@cloudsnorkel/cdk-github-runners 0.11.3 → 0.11.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.gitattributes +1 -1
- package/.jsii +127 -93
- package/API.md +29 -2
- package/SETUP_GITHUB.md +9 -5
- package/assets/delete-failed-runner.lambda/index.js +55 -45
- package/assets/docker-images/lambda/linux-arm64/runner.js +1 -0
- package/assets/docker-images/lambda/linux-arm64/runner.sh +1 -1
- package/assets/docker-images/lambda/linux-x64/runner.js +1 -0
- package/assets/docker-images/lambda/linux-x64/runner.sh +1 -1
- package/assets/idle-runner-repear.lambda/index.js +65 -55
- package/assets/image-builders/aws-image-builder/delete-ami.lambda/index.js +14 -28
- package/assets/image-builders/aws-image-builder/filter-failed-builds.lambda/index.js +4 -14
- package/assets/image-builders/aws-image-builder/reaper.lambda/index.js +18 -30
- package/assets/image-builders/aws-image-builder/versioner.lambda/index.js +10 -16
- package/assets/providers/ami-root-device.lambda/index.js +12 -23
- package/assets/providers/build-image.lambda/index.js +16 -24
- package/assets/providers/update-lambda.lambda/index.js +5 -15
- package/assets/setup.lambda/index.html +20 -12
- package/assets/setup.lambda/index.js +17 -12
- package/assets/status.lambda/index.js +50 -55
- package/assets/token-retriever.lambda/index.js +51 -39
- package/assets/webhook-handler.lambda/index.js +32 -42
- package/lib/access.js +1 -1
- package/lib/delete-failed-runner-function.js +2 -2
- package/lib/delete-failed-runner.lambda.js +4 -8
- package/lib/idle-runner-repear-function.js +2 -2
- package/lib/idle-runner-repear.lambda.js +16 -19
- package/lib/image-builders/api.js +1 -1
- package/lib/image-builders/aws-image-builder/builder.js +1 -1
- package/lib/image-builders/aws-image-builder/delete-ami-function.js +2 -2
- package/lib/image-builders/aws-image-builder/delete-ami.lambda.js +11 -11
- package/lib/image-builders/aws-image-builder/deprecated/ami.js +1 -1
- package/lib/image-builders/aws-image-builder/deprecated/container.js +1 -1
- package/lib/image-builders/aws-image-builder/deprecated/linux-components.js +1 -1
- package/lib/image-builders/aws-image-builder/deprecated/windows-components.js +1 -1
- package/lib/image-builders/aws-image-builder/filter-failed-builds-function.js +2 -2
- package/lib/image-builders/aws-image-builder/filter-failed-builds.lambda.js +5 -5
- package/lib/image-builders/aws-image-builder/reaper-function.js +2 -2
- package/lib/image-builders/aws-image-builder/reaper.lambda.js +15 -13
- package/lib/image-builders/aws-image-builder/versioner-function.js +2 -2
- package/lib/image-builders/aws-image-builder/versioner.lambda.js +9 -9
- package/lib/image-builders/codebuild-deprecated.js +1 -1
- package/lib/image-builders/components.js +1 -1
- package/lib/image-builders/static.js +1 -1
- package/lib/lambda-github.d.ts +16 -13
- package/lib/lambda-github.js +33 -8
- package/lib/lambda-helpers.js +5 -5
- package/lib/providers/ami-root-device-function.js +2 -2
- package/lib/providers/ami-root-device.lambda.js +8 -7
- package/lib/providers/build-image-function.js +2 -2
- package/lib/providers/build-image.lambda.js +15 -13
- package/lib/providers/codebuild.js +10 -5
- package/lib/providers/common.d.ts +5 -1
- package/lib/providers/common.js +4 -4
