@cloudsnorkel/cdk-github-runners 0.4.0 → 0.5.0

package/.jsii

@@ -3010,7 +3010,7 @@
     "stability": "experimental"
   },
   "homepage": "https://github.com/CloudSnorkel/cdk-github-runners.git",
-  "jsiiVersion": "1.65.0 (build 7a02b7f)",
+  "jsiiVersion": "1.67.0 (build 2c027f5)",
   "keywords": [
     "aws",
     "aws-cdk",
@@ -3034,7 +3034,7 @@
   },
   "name": "@cloudsnorkel/cdk-github-runners",
   "readme": {
-    "markdown": "# GitHub Self-Hosted Runners CDK Constructs\n\n[![NPM](https://img.shields.io/npm/v/@cloudsnorkel/cdk-github-runners?label=npm&logo=npm)][7]\n[![PyPI](https://img.shields.io/pypi/v/cloudsnorkel.cdk-github-runners?label=pypi&logo=pypi)][6]\n[![Maven Central](https://img.shields.io/maven-central/v/com.cloudsnorkel/cdk.github.runners.svg?label=Maven%20Central&logo=java)][8]\n[![Go](https://img.shields.io/github/v/tag/CloudSnorkel/cdk-github-runners?color=red&label=go&logo=go)][11]\n[![Nuget](https://img.shields.io/nuget/v/CloudSnorkel.Cdk.Github.Runners?color=red&&logo=nuget)][12]\n[![Release](https://github.com/CloudSnorkel/cdk-github-runners/actions/workflows/release.yml/badge.svg)](https://github.com/CloudSnorkel/cdk-github-runners/actions/workflows/release.yml)\n[![License](https://img.shields.io/badge/license-Apache--2.0-blue)](https://github.com/CloudSnorkel/cdk-github-runners/blob/main/LICENSE)\n\nUse this CDK construct to create ephemeral [self-hosted GitHub runners][1] on-demand inside your AWS account.\n\n* Easy to configure GitHub integration with a web-based interface\n* Customizable runners with decent defaults\n* Multiple runner configurations controlled by labels\n* Everything fully hosted in your account\n* Automatically updated build environment with latest runner version\n\nSelf-hosted runners in AWS are useful when:\n\n* You need easy access to internal resources in your actions\n* You want to pre-install some software for your actions\n* You want to provide some basic AWS API access (but [aws-actions/configure-aws-credentials][2] has more security controls)\n\nEphemeral (or on-demand) runners are the [recommended way by GitHub][14] for auto-scaling, and they make sure all jobs run with a clean image. Runners are started on-demand. You don't pay unless a job is running.\n\n## API\n\nThe best way to browse API documentation is on [Constructs Hub][13]. It is available in all supported programming languages.\n\n## Providers\n\nA runner provider creates compute resources on-demand and uses [actions/runner][5] to start a runner.\n\n|                  | CodeBuild                  | Fargate       | Lambda        |\n|------------------|----------------------------|---------------|---------------|\n| **Time limit**   | 8 hours                    | Unlimited     | 15 minutes    |\n| **vCPUs**        | 2, 4, 8, or 72             | 0.25 to 4     | 1 to 6        |\n| **RAM**          | 3gb, 7gb, 15gb, or 145gb   | 512mb to 30gb | 128mb to 10gb |\n| **Storage**      | 50gb to 824gb              | 20gb to 200gb | Up to 10gb    |\n| **Architecture** | x86_64, ARM64              | x86_64, ARM64 | x86_64, ARM64 |\n| **sudo**         | ✔                         | ✔            | ❌           |\n| **Docker**       | ✔ (Linux only)            | ❌            | ❌           |\n| **Spot pricing** | ❌                         | ✔            | ❌           |\n| **OS**           | Linux, Windows             | Linux         | Linux         |\n\nThe best provider to use mostly depends on your current infrastructure. When in doubt, CodeBuild is always a good choice. Execution history and logs are easy to view, and it has no restrictive limits unless you need to run for more than 8 hours.\n\nYou can also create your own provider by implementing `IRunnerProvider`.