@cloudsnorkel/cdk-github-runners 0.11.3 → 0.11.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. package/.gitattributes +1 -1
  2. package/.jsii +127 -93
  3. package/API.md +29 -2
  4. package/SETUP_GITHUB.md +9 -5
  5. package/assets/delete-failed-runner.lambda/index.js +55 -45
  6. package/assets/docker-images/lambda/linux-arm64/runner.js +1 -0
  7. package/assets/docker-images/lambda/linux-arm64/runner.sh +1 -1
  8. package/assets/docker-images/lambda/linux-x64/runner.js +1 -0
  9. package/assets/docker-images/lambda/linux-x64/runner.sh +1 -1
  10. package/assets/idle-runner-repear.lambda/index.js +65 -55
  11. package/assets/image-builders/aws-image-builder/delete-ami.lambda/index.js +14 -28
  12. package/assets/image-builders/aws-image-builder/filter-failed-builds.lambda/index.js +4 -14
  13. package/assets/image-builders/aws-image-builder/reaper.lambda/index.js +18 -30
  14. package/assets/image-builders/aws-image-builder/versioner.lambda/index.js +10 -16
  15. package/assets/providers/ami-root-device.lambda/index.js +12 -23
  16. package/assets/providers/build-image.lambda/index.js +16 -24
  17. package/assets/providers/update-lambda.lambda/index.js +5 -15
  18. package/assets/setup.lambda/index.html +20 -12
  19. package/assets/setup.lambda/index.js +17 -12
  20. package/assets/status.lambda/index.js +50 -55
  21. package/assets/token-retriever.lambda/index.js +51 -39
  22. package/assets/webhook-handler.lambda/index.js +32 -42
  23. package/lib/access.js +1 -1
  24. package/lib/delete-failed-runner-function.js +2 -2
  25. package/lib/delete-failed-runner.lambda.js +4 -8
  26. package/lib/idle-runner-repear-function.js +2 -2
  27. package/lib/idle-runner-repear.lambda.js +16 -19
  28. package/lib/image-builders/api.js +1 -1
  29. package/lib/image-builders/aws-image-builder/builder.js +1 -1
  30. package/lib/image-builders/aws-image-builder/delete-ami-function.js +2 -2
  31. package/lib/image-builders/aws-image-builder/delete-ami.lambda.js +11 -11
  32. package/lib/image-builders/aws-image-builder/deprecated/ami.js +1 -1
  33. package/lib/image-builders/aws-image-builder/deprecated/container.js +1 -1
  34. package/lib/image-builders/aws-image-builder/deprecated/linux-components.js +1 -1
  35. package/lib/image-builders/aws-image-builder/deprecated/windows-components.js +1 -1
  36. package/lib/image-builders/aws-image-builder/filter-failed-builds-function.js +2 -2
  37. package/lib/image-builders/aws-image-builder/filter-failed-builds.lambda.js +5 -5
  38. package/lib/image-builders/aws-image-builder/reaper-function.js +2 -2
  39. package/lib/image-builders/aws-image-builder/reaper.lambda.js +15 -13
  40. package/lib/image-builders/aws-image-builder/versioner-function.js +2 -2
  41. package/lib/image-builders/aws-image-builder/versioner.lambda.js +9 -9
  42. package/lib/image-builders/codebuild-deprecated.js +1 -1
  43. package/lib/image-builders/components.js +1 -1
  44. package/lib/image-builders/static.js +1 -1
  45. package/lib/lambda-github.d.ts +16 -13
  46. package/lib/lambda-github.js +33 -8
  47. package/lib/lambda-helpers.js +5 -5
  48. package/lib/providers/ami-root-device-function.js +2 -2
  49. package/lib/providers/ami-root-device.lambda.js +8 -7
  50. package/lib/providers/build-image-function.js +2 -2
  51. package/lib/providers/build-image.lambda.js +15 -13
  52. package/lib/providers/codebuild.js +10 -5
  53. package/lib/providers/common.d.ts +5 -1
  54. package/lib/providers/common.js +4 -4
  55. package/lib/providers/ec2.js +56 -17
  56. package/lib/providers/ecs.d.ts +7 -1
  57. package/lib/providers/ecs.js +8 -3
  58. package/lib/providers/fargate.js +12 -8
  59. package/lib/providers/lambda.js +4 -3
  60. package/lib/providers/update-lambda-function.js +2 -2
  61. package/lib/providers/update-lambda.lambda.js +6 -6
  62. package/lib/runner.js +6 -2
  63. package/lib/secrets.js +4 -2
  64. package/lib/setup-function.js +2 -2
  65. package/lib/setup.lambda.js +13 -7
  66. package/lib/status-function.js +2 -2
  67. package/lib/status.lambda.js +23 -17
  68. package/lib/token-retriever-function.js +2 -2
  69. package/lib/token-retriever.lambda.d.ts +2 -1
  70. package/lib/token-retriever.lambda.js +30 -8
  71. package/lib/webhook-handler-function.js +2 -2
  72. package/lib/webhook-handler.lambda.js +5 -5
  73. package/package.json +21 -10
package/assets/setup.lambda/index.js CHANGED
@@ -10429,13 +10429,13 @@ var fs = __toESM(require("fs"));
10429
10429
  var import_rest = __toESM(require_dist_node12());
10430
10430
 
10431
10431
  // src/lambda-helpers.ts
10432