- package/lib/providers/ec2.js +56 -17
- package/lib/providers/ecs.d.ts +7 -1
- package/lib/providers/ecs.js +8 -3
- package/lib/providers/fargate.js +12 -8
- package/lib/providers/lambda.js +4 -3
- package/lib/providers/update-lambda-function.js +2 -2
- package/lib/providers/update-lambda.lambda.js +6 -6
- package/lib/runner.js +6 -2
- package/lib/secrets.js +4 -2
- package/lib/setup-function.js +2 -2
- package/lib/setup.lambda.js +13 -7
- package/lib/status-function.js +2 -2
- package/lib/status.lambda.js +23 -17
- package/lib/token-retriever-function.js +2 -2
- package/lib/token-retriever.lambda.d.ts +2 -1
- package/lib/token-retriever.lambda.js +30 -8
- package/lib/webhook-handler-function.js +2 -2
- package/lib/webhook-handler.lambda.js +5 -5
- package/package.json +21 -10
|
@@ -12865,7 +12865,6 @@ var require_cjs = __commonJS({
|
|
|
12865
12865
|
};
|
|
12866
12866
|
var AC = globalThis.AbortController;
|
|
12867
12867
|
var AS = globalThis.AbortSignal;
|
|
12868
|
-
var _a;
|
|
12869
12868
|
if (typeof AC === "undefined") {
|
|
12870
12869
|
AS = class AbortSignal {
|
|
12871
12870
|
onabort;
|
|
@@ -12882,7 +12881,6 @@ var require_cjs = __commonJS({
|
|
|
12882
12881
|
}
|
|
12883
12882
|
signal = new AS();
|
|
12884
12883
|
abort(reason) {
|
|
12885
|
-
var _a2, _b;
|
|
12886
12884
|
if (this.signal.aborted)
|
|
12887
12885
|
return;
|
|
12888
12886
|
this.signal.reason = reason;
|
|
@@ -12890,10 +12888,10 @@ var require_cjs = __commonJS({
|
|
|
12890
12888
|
for (const fn of this.signal._onabort) {
|
|
12891
12889
|
fn(reason);
|
|
12892
12890
|
}
|
|
12893
|
-
|
|
12891
|
+
this.signal.onabort?.(reason);
|
|
12894
12892
|
}
|
|
12895
12893
|
};
|
|
12896
|
-
let printACPolyfillWarning =
|
|
12894
|
+
let printACPolyfillWarning = PROCESS.env?.LRU_CACHE_IGNORE_AC_WARNING !== "1";
|
|
12897
12895
|
const warnACPolyfill = () => {
|
|
12898
12896
|
if (!printACPolyfillWarning)
|
|
12899
12897
|
return;
|
|
@@ -13548,7 +13546,6 @@ var require_cjs = __commonJS({
|
|
|
13548
13546
|
* {@link LRUCache#delete}
|
|
13549
13547
|
*/
|
|
13550
13548
|
set(k, v, setOptions = {}) {
|
|
13551
|
-
var _a2, _b, _c;
|
|
13552
13549
|
if (v === void 0) {
|
|
13553
13550
|
this.delete(k);
|
|
13554
13551
|
return this;
|
|
@@ -13586,10 +13583,10 @@ var require_cjs = __commonJS({
|
|
|
13586
13583
|
oldVal.__abortController.abort(new Error("replaced"));
|
|
13587
13584
|
} else if (!noDisposeOnSet) {
|
|
13588
13585
|
if (this.#hasDispose) {
|
|
13589
|
-
|
|
13586
|
+
this.#dispose?.(oldVal, k, "set");
|
|
13590
13587
|
}
|
|
13591
13588
|
if (this.#hasDisposeAfter) {
|
|
13592
|
-
|
|
13589
|
+
this.#disposed?.push([oldVal, k, "set"]);
|
|
13593
13590
|
}
|
|
13594
13591
|
}
|
|
13595
13592
|
this.#removeItemSize(index);
|
|
@@ -13618,8 +13615,8 @@ var require_cjs = __commonJS({
|
|
|
13618
13615
|
if (!noDisposeOnSet && this.#hasDisposeAfter && this.#disposed) {
|
|
13619
13616
|
const dt = this.#disposed;
|
|
13620
13617
|
let task;
|
|
13621
|
-
while (task = dt
|
|
13622
|
-
|
|
13618
|
+
while (task = dt?.shift()) {
|
|
13619
|
+
this.#disposeAfter?.(...task);
|
|
13623
13620
|
}
|
|
13624
13621
|
}
|
|
13625
13622
|
return this;
|
|
@@ -13629,7 +13626,6 @@ var require_cjs = __commonJS({
|
|
|
13629
13626
|
* `undefined` if cache is empty.