\n\n## Installation\n\n1. Confirm you're using CDK v2\n2. Install the appropriate package\n   1. [Python][6]\n      ```\n      pip install cloudsnorkel.cdk-github-runners\n      ```\n   2. [TypeScript or JavaScript][7]\n      ```\n      npm i @cloudsnorkel/cdk-github-runners\n      ```\n   3. [Java][8]\n      ```xml\n      <dependency>\n      <groupId>com.cloudsnorkel</groupId>\n      <artifactId>cdk.github.runners</artifactId>\n      </dependency>\n      ```\n   4. [Go][11]\n      ```\n      go get github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners\n      ```\n   5. [.NET][12]\n      ```\n      dotnet add package CloudSnorkel.Cdk.Github.Runners\n      ```\n3. Use `GitHubRunners` construct in your code (starting with default arguments is fine)\n4. Deploy your stack\n5. Look for the status command output similar to `aws --region us-east-1 lambda invoke --function-name status-XYZ123 status.json`\n6. Execute the status command (you may need to specify `--profile` too) and open the resulting `status.json` file\n7. Open the URL in `github.setup.url` from `status.json` or [manually setup GitHub](SETUP_GITHUB.md) integration as an app or with personal access token\n8. Run status command again to confirm `github.auth.status` and `github.webhook.status` are OK\n9. Trigger a GitHub action that has a `self-hosted` label with `runs-on: [self-hosted, linux, codebuild]` or similar\n10. If the action is not successful, see [troubleshooting](#Troubleshooting)\n\n[![Demo](demo-thumbnail.jpg)](https://youtu.be/wlyv_3V8lIw)\n\n## Customizing\n\nThe default providers configured by `GitHubRunners` are useful for testing but probably not too much for actual production work. They run in the default VPC or no VPC and have no added IAM permissions. You would usually want to configure the providers yourself.\n\nFor example:\n\n```typescript\nlet vpc: ec2.Vpc;\nlet runnerSg: ec2.SecurityGroup;\nlet dbSg: ec2.SecurityGroup;\nlet bucket: s3.Bucket;\n\n// create a custom CodeBuild provider\nconst myProvider = new CodeBuildRunner(this, 'codebuild runner', {\n    label: 'my-codebuild',\n    vpc: vpc,\n    securityGroup: runnerSg,\n});\n// grant some permissions to the provider\nbucket.grantReadWrite(myProvider);\ndbSg.connections.allowFrom(runnerSg, ec2.Port.tcp(3306), 'allow runners to connect to MySQL database');\n\n// create the runner infrastructure\nnew GitHubRunners(this, 'runners', {\n    providers: [myProvider],\n});\n```\n\nAnother way to customize runners is by modifying the image used to spin them up. The image contains the [runner][5], any required dependencies, and integration code with the provider. You may choose to customize this image by adding more packages, for example.\n\n```typescript\nconst myBuilder = new CodeBuildImageBuilder(this, 'image builder', {\n   dockerfilePath: FargateProvider.LINUX_X64_DOCKERFILE_PATH,\n   runnerVersion: RunnerVersion.specific('2.291.0'),\n   rebuildInterval: Duration.days(14),\n});\nmyBuilder.setBuildArg('EXTRA_PACKAGES', 'nginx xz-utils');\n\nconst myProvider = new FargateProvider(this, 'fargate runner', {\n   label: 'customized-fargate',\n   vpc: vpc,\n   securityGroup: runnerSg,\n});\n\n// create the runner infrastructure\nnew GitHubRunners(stack, 'runners', {\n   providers: [myProvider],\n});\n```\n\nYour workflow will then look like:\n\n```yaml\nname: self-hosted example\non: push\njobs:\n  self-hosted:\n    runs-on: [self-hosted, customized-fargate]\n    steps:\n      - run: echo hello world\n```\n\n## Architecture\n\n![Architecture diagram](architecture.svg)\n\n## Troubleshooting\n\n1. Always start with the status function, make sure no errors are reported, and confirm all status codes are OK\n2. Confirm the webhook Lambda was called by visiting the URL in `troubleshooting.webhookHandlerUrl` from `status.json`\n   1. If it's not called or logs errors, confirm the webhook settings on the GitHub side\n   2. If you see too many errors, make sure you're only sending `workflow_job` events\n3. When using GitHub app, make sure there are active installation in `github.auth.app.installations`\n4. Check execution details of the orchestrator step function by visiting the URL in `troubleshooting.stepFunctionUrl` from `status.json`\n   1. Use the details tab to find the specific execution of the provider (Lambda, CodeBuild, Fargate, etc.)