@cloudsnorkel/cdk-github-runners 0.3.2 → 0.5.0

package/lib/lambdas/setup/index.js

@@ -16,7 +16,10 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, mod));
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 
 // node_modules/universal-user-agent/dist-node/index.js
 var require_dist_node = __commonJS({
@@ -6089,11 +6092,14 @@ var require_lib3 = __commonJS({
       blob() {
         let ct = this.headers && this.headers.get("content-type") || "";
         return consumeBody.call(this).then(function(buf) {
-          return Object.assign(new Blob([], {
-            type: ct.toLowerCase()
-          }), {
-            [BUFFER]: buf
-          });
+          return Object.assign(
+            new Blob([], {
+              type: ct.toLowerCase()
+            }),
+            {
+              [BUFFER]: buf
+            }
+          );
         });
       },
       json() {
@@ -7150,12 +7156,15 @@ var require_dist_node5 = __commonJS({
       let status;
       let url;
       const fetch = requestOptions.request && requestOptions.request.fetch || nodeFetch;
-      return fetch(requestOptions.url, Object.assign({
-        method: requestOptions.method,
-        body: requestOptions.body,
-        headers: requestOptions.headers,
-        redirect: requestOptions.redirect
-      }, requestOptions.request)).then(async (response2) => {
+      return fetch(requestOptions.url, Object.assign(
+        {
+          method: requestOptions.method,
+          body: requestOptions.body,
+          headers: requestOptions.headers,
+          redirect: requestOptions.redirect
+        },
+        requestOptions.request
+      )).then(async (response2) => {
         url = response2.url;
         status = response2.status;
         for (const keyAndValue of response2.headers) {
@@ -8885,6 +8894,9 @@ async function handleRoot(event, setupToken) {
 }
 function decodeBody(event) {
   let body = event.body;
+  if (!body) {
+    throw new Error("No body found");
+  }
   if (event.isBase64Encoded) {
     body = Buffer.from(body, "base64").toString("utf-8");
   }
@@ -8914,6 +8926,9 @@ async function handlePat(event) {
   return response(200, "Personal access token set");
 }
 async function handleNewApp(event) {
+  if (!event.queryStringParameters) {
+    return response(400, "Invalid code");
+  }
   const code = event.queryStringParameters.code;
   if (!code) {
     return response(400, "Invalid code");

package/lib/lambdas/status/index.js

@@ -16,7 +16,10 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, mod));
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 
 // node_modules/universal-user-agent/dist-node/index.js
 var require_dist_node = __commonJS({
@@ -5951,11 +5954,14 @@ var require_lib3 = __commonJS({
       blob() {
         let ct = this.headers && this.headers.get("content-type") || "";
         return consumeBody.call(this).then(function(buf) {
-          return Object.assign(new Blob([], {
-            type: ct.toLowerCase()
-          }), {
-            [BUFFER]: buf
-          });
+          return Object.assign(
+            new Blob([], {
+              type: ct.toLowerCase()
+            }),
+            {
+              [BUFFER]: buf
+            }
+          );
         });
       },
       json() {
@@ -7012,12 +7018,15 @@ var require_dist_node5 = __commonJS({
       let status;
       let url;
       const fetch = requestOptions.request && requestOptions.request.fetch || nodeFetch;
-      return fetch(requestOptions.url, Object.assign({
-        method: requestOptions.method,
-        body: requestOptions.body,
-        headers: requestOptions.headers,
-        redirect: requestOptions.redirect
-      }, requestOptions.request)).then(async (response) => {
+      return fetch(requestOptions.url, Object.assign(
+        {
+          method: requestOptions.method,
+          body: requestOptions.body,