|
|
13630
13627
|
*/
|
|
13631
13628
|
pop() {
|
|
13632
|
-
var _a2;
|
|
13633
13629
|
try {
|
|
13634
13630
|
while (this.#size) {
|
|
13635
13631
|
const val = this.#valList[this.#head];
|
|
@@ -13646,14 +13642,13 @@ var require_cjs = __commonJS({
|
|
|
13646
13642
|
if (this.#hasDisposeAfter && this.#disposed) {
|
|
13647
13643
|
const dt = this.#disposed;
|
|
13648
13644
|
let task;
|
|
13649
|
-
while (task = dt
|
|
13650
|
-
|
|
13645
|
+
while (task = dt?.shift()) {
|
|
13646
|
+
this.#disposeAfter?.(...task);
|
|
13651
13647
|
}
|
|
13652
13648
|
}
|
|
13653
13649
|
}
|
|
13654
13650
|
}
|
|
13655
13651
|
#evict(free) {
|
|
13656
|
-
var _a2, _b;
|
|
13657
13652
|
const head = this.#head;
|
|
13658
13653
|
const k = this.#keyList[head];
|
|
13659
13654
|
const v = this.#valList[head];
|
|
@@ -13661,10 +13656,10 @@ var require_cjs = __commonJS({
|
|
|
13661
13656
|
v.__abortController.abort(new Error("evicted"));
|
|
13662
13657
|
} else if (this.#hasDispose || this.#hasDisposeAfter) {
|
|
13663
13658
|
if (this.#hasDispose) {
|
|
13664
|
-
|
|
13659
|
+
this.#dispose?.(v, k, "evict");
|
|
13665
13660
|
}
|
|
13666
13661
|
if (this.#hasDisposeAfter) {
|
|
13667
|
-
|
|
13662
|
+
this.#disposed?.push([v, k, "evict"]);
|
|
13668
13663
|
}
|
|
13669
13664
|
}
|
|
13670
13665
|
this.#removeItemSize(head);
|
|
@@ -13739,7 +13734,7 @@ var require_cjs = __commonJS({
|
|
|
13739
13734
|
}
|
|
13740
13735
|
const ac = new AC();
|
|
13741
13736
|
const { signal } = options;
|
|
13742
|
-
signal
|
|
13737
|
+
signal?.addEventListener("abort", () => ac.abort(signal.reason), {
|
|
13743
13738
|
signal: ac.signal
|
|
13744
13739
|
});
|
|
13745
13740
|
const fetchOpts = {
|
|
@@ -13810,8 +13805,7 @@ var require_cjs = __commonJS({
|
|
|
13810
13805
|
}
|
|
13811
13806
|
};
|
|
13812
13807
|
const pcall = (res, rej) => {
|
|
13813
|
-
|
|
13814
|
-
const fmp = (_a2 = this.#fetchMethod) == null ? void 0 : _a2.call(this, k, v, fetchOpts);
|
|
13808
|
+
const fmp = this.#fetchMethod?.(k, v, fetchOpts);
|
|
13815
13809
|
if (fmp && fmp instanceof Promise) {
|
|
13816
13810
|
fmp.then((v2) => res(v2), rej);
|
|
13817
13811
|
}
|
|
@@ -14000,7 +13994,6 @@ var require_cjs = __commonJS({
|
|
|
14000
13994
|
* Returns true if the key was deleted, false otherwise.
|
|
14001
13995
|
*/
|
|
14002
13996
|
delete(k) {
|
|
14003
|
-
var _a2, _b, _c, _d;
|
|
14004
13997
|
let deleted = false;
|
|
14005
13998
|
if (this.#size !== 0) {
|
|
14006
13999
|
const index = this.#keyMap.get(k);
|
|
@@ -14015,10 +14008,10 @@ var require_cjs = __commonJS({
|
|
|
14015
14008
|
v.__abortController.abort(new Error("deleted"));
|
|
14016
14009
|
} else if (this.#hasDispose || this.#hasDisposeAfter) {
|
|
14017
14010
|
if (this.#hasDispose) {
|
|
14018
|
-
|
|
14011
|
+
this.#dispose?.(v, k, "delete");
|
|
14019
14012
|
}
|
|
14020
14013
|
if (this.#hasDisposeAfter) {
|
|
14021
|
-
|
|
14014
|
+
this.#disposed?.push([v, k, "delete"]);
|
|
14022
14015
|
}
|
|
14023
14016
|
}
|
|
14024
14017
|
this.#keyMap.delete(k);
|
|
@@ -14037,11 +14030,11 @@ var require_cjs = __commonJS({
|
|
|
14037
14030
|
}
|
|
14038
14031
|
}
|
|
14039
14032
|
}
|
|
14040
|
-
if (this.#hasDisposeAfter &&
|
|
14033
|
+
if (this.#hasDisposeAfter && this.#disposed?.length) {
|
|
14041
14034
|
const dt = this.#disposed;
|
|
14042
14035
|
let task;
|
|
14043
|
-
while (task = dt
|
|
14044
|
-
|
|
14036
|
+
while (task = dt?.shift()) {
|
|
14037
|
+
this.#disposeAfter?.(...task);
|
|
14045
14038
|
}
|
|
14046
14039
|
}
|
|
14047
14040
|
return deleted;
|
|
@@ -14050,7 +14043,6 @@ var require_cjs = __commonJS({
|
|
|
14050
14043
|
* Clear the cache entirely, throwing away all values.