- var AWS = __toESM(require("aws-sdk"));
10433
- var sm = new AWS.SecretsManager();
10432
+ var import_client_secrets_manager = require("@aws-sdk/client-secrets-manager");
10433
+ var sm = new import_client_secrets_manager.SecretsManagerClient();
10434
10434
  async function getSecretValue(arn) {
10435
10435
  if (!arn) {
10436
10436
  throw new Error("Missing secret ARN");
10437
10437
  }
10438
- const secret = await sm.getSecretValue({ SecretId: arn }).promise();
10438
+ const secret = await sm.send(new import_client_secrets_manager.GetSecretValueCommand({ SecretId: arn }));
10439
10439
  if (!secret.SecretString) {
10440
10440
  throw new Error(`No SecretString in ${arn}`);
10441
10441
  }
@@ -10448,7 +10448,7 @@ async function updateSecretValue(arn, value) {
10448
10448
  if (!arn) {
10449
10449
  throw new Error("Missing secret ARN");
10450
10450
  }
10451
- await sm.updateSecret({ SecretId: arn, SecretString: value }).promise();
10451
+ await sm.send(new import_client_secrets_manager.UpdateSecretCommand({ SecretId: arn, SecretString: value }));
10452
10452
  }
10453
10453
 
10454
10454
  // src/lambda-github.ts
@@ -10495,8 +10495,12 @@ async function handleDomain(event) {
10495
10495
  if (!body.domain) {
10496
10496
  return response(400, "Invalid domain");
10497
10497
  }
10498
+ if (body.runnerLevel !== "repo" && body.runnerLevel !== "org") {
10499
+ return response(400, "Invalid runner registration level");
10500
+ }
10498
10501
  const githubSecrets = await getSecretJsonValue(process.env.GITHUB_SECRET_ARN);
10499
10502
  githubSecrets.domain = body.domain;
10503
+ githubSecrets.runnerLevel = body.runnerLevel;
10500
10504
  await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify(githubSecrets));
10501
10505
  return response(200, "Domain set");
10502
10506
  }
@@ -10508,7 +10512,8 @@ async function handlePat(event) {
10508
10512
  await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify({
10509
10513
  domain: body.domain,
10510
10514
  appId: -1,
10511
- personalAuthToken: body.pat
10515
+ personalAuthToken: body.pat,
10516
+ runnerLevel: "repo"
10512
10517
  }));
10513
10518
  await updateSecretValue(process.env.SETUP_SECRET_ARN, JSON.stringify({ token: "" }));
10514
10519
  return response(200, "Personal access token set");
@@ -10524,11 +10529,10 @@ async function handleNewApp(event) {
10524
10529
  const githubSecrets = await getSecretJsonValue(process.env.GITHUB_SECRET_ARN);
10525
10530
  const baseUrl = baseUrlFromDomain(githubSecrets.domain);
10526
10531
  const newApp = await new import_rest.Octokit({ baseUrl }).rest.apps.createFromManifest({ code });
10527
- await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify({
10528
- domain: new URL(newApp.data.html_url).host,
10529
- appId: newApp.data.id,
10530
- personalAuthToken: ""
10531
- }));
10532
+ githubSecrets.appId = newApp.data.id;
10533
+ githubSecrets.domain = new URL(newApp.data.html_url).host;
10534
+ githubSecrets.personalAuthToken = "";
10535
+ await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify(githubSecrets));
10532
10536
  await updateSecretValue(process.env.GITHUB_PRIVATE_KEY_SECRET_ARN, newApp.data.pem);
10533
10537
  await updateSecretValue(process.env.WEBHOOK_SECRET_ARN, JSON.stringify({
10534
10538
  webhookSecret: newApp.data.webhook_secret
@@ -10538,13 +10542,14 @@ async function handleNewApp(event) {
10538
10542
  }
10539
10543
  async function handleExistingApp(event) {
10540
10544
  const body = decodeBody(event);
10541
- if (!body.appid || !body.pk || !body.domain) {
10545
+ if (!body.appid || !body.pk || !body.domain || body.runnerLevel !== "repo" && body.runnerLevel !== "org") {
10542
10546
  return response(400, "Missing fields");
10543
10547
  }
10544
10548
  await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify({
10545
10549
  domain: body.domain,
10546
10550
  appId: body.appid,
10547
- personalAuthToken: ""
10551
+ personalAuthToken: "",
10552
+ runnerLevel: body.runnerLevel
10548
10553
  }));
10549
10554
  await updateSecretValue(process.env.GITHUB_PRIVATE_KEY_SECRET_ARN, body.pk);
10550
10555
  await updateSecretValue(process.env.SETUP_SECRET_ARN, JSON.stringify({ token: "" }));
package/assets/status.lambda/index.js CHANGED
@@ -12865,7 +12865,6 @@ var require_cjs = __commonJS({
12865
12865
  };
12866
12866
  var AC = globalThis.AbortController;
12867
12867
  var AS = globalThis.AbortSignal;
12868
- var _a;
12869
12868
  if (typeof AC === "undefined") {
12870
12869
  AS = class AbortSignal {
12871
12870
  onabort;
@@ -12882,7 +12881,6 @@ var require_cjs = __commonJS({
12882
12881
  }
12883
12882
