npm - @cloudsnorkel/cdk-github-runners - Versions diffs - 0.11.4 → 0.11.5 - Mend

@cloudsnorkel/cdk-github-runners 0.11.4 → 0.11.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/.gitattributes +0 -1
package/.jsii +127 -93
package/API.md +29 -2
package/SETUP_GITHUB.md +9 -5
package/assets/delete-failed-runner.lambda/index.js +31 -13
package/assets/docker-images/lambda/linux-arm64/runner.js +1 -0
package/assets/docker-images/lambda/linux-arm64/runner.sh +1 -1
package/assets/docker-images/lambda/linux-x64/runner.js +1 -0
package/assets/docker-images/lambda/linux-x64/runner.sh +1 -1
package/assets/idle-runner-repear.lambda/index.js +36 -18
package/assets/setup.lambda/index.html +20 -12
package/assets/setup.lambda/index.js +13 -8
package/assets/status.lambda/index.js +2 -0
package/assets/token-retriever.lambda/index.js +27 -7
package/lib/access.js +1 -1
package/lib/delete-failed-runner.lambda.js +4 -8
package/lib/idle-runner-repear.lambda.js +11 -14
package/lib/image-builders/api.js +1 -1
package/lib/image-builders/aws-image-builder/builder.js +1 -1
package/lib/image-builders/aws-image-builder/deprecated/ami.js +1 -1
package/lib/image-builders/aws-image-builder/deprecated/container.js +1 -1
package/lib/image-builders/aws-image-builder/deprecated/linux-components.js +1 -1
package/lib/image-builders/aws-image-builder/deprecated/windows-components.js +1 -1
package/lib/image-builders/codebuild-deprecated.js +1 -1
package/lib/image-builders/components.js +1 -1
package/lib/image-builders/static.js +1 -1
package/lib/lambda-github.d.ts +16 -13
package/lib/lambda-github.js +33 -8
package/lib/providers/codebuild.js +10 -5
package/lib/providers/common.d.ts +5 -1
package/lib/providers/common.js +4 -4
package/lib/providers/ec2.js +56 -17
package/lib/providers/ecs.d.ts +7 -1
package/lib/providers/ecs.js +8 -3
package/lib/providers/fargate.js +12 -8
package/lib/providers/lambda.js +4 -3
package/lib/runner.js +3 -2
package/lib/secrets.js +4 -2
package/lib/setup.lambda.js +13 -7
package/lib/status.lambda.js +4 -1
package/lib/token-retriever.lambda.d.ts +2 -1
package/lib/token-retriever.lambda.js +30 -8
package/package.json +21 -18

package/API.md CHANGED Viewed

@@ -6048,6 +6048,7 @@ const ecsRunnerProviderProps: EcsRunnerProviderProps = { ... }
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.labels">labels</a></code> | <code>string[]</code> | GitHub Actions labels used for this provider. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.maxInstances">maxInstances</a></code> | <code>number</code> | The maximum number of instances to run in the cluster. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.memoryLimitMiB">memoryLimitMiB</a></code> | <code>number</code> | The amount (in MiB) of memory used by the task. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.memoryReservationMiB">memoryReservationMiB</a></code> | <code>number</code> | The soft limit (in MiB) of memory to reserve for the container. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.minInstances">minInstances</a></code> | <code>number</code> | The minimum number of instances to run in the cluster. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.securityGroups">securityGroups</a></code> | <code>aws-cdk-lib.aws_ec2.ISecurityGroup[]</code> | Security groups to assign to the task. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.spot">spot</a></code> | <code>boolean</code> | Use spot capacity. |
@@ -6230,12 +6231,25 @@ public readonly memoryLimitMiB: number;
 ```
 - *Type:* number
-- *Default:* 3500
+- *Default:* 3500, unless `memoryReservationMiB` is used and then it's undefined
 The amount (in MiB) of memory used by the task.
 ---
+##### `memoryReservationMiB`<sup>Optional</sup> <a name="memoryReservationMiB" id="@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.memoryReservationMiB"></a>
+```typescript
+public readonly memoryReservationMiB: number;
+```
+- *Type:* number
+- *Default:* undefined
+The soft limit (in MiB) of memory to reserve for the container.
+---
 ##### `minInstances`<sup>Optional</sup> <a name="minInstances" id="@cloudsnorkel/cdk-github-runners.EcsRunnerProviderProps.property.minInstances"></a>
 ```typescript
@@ -7978,7 +7992,7 @@ public readonly retryOptions: ProviderRetryOptions;
 Workflow job parameters as parsed from the webhook event. Pass these into your runner executor and run something like:.
 ```sh
-./config.sh --unattended --url "https://${GITHUB_DOMAIN}/${OWNER}/${REPO}" --token "${RUNNER_TOKEN}" --ephemeral --work _work --labels "${RUNNER_LABEL}" --name "${RUNNER_NAME}" --disableupdate
+./config.sh --unattended --url "{REGISTRATION_URL}" --token "${RUNNER_TOKEN}" --ephemeral --work _work --labels "${RUNNER_LABEL}" --name "${RUNNER_NAME}" --disableupdate
 ```
 All parameters are specified as step function paths and therefore must be used only in step function task parameters.
@@ -7997,6 +8011,7 @@ const runnerRuntimeParameters: RunnerRuntimeParameters = { ... }
 | --- | --- | --- |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerRuntimeParameters.property.githubDomainPath">githubDomainPath</a></code> | <code>string</code> | Path to GitHub domain. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerRuntimeParameters.property.ownerPath">ownerPath</a></code> | <code>string</code> | Path to repository owner name. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerRuntimeParameters.property.registrationUrl">registrationUrl</a></code> | <code>string</code> | Repository or organization URL to register runner at. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerRuntimeParameters.property.repoPath">repoPath</a></code> | <code>string</code> | Path to repository name. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerRuntimeParameters.property.runnerNamePath">runnerNamePath</a></code> | <code>string</code> | Path to desired runner name. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerRuntimeParameters.property.runnerTokenPath">runnerTokenPath</a></code> | <code>string</code> | Path to runner token used to register token. |
@@ -8029,6 +8044,18 @@ Path to repository owner name.
 ---
+##### `registrationUrl`<sup>Required</sup> <a name="registrationUrl" id="@cloudsnorkel/cdk-github-runners.RunnerRuntimeParameters.property.registrationUrl"></a>
+```typescript
+public readonly registrationUrl: string;
+```
+- *Type:* string
+Repository or organization URL to register runner at.
+---
 ##### `repoPath`<sup>Required</sup> <a name="repoPath" id="@cloudsnorkel/cdk-github-runners.RunnerRuntimeParameters.property.repoPath"></a>
 ```typescript

package/SETUP_GITHUB.md CHANGED Viewed

@@ -13,6 +13,7 @@ Integration with GitHub can be done using an [app](#app-authentication) or [pers
 5. If you want to create an app for your organization:
    1. Choose Organization app
    2. Type in the organization slug (ORGANIZATION from https://github.com/ORGANIZATION/REPO)
+   3. Choose registration level for the runners
 6. Click Create GitHub App to take you to GitHub to finish the setup
 7. Follow the instructions on GitHub
 8. When brought back to the setup wizard, click the install link
@@ -27,10 +28,12 @@ Integration with GitHub can be done using an [app](#app-authentication) or [pers
 3. Setup webhook under the webhook section
     1. For Webhook URL use the value of `github.webhook.url` from `status.json`
     2. Open the URL in `github.webhook.secretUrl` from `status.json`, retrieve the secret value, and use it for webhook secret
-4. In the repository permissions section enable:
-    1. Actions: Read and write
-    2. Administration: Read and write
-    3. Deployments: Read-only