|
|
14051
14044
|
*/
|
|
14052
14045
|
clear() {
|
|
14053
|
-
var _a2, _b, _c;
|
|
14054
14046
|
for (const index of this.#rindexes({ allowStale: true })) {
|
|
14055
14047
|
const v = this.#valList[index];
|
|
14056
14048
|
if (this.#isBackgroundFetch(v)) {
|
|
@@ -14058,10 +14050,10 @@ var require_cjs = __commonJS({
|
|
|
14058
14050
|
} else {
|
|
14059
14051
|
const k = this.#keyList[index];
|
|
14060
14052
|
if (this.#hasDispose) {
|
|
14061
|
-
|
|
14053
|
+
this.#dispose?.(v, k, "delete");
|
|
14062
14054
|
}
|
|
14063
14055
|
if (this.#hasDisposeAfter) {
|
|
14064
|
-
|
|
14056
|
+
this.#disposed?.push([v, k, "delete"]);
|
|
14065
14057
|
}
|
|
14066
14058
|
}
|
|
14067
14059
|
}
|
|
@@ -14083,8 +14075,8 @@ var require_cjs = __commonJS({
|
|
|
14083
14075
|
if (this.#hasDisposeAfter && this.#disposed) {
|
|
14084
14076
|
const dt = this.#disposed;
|
|
14085
14077
|
let task;
|
|
14086
|
-
while (task = dt
|
|
14087
|
-
|
|
14078
|
+
while (task = dt?.shift()) {
|
|
14079
|
+
this.#disposeAfter?.(...task);
|
|
14088
14080
|
}
|
|
14089
14081
|
}
|
|
14090
14082
|
}
|
|
@@ -17496,20 +17488,20 @@ __export(idle_runner_repear_lambda_exports, {
|
|
|
17496
17488
|
handler: () => handler
|
|
17497
17489
|
});
|
|
17498
17490
|
module.exports = __toCommonJS(idle_runner_repear_lambda_exports);
|
|
17499
|
-
var
|
|
17491
|
+
var import_client_sfn = require("@aws-sdk/client-sfn");
|
|
17500
17492
|
|
|
17501
17493
|
// src/lambda-github.ts
|
|
17502
17494
|
var import_auth_app = __toESM(require_dist_node12());
|
|
17503
17495
|
var import_rest = __toESM(require_dist_node19());
|
|
17504
17496
|
|
|
17505
17497
|
// src/lambda-helpers.ts
|
|
17506
|
-
var
|
|
17507
|
-
var sm = new
|
|
17498
|
+
var import_client_secrets_manager = require("@aws-sdk/client-secrets-manager");
|
|
17499
|
+
var sm = new import_client_secrets_manager.SecretsManagerClient();
|
|
17508
17500
|
async function getSecretValue(arn) {
|
|
17509
17501
|
if (!arn) {
|
|
17510
17502
|
throw new Error("Missing secret ARN");
|
|
17511
17503
|
}
|
|
17512
|
-
const secret = await sm.
|
|
17504
|
+
const secret = await sm.send(new import_client_secrets_manager.GetSecretValueCommand({ SecretId: arn }));
|
|
17513
17505
|
if (!secret.SecretString) {
|
|
17514
17506
|
throw new Error(`No SecretString in ${arn}`);
|
|
17515
17507
|
}
|
|
@@ -17576,14 +17568,22 @@ async function getOctokit(installationId) {
|
|
|
17576
17568
|
githubSecrets
|
|
17577
17569
|
};
|
|
17578
17570
|
}
|
|
17579
|
-
async function getRunner(octokit, owner, repo, name) {
|
|
17571
|
+
async function getRunner(octokit, runnerLevel, owner, repo, name) {
|
|
17580
17572
|
let page = 1;
|
|
17581
17573
|
while (true) {
|
|
17582
|
-
|
|
17583
|
-
|
|
17584
|
-
|
|
17585
|
-
|
|
17586
|
-
|
|
17574
|
+
let runners;
|
|
17575
|
+
if ((runnerLevel ?? "repo") === "repo") {
|
|
17576
|
+
runners = await octokit.rest.actions.listSelfHostedRunnersForRepo({
|
|
17577
|
+
page,
|
|
17578
|
+
owner,
|
|
17579
|
+
repo
|
|
17580
|
+
});
|