  signal = new AS();
12884
12883
  abort(reason) {
12885
- var _a2, _b;
12886
12884
  if (this.signal.aborted)
12887
12885
  return;
12888
12886
  this.signal.reason = reason;
@@ -12890,10 +12888,10 @@ var require_cjs = __commonJS({
12890
12888
  for (const fn of this.signal._onabort) {
12891
12889
  fn(reason);
12892
12890
  }
12893
- (_b = (_a2 = this.signal).onabort) == null ? void 0 : _b.call(_a2, reason);
12891
+ this.signal.onabort?.(reason);
12894
12892
  }
12895
12893
  };
12896
- let printACPolyfillWarning = ((_a = PROCESS.env) == null ? void 0 : _a.LRU_CACHE_IGNORE_AC_WARNING) !== "1";
12894
+ let printACPolyfillWarning = PROCESS.env?.LRU_CACHE_IGNORE_AC_WARNING !== "1";
12897
12895
  const warnACPolyfill = () => {
12898
12896
  if (!printACPolyfillWarning)
12899
12897
  return;
@@ -13548,7 +13546,6 @@ var require_cjs = __commonJS({
13548
13546
  * {@link LRUCache#delete}
13549
13547
  */
13550
13548
  set(k, v, setOptions = {}) {
13551
- var _a2, _b, _c;
13552
13549
  if (v === void 0) {
13553
13550
  this.delete(k);
13554
13551
  return this;
@@ -13586,10 +13583,10 @@ var require_cjs = __commonJS({
13586
13583
  oldVal.__abortController.abort(new Error("replaced"));
13587
13584
  } else if (!noDisposeOnSet) {
13588
13585
  if (this.#hasDispose) {
13589
- (_a2 = this.#dispose) == null ? void 0 : _a2.call(this, oldVal, k, "set");
13586
+ this.#dispose?.(oldVal, k, "set");
13590
13587
  }
13591
13588
  if (this.#hasDisposeAfter) {
13592
- (_b = this.#disposed) == null ? void 0 : _b.push([oldVal, k, "set"]);
13589
+ this.#disposed?.push([oldVal, k, "set"]);
13593
13590
  }
13594
13591
  }
13595
13592
  this.#removeItemSize(index);
@@ -13618,8 +13615,8 @@ var require_cjs = __commonJS({
13618
13615
  if (!noDisposeOnSet && this.#hasDisposeAfter && this.#disposed) {
13619
13616
  const dt = this.#disposed;
13620
13617
  let task;
13621
- while (task = dt == null ? void 0 : dt.shift()) {
13622
- (_c = this.#disposeAfter) == null ? void 0 : _c.call(this, ...task);
13618
+ while (task = dt?.shift()) {
13619
+ this.#disposeAfter?.(...task);
13623
13620
  }
13624
13621
  }
13625
13622
  return this;
@@ -13629,7 +13626,6 @@ var require_cjs = __commonJS({
13629
13626
  * `undefined` if cache is empty.
13630
13627
  */
13631
13628
  pop() {
13632
- var _a2;
13633
13629
  try {
13634
13630
  while (this.#size) {
13635
13631
  const val = this.#valList[this.#head];
@@ -13646,14 +13642,13 @@ var require_cjs = __commonJS({
13646
13642
  if (this.#hasDisposeAfter && this.#disposed) {
13647
13643
  const dt = this.#disposed;
13648
13644
  let task;
13649
- while (task = dt == null ? void 0 : dt.shift()) {
13650
- (_a2 = this.#disposeAfter) == null ? void 0 : _a2.call(this, ...task);
13645
+ while (task = dt?.shift()) {
13646
+ this.#disposeAfter?.(...task);
13651
13647
  }
13652
13648
  }
13653
13649
  }
13654
13650
  }
13655
13651
  #evict(free) {
13656
- var _a2, _b;
13657
13652
  const head = this.#head;
13658
13653
  const k = this.#keyList[head];
13659
13654
  const v = this.#valList[head];
@@ -13661,10 +13656,10 @@ var require_cjs = __commonJS({
13661
13656
  v.__abortController.abort(new Error("evicted"));
13662
13657
  } else if (this.#hasDispose || this.#hasDisposeAfter) {
13663
13658
  if (this.#hasDispose) {
13664
- (_a2 = this.#dispose) == null ? void 0 : _a2.call(this, v, k, "evict");
13659
+ this.#dispose?.(v, k, "evict");
13665
13660
  }
13666
13661
  if (this.#hasDisposeAfter) {
13667
- (_b = this.#disposed) == null ? void 0 : _b.push([v, k, "evict"]);
13662
+ this.#disposed?.push([v, k, "evict"]);
13668
13663
  }
13669
13664
  }
13670
13665
  this.#removeItemSize(head);
@@ -13739,7 +13734,7 @@ var require_cjs = __commonJS({
13739
13734
  }
13740
13735
  const ac = new AC();
13741
13736
  const { signal } = options;
13742
- signal == null ? void 0 : signal.addEventListener("abort", () => ac.abort(signal.reason), {
13737
+ signal?.addEventListener("abort", () => ac.abort(signal.reason), {
13743
13738
  signal: ac.signal
13744
13739
  });
13745
13740
  const fetchOpts = {
@@ -13810,8 +13805,7 @@ var require_cjs = __commonJS({
13810
13805
  }
13811
13806
  };
13812
13807
  const pcall = (res, rej) => {
13813
- var _a2;
13814
- const fmp = (_a2 = this.#fetchMethod) == null ? void 0 : _a2.call(this, k, v, fetchOpts);
13808
+ const fmp = this.#fetchMethod?.(k, v, fetchOpts);
13815
13809
  if (fmp && fmp instanceof Promise) {
13816
13810
  fmp.then((v2) => res(v2), rej);
13817
13811
  }
@@ -14000,7 +13994,6 @@ var require_cjs = __commonJS({
14000
13994
  * Returns true if the key was deleted, false otherwise.