+          headers: requestOptions.headers,
+          redirect: requestOptions.redirect
+        },
+        requestOptions.request
+      )).then(async (response) => {
         url = response.url;
         status = response.status;
         for (const keyAndValue of response.headers) {
@@ -7391,8 +7400,6 @@ var require_dist_node6 = __commonJS({
         } else {
           if (Object.keys(remainingParameters).length) {
             body = remainingParameters;
-          } else {
-            headers["content-length"] = 0;
           }
         }
       }
@@ -7425,7 +7432,7 @@ var require_dist_node6 = __commonJS({
         parse
       });
     }
-    var VERSION = "7.0.0";
+    var VERSION = "7.0.2";
     var userAgent = `octokit-endpoint.js/${VERSION} ${universalUserAgent.getUserAgent()}`;
     var DEFAULTS = {
       method: "GET",
@@ -7511,7 +7518,7 @@ var require_dist_node8 = __commonJS({
     var isPlainObject = require_is_plain_object();
     var nodeFetch = _interopDefault(require_lib3());
     var requestError = require_dist_node7();
-    var VERSION = "6.2.0";
+    var VERSION = "6.2.1";
     function getBufferResponse(response) {
       return response.arrayBuffer();
     }
@@ -7524,12 +7531,15 @@ var require_dist_node8 = __commonJS({
       let status;
       let url;
       const fetch = requestOptions.request && requestOptions.request.fetch || globalThis.fetch || nodeFetch;
-      return fetch(requestOptions.url, Object.assign({
-        method: requestOptions.method,
-        body: requestOptions.body,
-        headers: requestOptions.headers,
-        redirect: requestOptions.redirect
-      }, requestOptions.request)).then(async (response) => {
+      return fetch(requestOptions.url, Object.assign(
+        {
+          method: requestOptions.method,
+          body: requestOptions.body,
+          headers: requestOptions.headers,
+          redirect: requestOptions.redirect
+        },
+        requestOptions.request
+      )).then(async (response) => {
         url = response.url;
         status = response.status;
         for (const keyAndValue of response.headers) {
@@ -7946,8 +7956,6 @@ var require_dist_node10 = __commonJS({
         } else {
           if (Object.keys(remainingParameters).length) {
             body = remainingParameters;
-          } else {
-            headers["content-length"] = 0;
           }
         }
       }
@@ -7980,7 +7988,7 @@ var require_dist_node10 = __commonJS({
         parse
       });
     }
-    var VERSION = "7.0.0";
+    var VERSION = "7.0.2";
     var userAgent = `octokit-endpoint.js/${VERSION} ${universalUserAgent.getUserAgent()}`;
     var DEFAULTS = {
       method: "GET",
@@ -8066,7 +8074,7 @@ var require_dist_node12 = __commonJS({
     var isPlainObject = require_is_plain_object();
     var nodeFetch = _interopDefault(require_lib3());
     var requestError = require_dist_node11();
-    var VERSION = "6.2.0";
+    var VERSION = "6.2.1";
     function getBufferResponse(response) {
       return response.arrayBuffer();
     }
@@ -8079,12 +8087,15 @@ var require_dist_node12 = __commonJS({
       let status;
       let url;
       const fetch = requestOptions.request && requestOptions.request.fetch || globalThis.fetch || nodeFetch;
-      return fetch(requestOptions.url, Object.assign({
-        method: requestOptions.method,
-        body: requestOptions.body,
-        headers: requestOptions.headers,
-        redirect: requestOptions.redirect
-      }, requestOptions.request)).then(async (response) => {
+      return fetch(requestOptions.url, Object.assign(
+        {
+          method: requestOptions.method,
+          body: requestOptions.body,
+          headers: requestOptions.headers,
+          redirect: requestOptions.redirect
+        },
+        requestOptions.request
+      )).then(async (response) => {