\n   2. Every step function execution should be successful, even if the runner action inside it failed\n\n## Other Options\n\n1. [philips-labs/terraform-aws-github-runner][3] if you're using Terraform\n2. [actions-runner-controller/actions-runner-controller][4] if you're using Kubernetes\n\n\n[1]: https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners\n[2]: https://github.com/marketplace/actions/configure-aws-credentials-action-for-github-actions\n[3]: https://github.com/philips-labs/terraform-aws-github-runner\n[4]: https://github.com/actions-runner-controller/actions-runner-controller\n[5]: https://github.com/actions/runner\n[6]: https://pypi.org/project/cloudsnorkel.cdk-github-runners\n[7]: https://www.npmjs.com/package/@cloudsnorkel/cdk-github-runners\n[8]: https://search.maven.org/search?q=g:%22com.cloudsnorkel%22%20AND%20a:%22cdk.github.runners%22\n[9]: https://docs.github.com/en/developers/apps/getting-started-with-apps/about-apps\n[10]: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token\n[11]: https://pkg.go.dev/github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners\n[12]: https://www.nuget.org/packages/CloudSnorkel.Cdk.Github.Runners/\n[13]: https://constructs.dev/packages/@cloudsnorkel/cdk-github-runners/\n[14]: https://docs.github.com/en/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners#using-ephemeral-runners-for-autoscaling\n"
+    "markdown": "# GitHub Self-Hosted Runners CDK Constructs\n\n[![NPM](https://img.shields.io/npm/v/@cloudsnorkel/cdk-github-runners?label=npm&logo=npm)][7]\n[![PyPI](https://img.shields.io/pypi/v/cloudsnorkel.cdk-github-runners?label=pypi&logo=pypi)][6]\n[![Maven Central](https://img.shields.io/maven-central/v/com.cloudsnorkel/cdk.github.runners.svg?label=Maven%20Central&logo=java)][8]\n[![Go](https://img.shields.io/github/v/tag/CloudSnorkel/cdk-github-runners?color=red&label=go&logo=go)][11]\n[![Nuget](https://img.shields.io/nuget/v/CloudSnorkel.Cdk.Github.Runners?color=red&&logo=nuget)][12]\n[![Release](https://github.com/CloudSnorkel/cdk-github-runners/actions/workflows/release.yml/badge.svg)](https://github.com/CloudSnorkel/cdk-github-runners/actions/workflows/release.yml)\n[![License](https://img.shields.io/badge/license-Apache--2.0-blue)](https://github.com/CloudSnorkel/cdk-github-runners/blob/main/LICENSE)\n\nUse this CDK construct to create ephemeral [self-hosted GitHub runners][1] on-demand inside your AWS account.\n\n* Easy to configure GitHub integration with a web-based interface\n* Customizable runners with decent defaults\n* Multiple runner configurations controlled by labels\n* Everything fully hosted in your account\n* Automatically updated build environment with latest runner version\n\nSelf-hosted runners in AWS are useful when:\n\n* You need easy access to internal resources in your actions\n* You want to pre-install some software for your actions\n* You want to provide some basic AWS API access (but [aws-actions/configure-aws-credentials][2] has more security controls)\n\nEphemeral (or on-demand) runners are the [recommended way by GitHub][14] for auto-scaling, and they make sure all jobs run with a clean image. Runners are started on-demand. You don't pay unless a job is running.\n\n## API\n\nThe best way to browse API documentation is on [Constructs Hub][13]. It is available in all supported programming languages.\n\n## Providers\n\nA runner provider creates compute resources on-demand and uses [actions/runner][5] to start a runner.\n\n|                  | CodeBuild                  | Fargate        | Lambda        |\n|------------------|----------------------------|----------------|---------------|\n| **Time limit**   | 8 hours                    | Unlimited      | 15 minutes    |\n| **vCPUs**        | 2, 4, 8, or 72             | 0.25 to 4      | 1 to 6        |\n| **RAM**          | 3gb, 7gb, 15gb, or 145gb   | 512mb to 30gb  | 128mb to 10gb |\n| **Storage**      | 50gb to 824gb              | 20gb to 200gb  | Up to 10gb    |\n| **Architecture** | x86_64, ARM64              | x86_64, ARM64  | x86_64, ARM64 |\n| **sudo**         | ✔                         | ✔              | ❌           |\n| **Docker**       | ✔ (Linux only)            | ❌              | ❌           |\n| **Spot pricing** | ❌                         | ✔              | ❌           |\n| **OS**           | Linux, Windows             | Linux, Windows | Linux         |\n\nThe best provider to use mostly depends on your current infrastructure. When in doubt, CodeBuild is always a good choice. Execution history and logs are easy to view, and it has no restrictive limits unless you need to run for more than 8 hours.