+4. In the permissions section enable:
+   1. Repository    -> Actions: Read and write
+   2. Repository    -> Administration: Read and write
+   3. Repository    -> Deployments: Read-only
+   4. Repository    -> Administration: Read and write (only for repository level runners)
+   5. Organization  -> Self-hosted runners: Read and write (only for organization level runners)
 5. In the event subscription section enable:
     1. Workflow job
 6. Under "Where can this GitHub App be installed?" select "Only on this account"
@@ -40,7 +43,8 @@ Integration with GitHub can be done using an [app](#app-authentication) or [pers
 10. Open the URL in `github.auth.secretUrl` from `status.json` and edit the secret value
     1. If you're using a self-hosted GitHub instance, put its domain in `domain` (e.g. `github.mycompany.com`)
     2. Put the new application id in `appId` (e.g. `34789562`)
-    3. Ignore/delete `dummy` and **leave `personalAuthToken` empty**
+    3. If using organization level registration, add `runnerLevel` with `org` as the value
+    4. Ignore/delete `dummy` and **leave `personalAuthToken` empty**
 11. Open the URL in `github.auth.privateKeySecretUrl` from `status.json` and edit the secret value
     1. Open the downloaded private key with any text editor
     2. Copy the text from the private key as-is into the secret

package/assets/delete-failed-runner.lambda/index.js CHANGED Viewed

@@ -17567,14 +17567,22 @@ async function getOctokit(installationId) {
     githubSecrets
   };
 }
-async function getRunner(octokit, owner, repo, name) {
+async function getRunner(octokit, runnerLevel, owner, repo, name) {
   let page = 1;
   while (true) {
-    const runners = await octokit.request("GET /repos/{owner}/{repo}/actions/runners?per_page=100&page={page}", {
-      page,
-      owner,
-      repo
-    });
+    let runners;
+    if ((runnerLevel ?? "repo") === "repo") {
+      runners = await octokit.rest.actions.listSelfHostedRunnersForRepo({
+        page,
+        owner,
+        repo
+      });
+    } else {
+      runners = await octokit.rest.actions.listSelfHostedRunnersForOrg({
+        page,
+        org: owner
+      });
+    }
     if (runners.data.runners.length == 0) {
       return;
     }
@@ -17586,6 +17594,20 @@ async function getRunner(octokit, owner, repo, name) {
     page++;
   }
 }
+async function deleteRunner(octokit, runnerLevel, owner, repo, runnerId) {
+  if ((runnerLevel ?? "repo") === "repo") {
+    await octokit.rest.actions.deleteSelfHostedRunnerFromRepo({
+      owner,
+      repo,
+      runner_id: runnerId
+    });
+  } else {
+    await octokit.rest.actions.deleteSelfHostedRunnerFromOrg({
+      org: owner,
+      runner_id: runnerId
+    });
+  }
+}
 // src/delete-failed-runner.lambda.ts
 var RunnerBusy = class _RunnerBusy extends Error {
@@ -17604,19 +17626,15 @@ var ReraisedError = class _ReraisedError extends Error {
   }
 };
 async function handler(event) {
-  const { octokit } = await getOctokit(event.installationId);
-  const runner = await getRunner(octokit, event.owner, event.repo, event.runnerName);
+  const { octokit, githubSecrets } = await getOctokit(event.installationId);
+  const runner = await getRunner(octokit, githubSecrets.runnerLevel, event.owner, event.repo, event.runnerName);
   if (!runner) {
     console.error(`Unable to find runner id for ${event.owner}/${event.repo}:${event.runnerName}`);
     throw new ReraisedError(event);
   }
   console.log(`Runner ${event.runnerName} has id #${runner.id}`);
   try {
-    await octokit.rest.actions.deleteSelfHostedRunnerFromRepo({
-      owner: event.owner,
-      repo: event.repo,
-      runner_id: runner.id
-    });
+    await deleteRunner(octokit, githubSecrets.runnerLevel, event.owner, event.repo, runner.id);
   } catch (e) {
     const reqError = e;
     if (reqError.message.includes("is still running a job")) {

package/assets/docker-images/lambda/linux-arm64/runner.js CHANGED Viewed

@@ -11,6 +11,7 @@ exports.handler = async (event, context) => {
         RUNNER_TOKEN: event.token,
         RUNNER_NAME: event.runnerName,
         RUNNER_LABEL: event.label,
+        REGISTRATION_URL: event.registrationUrl,
       },
     });
     shellScript.stdout.on('data', (data) => {

package/assets/docker-images/lambda/linux-arm64/runner.sh CHANGED Viewed

@@ -13,7 +13,7 @@ export HOME=/tmp/home
 # start runner
 if [ "${RUNNER_VERSION}" = "latest" ]; then RUNNER_FLAGS=""; else RUNNER_FLAGS="--disableupdate"; fi
-./config.sh --unattended --url "https://${GITHUB_DOMAIN}/${OWNER}/${REPO}" --token "${RUNNER_TOKEN}" --ephemeral --work _work --labels "${RUNNER_LABEL},cdkghr:started:`date +%s`" --name "${RUNNER_NAME}" ${RUNNER_FLAGS}
+./config.sh --unattended --url "${REGISTRATION_URL}" --token "${RUNNER_TOKEN}" --ephemeral --work _work --labels "${RUNNER_LABEL},cdkghr:started:`date +%s`" --name "${RUNNER_NAME}" ${RUNNER_FLAGS}
 echo Config done
 ./run.sh
 echo Run done

package/assets/docker-images/lambda/linux-x64/runner.js CHANGED Viewed

@@ -11,6 +11,7 @@ exports.handler = async (event, context) => {
         RUNNER_TOKEN: event.token,
         RUNNER_NAME: event.runnerName,
         RUNNER_LABEL: event.label,
+        REGISTRATION_URL: event.registrationUrl,
       },
     });
     shellScript.stdout.on('data', (data) => {

package/assets/docker-images/lambda/linux-x64/runner.sh CHANGED Viewed

@@ -13,7 +13,7 @@ export HOME=/tmp/home
 # start runner
 if [ "${RUNNER_VERSION}" = "latest" ]; then RUNNER_FLAGS=""; else RUNNER_FLAGS="--disableupdate"; fi
-./config.sh --unattended --url "https://${GITHUB_DOMAIN}/${OWNER}/${REPO}" --token "${RUNNER_TOKEN}" --ephemeral --work _work --labels "${RUNNER_LABEL},cdkghr:started:`date +%s`" --name "${RUNNER_NAME}" ${RUNNER_FLAGS}
+./config.sh --unattended --url "${REGISTRATION_URL}" --token "${RUNNER_TOKEN}" --ephemeral --work _work --labels "${RUNNER_LABEL},cdkghr:started:`date +%s`" --name "${RUNNER_NAME}" ${RUNNER_FLAGS}
 echo Config done
 ./run.sh
 echo Run done

package/assets/idle-runner-repear.lambda/index.js CHANGED Viewed

@@ -17568,14 +17568,22 @@ async function getOctokit(installationId) {
     githubSecrets
   };
 }
-async function getRunner(octokit, owner, repo, name) {
+async function getRunner(octokit, runnerLevel, owner, repo, name) {
   let page = 1;
   while (true) {
-    const runners = await octokit.request("GET /repos/{owner}/{repo}/actions/runners?per_page=100&page={page}", {
-      page,
-      owner,
-      repo
-    });
+    let runners;
+    if ((runnerLevel ?? "repo") === "repo") {
+      runners = await octokit.rest.actions.listSelfHostedRunnersForRepo({
+        page,
+        owner,
+        repo
+      });
+    } else {
+      runners = await octokit.rest.actions.listSelfHostedRunnersForOrg({
+        page,
+        org: owner
+      });
+    }
     if (runners.data.runners.length == 0) {
       return;
     }
@@ -17587,12 +17595,27 @@ async function getRunner(octokit, owner, repo, name) {
     page++;
   }
 }
+async function deleteRunner(octokit, runnerLevel, owner, repo, runnerId) {
+  if ((runnerLevel ?? "repo") === "repo") {
+    await octokit.rest.actions.deleteSelfHostedRunnerFromRepo({
+      owner,
+      repo,
+      runner_id: runnerId
+    });
+  } else {
+    await octokit.rest.actions.deleteSelfHostedRunnerFromOrg({
+      org: owner,
+      runner_id: runnerId
+    });
+  }
+}
 // src/idle-runner-repear.lambda.ts
 var sfn = new import_client_sfn.SFNClient();
 async function handler(event) {
   const result = { batchItemFailures: [] };
-  const octokitCache2 = {};
+  let octokitCache2;
+  let runnerLevel;
   for (const record of event.Records) {