|
17581
|
+
} else {
|
|
17582
|
+
runners = await octokit.rest.actions.listSelfHostedRunnersForOrg({
|
|
17583
|
+
page,
|
|
17584
|
+
org: owner
|
|
17585
|
+
});
|
|
17586
|
+
}
|
|
17587
17587
|
if (runners.data.runners.length == 0) {
|
|
17588
17588
|
return;
|
|
17589
17589
|
}
|
|
@@ -17595,28 +17595,42 @@ async function getRunner(octokit, owner, repo, name) {
|
|
|
17595
17595
|
page++;
|
|
17596
17596
|
}
|
|
17597
17597
|
}
|
|
17598
|
+
async function deleteRunner(octokit, runnerLevel, owner, repo, runnerId) {
|
|
17599
|
+
if ((runnerLevel ?? "repo") === "repo") {
|
|
17600
|
+
await octokit.rest.actions.deleteSelfHostedRunnerFromRepo({
|
|
17601
|
+
owner,
|
|
17602
|
+
repo,
|
|
17603
|
+
runner_id: runnerId
|
|
17604
|
+
});
|
|
17605
|
+
} else {
|
|
17606
|
+
await octokit.rest.actions.deleteSelfHostedRunnerFromOrg({
|
|
17607
|
+
org: owner,
|
|
17608
|
+
runner_id: runnerId
|
|
17609
|
+
});
|
|
17610
|
+
}
|
|
17611
|
+
}
|
|
17598
17612
|
|
|
17599
17613
|
// src/idle-runner-repear.lambda.ts
|
|
17600
|
-
var sfn = new
|
|
17614
|
+
var sfn = new import_client_sfn.SFNClient();
|
|
17601
17615
|
async function handler(event) {
|
|
17602
17616
|
const result = { batchItemFailures: [] };
|
|
17603
|
-
|
|
17617
|
+
let octokitCache2;
|
|
17618
|
+
let runnerLevel;
|
|
17604
17619
|
for (const record of event.Records) {
|
|
17605
17620
|
const input = JSON.parse(record.body);
|
|
17606
17621
|
console.log(`Checking runner for ${input.owner}/${input.repo} [execution-id=${input.runnerName}]`);
|
|
17607
17622
|
const retryLater = () => result.batchItemFailures.push({ itemIdentifier: record.messageId });
|
|
17608
|
-
const execution = await sfn.
|
|
17623
|
+
const execution = await sfn.send(new import_client_sfn.DescribeExecutionCommand({ executionArn: input.executionArn }));
|
|
17609
17624
|
if (execution.status != "RUNNING") {
|
|
17610
17625
|
console.log("Runner already finished");
|
|
17611
17626
|
continue;
|
|
17612
17627
|
}
|
|
17613
|
-
|
|
17614
|
-
|
|
17615
|
-
|
|
17616
|
-
|
|
17617
|
-
octokit = octokitCache2[input.installationId ?? -1] = (await getOctokit(input.installationId)).octokit;
|
|
17628
|
+
if (!octokitCache2) {
|
|
17629
|
+
const { octokit, githubSecrets } = await getOctokit(input.installationId);
|
|
17630
|
+
octokitCache2 = octokit;
|
|
17631
|
+
runnerLevel = githubSecrets.runnerLevel;
|
|
17618
17632
|
}
|
|
17619
|
-
const runner = await getRunner(
|
|
17633
|
+
const runner = await getRunner(octokitCache2, runnerLevel, input.owner, input.repo, input.runnerName);
|
|
17620
17634
|
if (!runner) {
|
|
17621
17635
|
console.error(`Runner not running yet for ${input.owner}/${input.repo}:${input.runnerName}`);
|
|
17622
17636
|
retryLater();
|
|
@@ -17639,11 +17653,11 @@ async function handler(event) {
|
|
|
17639
17653
|
console.log(`Runner ${input.runnerName} is idle for too long`);
|
|
17640
17654
|
try {
|
|
17641
17655
|
console.log(`Stopping step function ${input.executionArn}...`);
|
|
17642
|
-
await sfn.