\n\nYou can also create your own provider by implementing `IRunnerProvider`.\n\n## Installation\n\n1. Confirm you're using CDK v2\n2. Install the appropriate package\n   1. [Python][6]\n      ```\n      pip install cloudsnorkel.cdk-github-runners\n      ```\n   2. [TypeScript or JavaScript][7]\n      ```\n      npm i @cloudsnorkel/cdk-github-runners\n      ```\n   3. [Java][8]\n      ```xml\n      <dependency>\n      <groupId>com.cloudsnorkel</groupId>\n      <artifactId>cdk.github.runners</artifactId>\n      </dependency>\n      ```\n   4. [Go][11]\n      ```\n      go get github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners\n      ```\n   5. [.NET][12]\n      ```\n      dotnet add package CloudSnorkel.Cdk.Github.Runners\n      ```\n3. Use `GitHubRunners` construct in your code (starting with default arguments is fine)\n4. Deploy your stack\n5. Look for the status command output similar to `aws --region us-east-1 lambda invoke --function-name status-XYZ123 status.json`\n6. Execute the status command (you may need to specify `--profile` too) and open the resulting `status.json` file\n7. Open the URL in `github.setup.url` from `status.json` or [manually setup GitHub](SETUP_GITHUB.md) integration as an app or with personal access token\n8. Run status command again to confirm `github.auth.status` and `github.webhook.status` are OK\n9. Trigger a GitHub action that has a `self-hosted` label with `runs-on: [self-hosted, linux, codebuild]` or similar\n10. If the action is not successful, see [troubleshooting](#Troubleshooting)\n\n[![Demo](demo-thumbnail.jpg)](https://youtu.be/wlyv_3V8lIw)\n\n## Customizing\n\nThe default providers configured by `GitHubRunners` are useful for testing but probably not too much for actual production work. They run in the default VPC or no VPC and have no added IAM permissions. You would usually want to configure the providers yourself.\n\nFor example:\n\n```typescript\nlet vpc: ec2.Vpc;\nlet runnerSg: ec2.SecurityGroup;\nlet dbSg: ec2.SecurityGroup;\nlet bucket: s3.Bucket;\n\n// create a custom CodeBuild provider\nconst myProvider = new CodeBuildRunner(this, 'codebuild runner', {\n    label: 'my-codebuild',\n    vpc: vpc,\n    securityGroup: runnerSg,\n});\n// grant some permissions to the provider\nbucket.grantReadWrite(myProvider);\ndbSg.connections.allowFrom(runnerSg, ec2.Port.tcp(3306), 'allow runners to connect to MySQL database');\n\n// create the runner infrastructure\nnew GitHubRunners(this, 'runners', {\n    providers: [myProvider],\n});\n```\n\nAnother way to customize runners is by modifying the image used to spin them up. The image contains the [runner][5], any required dependencies, and integration code with the provider. You may choose to customize this image by adding more packages, for example.\n\n```typescript\nconst myBuilder = new CodeBuildImageBuilder(this, 'image builder', {\n   dockerfilePath: FargateProvider.LINUX_X64_DOCKERFILE_PATH,\n   runnerVersion: RunnerVersion.specific('2.291.0'),\n   rebuildInterval: Duration.days(14),\n});\nmyBuilder.setBuildArg('EXTRA_PACKAGES', 'nginx xz-utils');\n\nconst myProvider = new FargateProvider(this, 'fargate runner', {\n   label: 'customized-fargate',\n   vpc: vpc,\n   securityGroup: runnerSg,\n});\n\n// create the runner infrastructure\nnew GitHubRunners(stack, 'runners', {\n   providers: [myProvider],\n});\n```\n\nYour workflow will then look like:\n\n```yaml\nname: self-hosted example\non: push\njobs:\n  self-hosted:\n    runs-on: [self-hosted, customized-fargate]\n    steps:\n      - run: echo hello world\n```\n\n## Architecture\n\n![Architecture diagram](architecture.svg)\n\n## Troubleshooting\n\n1. Always start with the status function, make sure no errors are reported, and confirm all status codes are OK\n2. Confirm the webhook Lambda was called by visiting the URL in `troubleshooting.webhookHandlerUrl` from `status.json`\n   1. If it's not called or logs errors, confirm the webhook settings on the GitHub side\n   2. If you see too many errors, make sure you're only sending `workflow_job` events\n3. When using GitHub app, make sure there are active installation in `github.auth.app.installations`\n4. Check execution details of the orchestrator step function by visiting the URL in `troubleshooting.stepFunctionUrl` from `status.json`\n   1. Use the details tab to find the specific execution of the provider (Lambda, CodeBuild, Fargate, etc.)