     const input = JSON.parse(record.body);
     console.log(`Checking runner for ${input.owner}/${input.repo} [execution-id=${input.runnerName}]`);
@@ -17602,13 +17625,12 @@ async function handler(event) {
       console.log("Runner already finished");
       continue;
     }
-    let octokit;
-    if (octokitCache2[input.installationId ?? -1]) {
-      octokit = octokitCache2[input.installationId ?? -1];
-    } else {
-      octokit = octokitCache2[input.installationId ?? -1] = (await getOctokit(input.installationId)).octokit;
+    if (!octokitCache2) {
+      const { octokit, githubSecrets } = await getOctokit(input.installationId);
+      octokitCache2 = octokit;
+      runnerLevel = githubSecrets.runnerLevel;
     }
-    const runner = await getRunner(octokit, input.owner, input.repo, input.runnerName);
+    const runner = await getRunner(octokitCache2, runnerLevel, input.owner, input.repo, input.runnerName);
     if (!runner) {
       console.error(`Runner not running yet for ${input.owner}/${input.repo}:${input.runnerName}`);
       retryLater();
@@ -17643,11 +17665,7 @@ async function handler(event) {
           }
           try {
             console.log(`Deleting runner ${runner.id}...`);
-            await octokit.rest.actions.deleteSelfHostedRunnerFromRepo({
-              owner: input.owner,
-              repo: input.repo,
-              runner_id: runner.id
-            });
+            await deleteRunner(octokitCache2, runnerLevel, input.owner, input.repo, runner.id);
           } catch (e) {
             console.error(`Failed to delete runner ${runner.id}: ${e}`);
             retryLater();

package/assets/setup.lambda/index.html CHANGED Viewed

@@ -5,24 +5,32 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Setup GitHub Runners</title>
     <script type="module" crossorigin>
-(function(){const t=document.createElement("link").relList;if(t&&t.supports&&t.supports("modulepreload"))return;for(const l of document.querySelectorAll('link[rel="modulepreload"]'))n(l);new MutationObserver(l=>{for(const p of l)if(p.type==="childList")for(const a of p.addedNodes)a.tagName==="LINK"&&a.rel==="modulepreload"&&n(a)}).observe(document,{childList:!0,subtree:!0});function o(l){const p={};return l.integrity&&(p.integrity=l.integrity),l.referrerPolicy&&(p.referrerPolicy=l.referrerPolicy),l.crossOrigin==="use-credentials"?p.credentials="include":l.crossOrigin==="anonymous"?p.credentials="omit":p.credentials="same-origin",p}function n(l){if(l.ep)return;l.ep=!0;const p=o(l);fetch(l.href,p)}})();function X(){}function $e(e){return e()}function Te(){return Object.create(null)}function q(e){e.forEach($e)}function ze(e){return typeof e=="function"}function Me(e,t){return e!=e?t==t:e!==t||e&&typeof e=="object"||typeof e=="function"}function je(e){return Object.keys(e).length===0}function i(e,t){e.appendChild(t)}function T(e,t,o){e.insertBefore(t,o||null)}function C(e){e.parentNode&&e.parentNode.removeChild(e)}function s(e){return document.createElement(e)}function G(e){return document.createTextNode(e)}function b(){return G(" ")}function qe(){return G("")}function z(e,t,o,n){return e.addEventListener(t,o,n),()=>e.removeEventListener(t,o,n)}function r(e,t,o){o==null?e.removeAttribute(t):e.getAttribute(t)!==o&&e.setAttribute(t,o)}function ye(e){let t;return{p(...o){t=o,t.forEach(n=>e.push(n))},r(){t.forEach(o=>e.splice(e.indexOf(o),1))}}}function Be(e){return e===""?null:+e}function Je(e){return Array.from(e.childNodes)}function ce(e,t){t=""+t,e.data!==t&&(e.data=t)}function j(e,t){e.value=t??""}let we;function le(e){we=e}const Q=[],He=[];let V=[];const Ne=[],Ke=Promise.resolve();let ge=!1;function We(){ge||(ge=!0,Ke.then(De))}function ve(e){V.push(e)}const me=new Set;let Z=0;function De(){if(Z!==0)return;const e=we;do{try{for(;Z<Q.length;){const t=Q[Z];Z++,le(t),Fe(t.$$)}}catch(t){throw Q.length=0,Z=0,t}for(le(null),Q.length=0,Z=0;He.length;)He.pop()();for(let t=0;t<V.length;t+=1){const o=V[t];me.has(o)||(me.add(o),o())}V.length=0}while(Q.length);for(;Ne.length;)Ne.pop()();ge=!1,me.clear(),le(e)}function Fe(e){if(e.fragment!==null){e.update(),q(e.before_update);const t=e.dirty;e.dirty=[-1],e.fragment&&e.fragment.p(e.ctx,t),e.after_update.forEach(ve)}}function Ye(e){const t=[],o=[];V.forEach(n=>e.indexOf(n)===-1?t.push(n):o.push(n)),o.forEach(n=>n()),V=t}const Ze=new Set;function Qe(e,t){e&&e.i&&(Ze.delete(e),e.i(t))}function Ve(e,t,o,n){const{fragment:l,after_update:p}=e.$$;l&&l.m(t,o),n||ve(()=>{const a=e.$$.on_mount.map($e).filter(ze);e.$$.on_destroy?e.$$.on_destroy.push(...a):q(a),e.$$.on_mount=[]}),p.forEach(ve)}function Xe(e,t){const o=e.$$;o.fragment!==null&&(Ye(o.after_update),q(o.on_destroy),o.fragment&&o.fragment.d(t),o.on_destroy=o.fragment=null,o.ctx=[])}function xe(e,t){e.$$.dirty[0]===-1&&(Q.push(e),We(),e.$$.dirty.fill(0)),e.$$.dirty[t/31|0]|=1<<t%31}function et(e,t,o,n,l,p,a,c=[-1]){const g=we;le(e);const u=e.$$={fragment:null,ctx:[],props:p,update:X,not_equal:l,bound:Te(),on_mount:[],on_destroy:[],on_disconnect:[],before_update:[],after_update:[],context:new Map(t.context||(g?g.$$.context:[])),callbacks:Te(),dirty:c,skip_bound:!1,root:t.target||g.$$.root};a&&a(u.root);let h=!1;if(u.ctx=o?o(e,t.props||{},(v,f,...S)=>{const k=S.length?S[0]:f;return u.ctx&&l(u.ctx[v],u.ctx[v]=k)&&(!u.skip_bound&&u.bound[v]&&u.bound[v](k),h&&xe(e,v)),f}):[],u.update(),h=!0,q(u.before_update),u.fragment=n?n(u.ctx):!1,t.target){if(t.hydrate){const v=Je(t.target);u.fragment&&u.fragment.l(v),v.forEach(C)}else u.fragment&&u.fragment.c();t.intro&&Qe(e.$$.fragment),Ve(e,t.target,t.anchor,t.customElement),De()}le(g)}class tt{$destroy(){Xe(this,1),this.$destroy=X}$on(t,o){if(!ze(o))return X;const n=this.$$.callbacks[t]||(this.$$.callbacks[t]=[]);return n.push(o),()=>{const l=n.indexOf(o);l!==-1&&n.splice(l,1)}}$set(t){this.$$set&&!je(t)&&(this.$$.skip_bound=!0,this.$$set(t),this.$$.skip_bound=!1)}}function Oe(e){let t,o,n,l,p,a,c,g;return{c(){t=s("h3"),t.textContent="GitHub Enterprise Server Domain",o=b(),n=s("div"),l=s("p"),l.innerHTML=`Where is GitHub Enterprise Server hosted? Type in the domain without <code>https://</code>
-              and without any path. It should look something like <code>github.mycompany.com</code>.`,p=b(),a=s("input"),r(a,"class","form-control"),r(n,"class","px-3 py-3")},m(u,h){T(u,t,h),T(u,o,h),T(u,n,h),i(n,l),i(n,p),i(n,a),j(a,e[1]),c||(g=z(a,"input",e[15]),c=!0)},p(u,h){h&2&&a.value!==u[1]&&j(a,u[1])},d(u){u&&C(t),u&&C(o),u&&C(n),c=!1,g()}}}function Ie(e){let t,o,n,l,p,a,c,g,u,h,v,f,S,k,A,E,_,m,w,I,O,H;return I=ye(e[13][1]),{c(){t=s("h3"),t.textContent="Authentication Type",o=b(),n=s("div"),l=s("p"),l.textContent=`You can choose between creating a new app that will provide authentication for specific