|
|
17656
|
+
await sfn.send(new import_client_sfn.StopExecutionCommand({
|
|
17643
17657
|
executionArn: input.executionArn,
|
|
17644
17658
|
error: "IdleRunner",
|
|
17645
17659
|
cause: `Runner ${input.runnerName} on ${input.owner}/${input.repo} is idle for too long (${diffMs / 1e3} seconds and limit is ${input.maxIdleSeconds} seconds)`
|
|
17646
|
-
})
|
|
17660
|
+
}));
|
|
17647
17661
|
} catch (e) {
|
|
17648
17662
|
console.error(`Failed to stop step function ${input.executionArn}: ${e}`);
|
|
17649
17663
|
retryLater();
|
|
@@ -17651,11 +17665,7 @@ async function handler(event) {
|
|
|
17651
17665
|
}
|
|
17652
17666
|
try {
|
|
17653
17667
|
console.log(`Deleting runner ${runner.id}...`);
|
|
17654
|
-
await
|
|
17655
|
-
owner: input.owner,
|
|
17656
|
-
repo: input.repo,
|
|
17657
|
-
runner_id: runner.id
|
|
17658
|
-
});
|
|
17668
|
+
await deleteRunner(octokitCache2, runnerLevel, input.owner, input.repo, runner.id);
|
|
17659
17669
|
} catch (e) {
|
|
17660
17670
|
console.error(`Failed to delete runner ${runner.id}: ${e}`);
|
|
17661
17671
|
retryLater();
|
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// src/image-builders/aws-image-builder/delete-ami.lambda.ts
|
|
@@ -33,11 +23,11 @@ __export(delete_ami_lambda_exports, {
|
|
|
33
23
|
handler: () => handler
|
|
34
24
|
});
|
|
35
25
|
module.exports = __toCommonJS(delete_ami_lambda_exports);
|
|
36
|
-
var
|
|
26
|
+
var import_client_ec2 = require("@aws-sdk/client-ec2");
|
|
37
27
|
|
|
38
28
|
// src/lambda-helpers.ts
|
|
39
|
-
var
|
|
40
|
-
var sm = new
|
|
29
|
+
var import_client_secrets_manager = require("@aws-sdk/client-secrets-manager");
|
|
30
|
+
var sm = new import_client_secrets_manager.SecretsManagerClient();
|
|
41
31
|
async function customResourceRespond(event, responseStatus, reason, physicalResourceId, data) {
|
|
42
32
|
const responseBody = JSON.stringify({
|
|
43
33
|
Status: responseStatus,
|
|
@@ -73,10 +63,9 @@ async function customResourceRespond(event, responseStatus, reason, physicalReso
|
|
|
73
63
|
}
|
|
74
64
|
|
|
75
65
|
// src/image-builders/aws-image-builder/delete-ami.lambda.ts
|
|
76
|
-
var ec2 = new
|
|
66
|
+
var ec2 = new import_client_ec2.EC2Client();
|
|
77
67
|
async function deleteAmis(launchTemplateId, stackName, builderName, deleteAll) {
|
|
78
|
-
|
|
79
|
-
const images = await ec2.describeImages({
|
|
68
|
+
const images = await ec2.send(new import_client_ec2.DescribeImagesCommand({
|
|
80
69
|
Owners: ["self"],
|
|
81
70
|
Filters: [
|
|
82
71
|
{
|
|
@@ -88,24 +77,21 @@ async function deleteAmis(launchTemplateId, stackName, builderName, deleteAll) {
|
|
|
88
77
|
Values: [builderName]
|
|
89
78
|
}
|
|
90
79
|
]
|
|
91
|
-
})
|
|
80
|
+
}));
|
|
92
81
|
let imagesToDelete = images.Images ?? [];
|
|
93
82
|
console.log(`Found ${imagesToDelete.length} AMIs`);
|
|
94
83
|
console.log(JSON.stringify(imagesToDelete.map((i) => i.ImageId)));
|
|
95
84
|
if (!deleteAll) {
|
|
96
|
-
const launchTemplates = await ec2.
|
|
85
|
+
const launchTemplates = await ec2.send(new import_client_ec2.DescribeLaunchTemplateVersionsCommand({
|
|
97
86
|
LaunchTemplateId: launchTemplateId,
|
|
98
87
|
Versions: ["$Default"]
|
|
99
|
-
})
|
|
88
|
+
}));
|
|
100
89
|
if (!launchTemplates.LaunchTemplateVersions) {
|
|
101
90
|
console.error(`Unable to describe launch template ${launchTemplateId}`);
|
|
102
91
|
return;
|
|
103
92
|
}
|
|
104
93
|
const launchTemplate = launchTemplates.LaunchTemplateVersions[0];
|
|
105
|
-
imagesToDelete = imagesToDelete.filter((i) =>
|
|
106
|
-
var _a2;
|
|
107
|
-
return i.ImageId != ((_a2 = launchTemplate.LaunchTemplateData) == null ? void 0 : _a2.ImageId);
|
|
108
|
-
});
|
|
94
|
+
imagesToDelete = imagesToDelete.filter((i) => i.ImageId != launchTemplate.LaunchTemplateData?.ImageId);
|
|
109
95
|
imagesToDelete = imagesToDelete.filter((i) => i.CreationDate && Date.parse(i.CreationDate) < Date.now() - 1e3 * 60 * 60 * 48);
|
|
110
96
|
console.log(`${imagesToDelete.length} AMIs left after filtering by date and excluding AMI used by launch template`);
|
|
111
97
|
}
|
|
@@ -115,15 +101,15 @@ async function deleteAmis(launchTemplateId, stackName, builderName, deleteAll) {
|
|
|
115
101
|
continue;
|
|
116
102
|
}
|
|
117
103
|
console.log(`Deregistering ${image.ImageId}`);
|
|
118
|
-
await ec2.