\n   2. Every step function execution should be successful, even if the runner action inside it failed\n\n## Other Options\n\n1. [philips-labs/terraform-aws-github-runner][3] if you're using Terraform\n2. [actions-runner-controller/actions-runner-controller][4] if you're using Kubernetes\n\n\n[1]: https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners\n[2]: https://github.com/marketplace/actions/configure-aws-credentials-action-for-github-actions\n[3]: https://github.com/philips-labs/terraform-aws-github-runner\n[4]: https://github.com/actions-runner-controller/actions-runner-controller\n[5]: https://github.com/actions/runner\n[6]: https://pypi.org/project/cloudsnorkel.cdk-github-runners\n[7]: https://www.npmjs.com/package/@cloudsnorkel/cdk-github-runners\n[8]: https://search.maven.org/search?q=g:%22com.cloudsnorkel%22%20AND%20a:%22cdk.github.runners%22\n[9]: https://docs.github.com/en/developers/apps/getting-started-with-apps/about-apps\n[10]: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token\n[11]: https://pkg.go.dev/github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners\n[12]: https://www.nuget.org/packages/CloudSnorkel.Cdk.Github.Runners/\n[13]: https://constructs.dev/packages/@cloudsnorkel/cdk-github-runners/\n[14]: https://docs.github.com/en/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners#using-ephemeral-runners-for-autoscaling\n"
   },
   "repository": {
     "type": "git",
@@ -3174,7 +3174,7 @@
         },
         "locationInModule": {
           "filename": "src/providers/image-builders/codebuild.ts",
-          "line": 164
+          "line": 168
         },
         "parameters": [
           {
@@ -3214,7 +3214,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/image-builders/codebuild.ts",
-            "line": 271
+            "line": 275
           },
           "name": "addExtraCertificates",
           "parameters": [
@@ -3236,7 +3236,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/image-builders/codebuild.ts",
-            "line": 205
+            "line": 209
           },
           "name": "addFiles",
           "parameters": [
@@ -3267,7 +3267,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/image-builders/codebuild.ts",
-            "line": 257
+            "line": 261
           },
           "name": "addPolicyStatement",
           "parameters": [
@@ -3289,7 +3289,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/image-builders/codebuild.ts",
-            "line": 232
+            "line": 236
           },
           "name": "addPostBuildCommand",
           "parameters": [
@@ -3311,7 +3311,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/image-builders/codebuild.ts",
-            "line": 220
+            "line": 224
           },
           "name": "addPreBuildCommand",
           "parameters": [
@@ -3333,7 +3333,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/image-builders/codebuild.ts",
-            "line": 281
+            "line": 285
           },
           "name": "bind",
           "overrides": "@cloudsnorkel/cdk-github-runners.IImageBuilder",
@@ -3351,7 +3351,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/image-builders/codebuild.ts",
-            "line": 245
+            "line": 249
           },
           "name": "setBuildArg",
           "parameters": [
@@ -3385,7 +3385,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/image-builders/codebuild.ts",
-            "line": 164
+            "line": 168
           },
           "name": "props",
           "type": {