         url = response.url;
         status = response.status;
         for (const keyAndValue of response.headers) {
@@ -8217,7 +8228,7 @@ var require_dist_node13 = __commonJS({
     var request = require_dist_node12();
     var requestError = require_dist_node11();
     var btoa = _interopDefault(require_btoa_node());
-    var VERSION = "2.0.2";
+    var VERSION = "2.0.3";
     function requestToOAuthBaseUrl(request2) {
       const endpointDefaults = request2.endpoint.DEFAULTS;
       return /^https:\/\/(api\.)?github\.com$/.test(endpointDefaults.baseUrl) ? "https://github.com" : endpointDefaults.baseUrl.replace("/api/v3", "");
@@ -8376,21 +8387,25 @@ var require_dist_node13 = __commonJS({
     }
     async function scopeToken(options) {
       const {
-        request: request$1,
+        request: optionsRequest,
         clientType,
         clientId,
         clientSecret,
         token,
         ...requestOptions
       } = options;
-      const response = await (request$1 || request.request)("POST /applications/{client_id}/token/scoped", {
-        headers: {
-          authorization: `basic ${btoa(`${clientId}:${clientSecret}`)}`
-        },
-        client_id: clientId,
-        access_token: token,
-        ...requestOptions
-      });
+      const request$1 = optionsRequest || request.request;
+      const response = await request$1(
+        "POST /applications/{client_id}/token/scoped",
+        {
+          headers: {
+            authorization: `basic ${btoa(`${clientId}:${clientSecret}`)}`
+          },
+          client_id: clientId,
+          access_token: token,
+          ...requestOptions
+        }
+      );
       const authentication = Object.assign({
         clientType,
         clientId,
@@ -8407,13 +8422,16 @@ var require_dist_node13 = __commonJS({
     async function resetToken(options) {
       const request$1 = options.request || request.request;
       const auth = btoa(`${options.clientId}:${options.clientSecret}`);
-      const response = await request$1("PATCH /applications/{client_id}/token", {
-        headers: {
-          authorization: `basic ${auth}`
-        },
-        client_id: options.clientId,
-        access_token: options.token
-      });
+      const response = await request$1(
+        "PATCH /applications/{client_id}/token",
+        {
+          headers: {
+            authorization: `basic ${auth}`
+          },
+          client_id: options.clientId,
+          access_token: options.token
+        }
+      );
       const authentication = {
         clientType: options.clientType,
         clientId: options.clientId,
@@ -8434,24 +8452,30 @@ var require_dist_node13 = __commonJS({
     async function deleteToken(options) {
       const request$1 = options.request || request.request;
       const auth = btoa(`${options.clientId}:${options.clientSecret}`);
-      return request$1("DELETE /applications/{client_id}/token", {
-        headers: {
-          authorization: `basic ${auth}`
-        },
-        client_id: options.clientId,
-        access_token: options.token
-      });
+      return request$1(
+        "DELETE /applications/{client_id}/token",
+        {
+          headers: {
+            authorization: `basic ${auth}`
+          },
+          client_id: options.clientId,
+          access_token: options.token
+        }
+      );
     }
     async function deleteAuthorization(options) {
       const request$1 = options.request || request.request;
       const auth = btoa(`${options.clientId}:${options.clientSecret}`);
-      return request$1("DELETE /applications/{client_id}/grant", {
-        headers: {
-          authorization: `basic ${auth}`
-        },
-        client_id: options.clientId,
-        access_token: options.token
-      });
+      return request$1(
+        "DELETE /applications/{client_id}/grant",
+        {