+(function(){const t=document.createElement("link").relList;if(t&&t.supports&&t.supports("modulepreload"))return;for(const i of document.querySelectorAll('link[rel="modulepreload"]'))l(i);new MutationObserver(i=>{for(const p of i)if(p.type==="childList")for(const c of p.addedNodes)c.tagName==="LINK"&&c.rel==="modulepreload"&&l(c)}).observe(document,{childList:!0,subtree:!0});function r(i){const p={};return i.integrity&&(p.integrity=i.integrity),i.referrerPolicy&&(p.referrerPolicy=i.referrerPolicy),i.crossOrigin==="use-credentials"?p.credentials="include":i.crossOrigin==="anonymous"?p.credentials="omit":p.credentials="same-origin",p}function l(i){if(i.ep)return;i.ep=!0;const p=r(i);fetch(i.href,p)}})();function he(){}function De(e){return e()}function He(){return Object.create(null)}function ne(e){e.forEach(De)}function Me(e){return typeof e=="function"}function je(e,t){return e!=e?t==t:e!==t||e&&typeof e=="object"||typeof e=="function"}function Ke(e){return Object.keys(e).length===0}function n(e,t){e.appendChild(t)}function H(e,t,r){e.insertBefore(t,r||null)}function O(e){e.parentNode&&e.parentNode.removeChild(e)}function s(e){return document.createElement(e)}function z(e){return document.createTextNode(e)}function d(){return z(" ")}function Fe(){return z("")}function P(e,t,r,l){return e.addEventListener(t,r,l),()=>e.removeEventListener(t,r,l)}function o(e,t,r){r==null?e.removeAttribute(t):e.getAttribute(t)!==r&&e.setAttribute(t,r)}function me(e){let t;return{p(...r){t=r,t.forEach(l=>e.push(l))},r(){t.forEach(r=>e.splice(e.indexOf(r),1))}}}function We(e){return e===""?null:+e}function $e(e){return Array.from(e.childNodes)}function be(e,t){t=""+t,e.data!==t&&(e.data=t)}function X(e,t){e.value=t??""}let Ae;function _e(e){Ae=e}const fe=[],Ne=[];let de=[];const Re=[],Ye=Promise.resolve();let we=!1;function Ze(){we||(we=!0,Ye.then(Je))}function Ce(e){de.push(e)}const ke=new Set;let pe=0;function Je(){if(pe!==0)return;const e=Ae;do{try{for(;pe<fe.length;){const t=fe[pe];pe++,_e(t),Qe(t.$$)}}catch(t){throw fe.length=0,pe=0,t}for(_e(null),fe.length=0,pe=0;Ne.length;)Ne.pop()();for(let t=0;t<de.length;t+=1){const r=de[t];ke.has(r)||(ke.add(r),r())}de.length=0}while(fe.length);for(;Re.length;)Re.pop()();we=!1,ke.clear(),_e(e)}function Qe(e){if(e.fragment!==null){e.update(),ne(e.before_update);const t=e.dirty;e.dirty=[-1],e.fragment&&e.fragment.p(e.ctx,t),e.after_update.forEach(Ce)}}function Ve(e){const t=[],r=[];de.forEach(l=>e.indexOf(l)===-1?t.push(l):r.push(l)),r.forEach(l=>l()),de=t}const Xe=new Set;function xe(e,t){e&&e.i&&(Xe.delete(e),e.i(t))}function et(e,t,r,l){const{fragment:i,after_update:p}=e.$$;i&&i.m(t,r),l||Ce(()=>{const c=e.$$.on_mount.map(De).filter(Me);e.$$.on_destroy?e.$$.on_destroy.push(...c):ne(c),e.$$.on_mount=[]}),p.forEach(Ce)}function tt(e,t){const r=e.$$;r.fragment!==null&&(Ve(r.after_update),ne(r.on_destroy),r.fragment&&r.fragment.d(t),r.on_destroy=r.fragment=null,r.ctx=[])}function nt(e,t){e.$$.dirty[0]===-1&&(fe.push(e),Ze(),e.$$.dirty.fill(0)),e.$$.dirty[t/31|0]|=1<<t%31}function lt(e,t,r,l,i,p,c,a=[-1]){const m=Ae;_e(e);const u=e.$$={fragment:null,ctx:[],props:p,update:he,not_equal:i,bound:He(),on_mount:[],on_destroy:[],on_disconnect:[],before_update:[],after_update:[],context:new Map(t.context||(m?m.$$.context:[])),callbacks:He(),dirty:a,skip_bound:!1,root:t.target||m.$$.root};c&&c(u.root);let k=!1;if(u.ctx=r?r(e,t.props||{},(g,_,...E)=>{const f=E.length?E[0]:_;return u.ctx&&i(u.ctx[g],u.ctx[g]=f)&&(!u.skip_bound&&u.bound[g]&&u.bound[g](f),k&&nt(e,g)),_}):[],u.update(),k=!0,ne(u.before_update),u.fragment=l?l(u.ctx):!1,t.target){if(t.hydrate){const g=$e(t.target);u.fragment&&u.fragment.l(g),g.forEach(O)}else u.fragment&&u.fragment.c();t.intro&&xe(e.$$.fragment),et(e,t.target,t.anchor,t.customElement),Je()}_e(m)}class it{$destroy(){tt(this,1),this.$destroy=he}$on(t,r){if(!Me(r))return he;const l=this.$$.callbacks[t]||(this.$$.callbacks[t]=[]);return l.push(r),()=>{const i=l.indexOf(r);i!==-1&&l.splice(i,1)}}$set(t){this.$$set&&!Ke(t)&&(this.$$.skip_bound=!0,this.$$set(t),this.$$.skip_bound=!1)}}function Ie(e){let t,r,l,i,p,c,a,m;return{c(){t=s("h3"),t.textContent="GitHub Enterprise Server Domain",r=d(),l=s("div"),i=s("p"),i.innerHTML=`Where is GitHub Enterprise Server hosted? Type in the domain without <code>https://</code>
+              and without any path. It should look something like <code>github.mycompany.com</code>.`,p=d(),c=s("input"),o(c,"class","form-control"),o(l,"class","px-3 py-3")},m(u,k){H(u,t,k),H(u,r,k),H(u,l,k),n(l,i),n(l,p),n(l,c),X(c,e[1]),a||(m=P(c,"input",e[18]),a=!0)},p(u,k){k[0]&2&&c.value!==u[1]&&X(c,u[1])},d(u){u&&O(t),u&&O(r),u&&O(l),a=!1,m()}}}function ze(e){let t,r,l,i,p,c,a,m,u,k,g,_,E,f,S,C,b,v,T,A,y,N;return A=me(e[16][2]),{c(){t=s("h3"),t.textContent="Authentication Type",r=d(),l=s("div"),i=s("p"),i.textContent=`You can choose between creating a new app that will provide authentication for specific
               repositories, or a personal access token that will provide access to all repositories
               available to you. Apps are easier to set up and provide more fine-grained access control. If
-              you have previously created an app, you can choose to use an existing app.`,p=b(),a=s("div"),c=s("input"),g=b(),u=s("label"),u.innerHTML="New GitHub App <b>(recommended)</b>",h=b(),v=s("div"),f=s("input"),S=b(),k=s("label"),k.textContent="Existing GitHub App",A=b(),E=s("div"),_=s("input"),m=b(),w=s("label"),w.textContent="Personal Access Token",r(c,"class","form-check-input"),r(c,"type","radio"),c.__value="newApp",c.value=c.__value,r(c,"id","newApp"),r(u,"class","form-check-label"),r(u,"for","newApp"),r(a,"class","form-check"),r(f,"class","form-check-input"),r(f,"type","radio"),f.__value="existingApp",f.value=f.__value,r(f,"id","existingApp"),r(k,"class","form-check-label"),r(k,"for","existingApp"),r(v,"class","form-check"),r(_,"class","form-check-input"),r(_,"type","radio"),_.__value="pat",_.value=_.__value,r(_,"id","pat"),r(w,"class","form-check-label"),r(w,"for","pat"),r(E,"class","form-check"),r(n,"class","px-3 py-3"),I.p(c,f,_)},m(d,N){T(d,t,N),T(d,o,N),T(d,n,N),i(n,l),i(n,p),i(n,a),i(a,c),c.checked=c.__value===e[2],i(a,g),i(a,u),i(n,h),i(n,v),i(v,f),f.checked=f.__value===e[2],i(v,S),i(v,k),i(n,A),i(n,E),i(E,_),_.checked=_.__value===e[2],i(E,m),i(E,w),O||(H=[z(c,"change",e[16]),z(f,"change",e[17]),z(_,"change",e[18])],O=!0)},p(d,N){N&4&&(c.checked=c.__value===d[2]),N&4&&(f.checked=f.__value===d[2]),N&4&&(_.checked=_.__value===d[2])},d(d){d&&C(t),d&&C(o),d&&C(n),I.r(),O=!1,q(H)}}}function nt(e){let t,o,n,l,p,a,c,g,u,h,v,f,S,k,A,E,_;return{c(){t=s("h2"),t.textContent="Personal Access Token",o=b(),n=s("div"),l=s("p"),p=G("The "),a=s("a"),c=G("personal access token"),u=G(" must have the "),h=s("code"),h.textContent="repo",v=G(`
-              scope enabled. Don't forget to also create a webhook as described in `),f=s("a"),f.textContent="SETUP_GITHUB.md",S=G("."),k=b(),A=s("input"),r(a,"href",g="https://"+e[1]+"/settings/tokens"),r(f,"href","https://github.com/CloudSnorkel/cdk-github-runners/blob/main/SETUP_GITHUB.md"),r(A,"class","form-control"),r(A,"placeholder","Token e.g. ghp_abcdefghijklmnopqrstuvwxyz1234567890"),r(n,"class","px-3 py-3")},m(m,w){T(m,t,w),T(m,o,w),T(m,n,w),i(n,l),i(l,p),i(l,a),i(a,c),i(l,u),i(l,h),i(l,v),i(l,f),i(l,S),i(n,k),i(n,A),j(A,e[7]),E||(_=z(A,"input",e[25]),E=!0)},p(m,w){w&2&&g!==(g="https://"+m[1]+"/settings/tokens")&&r(a,"href",g),w&128&&A.value!==m[7]&&j(A,m[7])},d(m){m&&C(t),m&&C(o),m&&C(n),E=!1,_()}}}function lt(e){let t,o,n,l,p,a,c,g,u,h,v,f,S,k,A,E,_,m;return{c(){t=s("h3"),t.textContent="Existing App Details",o=b(),n=s("div"),l=s("p"),l.innerHTML=`Existing apps must have <code>actions</code> and <code>administration</code> write
-              permissions. Don&#39;t forget to set up the webhook and its secret as described in <a href="https://github.com/CloudSnorkel/cdk-github-runners/blob/main/SETUP_GITHUB.md">SETUP_GITHUB.md</a>.`,p=b(),a=s("div"),c=s("label"),c.textContent="App Id",g=b(),u=s("div"),h=s("input"),v=b(),f=s("div"),S=s("label"),S.textContent="Private Key",k=b(),A=s("div"),E=s("textarea"),r(c,"for","appid"),r(c,"class","col-sm-2 col-form-label"),r(h,"type","number"),r(h,"class","form-control"),r(h,"id","appid"),r(u,"class","col-sm-10"),r(a,"class","form-group row px-3 py-2"),r(S,"for","pk"),r(S,"class","col-sm-2 col-form-label"),r(E,"class","form-control"),r(E,"id","pk"),r(E,"rows","10"),r(A,"class","col-sm-10"),r(f,"class","form-group row px-3 py-2"),r(n,"class","px-3 py-3")},m(w,I){T(w,t,I),T(w,o,I),T(w,n,I),i(n,l),i(n,p),i(n,a),i(a,c),i(a,g),i(a,u),i(u,h),j(h,e[5]),i(n,v),i(n,f),i(f,S),i(f,k),i(f,A),i(A,E),j(E,e[6]),_||(m=[z(h,"input",e[23]),z(E,"input",e[24])],_=!0)},p(w,I){I&32&&Be(h.value)!==w[5]&&j(h,w[5]),I&64&&j(E,w[6])},d(w){w&&C(t),w&&C(o),w&&C(n),_=!1,q(m)}}}function it(e){let t,o,n,l,p,a,c,g,u,h,v,f,S,k,A,E,_,m,w,I,O=e[0]==="ghes"&&Ge(e),H=e[3]==="org"&&Re(e);return m=ye(e[13][0]),{c(){t=s("h3"),t.textContent="New App Settings",o=b(),n=s("div"),l=s("p"),l.textContent=`Choose whether to create a new personal app or organization app. A private personal app can