14001
13995
  */
14002
13996
  delete(k) {
14003
- var _a2, _b, _c, _d;
14004
13997
  let deleted = false;
14005
13998
  if (this.#size !== 0) {
14006
13999
  const index = this.#keyMap.get(k);
@@ -14015,10 +14008,10 @@ var require_cjs = __commonJS({
14015
14008
  v.__abortController.abort(new Error("deleted"));
14016
14009
  } else if (this.#hasDispose || this.#hasDisposeAfter) {
14017
14010
  if (this.#hasDispose) {
14018
- (_a2 = this.#dispose) == null ? void 0 : _a2.call(this, v, k, "delete");
14011
+ this.#dispose?.(v, k, "delete");
14019
14012
  }
14020
14013
  if (this.#hasDisposeAfter) {
14021
- (_b = this.#disposed) == null ? void 0 : _b.push([v, k, "delete"]);
14014
+ this.#disposed?.push([v, k, "delete"]);
14022
14015
  }
14023
14016
  }
14024
14017
  this.#keyMap.delete(k);
@@ -14037,11 +14030,11 @@ var require_cjs = __commonJS({
14037
14030
  }
14038
14031
  }
14039
14032
  }
14040
- if (this.#hasDisposeAfter && ((_c = this.#disposed) == null ? void 0 : _c.length)) {
14033
+ if (this.#hasDisposeAfter && this.#disposed?.length) {
14041
14034
  const dt = this.#disposed;
14042
14035
  let task;
14043
- while (task = dt == null ? void 0 : dt.shift()) {
14044
- (_d = this.#disposeAfter) == null ? void 0 : _d.call(this, ...task);
14036
+ while (task = dt?.shift()) {
14037
+ this.#disposeAfter?.(...task);
14045
14038
  }
14046
14039
  }
14047
14040
  return deleted;
@@ -14050,7 +14043,6 @@ var require_cjs = __commonJS({
14050
14043
  * Clear the cache entirely, throwing away all values.
14051
14044
  */
14052
14045
  clear() {
14053
- var _a2, _b, _c;
14054
14046
  for (const index of this.#rindexes({ allowStale: true })) {
14055
14047
  const v = this.#valList[index];
14056
14048
  if (this.#isBackgroundFetch(v)) {
@@ -14058,10 +14050,10 @@ var require_cjs = __commonJS({
14058
14050
  } else {
14059
14051
  const k = this.#keyList[index];
14060
14052
  if (this.#hasDispose) {
14061
- (_a2 = this.#dispose) == null ? void 0 : _a2.call(this, v, k, "delete");
14053
+ this.#dispose?.(v, k, "delete");
14062
14054
  }
14063
14055
  if (this.#hasDisposeAfter) {
14064
- (_b = this.#disposed) == null ? void 0 : _b.push([v, k, "delete"]);
14056
+ this.#disposed?.push([v, k, "delete"]);
14065
14057
  }
14066
14058
  }
14067
14059
  }
@@ -14083,8 +14075,8 @@ var require_cjs = __commonJS({
14083
14075
  if (this.#hasDisposeAfter && this.#disposed) {
14084
14076
  const dt = this.#disposed;
14085
14077
  let task;
14086
- while (task = dt == null ? void 0 : dt.shift()) {
14087
- (_c = this.#disposeAfter) == null ? void 0 : _c.call(this, ...task);
14078
+ while (task = dt?.shift()) {
14079
+ this.#disposeAfter?.(...task);
14088
14080
  }
14089
14081
  }
14090
14082
  }
@@ -15058,18 +15050,21 @@ __export(status_lambda_exports, {
15058
15050
  handler: () => handler
15059
15051
  });
15060
15052
  module.exports = __toCommonJS(status_lambda_exports);
15053
+ var import_client_cloudformation = require("@aws-sdk/client-cloudformation");
15054
+ var import_client_ec2 = require("@aws-sdk/client-ec2");
15055
+ var import_client_ecr = require("@aws-sdk/client-ecr");
15056
+ var import_client_sfn = require("@aws-sdk/client-sfn");
15061
15057
  var import_auth_app = __toESM(require_dist_node12());
15062
15058
  var import_core = __toESM(require_dist_node15());
15063
- var AWS2 = __toESM(require("aws-sdk"));
15064
15059
 
15065
15060
  // src/lambda-helpers.ts
15066
- var AWS = __toESM(require("aws-sdk"));
15067
- var sm = new AWS.SecretsManager();
15061
+ var import_client_secrets_manager = require("@aws-sdk/client-secrets-manager");
15062
+ var sm = new import_client_secrets_manager.SecretsManagerClient();
15068
15063
  async function getSecretValue(arn) {
15069
15064
  if (!arn) {
15070
15065
  throw new Error("Missing secret ARN");
15071
15066
  }
15072
- const secret = await sm.getSecretValue({ SecretId: arn }).promise();
15067
+ const secret = await sm.send(new import_client_secrets_manager.GetSecretValueCommand({ SecretId: arn }));
15073
15068
  if (!secret.SecretString) {