+          headers: {
+            authorization: `basic ${auth}`
+          },
+          client_id: options.clientId,
+          access_token: options.token
+        }
+      );
     }
     exports2.VERSION = VERSION;
     exports2.checkToken = checkToken;
@@ -8565,7 +8589,7 @@ var require_dist_node14 = __commonJS({
       endpoint.headers.authorization = `token ${token}`;
       return request2(endpoint);
     }
-    var VERSION = "4.0.0";
+    var VERSION = "4.0.2";
     function createOAuthDeviceAuth(options) {
       const requestWithDefaults = options.request || request.request.defaults({
         headers: {
@@ -8613,7 +8637,7 @@ var require_dist_node15 = __commonJS({
     var authOauthDevice = require_dist_node14();
     var oauthMethods = require_dist_node13();
     var btoa = _interopDefault(require_btoa_node());
-    var VERSION = "2.0.2";
+    var VERSION = "2.0.3";
     async function getAuthentication(state) {
       if ("code" in state.strategyOptions) {
         const {
@@ -9792,14 +9816,18 @@ var require_ms = __commonJS({
       } else if (type === "number" && isFinite(val)) {
         return options.long ? fmtLong(val) : fmtShort(val);
       }
-      throw new Error("val is not a non-empty string or a valid number. val=" + JSON.stringify(val));
+      throw new Error(
+        "val is not a non-empty string or a valid number. val=" + JSON.stringify(val)
+      );
     };
     function parse(str) {
       str = String(str);
       if (str.length > 100) {
         return;
       }
-      var match = /^(-?(?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)?$/i.exec(str);
+      var match = /^(-?(?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)?$/i.exec(
+        str
+      );
       if (!match) {
         return;
       }
@@ -12705,8 +12733,6 @@ var require_dist_node18 = __commonJS({
         } else {
           if (Object.keys(remainingParameters).length) {
             body = remainingParameters;
-          } else {
-            headers["content-length"] = 0;
           }
         }
       }
@@ -12739,7 +12765,7 @@ var require_dist_node18 = __commonJS({
         parse
       });
     }
-    var VERSION = "7.0.0";
+    var VERSION = "7.0.2";
     var userAgent = `octokit-endpoint.js/${VERSION} ${universalUserAgent.getUserAgent()}`;
     var DEFAULTS = {
       method: "GET",
@@ -12825,7 +12851,7 @@ var require_dist_node20 = __commonJS({
     var isPlainObject = require_is_plain_object();
     var nodeFetch = _interopDefault(require_lib3());
     var requestError = require_dist_node19();
-    var VERSION = "6.2.0";
+    var VERSION = "6.2.1";
     function getBufferResponse(response) {
       return response.arrayBuffer();
     }
@@ -12838,12 +12864,15 @@ var require_dist_node20 = __commonJS({
       let status;
       let url;
       const fetch = requestOptions.request && requestOptions.request.fetch || globalThis.fetch || nodeFetch;
-      return fetch(requestOptions.url, Object.assign({
-        method: requestOptions.method,
-        body: requestOptions.body,
-        headers: requestOptions.headers,
-        redirect: requestOptions.redirect
-      }, requestOptions.request)).then(async (response) => {
+      return fetch(requestOptions.url, Object.assign(
+        {
+          method: requestOptions.method,
+          body: requestOptions.body,
+          headers: requestOptions.headers,
+          redirect: requestOptions.redirect
+        },
+        requestOptions.request
+      )).then(async (response) => {
         url = response.url;
         status = response.status;
         for (const keyAndValue of response.headers) {
@@ -14096,7 +14125,9 @@ var require_dist_node25 = __commonJS({
         case "app":
           return getAppAuthentication(state);
         case "oauth":
-          state.log.warn(new deprecation.Deprecation(`[@octokit/auth-app] {type: "oauth"} is deprecated. Use {type: "oauth-app"} instead`));