+              you have previously created an app, you can choose to use an existing app.`,p=d(),c=s("div"),a=s("input"),m=d(),u=s("label"),u.innerHTML="New GitHub App <b>(recommended)</b>",k=d(),g=s("div"),_=s("input"),E=d(),f=s("label"),f.textContent="Existing GitHub App",S=d(),C=s("div"),b=s("input"),v=d(),T=s("label"),T.textContent="Personal Access Token",o(a,"class","form-check-input"),o(a,"type","radio"),a.__value="newApp",a.value=a.__value,o(a,"id","newApp"),o(u,"class","form-check-label"),o(u,"for","newApp"),o(c,"class","form-check"),o(_,"class","form-check-input"),o(_,"type","radio"),_.__value="existingApp",_.value=_.__value,o(_,"id","existingApp"),o(f,"class","form-check-label"),o(f,"for","existingApp"),o(g,"class","form-check"),o(b,"class","form-check-input"),o(b,"type","radio"),b.__value="pat",b.value=b.__value,o(b,"id","pat"),o(T,"class","form-check-label"),o(T,"for","pat"),o(C,"class","form-check"),o(l,"class","px-3 py-3"),A.p(a,_,b)},m(h,R){H(h,t,R),H(h,r,R),H(h,l,R),n(l,i),n(l,p),n(l,c),n(c,a),a.checked=a.__value===e[2],n(c,m),n(c,u),n(l,k),n(l,g),n(g,_),_.checked=_.__value===e[2],n(g,E),n(g,f),n(l,S),n(l,C),n(C,b),b.checked=b.__value===e[2],n(C,v),n(C,T),y||(N=[P(a,"change",e[19]),P(_,"change",e[20]),P(b,"change",e[21])],y=!0)},p(h,R){R[0]&4&&(a.checked=a.__value===h[2]),R[0]&4&&(_.checked=_.__value===h[2]),R[0]&4&&(b.checked=b.__value===h[2])},d(h){h&&O(t),h&&O(r),h&&O(l),A.r(),y=!1,ne(N)}}}function ot(e){let t,r,l,i,p,c,a,m,u,k,g,_,E,f,S,C,b;return{c(){t=s("h2"),t.textContent="Personal Access Token",r=d(),l=s("div"),i=s("p"),p=z("The "),c=s("a"),a=z("personal access token"),u=z(" must have the "),k=s("code"),k.textContent="repo",g=z(`
+              scope enabled. Don't forget to also create a webhook as described in `),_=s("a"),_.textContent="SETUP_GITHUB.md",E=z("."),f=d(),S=s("input"),o(c,"href",m="https://"+e[1]+"/settings/tokens"),o(_,"href","https://github.com/CloudSnorkel/cdk-github-runners/blob/main/SETUP_GITHUB.md"),o(S,"class","form-control"),o(S,"placeholder","Token e.g. ghp_abcdefghijklmnopqrstuvwxyz1234567890"),o(l,"class","px-3 py-3")},m(v,T){H(v,t,T),H(v,r,T),H(v,l,T),n(l,i),n(i,p),n(i,c),n(c,a),n(i,u),n(i,k),n(i,g),n(i,_),n(i,E),n(l,f),n(l,S),X(S,e[8]),C||(b=P(S,"input",e[30]),C=!0)},p(v,T){T[0]&2&&m!==(m="https://"+v[1]+"/settings/tokens")&&o(c,"href",m),T[0]&256&&S.value!==v[8]&&X(S,v[8])},d(v){v&&O(t),v&&O(r),v&&O(l),C=!1,b()}}}function rt(e){let t,r,l,i,p,c,a,m,u,k,g,_,E,f,S,C,b,v,T,A,y,N,h,R,B,G,le,$,ie,x,oe,re,U,ee,Z=JSON.stringify(e[4]==="repo"?e[12]:e[13],void 0,2)+"",K,te,q,se,ae,Y,Q,ue;return Y=me(e[16][0]),{c(){t=s("h3"),t.textContent="Existing App Details",r=d(),l=s("div"),i=s("div"),p=s("label"),p.textContent="App Id",c=d(),a=s("div"),m=s("input"),u=d(),k=s("div"),g=s("label"),g.textContent="Private Key",_=d(),E=s("div"),f=s("textarea"),S=d(),C=s("div"),b=s("div"),b.textContent="Registration Level",v=d(),T=s("div"),A=s("div"),y=s("input"),N=d(),h=s("label"),h.textContent="Repository",R=d(),B=s("div"),G=s("input"),le=d(),$=s("label"),$.textContent="Organization",ie=d(),x=s("h4"),x.textContent="Required Permissions",oe=d(),re=s("p"),re.textContent="The existing app must have the following permissions.",U=d(),ee=s("pre"),K=z(Z),te=d(),q=s("h4"),q.textContent="Webhook",se=d(),ae=s("p"),ae.innerHTML='Don&#39;t forget to set up the webhook and its secret as described in <a href="https://github.com/CloudSnorkel/cdk-github-runners/blob/main/SETUP_GITHUB.md">SETUP_GITHUB.md</a>.',o(p,"for","appid"),o(p,"class","col-sm-2 col-form-label"),o(m,"type","number"),o(m,"class","form-control"),o(m,"id","appid"),o(a,"class","col-sm-10"),o(i,"class","form-group row px-3 py-2"),o(g,"for","pk"),o(g,"class","col-sm-2 col-form-label"),o(f,"class","form-control"),o(f,"id","pk"),o(f,"rows","10"),o(E,"class","col-sm-10"),o(k,"class","form-group row px-3 py-2"),o(b,"class","col-sm-2 col-form-label"),o(y,"class","form-check-input"),o(y,"type","radio"),y.__value="repo",y.value=y.__value,o(y,"id","repo"),o(h,"class","form-check-label"),o(h,"for","repo"),o(A,"class","form-check"),o(G,"class","form-check-input"),o(G,"type","radio"),G.__value="org",G.value=G.__value,o(G,"id","org"),o($,"class","form-check-label"),o($,"for","org"),o(B,"class","form-check"),o(T,"class","col-sm-10"),o(C,"class","form-group row px-3 py-2"),o(l,"class","px-3 py-3"),Y.p(y,G)},m(I,F){H(I,t,F),H(I,r,F),H(I,l,F),n(l,i),n(i,p),n(i,c),n(i,a),n(a,m),X(m,e[6]),n(l,u),n(l,k),n(k,g),n(k,_),n(k,E),n(E,f),X(f,e[7]),n(l,S),n(l,C),n(C,b),n(C,v),n(C,T),n(T,A),n(A,y),y.checked=y.__value===e[4],n(A,N),n(A,h),n(T,R),n(T,B),n(B,G),G.checked=G.__value===e[4],n(B,le),n(B,$),n(l,ie),n(l,x),n(l,oe),n(l,re),n(l,U),n(l,ee),n(ee,K),n(l,te),n(l,q),n(l,se),n(l,ae),Q||(ue=[P(m,"input",e[26]),P(f,"input",e[27]),P(y,"change",e[28]),P(G,"change",e[29])],Q=!0)},p(I,F){F[0]&64&&We(m.value)!==I[6]&&X(m,I[6]),F[0]&128&&X(f,I[7]),F[0]&16&&(y.checked=y.__value===I[4]),F[0]&16&&(G.checked=G.__value===I[4]),F[0]&16&&Z!==(Z=JSON.stringify(I[4]==="repo"?I[12]:I[13],void 0,2)+"")&&be(K,Z)},d(I){I&&O(t),I&&O(r),I&&O(l),Y.r(),Q=!1,ne(ue)}}}function st(e){let t,r,l,i,p,c,a,m,u,k,g,_,E,f,S,C,b,v,T,A,y=e[0]==="ghes"&&Ge(e),N=e[3]==="org"&&Pe(e);return v=me(e[16][1]),{c(){t=s("h3"),t.textContent="New App Settings",r=d(),l=s("div"),i=s("p"),i.textContent=`Choose whether to create a new personal app or organization app. A private personal app can
               only be used for repositories under your user. A private origination app can only be used
-              for repositories under that organization.`,p=b(),a=s("div"),c=s("input"),g=b(),u=s("label"),u.textContent="User app",h=b(),v=s("div"),f=s("input"),S=b(),k=s("label"),k.textContent="Organization app",A=b(),O&&O.c(),E=b(),H&&H.c(),_=qe(),r(c,"class","form-check-input"),r(c,"type","radio"),c.__value="user",c.value=c.__value,r(c,"id","userScope"),r(u,"class","form-check-label"),r(u,"for","userScope"),r(a,"class","form-check"),r(f,"class","form-check-input"),r(f,"type","radio"),f.__value="org",f.value=f.__value,r(f,"id","orgScope"),r(k,"class","form-check-label"),r(k,"for","orgScope"),r(v,"class","form-check"),r(n,"class","px-3 py-3"),m.p(c,f)},m(d,N){T(d,t,N),T(d,o,N),T(d,n,N),i(n,l),i(n,p),i(n,a),i(a,c),c.checked=c.__value===e[3],i(a,g),i(a,u),i(n,h),i(n,v),i(v,f),f.checked=f.__value===e[3],i(v,S),i(v,k),i(n,A),O&&O.m(n,null),T(d,E,N),H&&H.m(d,N),T(d,_,N),w||(I=[z(c,"change",e[19]),z(f,"change",e[20])],w=!0)},p(d,N){N&8&&(c.checked=c.__value===d[3]),N&8&&(f.checked=f.__value===d[3]),d[0]==="ghes"?O?O.p(d,N):(O=Ge(d),O.c(),O.m(n,null)):O&&(O.d(1),O=null),d[3]==="org"?H?H.p(d,N):(H=Re(d),H.c(),H.m(_.parentNode,_)):H&&(H.d(1),H=null)},d(d){d&&C(t),d&&C(o),d&&C(n),O&&O.d(),d&&C(E),H&&H.d(d),d&&C(_),m.r(),w=!1,q(I)}}}function Ge(e){let t,o,n,l,p,a,c,g;return{c(){t=s("p"),t.textContent=`If multiple organizations under the same GitHub Enterprise Server need to use the runners,