15074
15069
  throw new Error(`No SecretString in ${arn}`);
15075
15070
  }
@@ -15088,10 +15083,10 @@ function baseUrlFromDomain(domain) {
15088
15083
  }
15089
15084
 
15090
15085
  // src/status.lambda.ts
15091
- var cfn = new AWS2.CloudFormation();
15092
- var ec2 = new AWS2.EC2();
15093
- var ecr = new AWS2.ECR();
15094
- var sf = new AWS2.StepFunctions();
15086
+ var cfn = new import_client_cloudformation.CloudFormationClient();
15087
+ var ec2 = new import_client_ec2.EC2Client();
15088
+ var ecr = new import_client_ecr.ECRClient();
15089
+ var sf = new import_client_sfn.SFNClient();
15095
15090
  function secretArnToUrl(arn) {
15096
15091
  const parts = arn.split(":");
15097
15092
  const region = parts[3];
@@ -15116,23 +15111,21 @@ function stepFunctionArnToUrl(arn) {
15116
15111
  return `https://${region}.console.aws.amazon.com/states/home?region=${region}#/statemachines/view/${arn}`;
15117
15112
  }
15118
15113
  async function generateProvidersStatus(stack, logicalId) {
15119
- var _a;
15120
- const resource = await cfn.describeStackResource({ StackName: stack, LogicalResourceId: logicalId }).promise();
15121
- const providers = JSON.parse(((_a = resource.StackResourceDetail) == null ? void 0 : _a.Metadata) ?? "{}").providers;
15114
+ const resource = await cfn.send(new import_client_cloudformation.DescribeStackResourceCommand({ StackName: stack, LogicalResourceId: logicalId }));
15115
+ const providers = JSON.parse(resource.StackResourceDetail?.Metadata ?? "{}").providers;
15122
15116
  if (!providers) {
15123
15117
  return {};
15124
15118
  }
15125
15119
  return Promise.all(providers.map(async (p) => {
15126
- var _a2, _b, _c, _d, _e;
15127
- if ((_b = (_a2 = p.image) == null ? void 0 : _a2.imageRepository) == null ? void 0 : _b.match(/[0-9]+\.dkr\.ecr\.[a-z0-9\-]+\.amazonaws\.com\/.+/)) {
15128
- const tags = await ecr.describeImages({
15120
+ if (p.image?.imageRepository?.match(/[0-9]+\.dkr\.ecr\.[a-z0-9\-]+\.amazonaws\.com\/.+/)) {
15121
+ const tags = await ecr.send(new import_client_ecr.DescribeImagesCommand({
15129
15122
  repositoryName: p.image.imageRepository.split("/")[1],
15130
15123
  filter: {
15131
15124
  tagStatus: "TAGGED"
15132
15125
  },
15133
15126
  maxResults: 1
15134
- }).promise();
15135
- if (tags.imageDetails && ((_c = tags.imageDetails) == null ? void 0 : _c.length) >= 1) {
15127
+ }));
15128
+ if (tags.imageDetails && tags.imageDetails?.length >= 1) {
15136
15129
  p.image.latestImage = {
15137
15130
  tags: tags.imageDetails[0].imageTags,
15138
15131
  digest: tags.imageDetails[0].imageDigest,
@@ -15140,13 +15133,13 @@ async function generateProvidersStatus(stack, logicalId) {
15140
15133
  };
15141
15134
  }
15142
15135
  }
15143
- if ((_d = p.ami) == null ? void 0 : _d.launchTemplate) {
15144
- const versions = await ec2.describeLaunchTemplateVersions({
15136
+ if (p.ami?.launchTemplate) {
15137
+ const versions = await ec2.send(new import_client_ec2.DescribeLaunchTemplateVersionsCommand({
15145
15138
  LaunchTemplateId: p.ami.launchTemplate,
15146
15139
  Versions: ["$Default"]
15147
- }).promise();
15140
+ }));
15148
15141
  if (versions.LaunchTemplateVersions && versions.LaunchTemplateVersions.length >= 1) {
15149
- p.ami.latestAmi = (_e = versions.LaunchTemplateVersions[0].LaunchTemplateData) == null ? void 0 : _e.ImageId;
15142
+ p.ami.latestAmi = versions.LaunchTemplateVersions[0].LaunchTemplateData?.ImageId;
15150
15143
  }
15151
15144
  }
15152
15145
  return p;
@@ -15177,6 +15170,7 @@ async function handler(event) {
15177
15170
  secretUrl: secretArnToUrl(process.env.SETUP_SECRET_ARN)
15178
15171
  },
15179
15172
  domain: "Unknown",
15173
+ runnerLevel: "Unknown",
15180
15174
  webhook: {
15181
15175
  url: process.env.WEBHOOK_URL,
15182
15176
  status: "Unable to check",
@@ -15221,18 +15215,18 @@ async function handler(event) {
15221
15215
  status.github.setup.status = "Disabled";
15222
15216
  }
15223
15217
  try {
15224
- const executions = await sf.listExecutions({
15218