|
|
104
|
+
await ec2.send(new import_client_ec2.DeregisterImageCommand({
|
|
119
105
|
ImageId: image.ImageId
|
|
120
|
-
})
|
|
106
|
+
}));
|
|
121
107
|
for (const blockMapping of image.BlockDeviceMappings ?? []) {
|
|
122
|
-
if (
|
|
108
|
+
if (blockMapping.Ebs?.SnapshotId) {
|
|
123
109
|
console.log(`Deleting ${blockMapping.Ebs.SnapshotId}`);
|
|
124
|
-
await ec2.
|
|
110
|
+
await ec2.send(new import_client_ec2.DeleteSnapshotCommand({
|
|
125
111
|
SnapshotId: blockMapping.Ebs.SnapshotId
|
|
126
|
-
})
|
|
112
|
+
}));
|
|
127
113
|
}
|
|
128
114
|
}
|
|
129
115
|
}
|
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// src/image-builders/aws-image-builder/filter-failed-builds.lambda.ts
|
|
@@ -33,17 +23,17 @@ __export(filter_failed_builds_lambda_exports, {
|
|
|
33
23
|
handler: () => handler
|
|
34
24
|
});
|
|
35
25
|
module.exports = __toCommonJS(filter_failed_builds_lambda_exports);
|
|
36
|
-
var
|
|
37
|
-
var sns = new
|
|
26
|
+
var import_client_sns = require("@aws-sdk/client-sns");
|
|
27
|
+
var sns = new import_client_sns.SNSClient();
|
|
38
28
|
async function handler(event) {
|
|
39
29
|
console.log(JSON.stringify(event));
|
|
40
30
|
for (const record of event.Records) {
|
|
41
31
|
let message = JSON.parse(record.Sns.Message);
|
|
42
32
|
if (message.state.status === "FAILED") {
|
|
43
|
-
await sns.
|
|
33
|
+
await sns.send(new import_client_sns.PublishCommand({
|
|
44
34
|
TopicArn: process.env.TARGET_TOPIC_ARN,
|
|
45
35
|
Message: record.Sns.Message
|
|
46
|
-
})
|
|
36
|
+
}));
|
|
47
37
|
}
|
|
48
38
|
}
|
|
49
39
|
}
|
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// src/image-builders/aws-image-builder/reaper.lambda.ts
|
|
@@ -33,10 +23,12 @@ __export(reaper_lambda_exports, {
|
|
|
33
23
|
handler: () => handler
|
|
34
24
|
});
|
|
35
25
|
module.exports = __toCommonJS(reaper_lambda_exports);
|
|
36
|
-
var
|
|
37
|
-
var
|
|
38
|
-
var
|
|
39
|
-
var
|
|
26
|
+
var import_client_ec2 = require("@aws-sdk/client-ec2");
|
|
27
|
+
var import_client_ecr = require("@aws-sdk/client-ecr");
|
|
28
|
+
var import_client_imagebuilder = require("@aws-sdk/client-imagebuilder");
|
|
29
|
+
var ec2 = new import_client_ec2.EC2Client();
|
|
30
|
+
var ecr = new import_client_ecr.ECRClient();
|
|
31
|
+
var ib = new import_client_imagebuilder.ImagebuilderClient();
|
|
40
32
|
async function iterateImageVersions(imageName) {
|
|
41
33
|
let result = [];
|
|
42
34
|
let params = {
|
|
@@ -49,7 +41,7 @@ async function iterateImageVersions(imageName) {
|
|
|
49
41
|
]
|
|
50
42
|
};
|
|
51
43
|
while (true) {
|
|
52
|
-
const response = await ib.
|
|
44
|
+
const response = await ib.send(new import_client_imagebuilder.ListImagesCommand(params));
|
|
53
45
|
if (response.imageVersionList) {
|
|
54
46
|
for (const imageVersion of response.imageVersionList) {
|
|
55
47
|
if (imageVersion.arn) {
|
|
@@ -65,16 +57,15 @@ async function iterateImageVersions(imageName) {
|
|
|
65
57
|
return result;
|
|
66
58
|
}
|
|
67
59
|
async function iterateImageBuildVersions(imageVersionArn) {
|
|
68
|
-
var _a;
|
|
69
60
|
let result = [];
|
|
70
61
|
let params = {
|
|
71
62
|
imageVersionArn
|
|
72
63
|
};
|
|
73
64
|
while (true) {
|
|
74
|
-
const response = await ib.