+          state.log.warn(
+            new deprecation.Deprecation(`[@octokit/auth-app] {type: "oauth"} is deprecated. Use {type: "oauth-app"} instead`)
+          );
         case "oauth-app":
           return state.oauthApp({
             type: "oauth-app"
@@ -14169,7 +14200,11 @@ var require_dist_node25 = __commonJS({
       const {
         token,
         createdAt
-      } = await getInstallationAuthentication(state, {}, request2);
+      } = await getInstallationAuthentication(
+        state,
+        {},
+        request2
+      );
       endpoint.headers.authorization = `token ${token}`;
       return sendRequestWithRetries(state, request2, endpoint, createdAt);
     }
@@ -14690,6 +14725,8 @@ function baseUrlFromDomain(domain) {
 }
 
 // src/lambdas/status/index.ts
+var cfn = new AWS2.CloudFormation();
+var ecr = new AWS2.ECR();
 var sf = new AWS2.StepFunctions();
 function secretArnToUrl(arn) {
   const parts = arn.split(":");
@@ -14709,8 +14746,36 @@ function stepFunctionArnToUrl(arn) {
   const region = parts[3];
   return `https://${region}.console.aws.amazon.com/states/home?region=${region}#/statemachines/view/${arn}`;
 }
+async function generateProvidersStatus(stack, logicalId) {
+  var _a;
+  const resource = await cfn.describeStackResource({ StackName: stack, LogicalResourceId: logicalId }).promise();
+  const providers = JSON.parse(((_a = resource.StackResourceDetail) == null ? void 0 : _a.Metadata) ?? "{}").providers;
+  if (!providers) {
+    return {};
+  }
+  return Promise.all(providers.map(async (p) => {
+    var _a2, _b, _c;
+    if ((_b = (_a2 = p.image) == null ? void 0 : _a2.imageRepository) == null ? void 0 : _b.match(/[0-9]+\.dkr\.ecr\.[a-z0-9\-]+\.amazonaws\.com\/.+/)) {
+      const tags = await ecr.describeImages({
+        repositoryName: p.image.imageRepository.split("/")[1],
+        filter: {
+          tagStatus: "TAGGED"
+        },
+        maxResults: 1
+      }).promise();
+      if (tags.imageDetails && ((_c = tags.imageDetails) == null ? void 0 : _c.length) >= 1) {
+        p.image.latestImage = {
+          tags: tags.imageDetails[0].imageTags,
+          digest: tags.imageDetails[0].imageDigest,
+          date: tags.imageDetails[0].imagePushedAt
+        };
+      }
+    }
+    return p;
+  }));
+}
 exports.handler = async function() {
-  if (!process.env.WEBHOOK_SECRET_ARN || !process.env.GITHUB_SECRET_ARN || !process.env.GITHUB_PRIVATE_KEY_SECRET_ARN || !process.env.PROVIDERS || !process.env.WEBHOOK_HANDLER_ARN || !process.env.STEP_FUNCTION_ARN || !process.env.SETUP_SECRET_ARN || !process.env.SETUP_FUNCTION_URL) {
+  if (!process.env.WEBHOOK_SECRET_ARN || !process.env.GITHUB_SECRET_ARN || !process.env.GITHUB_PRIVATE_KEY_SECRET_ARN || !process.env.LOGICAL_ID || !process.env.WEBHOOK_HANDLER_ARN || !process.env.STEP_FUNCTION_ARN || !process.env.SETUP_SECRET_ARN || !process.env.SETUP_FUNCTION_URL || !process.env.STACK_NAME) {
     throw new Error("Missing environment variables");
   }
   const status = {
@@ -14743,7 +14808,7 @@ exports.handler = async function() {
         personalAuthToken: ""
       }
     },
-    providers: JSON.parse(process.env.PROVIDERS),
+    providers: await generateProvidersStatus(process.env.STACK_NAME, process.env.LOGICAL_ID),
     troubleshooting: {
       webhookHandlerArn: process.env.WEBHOOK_HANDLER_ARN,
       webhookHandlerUrl: lambdaArnToUrl(process.env.WEBHOOK_HANDLER_ARN),
@@ -14844,7 +14909,7 @@ exports.handler = async function() {
       for (const installation of installations) {
         let installationDetails = {
           id: installation.id,
-          url: `https://${githubSecrets.domain}/settings/installations/${installation.id}`,
+          url: installation.html_url,
           status: "Unable to query",
           repositories: []
         };