+ const executions = await sf.send(new import_client_sfn.ListExecutionsCommand({
15225
15219
  stateMachineArn: process.env.STEP_FUNCTION_ARN,
15226
15220
  maxResults: 10
15227
- }).promise();
15228
- for (const execution of executions.executions) {
15229
- const executionDetails = await sf.describeExecution({
15221
+ }));
15222
+ for (const execution of executions.executions ?? []) {
15223
+ const executionDetails = await sf.send(new import_client_sfn.DescribeExecutionCommand({
15230
15224
  executionArn: execution.executionArn
15231
- }).promise();
15225
+ }));
15232
15226
  const input = JSON.parse(executionDetails.input || "{}");
15233
15227
  status.troubleshooting.recentRuns.push({
15234
15228
  executionArn: execution.executionArn,
15235
- status: execution.status,
15229
+ status: execution.status ?? "<unknown>",
15236
15230
  owner: input.owner,
15237
15231
  repo: input.repo,
15238
15232
  jobId: input.jobId
@@ -15257,6 +15251,7 @@ async function handler(event) {
15257
15251
  }
15258
15252
  let baseUrl = baseUrlFromDomain(githubSecrets.domain);
15259
15253
  status.github.domain = githubSecrets.domain;
15254
+ status.github.runnerLevel = githubSecrets.runnerLevel ?? "repo";
15260
15255
  if (githubSecrets.personalAuthToken) {
15261
15256
  status.github.auth.type = "Personal Access Token";
15262
15257
  status.github.auth.personalAuthToken = "*redacted*";
package/assets/token-retriever.lambda/index.js CHANGED
@@ -12865,7 +12865,6 @@ var require_cjs = __commonJS({
12865
12865
  };
12866
12866
  var AC = globalThis.AbortController;
12867
12867
  var AS = globalThis.AbortSignal;
12868
- var _a;
12869
12868
  if (typeof AC === "undefined") {
12870
12869
  AS = class AbortSignal {
12871
12870
  onabort;
@@ -12882,7 +12881,6 @@ var require_cjs = __commonJS({
12882
12881
  }
12883
12882
  signal = new AS();
12884
12883
  abort(reason) {
12885
- var _a2, _b;
12886
12884
  if (this.signal.aborted)
12887
12885
  return;
12888
12886
  this.signal.reason = reason;
@@ -12890,10 +12888,10 @@ var require_cjs = __commonJS({
12890
12888
  for (const fn of this.signal._onabort) {
12891
12889
  fn(reason);
12892
12890
  }
12893
- (_b = (_a2 = this.signal).onabort) == null ? void 0 : _b.call(_a2, reason);
12891
+ this.signal.onabort?.(reason);
12894
12892
  }
12895
12893
  };
12896
- let printACPolyfillWarning = ((_a = PROCESS.env) == null ? void 0 : _a.LRU_CACHE_IGNORE_AC_WARNING) !== "1";
12894
+ let printACPolyfillWarning = PROCESS.env?.LRU_CACHE_IGNORE_AC_WARNING !== "1";
12897
12895
  const warnACPolyfill = () => {
12898
12896
  if (!printACPolyfillWarning)
12899
12897
  return;
@@ -13548,7 +13546,6 @@ var require_cjs = __commonJS({
13548
13546
  * {@link LRUCache#delete}
13549
13547
  */
13550
13548
  set(k, v, setOptions = {}) {
13551
- var _a2, _b, _c;
13552
13549
  if (v === void 0) {
13553
13550
  this.delete(k);
13554
13551
  return this;
@@ -13586,10 +13583,10 @@ var require_cjs = __commonJS({
13586
13583
  oldVal.__abortController.abort(new Error("replaced"));
13587
13584
  } else if (!noDisposeOnSet) {
13588
13585
  if (this.#hasDispose) {
13589
- (_a2 = this.#dispose) == null ? void 0 : _a2.call(this, oldVal, k, "set");
13586
+ this.#dispose?.(oldVal, k, "set");
13590
13587
  }
13591
13588
  if (this.#hasDisposeAfter) {
13592
- (_b = this.#disposed) == null ? void 0 : _b.push([oldVal, k, "set"]);
13589
+ this.#disposed?.push([oldVal, k, "set"]);
13593
13590
  }
13594
13591
  }
13595
13592
  this.#removeItemSize(index);
@@ -13618,8 +13615,8 @@ var require_cjs = __commonJS({
13618
13615
  if (!noDisposeOnSet && this.#hasDisposeAfter && this.#disposed) {
13619
13616
  const dt = this.#disposed;
13620
13617
  let task;
13621
- while (task = dt == null ? void 0 : dt.shift()) {
13622
- (_c = this.#disposeAfter) == null ? void 0 : _c.call(this, ...task);
13618
+ while (task = dt?.shift()) {
13619
+ this.#disposeAfter?.(...task);
13623
13620
  }
13624
13621
  }
13625
13622
  return this;
@@ -13629,7 +13626,6 @@ var require_cjs = __commonJS({
13629
13626
  * `undefined` if cache is empty.