-                you can make the app public.`,o=b(),n=s("div"),l=s("input"),p=b(),a=s("label"),a.textContent="Public app",r(t,"class","pt-2"),r(l,"class","form-check-input"),r(l,"type","checkbox"),r(l,"id","public"),r(a,"class","form-check-label"),r(a,"for","public"),r(n,"class","form-check")},m(u,h){T(u,t,h),T(u,o,h),T(u,n,h),i(n,l),l.checked=e[10].public,i(n,p),i(n,a),c||(g=z(l,"change",e[21]),c=!0)},p(u,h){h&1024&&(l.checked=u[10].public)},d(u){u&&C(t),u&&C(o),u&&C(n),c=!1,g()}}}function Re(e){let t,o,n,l,p,a,c,g,u,h,v,f,S,k,A,E;return{c(){t=s("h3"),t.textContent="Organization name",o=b(),n=s("div"),l=s("p"),p=G(`What is the slug for your organization? If your repositories have a URL like
-                `),a=s("code"),c=G("https://"),g=G(e[1]),u=G("/MyOrg/my-repo"),h=G(`
-                then your organization slug is `),v=s("code"),v.textContent="MyOrg",f=G("."),S=b(),k=s("input"),r(k,"class","form-control"),r(n,"class","px-3 py-3")},m(_,m){T(_,t,m),T(_,o,m),T(_,n,m),i(n,l),i(l,p),i(l,a),i(a,c),i(a,g),i(a,u),i(l,h),i(l,v),i(l,f),i(n,S),i(n,k),j(k,e[4]),A||(E=z(k,"input",e[22]),A=!0)},p(_,m){m&2&&ce(g,_[1]),m&16&&k.value!==_[4]&&j(k,_[4])},d(_){_&&C(t),_&&C(o),_&&C(n),A=!1,E()}}}function ot(e){let t,o,n;return{c(){t=s("div"),o=G(e[9]),r(t,"class",n="alert alert-"+(e[8]?"success":"danger")),r(t,"role","alert")},m(l,p){T(l,t,p),i(t,o)},p(l,p){p&512&&ce(o,l[9]),p&256&&n!==(n="alert alert-"+(l[8]?"success":"danger"))&&r(t,"class",n)},d(l){l&&C(t)}}}function rt(e){let t;return{c(){t=s("p"),t.textContent="This button will be enabled once all the questions above are answered."},m(o,n){T(o,t,n)},p:X,d(o){o&&C(t)}}}function Pe(e){let t,o,n,l,p,a;return{c(){t=s("p"),o=s("b"),o.textContent="WARNING:",n=G(" using a public app means anyone with access to "),l=s("code"),p=G(e[1]),a=G(`
+              for repositories under that organization.`,p=d(),c=s("div"),a=s("input"),m=d(),u=s("label"),u.textContent="User app",k=d(),g=s("div"),_=s("input"),E=d(),f=s("label"),f.textContent="Organization app",S=d(),y&&y.c(),C=d(),N&&N.c(),b=Fe(),o(a,"class","form-check-input"),o(a,"type","radio"),a.__value="user",a.value=a.__value,o(a,"id","userScope"),o(u,"class","form-check-label"),o(u,"for","userScope"),o(c,"class","form-check"),o(_,"class","form-check-input"),o(_,"type","radio"),_.__value="org",_.value=_.__value,o(_,"id","orgScope"),o(f,"class","form-check-label"),o(f,"for","orgScope"),o(g,"class","form-check"),o(l,"class","px-3 py-3"),v.p(a,_)},m(h,R){H(h,t,R),H(h,r,R),H(h,l,R),n(l,i),n(l,p),n(l,c),n(c,a),a.checked=a.__value===e[3],n(c,m),n(c,u),n(l,k),n(l,g),n(g,_),_.checked=_.__value===e[3],n(g,E),n(g,f),n(l,S),y&&y.m(l,null),H(h,C,R),N&&N.m(h,R),H(h,b,R),T||(A=[P(a,"change",e[22]),P(_,"change",e[23])],T=!0)},p(h,R){R[0]&8&&(a.checked=a.__value===h[3]),R[0]&8&&(_.checked=_.__value===h[3]),h[0]==="ghes"?y?y.p(h,R):(y=Ge(h),y.c(),y.m(l,null)):y&&(y.d(1),y=null),h[3]==="org"?N?N.p(h,R):(N=Pe(h),N.c(),N.m(b.parentNode,b)):N&&(N.d(1),N=null)},d(h){h&&O(t),h&&O(r),h&&O(l),y&&y.d(),h&&O(C),N&&N.d(h),h&&O(b),v.r(),T=!1,ne(A)}}}function Ge(e){let t,r,l,i,p,c,a,m;return{c(){t=s("p"),t.textContent=`If multiple organizations under the same GitHub Enterprise Server need to use the runners,
+                you can make the app public.`,r=d(),l=s("div"),i=s("input"),p=d(),c=s("label"),c.textContent="Public app",o(t,"class","pt-2"),o(i,"class","form-check-input"),o(i,"type","checkbox"),o(i,"id","public"),o(c,"class","form-check-label"),o(c,"for","public"),o(l,"class","form-check")},m(u,k){H(u,t,k),H(u,r,k),H(u,l,k),n(l,i),i.checked=e[11].public,n(l,p),n(l,c),a||(m=P(i,"change",e[24]),a=!0)},p(u,k){k[0]&2048&&(i.checked=u[11].public)},d(u){u&&O(t),u&&O(r),u&&O(l),a=!1,m()}}}function Pe(e){let t,r,l,i,p,c,a,m,u,k,g,_,E,f,S,C;return{c(){t=s("h3"),t.textContent="Organization name",r=d(),l=s("div"),i=s("p"),p=z(`What is the slug for your organization? If your repositories have a URL like
+                `),c=s("code"),a=z("https://"),m=z(e[1]),u=z("/MyOrg/my-repo"),k=z(`
+                then your organization slug is `),g=s("code"),g.textContent="MyOrg",_=z("."),E=d(),f=s("input"),o(f,"class","form-control"),o(l,"class","px-3 py-3")},m(b,v){H(b,t,v),H(b,r,v),H(b,l,v),n(l,i),n(i,p),n(i,c),n(c,a),n(c,m),n(c,u),n(i,k),n(i,g),n(i,_),n(l,E),n(l,f),X(f,e[5]),S||(C=P(f,"input",e[25]),S=!0)},p(b,v){v[0]&2&&be(m,b[1]),v[0]&32&&f.value!==b[5]&&X(f,b[5])},d(b){b&&O(t),b&&O(r),b&&O(l),S=!1,C()}}}function Le(e){let t,r,l,i,p,c,a,m,u,k,g,_,E,f,S,C,b,v,T;return b=me(e[16][0]),{c(){t=s("h3"),t.textContent="Registration Level",r=d(),l=s("div"),i=s("p"),i.textContent="Would you like runners to be registered on repository level, or on organization level?",p=d(),c=s("ul"),c.innerHTML=`<li>Registering runners on repository level requires the <code>administration</code>
+                <a href="https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners#authentication-requirements">permission</a>.</li>
+              <li>Registering runners on organization level only requires the <code>organization_self_hosted_runners</code>
+                <a href="https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners#authentication-requirements">permission</a>
+                which is more fine-grained.</li>
+              <li>Registering runners on organization level means any repository can use them, even if the app wasn&#39;t
+                installed on those repositories.</li>
+              <li>Do not use organization level registration if you don&#39;t fully trust all repositories in your organization.</li>
+              <li>Use organization level to reduce the permission scope this new app is given.</li>
+              <li>When in doubt, use the default repository level registration.</li>`,a=d(),m=s("div"),u=s("input"),k=d(),g=s("label"),g.textContent="Repository",_=d(),E=s("div"),f=s("input"),S=d(),C=s("label"),C.textContent="Organization",o(u,"class","form-check-input"),o(u,"type","radio"),u.__value="repo",u.value=u.__value,o(u,"id","repo"),o(g,"class","form-check-label"),o(g,"for","repo"),o(m,"class","form-check"),o(f,"class","form-check-input"),o(f,"type","radio"),f.__value="org",f.value=f.__value,o(f,"id","org"),o(C,"class","form-check-label"),o(C,"for","org"),o(E,"class","form-check"),o(l,"class","px-3 py-3"),b.p(u,f)},m(A,y){H(A,t,y),H(A,r,y),H(A,l,y),n(l,i),n(l,p),n(l,c),n(l,a),n(l,m),n(m,u),u.checked=u.__value===e[4],n(m,k),n(m,g),n(l,_),n(l,E),n(E,f),f.checked=f.__value===e[4],n(E,S),n(E,C),v||(T=[P(u,"change",e[31]),P(f,"change",e[32])],v=!0)},p(A,y){y[0]&16&&(u.checked=u.__value===A[4]),y[0]&16&&(f.checked=f.__value===A[4])},d(A){A&&O(t),A&&O(r),A&&O(l),b.r(),v=!1,ne(T)}}}function ut(e){let t,r,l;return{c(){t=s("div"),r=z(e[10]),o(t,"class",l="alert alert-"+(e[9]?"success":"danger")),o(t,"role","alert")},m(i,p){H(i,t,p),n(t,r)},p(i,p){p[0]&1024&&be(r,i[10]),p[0]&512&&l!==(l="alert alert-"+(i[9]?"success":"danger"))&&o(t,"class",l)},d(i){i&&O(t)}}}function at(e){let t;return{c(){t=s("p"),t.textContent="This button will be enabled once all the questions above are answered."},m(r,l){H(r,t,l)},p:he,d(r){r&&O(t)}}}function Ue(e){let t,r,l,i,p,c;return{c(){t=s("p"),r=s("b"),r.textContent="WARNING:",l=z(" using a public app means anyone with access to "),i=s("code"),p=z(e[1]),c=z(`
               can use the runners you're setting up now. Anyone can create a workflow that will run on those runners,
               have access to their instance profile, and be part of their security group. Consider the security
