@cloudsnorkel/cdk-github-runners 0.3.0 → 0.3.1

package/.jsii

@@ -3167,6 +3167,29 @@
         "line": 149
       },
       "methods": [
+        {
+          "docs": {
+            "remarks": "All first party Dockerfiles support this. Others may not.",
+            "stability": "experimental",
+            "summary": "Add extra trusted certificates. This helps deal with self-signed certificates for GitHub Enterprise Server."
+          },
+          "locationInModule": {
+            "filename": "src/providers/image-builders/codebuild.ts",
+            "line": 271
+          },
+          "name": "addExtraCertificates",
+          "parameters": [
+            {
+              "docs": {
+                "summary": "path to directory containing a file called certs.pem containing all the required certificates."
+              },
+              "name": "path",
+              "type": {
+                "primitive": "string"
+              }
+            }
+          ]
+        },
         {
           "docs": {
             "stability": "experimental",
@@ -3271,7 +3294,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/image-builders/codebuild.ts",
-            "line": 267
+            "line": 281
           },
           "name": "bind",
           "overrides": "@cloudsnorkel/cdk-github-runners.IImageBuilder",
@@ -4421,7 +4444,7 @@
       "assembly": "@cloudsnorkel/cdk-github-runners",
       "base": "constructs.Construct",
       "docs": {
-        "remarks": "It creates a webhook, secrets, and a step function to orchestrate all runs. Secrets are not automatically filled. See README.md for instructions on how to setup GitHub integration.\n\nBy default, this will create a runner provider of each available type with the defaults. This is good enough for the initial setup stage when you just want to get GitHub integration working.\n\n```typescript\nnew GitHubRunners(stack, 'runners', {});\n```\n\nUsually you'd want to configure the runner providers so the runners can run in a certain VPC or have certain permissions.\n\n```typescript\nconst vpc = ec2.Vpc.fromLookup(stack, 'vpc', { vpcId: 'vpc-1234567' });\nconst runnerSg = new ec2.SecurityGroup(stack, 'runner security group', { vpc: vpc });\nconst dbSg = ec2.SecurityGroup.fromSecurityGroupId(stack, 'database security group', 'sg-1234567');\nconst bucket = new s3.Bucket(stack, 'runner bucket');\n\n// create a custom CodeBuild provider\nconst myProvider = new CodeBuildRunner(\n   stack, 'codebuild runner',\n   {\n      label: 'my-codebuild',\n      vpc: vpc,\n      securityGroup: runnerSg,\n   },\n);\n// grant some permissions to the provider\nbucket.grantReadWrite(myProvider);\ndbSg.connections.allowFrom(runnerSg, ec2.Port.tcp(3306), 'allow runners to connect to MySQL database');\n\n// create the runner infrastructure\nnew GitHubRunners(\n   stack,\n   'runners',\n   {\n     providers: [myProvider],\n   }\n);\n```",
+        "remarks": "It creates a webhook, secrets, and a step function to orchestrate all runs. Secrets are not automatically filled. See README.md for instructions on how to setup GitHub integration.\n\nBy default, this will create a runner provider of each available type with the defaults. This is good enough for the initial setup stage when you just want to get GitHub integration working.\n\n```typescript\nnew GitHubRunners(this, 'runners');\n```\n\nUsually you'd want to configure the runner providers so the runners can run in a certain VPC or have certain permissions.\n\n```typescript\nconst vpc = ec2.Vpc.fromLookup(this, 'vpc', { vpcId: 'vpc-1234567' });\nconst runnerSg = new ec2.SecurityGroup(this, 'runner security group', { vpc: vpc });\nconst dbSg = ec2.SecurityGroup.fromSecurityGroupId(this, 'database security group', 'sg-1234567');\nconst bucket = new s3.Bucket(this, 'runner bucket');\n\n// create a custom CodeBuild provider\nconst myProvider = new CodeBuildRunner(\n   this, 'codebuild runner',\n   {\n      label: 'my-codebuild',\n      vpc: vpc,\n      securityGroup: runnerSg,\n   },\n);\n// grant some permissions to the provider\nbucket.grantReadWrite(myProvider);\ndbSg.connections.allowFrom(runnerSg, ec2.Port.tcp(3306), 'allow runners to connect to MySQL database');\n\n// create the runner infrastructure\nnew GitHubRunners(\n   this,\n   'runners',\n   {\n     providers: [myProvider],\n   }\n);\n```",
         "stability": "experimental",
         "summary": "Create all the required infrastructure to provide self-hosted GitHub runners."
       },
@@ -4432,7 +4455,7 @@
         },
         "locationInModule": {
           "filename": "src/runner.ts",
-          "line": 83
+          "line": 140
         },
         "parameters": [
           {
@@ -4459,7 +4482,7 @@
       "kind": "class",
       "locationInModule": {