13630
13627
  */
13631
13628
  pop() {
13632
- var _a2;
13633
13629
  try {
13634
13630
  while (this.#size) {
13635
13631
  const val = this.#valList[this.#head];
@@ -13646,14 +13642,13 @@ var require_cjs = __commonJS({
13646
13642
  if (this.#hasDisposeAfter && this.#disposed) {
13647
13643
  const dt = this.#disposed;
13648
13644
  let task;
13649
- while (task = dt == null ? void 0 : dt.shift()) {
13650
- (_a2 = this.#disposeAfter) == null ? void 0 : _a2.call(this, ...task);
13645
+ while (task = dt?.shift()) {
13646
+ this.#disposeAfter?.(...task);
13651
13647
  }
13652
13648
  }
13653
13649
  }
13654
13650
  }
13655
13651
  #evict(free) {
13656
- var _a2, _b;
13657
13652
  const head = this.#head;
13658
13653
  const k = this.#keyList[head];
13659
13654
  const v = this.#valList[head];
@@ -13661,10 +13656,10 @@ var require_cjs = __commonJS({
13661
13656
  v.__abortController.abort(new Error("evicted"));
13662
13657
  } else if (this.#hasDispose || this.#hasDisposeAfter) {
13663
13658
  if (this.#hasDispose) {
13664
- (_a2 = this.#dispose) == null ? void 0 : _a2.call(this, v, k, "evict");
13659
+ this.#dispose?.(v, k, "evict");
13665
13660
  }
13666
13661
  if (this.#hasDisposeAfter) {
13667
- (_b = this.#disposed) == null ? void 0 : _b.push([v, k, "evict"]);
13662
+ this.#disposed?.push([v, k, "evict"]);
13668
13663
  }
13669
13664
  }
13670
13665
  this.#removeItemSize(head);
@@ -13739,7 +13734,7 @@ var require_cjs = __commonJS({
13739
13734
  }
13740
13735
  const ac = new AC();
13741
13736
  const { signal } = options;
13742
- signal == null ? void 0 : signal.addEventListener("abort", () => ac.abort(signal.reason), {
13737
+ signal?.addEventListener("abort", () => ac.abort(signal.reason), {
13743
13738
  signal: ac.signal
13744
13739
  });
13745
13740
  const fetchOpts = {
@@ -13810,8 +13805,7 @@ var require_cjs = __commonJS({
13810
13805
  }
13811
13806
  };
13812
13807
  const pcall = (res, rej) => {
13813
- var _a2;
13814
- const fmp = (_a2 = this.#fetchMethod) == null ? void 0 : _a2.call(this, k, v, fetchOpts);
13808
+ const fmp = this.#fetchMethod?.(k, v, fetchOpts);
13815
13809
  if (fmp && fmp instanceof Promise) {
13816
13810
  fmp.then((v2) => res(v2), rej);
13817
13811
  }
@@ -14000,7 +13994,6 @@ var require_cjs = __commonJS({
14000
13994
  * Returns true if the key was deleted, false otherwise.
14001
13995
  */
14002
13996
  delete(k) {
14003
- var _a2, _b, _c, _d;
14004
13997
  let deleted = false;
14005
13998
  if (this.#size !== 0) {
14006
13999
  const index = this.#keyMap.get(k);
@@ -14015,10 +14008,10 @@ var require_cjs = __commonJS({
14015
14008
  v.__abortController.abort(new Error("deleted"));
14016
14009
  } else if (this.#hasDispose || this.#hasDisposeAfter) {
14017
14010
  if (this.#hasDispose) {
14018
- (_a2 = this.#dispose) == null ? void 0 : _a2.call(this, v, k, "delete");
14011
+ this.#dispose?.(v, k, "delete");
14019
14012
  }
14020
14013
  if (this.#hasDisposeAfter) {
14021
- (_b = this.#disposed) == null ? void 0 : _b.push([v, k, "delete"]);
14014
+ this.#disposed?.push([v, k, "delete"]);
14022
14015
  }
14023
14016
  }
14024
14017
  this.#keyMap.delete(k);
@@ -14037,11 +14030,11 @@ var require_cjs = __commonJS({
14037
14030
  }
14038
14031
  }
14039
14032
  }
14040
- if (this.#hasDisposeAfter && ((_c = this.#disposed) == null ? void 0 : _c.length)) {
14033
+ if (this.#hasDisposeAfter && this.#disposed?.length) {
14041
14034
  const dt = this.#disposed;
14042
14035
  let task;
14043
- while (task = dt == null ? void 0 : dt.shift()) {
14044
- (_d = this.#disposeAfter) == null ? void 0 : _d.call(this, ...task);
14036
+ while (task = dt?.shift()) {
14037
+ this.#disposeAfter?.(...task);
14045
14038
  }
14046
14039
  }
14047
14040
  return deleted;
@@ -14050,7 +14043,6 @@ var require_cjs = __commonJS({
14050
14043
  * Clear the cache entirely, throwing away all values.