-              implications before continuing.`),r(o,"class","text-danger")},m(c,g){T(c,t,g),i(t,o),i(t,n),i(t,l),i(l,p),i(t,a)},p(c,g){g&2&&ce(p,c[1])},d(c){c&&C(t)}}}function st(e){let t,o,n,l,p,a,c,g,u,h,v,f,S,k,A,E,_,m,w,I,O,H,d,N,J,ie,x,ee,te,ne,D,B,pe,fe,K,oe=Ue(e[2])+"",de,re,Ee,W,F,se,ue,_e,he,Ae,P=e[0]==="ghes"&&Oe(e),L=e[0]&&Ie(e);function Ce(y,R){if(y[2]==="newApp")return it;if(y[2]==="existingApp")return lt;if(y[2]==="pat")return nt}let Y=Ce(e),U=Y&&Y(e);function Se(y,R){return y[9]===void 0?rt:ot}let ae=Se(e),M=ae(e),$=e[10].public&&e[2]==="newApp"&&Pe(e);return _e=ye(e[13][2]),{c(){t=s("main"),o=s("div"),n=s("div"),l=s("form"),p=s("h1"),p.textContent="Setup GitHub Runners",a=b(),c=s("p"),g=G(`Answer all the questions on this page to automatically configure GitHub integration and get the
+              implications before continuing.`),o(r,"class","text-danger")},m(a,m){H(a,t,m),n(t,r),n(t,l),n(t,i),n(i,p),n(t,c)},p(a,m){m[0]&2&&be(p,a[1])},d(a){a&&O(t)}}}function ct(e){let t,r,l,i,p,c,a,m,u,k,g,_,E,f,S,C,b,v,T,A,y,N,h,R,B,G,le,$,ie,x,oe,re,U,ee,Z,K,te=Be(e[2])+"",q,se,ae,Y,Q,ue,I,F,ve,Se,D=e[0]==="ghes"&&Ie(e),M=e[0]&&ze(e);function Te(w,L){if(w[2]==="newApp")return st;if(w[2]==="existingApp")return rt;if(w[2]==="pat")return ot}let ce=Te(e),W=ce&&ce(e),J=e[3]==="org"&&e[2]==="newApp"&&Le(e);function Oe(w,L){return w[10]===void 0?at:ut}let ge=Oe(e),V=ge(e),j=e[11].public&&e[2]==="newApp"&&Ue(e);return F=me(e[16][3]),{c(){t=s("main"),r=s("div"),l=s("div"),i=s("form"),p=s("h1"),p.textContent="Setup GitHub Runners",c=d(),a=s("p"),m=z(`Answer all the questions on this page to automatically configure GitHub integration and get the
           runners working. This page will not be accessible once you complete this operation. If you ever want
-          to access it again, edit `),u=s("code"),u.textContent=`${ut}`,h=G(" and run the status function again."),v=b(),f=s("h3"),f.textContent="Choose GitHub Instance",S=b(),k=s("div"),A=s("p"),A.textContent=`Are your repositories hosted on GitHub.com or are you using an on-premise installation of GitHub
-            Enterprise Server?`,E=b(),_=s("div"),m=s("input"),w=b(),I=s("label"),I.textContent="GitHub.com",O=b(),H=s("div"),d=s("input"),N=b(),J=s("label"),J.textContent="GitHub Enterprise Server",ie=b(),P&&P.c(),x=b(),L&&L.c(),ee=b(),U&&U.c(),te=b(),ne=s("h2"),ne.textContent="Finish Setup",D=b(),B=s("div"),M.c(),pe=b(),$&&$.c(),fe=b(),K=s("button"),de=G(oe),Ee=b(),W=s("form"),F=s("input"),r(m,"class","form-check-input"),r(m,"type","radio"),m.__value="github.com",m.value=m.__value,r(m,"id","github.com"),r(I,"class","form-check-label"),r(I,"for","github.com"),r(_,"class","form-check"),r(d,"class","form-check-input"),r(d,"type","radio"),d.__value="ghes",d.value=d.__value,r(d,"id","ghes"),r(J,"class","form-check-label"),r(J,"for","ghes"),r(H,"class","form-check"),r(k,"class","px-3 py-3"),r(K,"type","submit"),r(K,"class","btn btn-success"),K.disabled=re=Le(e[0],e[2],e[5],e[6],e[7],e[8]),r(B,"class","px-3 py-3"),r(l,"class","col"),r(n,"class","row"),r(o,"class","container py-3 px-2"),r(F,"type","hidden"),r(F,"name","manifest"),F.value=se=JSON.stringify(e[10]),r(W,"action",ue="https://"+e[1]+"/"+(e[3]==="org"?`organizations/${e[4]}/`:"")+"settings/apps/new?state="+ke),r(W,"method","post"),r(W,"id","appform"),_e.p(m,d)},m(y,R){T(y,t,R),i(t,o),i(o,n),i(n,l),i(l,p),i(l,a),i(l,c),i(c,g),i(c,u),i(c,h),i(l,v),i(l,f),i(l,S),i(l,k),i(k,A),i(k,E),i(k,_),i(_,m),m.checked=m.__value===e[0],i(_,w),i(_,I),i(k,O),i(k,H),i(H,d),d.checked=d.__value===e[0],i(H,N),i(H,J),i(l,ie),P&&P.m(l,null),i(l,x),L&&L.m(l,null),i(l,ee),U&&U.m(l,null),i(l,te),i(l,ne),i(l,D),i(l,B),M.m(B,null),i(B,pe),$&&$.m(B,null),i(B,fe),i(B,K),i(K,de),i(t,Ee),i(t,W),i(W,F),he||(Ae=[z(m,"change",e[12]),z(d,"change",e[14]),z(l,"submit",e[11])],he=!0)},p(y,[R]){R&1&&(m.checked=m.__value===y[0]),R&1&&(d.checked=d.__value===y[0]),y[0]==="ghes"?P?P.p(y,R):(P=Oe(y),P.c(),P.m(l,x)):P&&(P.d(1),P=null),y[0]?L?L.p(y,R):(L=Ie(y),L.c(),L.m(l,ee)):L&&(L.d(1),L=null),Y===(Y=Ce(y))&&U?U.p(y,R):(U&&U.d(1),U=Y&&Y(y),U&&(U.c(),U.m(l,te))),ae===(ae=Se(y))&&M?M.p(y,R):(M.d(1),M=ae(y),M&&(M.c(),M.m(B,pe))),y[10].public&&y[2]==="newApp"?$?$.p(y,R):($=Pe(y),$.c(),$.m(B,fe)):$&&($.d(1),$=null),R&4&&oe!==(oe=Ue(y[2])+"")&&ce(de,oe),R&485&&re!==(re=Le(y[0],y[2],y[5],y[6],y[7],y[8]))&&(K.disabled=re),R&1024&&se!==(se=JSON.stringify(y[10]))&&(F.value=se),R&26&&ue!==(ue="https://"+y[1]+"/"+(y[3]==="org"?`organizations/${y[4]}/`:"")+"settings/apps/new?state="+ke)&&r(W,"action",ue)},i:X,o:X,d(y){y&&C(t),P&&P.d(),L&&L.d(),U&&U.d(),M.d(),$&&$.d(),_e.r(),he=!1,q(Ae)}}}const ut="INSERT_SECRET_ARN_HERE",ke="INSERT_TOKEN_HERE";function Le(e,t,o,n,l,p){return p||e===void 0||t===void 0?!0:t==="newApp"?!1:t==="existingApp"?o===""||n==="":t==="pat"?l==="":(console.error("Something is broken",e,t,o),!0)}function Ue(e){return e==="newApp"?"Create GitHub App":"Setup"}function be(e,t){return new Promise((o,n)=>{fetch(`${e}?token=${ke}`,{method:"POST",mode:"same-origin",headers:{"Content-Type":"application/json"},body:JSON.stringify(t),redirect:"error"}).then(l=>{l.ok?l.text().then(o).catch(n):l.text().then(p=>{n(new Error(`${p} [${l.status}]`))}).catch(n)}).catch(n)})}function at(e,t,o){let n,l="INSERT_DOMAIN_HERE",p,a="user",c="ORGANIZATION",g="",u="",h="",v,f;const S={url:"https://github.com/CloudSnorkel/cdk-github-runners",hook_attributes:{url:"INSERT_WEBHOOK_URL_HERE"},redirect_url:"INSERT_BASE_URL_HERE/complete-new-app",public:!1,default_permissions:{actions:"write",administration:"write",deployments:"read"},default_events:["workflow_job"]};function k(te){te.preventDefault();function ne(){const D=n==="ghes"?l:"github.com";switch(p){case"newApp":return be("domain",{domain:D}).then(B=>(document.getElementById("appform").submit(),Promise.resolve("Redirecting to GitHub...")));case"existingApp":return be("app",{appid:g,pk:u,domain:D});case"pat":return be("pat",{pat:h,domain:D})}}ne().then(D=>{o(9,f=D),o(8,v=!0)}).catch(D=>{o(9,f=`${D}`),o(8,v=!1)})}const A=[[],[],[]];function E(){n=this.__value,o(0,n)}function _(){n=this.__value,o(0,n)}function m(){l=this.value,o(1,l)}function w(){p=this.__value,o(2,p)}function I(){p=this.__value,o(2,p)}function O(){p=this.__value,o(2,p)}function H(){a=this.__value,o(3,a)}function d(){a=this.__value,o(3,a)}function N(){S.public=this.checked,o(10,S)}function J(){c=this.value,o(4,c)}function ie(){g=Be(this.value),o(5,g)}function x(){u=this.value,o(6,u)}function ee(){h=this.value,o(7,h)}return[n,l,p,a,c,g,u,h,v,f,S,k,E,A,_,m,w,I,O,H,d,N,J,ie,x,ee]}class ct extends tt{constructor(t){super(),et(this,t,at,st,Me,{})}}new ct({target:document.getElementById("app")});
+          to access it again, edit `),u=s("code"),u.textContent=`${pt}`,k=z(" and run the status function again."),g=d(),_=s("h3"),_.textContent="Choose GitHub Instance",E=d(),f=s("div"),S=s("p"),S.textContent=`Are your repositories hosted on GitHub.com or are you using an on-premise installation of GitHub