         "filename": "src/runner.ts",
-        "line": 65
+        "line": 120
       },
       "name": "GitHubRunners",
       "properties": [
@@ -4471,7 +4494,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 72
+            "line": 127
           },
           "name": "providers",
           "type": {
@@ -4491,7 +4514,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 77
+            "line": 132
           },
           "name": "secrets",
           "type": {
@@ -4512,10 +4535,47 @@
       "kind": "interface",
       "locationInModule": {
         "filename": "src/runner.ts",
-        "line": 16
+        "line": 22
       },
       "name": "GitHubRunnersProps",
       "properties": [
+        {
+          "abstract": true,
+          "docs": {
+            "default": "false",
+            "remarks": "Lambda Functions in a public subnet can NOT access the internet.",
+            "stability": "experimental",
+            "summary": "Allow management functions to run in public subnets."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "src/runner.ts",
+            "line": 45
+          },
+          "name": "allowPublicSubnet",
+          "optional": true,
+          "type": {
+            "primitive": "boolean"
+          }
+        },
+        {
+          "abstract": true,
+          "docs": {
+            "remarks": "You may also want to use custom images for your runner providers that contain the same certificates. See {@link CodeBuildImageBuilder.addCertificates}.\n\n```typescript\nconst imageBuilder = new CodeBuildImageBuilder(this, 'Image Builder with Certs', {\n     dockerfilePath: CodeBuildRunner.LINUX_X64_DOCKERFILE_PATH,\n});\nimageBuilder.addExtraCertificates('path-to-my-extra-certs-folder');\n\nconst provider = new CodeBuildRunner(this, 'CodeBuild', {\n     imageBuilder: imageBuilder,\n});\n\nnew GitHubRunners(\n   this,\n   'runners',\n   {\n     providers: [provider],\n     extraCertificates: 'path-to-my-extra-certs-folder',\n   }\n);\n```",
+            "stability": "experimental",
+            "summary": "Path to a directory containing a file named certs.pem containing any additional certificates required to trust GitHub Enterprise Server. Use this when GitHub Enterprise Server certificates are self-signed."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "src/runner.ts",
+            "line": 77
+          },
+          "name": "extraCertificates",
+          "optional": true,
+          "type": {
+            "primitive": "string"
+          }
+        },
         {
           "abstract": true,
           "docs": {
@@ -4527,7 +4587,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 22
+            "line": 28
           },
           "name": "providers",
           "optional": true,
@@ -4539,6 +4599,60 @@
               "kind": "array"
             }
           }
+        },
+        {
+          "abstract": true,
+          "docs": {
+            "remarks": "Use this with to provide access to GitHub Enterprise Server hosted inside a VPC.",
+            "stability": "experimental",
+            "summary": "Security group attached to all management functions."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "src/runner.ts",
+            "line": 50
+          },
+          "name": "securityGroup",
+          "optional": true,
+          "type": {
+            "fqn": "aws-cdk-lib.aws_ec2.ISecurityGroup"
+          }
+        },
+        {
+          "abstract": true,
+          "docs": {
+            "remarks": "Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.",
+            "stability": "experimental",
+            "summary": "VPC used for all management functions."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "src/runner.ts",
+            "line": 33
+          },
+          "name": "vpc",
+          "optional": true,
+          "type": {
+            "fqn": "aws-cdk-lib.aws_ec2.IVpc"
+          }
+        },
+        {
+          "abstract": true,
+          "docs": {
+            "remarks": "Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.",
+            "stability": "experimental",
+            "summary": "VPC subnets used for all management functions."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "src/runner.ts",
+            "line": 38
+          },
+          "name": "vpcSubnets",
+          "optional": true,
+          "type": {
+            "fqn": "aws-cdk-lib.aws_ec2.SubnetSelection"
+          }
         }
       ],
       "symbolId": "src/runner:GitHubRunnersProps"
@@ -5740,6 +5854,6 @@
       "symbolId": "src/providers/image-builders/static:StaticRunnerImage"
     }
   },
-  "version": "0.3.0",
-  "fingerprint": "BbcPeU/UMTYhijuLgnABdbWc76bh1KhE/IYBv9sCMz8="
+  "version": "0.3.1",
+  "fingerprint": "mO1CotXTw7dyIyYAuK+dlrSJ0ioDpaMEfXc4kKbJBvY="
 }

