust GitHub Enterprise Server. Use this when GitHub Enterprise Server certificates are self-signed.
35
+ *
36
+ * You may also want to use custom images for your runner providers that contain the same certificates. See {@link CodeBuildImageBuilder.addCertificates}.
37
+ *
38
+ * ```typescript
39
+ * const imageBuilder = new CodeBuildImageBuilder(this, 'Image Builder with Certs', {
40
+ * dockerfilePath: CodeBuildRunner.LINUX_X64_DOCKERFILE_PATH,
41
+ * });
42
+ * imageBuilder.addExtraCertificates('path-to-my-extra-certs-folder');
43
+ *
44
+ * const provider = new CodeBuildRunner(this, 'CodeBuild', {
45
+ * imageBuilder: imageBuilder,
46
+ * });
47
+ *
48
+ * new GitHubRunners(
49
+ * this,
50
+ * 'runners',
51
+ * {
52
+ * providers: [provider],
53
+ * extraCertificates: 'path-to-my-extra-certs-folder',
54
+ * }
55
+ * );
56
+ * ```
57
+ */
58
+ readonly extraCertificates?: string;
20
59
  }
21
60
  /**
22
61
  * Create all the required infrastructure to provide self-hosted GitHub runners. It creates a webhook, secrets, and a step function to orchestrate all runs. Secrets are not automatically filled. See README.md for instructions on how to setup GitHub integration.
@@ -24,20 +63,20 @@ export interface GitHubRunnersProps {
24
63
  * By default, this will create a runner provider of each available type with the defaults. This is good enough for the initial setup stage when you just want to get GitHub integration working.
25
64
  *
26
65
  * ```typescript
27
- * new GitHubRunners(stack, 'runners', {});
66
+ * new GitHubRunners(this, 'runners');
28
67
  * ```
29
68
  *
30
69
  * Usually you'd want to configure the runner providers so the runners can run in a certain VPC or have certain permissions.
31
70
  *
32
71
  * ```typescript
33
- * const vpc = ec2.Vpc.fromLookup(stack, 'vpc', { vpcId: 'vpc-1234567' });
34
- * const runnerSg = new ec2.SecurityGroup(stack, 'runner security group', { vpc: vpc });
35
- * const dbSg = ec2.SecurityGroup.fromSecurityGroupId(stack, 'database security group', 'sg-1234567');
36
- * const bucket = new s3.Bucket(stack, 'runner bucket');
72
+ * const vpc = ec2.Vpc.fromLookup(this, 'vpc', { vpcId: 'vpc-1234567' });
73
+ * const runnerSg = new ec2.SecurityGroup(this, 'runner security group', { vpc: vpc });
74
+ * const dbSg = ec2.SecurityGroup.fromSecurityGroupId(this, 'database security group', 'sg-1234567');
75
+ * const bucket = new s3.Bucket(this, 'runner bucket');
37
76
  *
38
77
  * // create a custom CodeBuild provider
39
78
  * const myProvider = new CodeBuildRunner(
40
- * stack, 'codebuild runner',
79
+ * this, 'codebuild runner',
41
80
  * {
42
81
  * label: 'my-codebuild',
43
82
  * vpc: vpc,
@@ -50,25 +89,20 @@ export interface GitHubRunnersProps {
50
89
  *
51
90
  * // create the runner infrastructure
52
91
  * new GitHubRunners(
53
- * stack,
92
+ * this,
54
93
  * 'runners',
55
94
  * {
56
95
  * providers: [myProvider],
57
- * defaultProviderLabel: 'my-codebuild',
58
96
  * }
59
97
  * );
60
98
  * ```
61
99
  */
62
100
  export declare class GitHubRunners extends Construct {
63
- readonly props: GitHubRunnersProps;
101
+ private readonly props;
64
102
  /**
65
103
  * Configured runner providers.
66
104
  */
67
105
  readonly providers: IRunnerProvider[];
68
- /**
69
- * Default provider as set by {@link GitHubRunnersProps.defaultProviderLabel}.
70
- */
71
- readonly defaultProvider: IRunnerProvider;
72
106
  /**
73
107
  * Secrets for GitHub communication including webhook secret and runner authentication.
74
108
  */
@@ -76,12 +110,12 @@ export declare class GitHubRunners extends Construct {
76
110
  private readonly webhook;
77
111
  private readonly orchestrator;
78
112
  private readonly setupUrl;
79
- constructor(scope: Construct, id: string, props: GitHubRunnersProps);
80
- private getDefaultProvider;
113
+ private readonly extraLambdaEnv;
114
+ private readonly extraLambdaProps;
115
+ constructor(scope: Construct, id: string, props?: GitHubRunnersProps);
81
116
  private stateMachine;
82
117
  private tokenRetriever;
83
118
  private deleteRunner;
84
119
  private statusFunction;
85
120
  private setupFunction;
86
121
  }
87
- //# sourceMappingURL=runner.d.ts.map