14051
14044
  */
14052
14045
  clear() {
14053
- var _a2, _b, _c;
14054
14046
  for (const index of this.#rindexes({ allowStale: true })) {
14055
14047
  const v = this.#valList[index];
14056
14048
  if (this.#isBackgroundFetch(v)) {
@@ -14058,10 +14050,10 @@ var require_cjs = __commonJS({
14058
14050
  } else {
14059
14051
  const k = this.#keyList[index];
14060
14052
  if (this.#hasDispose) {
14061
- (_a2 = this.#dispose) == null ? void 0 : _a2.call(this, v, k, "delete");
14053
+ this.#dispose?.(v, k, "delete");
14062
14054
  }
14063
14055
  if (this.#hasDisposeAfter) {
14064
- (_b = this.#disposed) == null ? void 0 : _b.push([v, k, "delete"]);
14056
+ this.#disposed?.push([v, k, "delete"]);
14065
14057
  }
14066
14058
  }
14067
14059
  }
@@ -14083,8 +14075,8 @@ var require_cjs = __commonJS({
14083
14075
  if (this.#hasDisposeAfter && this.#disposed) {
14084
14076
  const dt = this.#disposed;
14085
14077
  let task;
14086
- while (task = dt == null ? void 0 : dt.shift()) {
14087
- (_c = this.#disposeAfter) == null ? void 0 : _c.call(this, ...task);
14078
+ while (task = dt?.shift()) {
14079
+ this.#disposeAfter?.(...task);
14088
14080
  }
14089
14081
  }
14090
14082
  }
@@ -17502,13 +17494,13 @@ var import_auth_app = __toESM(require_dist_node12());
17502
17494
  var import_rest = __toESM(require_dist_node19());
17503
17495
 
17504
17496
  // src/lambda-helpers.ts
17505
- var AWS = __toESM(require("aws-sdk"));
17506
- var sm = new AWS.SecretsManager();
17497
+ var import_client_secrets_manager = require("@aws-sdk/client-secrets-manager");
17498
+ var sm = new import_client_secrets_manager.SecretsManagerClient();
17507
17499
  async function getSecretValue(arn) {
17508
17500
  if (!arn) {
17509
17501
  throw new Error("Missing secret ARN");
17510
17502
  }
17511
- const secret = await sm.getSecretValue({ SecretId: arn }).promise();
17503
+ const secret = await sm.send(new import_client_secrets_manager.GetSecretValueCommand({ SecretId: arn }));
17512
17504
  if (!secret.SecretString) {
17513
17505
  throw new Error(`No SecretString in ${arn}`);
17514
17506
  }
@@ -17590,20 +17582,40 @@ async function handler(event) {
17590
17582
  githubSecrets,
17591
17583
  octokit
17592
17584
  } = await getOctokit(event.installationId);
17593
- const response = await octokit.rest.actions.createRegistrationTokenForRepo({
17594
- owner: event.owner,
17595
- repo: event.repo
17596
- });
17585
+ let token;
17586
+ let registrationUrl;
17587
+ if (githubSecrets.runnerLevel === "repo" || githubSecrets.runnerLevel === void 0) {
17588
+ token = await getRegistrationTokenForRepo(octokit, event.owner, event.repo);
17589
+ registrationUrl = `https://${githubSecrets.domain}/${event.owner}/${event.repo}`;
17590
+ } else if (githubSecrets.runnerLevel === "org") {
17591
+ token = await getRegistrationTokenForOrg(octokit, event.owner);
17592
+ registrationUrl = `https://${githubSecrets.domain}/${event.owner}`;
17593
+ } else {
17594
+ throw new RunnerTokenError("Invalid runner level");
17595
+ }
17597
17596
  return {
17598
17597
  domain: githubSecrets.domain,
17599
- token: response.data.token
17598
+ token,
17599
+ registrationUrl
17600
17600
  };
17601
17601
  } catch (error) {
17602
17602
  console.error(error);
17603
- const reqError = error;
17604
- throw new RunnerTokenError(reqError.message);
17603
+ throw new RunnerTokenError(error.message);
17605
17604
  }
17606
17605
  }
17606
+ async function getRegistrationTokenForOrg(octokit, owner) {
17607
+ const response = await octokit.rest.actions.createRegistrationTokenForOrg({
17608
+ org: owner
17609
+ });
17610
+ return response.data.token;
17611
+ }
17612
+ async function getRegistrationTokenForRepo(octokit, owner, repo) {
17613
+ const response = await octokit.rest.actions.createRegistrationTokenForRepo({
17614
+ owner,
17615
+ repo
17616
+ });
17617
+ return response.data.token;
17618
+ }
17607
17619
  // Annotate the CommonJS export names for ESM import in node:
17608
17620
  0 && (module.exports = {
17609
17621
  handler