package/API.md

@@ -68,6 +68,7 @@ new CodeBuildImageBuilder(scope: Construct, id: string, props: CodeBuildImageBui
 | **Name** | **Description** |
 | --- | --- |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.CodeBuildImageBuilder.toString">toString</a></code> | Returns a string representation of this construct. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.CodeBuildImageBuilder.addExtraCertificates">addExtraCertificates</a></code> | Add extra trusted certificates. This helps deal with self-signed certificates for GitHub Enterprise Server. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.CodeBuildImageBuilder.addFiles">addFiles</a></code> | Uploads a folder to the build server at a given folder name. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.CodeBuildImageBuilder.addPolicyStatement">addPolicyStatement</a></code> | Add a policy statement to the builder to access resources required to the image build. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.CodeBuildImageBuilder.addPostBuildCommand">addPostBuildCommand</a></code> | Adds a command that runs after `docker build` and `docker push`. |
@@ -85,6 +86,24 @@ public toString(): string
 
 Returns a string representation of this construct.
 
+##### `addExtraCertificates` <a name="addExtraCertificates" id="@cloudsnorkel/cdk-github-runners.CodeBuildImageBuilder.addExtraCertificates"></a>
+
+```typescript
+public addExtraCertificates(path: string): void
+```
+
+Add extra trusted certificates. This helps deal with self-signed certificates for GitHub Enterprise Server.
+
+All first party Dockerfiles support this. Others may not.
+
+###### `path`<sup>Required</sup> <a name="path" id="@cloudsnorkel/cdk-github-runners.CodeBuildImageBuilder.addExtraCertificates.parameter.path"></a>
+
+- *Type:* string
+
+path to directory containing a file called certs.pem containing all the required certificates.
+
+---
+
 ##### `addFiles` <a name="addFiles" id="@cloudsnorkel/cdk-github-runners.CodeBuildImageBuilder.addFiles"></a>
 
 ```typescript
@@ -814,20 +833,20 @@ It creates a webhook, secrets, and a step function to orchestrate all runs. Secr
 By default, this will create a runner provider of each available type with the defaults. This is good enough for the initial setup stage when you just want to get GitHub integration working.
 
 ```typescript
-new GitHubRunners(stack, 'runners', {});
+new GitHubRunners(this, 'runners');
 ```
 
 Usually you'd want to configure the runner providers so the runners can run in a certain VPC or have certain permissions.
 
 ```typescript
-const vpc = ec2.Vpc.fromLookup(stack, 'vpc', { vpcId: 'vpc-1234567' });
-const runnerSg = new ec2.SecurityGroup(stack, 'runner security group', { vpc: vpc });
-const dbSg = ec2.SecurityGroup.fromSecurityGroupId(stack, 'database security group', 'sg-1234567');
-const bucket = new s3.Bucket(stack, 'runner bucket');
+const vpc = ec2.Vpc.fromLookup(this, 'vpc', { vpcId: 'vpc-1234567' });
+const runnerSg = new ec2.SecurityGroup(this, 'runner security group', { vpc: vpc });
+const dbSg = ec2.SecurityGroup.fromSecurityGroupId(this, 'database security group', 'sg-1234567');
+const bucket = new s3.Bucket(this, 'runner bucket');
 
 // create a custom CodeBuild provider
 const myProvider = new CodeBuildRunner(
-   stack, 'codebuild runner',
+   this, 'codebuild runner',
    {
       label: 'my-codebuild',
       vpc: vpc,
@@ -840,7 +859,7 @@ dbSg.connections.allowFrom(runnerSg, ec2.Port.tcp(3306), 'allow runners to conne
 
 // create the runner infrastructure
 new GitHubRunners(
-   stack,
+   this,
    'runners',
    {
      providers: [myProvider],
@@ -1962,7 +1981,61 @@ const gitHubRunnersProps: GitHubRunnersProps = { ... }
 