|
|
65
|
+
const response = await ib.send(new import_client_imagebuilder.ListImageBuildVersionsCommand(params));
|
|
75
66
|
if (response.imageSummaryList) {
|
|
76
67
|
for (const imageBuildVersion of response.imageSummaryList) {
|
|
77
|
-
if (
|
|
68
|
+
if (imageBuildVersion.state?.status !== "AVAILABLE") {
|
|
78
69
|
console.log(`${imageBuildVersion.arn} is still being created, so we can't delete it`);
|
|
79
70
|
continue;
|
|
80
71
|
}
|
|
@@ -89,7 +80,6 @@ async function iterateImageBuildVersions(imageVersionArn) {
|
|
|
89
80
|
return result;
|
|
90
81
|
}
|
|
91
82
|
async function amisGone(amis) {
|
|
92
|
-
var _a;
|
|
93
83
|
if (!amis) {
|
|
94
84
|
console.log("No AMIs found, so we can delete the image version build");
|
|
95
85
|
return true;
|
|
@@ -101,10 +91,10 @@ async function amisGone(amis) {
|
|
|
101
91
|
continue;
|
|
102
92
|
}
|
|
103
93
|
try {
|
|
104
|
-
const response = await ec2.
|
|
94
|
+
const response = await ec2.send(new import_client_ec2.DescribeImagesCommand({
|
|
105
95
|
ImageIds: [ami.image]
|
|
106
|
-
})
|
|
107
|
-
if (
|
|
96
|
+
}));
|
|
97
|
+
if (response.Images?.length ?? 0 > 0) {
|
|
108
98
|
console.log("AMI still available, so we can't delete it");
|
|
109
99
|
return false;
|
|
110
100
|
}
|
|
@@ -119,7 +109,6 @@ async function amisGone(amis) {
|
|
|
119
109
|
return true;
|
|
120
110
|
}
|
|
121
111
|
async function dockerImagesGone(dockerImages) {
|
|
122
|
-
var _a;
|
|
123
112
|
if (!dockerImages) {
|
|
124
113
|
console.log("No docker images, so we can delete the image version build");
|
|
125
114
|
return true;
|
|
@@ -133,12 +122,12 @@ async function dockerImagesGone(dockerImages) {
|
|
|
133
122
|
}
|
|
134
123
|
console.log(`Checking if ${repoName}:${version} exists`);
|
|
135
124
|
try {
|
|
136
|
-
const response = await ecr.
|
|
125
|
+
const response = await ecr.send(new import_client_ecr.DescribeImagesCommand({
|
|
137
126
|
repositoryName: repoName,
|
|
138
127
|
imageIds: [{ imageTag: version }]
|
|
139
|
-
})
|
|
128
|
+
}));
|
|
140
129
|
if (response.imageDetails && response.imageDetails.length > 0) {
|
|
141
|
-
if (
|
|
130
|
+
if (response.imageDetails[0].imageTags?.includes("latest")) {
|
|
142
131
|
console.log(`Docker image ${repoName}:${version} still available and tagged latest, so we can't delete it`);
|
|
143
132
|
return false;
|
|
144
133
|
}
|
|
@@ -155,18 +144,17 @@ async function dockerImagesGone(dockerImages) {
|
|
|
155
144
|
return true;
|
|
156
145
|
}
|
|
157
146
|
async function handler(event, _context) {
|
|
158
|
-
var _a, _b;
|
|
159
147
|
for (const imageVersion of await iterateImageVersions(event.RecipeName)) {
|
|
160
148
|
for (const imageBuildVersion of await iterateImageBuildVersions(imageVersion)) {
|
|
161
149
|
if (!imageBuildVersion.arn) {
|
|
162
150
|
continue;
|
|
163
151
|
}
|
|
164
152
|
console.log(`Checking ${imageBuildVersion.name}/${imageBuildVersion.version}`);
|
|
165
|
-
if (await amisGone(
|
|
153
|
+
if (await amisGone(imageBuildVersion.outputResources?.amis) && await dockerImagesGone(imageBuildVersion.outputResources?.containers)) {
|
|
166
154
|
console.log("Deleting image version build", imageBuildVersion.arn);
|
|
167
|
-
await ib.
|
|
155
|
+
await ib.send(new import_client_imagebuilder.DeleteImageCommand({
|
|
168
156
|
imageBuildVersionArn: imageBuildVersion.arn
|
|
169
|
-
})
|
|
157
|
+
}));
|
|
170
158
|
}
|
|
171
159
|
}
|
|
172
160
|
}
|