+            Enterprise Server?`,C=d(),b=s("div"),v=s("input"),T=d(),A=s("label"),A.textContent="GitHub.com",y=d(),N=s("div"),h=s("input"),R=d(),B=s("label"),B.textContent="GitHub Enterprise Server",G=d(),D&&D.c(),le=d(),M&&M.c(),$=d(),W&&W.c(),ie=d(),J&&J.c(),x=d(),oe=s("h2"),oe.textContent="Finish Setup",re=d(),U=s("div"),V.c(),ee=d(),j&&j.c(),Z=d(),K=s("button"),q=z(te),ae=d(),Y=s("form"),Q=s("input"),o(v,"class","form-check-input"),o(v,"type","radio"),v.__value="github.com",v.value=v.__value,o(v,"id","github.com"),o(A,"class","form-check-label"),o(A,"for","github.com"),o(b,"class","form-check"),o(h,"class","form-check-input"),o(h,"type","radio"),h.__value="ghes",h.value=h.__value,o(h,"id","ghes"),o(B,"class","form-check-label"),o(B,"for","ghes"),o(N,"class","form-check"),o(f,"class","px-3 py-3"),o(K,"type","submit"),o(K,"class","btn btn-success"),K.disabled=se=qe(e[0],e[2],e[6],e[7],e[4],e[8],e[9]),o(U,"class","px-3 py-3"),o(i,"class","col"),o(l,"class","row"),o(r,"class","container py-3 px-2"),o(Q,"type","hidden"),o(Q,"name","manifest"),Q.value=ue=JSON.stringify(e[11]),o(Y,"action",I="https://"+e[1]+"/"+(e[3]==="org"?`organizations/${e[5]}/`:"")+"settings/apps/new?state="+Ee),o(Y,"method","post"),o(Y,"id","appform"),F.p(v,h)},m(w,L){H(w,t,L),n(t,r),n(r,l),n(l,i),n(i,p),n(i,c),n(i,a),n(a,m),n(a,u),n(a,k),n(i,g),n(i,_),n(i,E),n(i,f),n(f,S),n(f,C),n(f,b),n(b,v),v.checked=v.__value===e[0],n(b,T),n(b,A),n(f,y),n(f,N),n(N,h),h.checked=h.__value===e[0],n(N,R),n(N,B),n(i,G),D&&D.m(i,null),n(i,le),M&&M.m(i,null),n(i,$),W&&W.m(i,null),n(i,ie),J&&J.m(i,null),n(i,x),n(i,oe),n(i,re),n(i,U),V.m(U,null),n(U,ee),j&&j.m(U,null),n(U,Z),n(U,K),n(K,q),n(t,ae),n(t,Y),n(Y,Q),ve||(Se=[P(v,"change",e[15]),P(h,"change",e[17]),P(i,"submit",e[14])],ve=!0)},p(w,L){L[0]&1&&(v.checked=v.__value===w[0]),L[0]&1&&(h.checked=h.__value===w[0]),w[0]==="ghes"?D?D.p(w,L):(D=Ie(w),D.c(),D.m(i,le)):D&&(D.d(1),D=null),w[0]?M?M.p(w,L):(M=ze(w),M.c(),M.m(i,$)):M&&(M.d(1),M=null),ce===(ce=Te(w))&&W?W.p(w,L):(W&&W.d(1),W=ce&&ce(w),W&&(W.c(),W.m(i,ie))),w[3]==="org"&&w[2]==="newApp"?J?J.p(w,L):(J=Le(w),J.c(),J.m(i,x)):J&&(J.d(1),J=null),ge===(ge=Oe(w))&&V?V.p(w,L):(V.d(1),V=ge(w),V&&(V.c(),V.m(U,ee))),w[11].public&&w[2]==="newApp"?j?j.p(w,L):(j=Ue(w),j.c(),j.m(U,Z)):j&&(j.d(1),j=null),L[0]&4&&te!==(te=Be(w[2])+"")&&be(q,te),L[0]&981&&se!==(se=qe(w[0],w[2],w[6],w[7],w[4],w[8],w[9]))&&(K.disabled=se),L[0]&2048&&ue!==(ue=JSON.stringify(w[11]))&&(Q.value=ue),L[0]&42&&I!==(I="https://"+w[1]+"/"+(w[3]==="org"?`organizations/${w[5]}/`:"")+"settings/apps/new?state="+Ee)&&o(Y,"action",I)},i:he,o:he,d(w){w&&O(t),D&&D.d(),M&&M.d(),W&&W.d(),J&&J.d(),V.d(),j&&j.d(),F.r(),ve=!1,ne(Se)}}}const pt="INSERT_SECRET_ARN_HERE",Ee="INSERT_TOKEN_HERE";function qe(e,t,r,l,i,p,c){return c||e===void 0||t===void 0?!0:t==="newApp"?!1:t==="existingApp"?r===""||l===""||i===void 0:t==="pat"?p==="":(console.error("Something is broken",e,t,r),!0)}function Be(e){return e==="newApp"?"Create GitHub App":"Setup"}function ye(e,t){return new Promise((r,l)=>{fetch(`${e}?token=${Ee}`,{method:"POST",mode:"same-origin",headers:{"Content-Type":"application/json"},body:JSON.stringify(t),redirect:"error"}).then(i=>{i.ok?i.text().then(r).catch(l):i.text().then(p=>{l(new Error(`${p} [${i.status}]`))}).catch(l)}).catch(l)})}function ft(e,t,r){let l,i="INSERT_DOMAIN_HERE",p,c="user",a="repo",m="ORGANIZATION",u="",k="",g="",_,E;const f={actions:"write",administration:"write",deployments:"read"},S={actions:"write",organization_self_hosted_runners:"write",deployments:"read"},C={url:"https://github.com/CloudSnorkel/cdk-github-runners",hook_attributes:{url:"INSERT_WEBHOOK_URL_HERE"},redirect_url:"INSERT_BASE_URL_HERE/complete-new-app",public:!1,default_permissions:f,default_events:["workflow_job"]};function b(K){K.preventDefault();function te(){const q=l==="ghes"?i:"github.com";switch(r(11,C.default_permissions=a==="repo"?f:S,C),p){case"newApp":return ye("domain",{domain:q,runnerLevel:a}).then(se=>(document.getElementById("appform").submit(),Promise.resolve("Redirecting to GitHub...")));case"existingApp":return ye("app",{appid:u,pk:k,domain:q,runnerLevel:a});case"pat":return ye("pat",{pat:g,domain:q})}}te().then(q=>{r(10,E=q),r(9,_=!0)}).catch(q=>{r(10,E=`${q}`),r(9,_=!1)})}const v=[[],[],[],[]];function T(){l=this.__value,r(0,l)}function A(){l=this.__value,r(0,l)}function y(){i=this.value,r(1,i)}function N(){p=this.__value,r(2,p)}function h(){p=this.__value,r(2,p)}function R(){p=this.__value,r(2,p)}function B(){c=this.__value,r(3,c)}function G(){c=this.__value,r(3,c)}function le(){C.public=this.checked,r(11,C)}function $(){m=this.value,r(5,m)}function ie(){u=We(this.value),r(6,u)}function x(){k=this.value,r(7,k)}function oe(){a=this.__value,r(4,a)}function re(){a=this.__value,r(4,a)}function U(){g=this.value,r(8,g)}function ee(){a=this.__value,r(4,a)}function Z(){a=this.__value,r(4,a)}return[l,i,p,c,a,m,u,k,g,_,E,C,f,S,b,T,v,A,y,N,h,R,B,G,le,$,ie,x,oe,re,U,ee,Z]}class dt extends it{constructor(t){super(),lt(this,t,ft,ct,je,{},null,[-1,-1])}}new dt({target:document.getElementById("app")});
 </script>
     <style>

package/assets/setup.lambda/index.js CHANGED Viewed

@@ -10495,8 +10495,12 @@ async function handleDomain(event) {
   if (!body.domain) {
     return response(400, "Invalid domain");
   }
+  if (body.runnerLevel !== "repo" && body.runnerLevel !== "org") {
+    return response(400, "Invalid runner registration level");
+  }
   const githubSecrets = await getSecretJsonValue(process.env.GITHUB_SECRET_ARN);
   githubSecrets.domain = body.domain;
+  githubSecrets.runnerLevel = body.runnerLevel;
   await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify(githubSecrets));
   return response(200, "Domain set");
 }
@@ -10508,7 +10512,8 @@ async function handlePat(event) {
   await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify({
     domain: body.domain,
     appId: -1,
-    personalAuthToken: body.pat
+    personalAuthToken: body.pat,
+    runnerLevel: "repo"
   }));
   await updateSecretValue(process.env.SETUP_SECRET_ARN, JSON.stringify({ token: "" }));
   return response(200, "Personal access token set");
@@ -10524,11 +10529,10 @@ async function handleNewApp(event) {
   const githubSecrets = await getSecretJsonValue(process.env.GITHUB_SECRET_ARN);
   const baseUrl = baseUrlFromDomain(githubSecrets.domain);
   const newApp = await new import_rest.Octokit({ baseUrl }).rest.apps.createFromManifest({ code });
-  await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify({
-    domain: new URL(newApp.data.html_url).host,
-    appId: newApp.data.id,
-    personalAuthToken: ""
-  }));
+  githubSecrets.appId = newApp.data.id;
+  githubSecrets.domain = new URL(newApp.data.html_url).host;
+  githubSecrets.personalAuthToken = "";
+  await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify(githubSecrets));
   await updateSecretValue(process.env.GITHUB_PRIVATE_KEY_SECRET_ARN, newApp.data.pem);
   await updateSecretValue(process.env.WEBHOOK_SECRET_ARN, JSON.stringify({
     webhookSecret: newApp.data.webhook_secret
@@ -10538,13 +10542,14 @@ async function handleNewApp(event) {
 }
 async function handleExistingApp(event) {
   const body = decodeBody(event);
-  if (!body.appid || !body.pk || !body.domain) {
+  if (!body.appid || !body.pk || !body.domain || body.runnerLevel !== "repo" && body.runnerLevel !== "org") {
     return response(400, "Missing fields");
   }
   await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify({
     domain: body.domain,
     appId: body.appid,
-    personalAuthToken: ""
+    personalAuthToken: "",
+    runnerLevel: body.runnerLevel
   }));
   await updateSecretValue(process.env.GITHUB_PRIVATE_KEY_SECRET_ARN, body.pk);
   await updateSecretValue(process.env.SETUP_SECRET_ARN, JSON.stringify({ token: "" }));

package/assets/status.lambda/index.js CHANGED Viewed

@@ -15170,6 +15170,7 @@ async function handler(event) {
         secretUrl: secretArnToUrl(process.env.SETUP_SECRET_ARN)
       },
       domain: "Unknown",
+      runnerLevel: "Unknown",
       webhook: {
         url: process.env.WEBHOOK_URL,
         status: "Unable to check",
@@ -15250,6 +15251,7 @@ async function handler(event) {
   }
   let baseUrl = baseUrlFromDomain(githubSecrets.domain);
   status.github.domain = githubSecrets.domain;
+  status.github.runnerLevel = githubSecrets.runnerLevel ?? "repo";
   if (githubSecrets.personalAuthToken) {
     status.github.auth.type = "Personal Access Token";
     status.github.auth.personalAuthToken = "*redacted*";