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.allowPublicSubnet">allowPublicSubnet</a></code> | <code>boolean</code> | Allow management functions to run in public subnets. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.extraCertificates">extraCertificates</a></code> | <code>string</code> | Path to a directory containing a file named certs.pem containing any additional certificates required to trust GitHub Enterprise Server. Use this when GitHub Enterprise Server certificates are self-signed. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.providers">providers</a></code> | <code><a href="#@cloudsnorkel/cdk-github-runners.IRunnerProvider">IRunnerProvider</a>[]</code> | List of runner providers to use. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.securityGroup">securityGroup</a></code> | <code>aws-cdk-lib.aws_ec2.ISecurityGroup</code> | Security group attached to all management functions. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.vpc">vpc</a></code> | <code>aws-cdk-lib.aws_ec2.IVpc</code> | VPC used for all management functions. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.vpcSubnets">vpcSubnets</a></code> | <code>aws-cdk-lib.aws_ec2.SubnetSelection</code> | VPC subnets used for all management functions. |
+
+---
+
+##### `allowPublicSubnet`<sup>Optional</sup> <a name="allowPublicSubnet" id="@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.allowPublicSubnet"></a>
+
+```typescript
+public readonly allowPublicSubnet: boolean;
+```
+
+- *Type:* boolean
+- *Default:* false
+
+Allow management functions to run in public subnets.
+
+Lambda Functions in a public subnet can NOT access the internet.
+
+---
+
+##### `extraCertificates`<sup>Optional</sup> <a name="extraCertificates" id="@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.extraCertificates"></a>
+
+```typescript
+public readonly extraCertificates: string;
+```
+
+- *Type:* string
+
+Path to a directory containing a file named certs.pem containing any additional certificates required to trust GitHub Enterprise Server. Use this when GitHub Enterprise Server certificates are self-signed.
+
+You may also want to use custom images for your runner providers that contain the same certificates. See {@link CodeBuildImageBuilder.addCertificates}.
+
+```typescript
+const imageBuilder = new CodeBuildImageBuilder(this, 'Image Builder with Certs', {
+     dockerfilePath: CodeBuildRunner.LINUX_X64_DOCKERFILE_PATH,
+});
+imageBuilder.addExtraCertificates('path-to-my-extra-certs-folder');
+
+const provider = new CodeBuildRunner(this, 'CodeBuild', {
+     imageBuilder: imageBuilder,
+});
+
+new GitHubRunners(
+   this,
+   'runners',
+   {
+     providers: [provider],
+     extraCertificates: 'path-to-my-extra-certs-folder',
+   }
+);
+```
 
 ---
 
@@ -1981,6 +2054,48 @@ At least one provider is required. Provider will be selected when its label matc
 
 ---
 
+##### `securityGroup`<sup>Optional</sup> <a name="securityGroup" id="@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.securityGroup"></a>
+
+```typescript
+public readonly securityGroup: ISecurityGroup;
+```
+
+- *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup
+
+Security group attached to all management functions.
+
+Use this with to provide access to GitHub Enterprise Server hosted inside a VPC.
+
+---
+
+##### `vpc`<sup>Optional</sup> <a name="vpc" id="@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.vpc"></a>
+
+```typescript
+public readonly vpc: IVpc;
+```
+
+- *Type:* aws-cdk-lib.aws_ec2.IVpc
+
+VPC used for all management functions.
+
+Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.
+
+---
+
+##### `vpcSubnets`<sup>Optional</sup> <a name="vpcSubnets" id="@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.vpcSubnets"></a>
+
+```typescript
+public readonly vpcSubnets: SubnetSelection;
+```
+
+- *Type:* aws-cdk-lib.aws_ec2.SubnetSelection
+
+VPC subnets used for all management functions.
+
+Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.
+
+---
+
 ### LambdaRunnerProps <a name="LambdaRunnerProps" id="@cloudsnorkel/cdk-github-runners.LambdaRunnerProps"></a>
 
 #### Initializer <a name="Initializer" id="@cloudsnorkel/cdk-github-runners.LambdaRunnerProps.Initializer"></a>

package/lib/lambdas/delete-runner/index.js

@@ -11386,9 +11386,9 @@ var require_yallist = __commonJS({
   }
 });
 
-// node_modules/lru-cache/index.js
+// node_modules/@octokit/auth-app/node_modules/lru-cache/index.js
 var require_lru_cache = __commonJS({
-  "node_modules/lru-cache/index.js"(exports2, module2) {
+  "node_modules/@octokit/auth-app/node_modules/lru-cache/index.js"(exports2, module2) {
     "use strict";
     var Yallist = require_yallist();
     var MAX = Symbol("max");