@@ -4017,7 +4017,7 @@
       "assembly": "@cloudsnorkel/cdk-github-runners",
       "base": "constructs.Construct",
       "docs": {
-        "remarks": "Builders can be used with runner providers.\n\nThe CodeBuild builder is better and faster. Only use this one if you have no choice. For example, if you need Windows containers.\n\nEach builder re-runs automatically at a set interval to make sure the images contain the latest versions of everything.\n\nYou can create an instance of this construct to customize the image used to spin-up runners. Some runner providers may require custom components. Check the runner provider documentation. The default components work with CodeBuild.\n\nFor example, to set a specific runner version, rebuild the image every 2 weeks, and add a few packages for the Fargate provider, use:\n\n```\nconst builder = new ContainerImageBuilder(this, 'Builder', {\n     runnerVersion: RunnerVersion.specific('2.293.0'),\n     rebuildInterval: Duration.days(14),\n});\nnew CodeBuildRunner(this, 'Fargate provider', {\n     label: 'windows-codebuild',\n     imageBuilder: builder,\n});\n```",
+        "remarks": "Builders can be used with runner providers.\n\nThe CodeBuild builder is better and faster. Only use this one if you have no choice. For example, if you need Windows containers.\n\nEach builder re-runs automatically at a set interval to make sure the images contain the latest versions of everything.\n\nYou can create an instance of this construct to customize the image used to spin-up runners. Some runner providers may require custom components. Check the runner provider documentation. The default components work with CodeBuild and Fargate.\n\nFor example, to set a specific runner version, rebuild the image every 2 weeks, and add a few packages for the Fargate provider, use:\n\n```\nconst builder = new ContainerImageBuilder(this, 'Builder', {\n     runnerVersion: RunnerVersion.specific('2.293.0'),\n     rebuildInterval: Duration.days(14),\n});\nnew CodeBuildRunner(this, 'CodeBuild provider', {\n     label: 'windows-codebuild',\n     imageBuilder: builder,\n});\n```",
         "stability": "experimental",
         "summary": "An image builder that uses Image Builder to build Docker images pre-baked with all the GitHub Actions runner requirements."
       },
@@ -4542,7 +4542,7 @@
         },
         "locationInModule": {
           "filename": "src/providers/fargate.ts",
-          "line": 235
+          "line": 249
         },
         "parameters": [
           {
@@ -4571,7 +4571,7 @@
       "kind": "class",
       "locationInModule": {
         "filename": "src/providers/fargate.ts",
-        "line": 161
+        "line": 175
       },
       "methods": [
         {
@@ -4582,7 +4582,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 304
+            "line": 331
           },
           "name": "getStepFunctionTask",
           "overrides": "@cloudsnorkel/cdk-github-runners.IRunnerProvider",
@@ -4616,7 +4616,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 178
+            "line": 192
           },
           "name": "LINUX_ARM64_DOCKERFILE_PATH",
           "static": true,
@@ -4634,7 +4634,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 169
+            "line": 183
           },
           "name": "LINUX_X64_DOCKERFILE_PATH",
           "static": true,
@@ -4650,7 +4650,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 213
+            "line": 227
           },
           "name": "assignPublicIp",
           "type": {
@@ -4665,7 +4665,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 183
+            "line": 197
           },
           "name": "cluster",
           "type": {
@@ -4680,7 +4680,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 223
+            "line": 237
           },
           "name": "connections",
           "overrides": "aws-cdk-lib.aws_ec2.IConnectable",
@@ -4696,7 +4696,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 193
+            "line": 207
           },
           "name": "container",
           "type": {
@@ -4711,7 +4711,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 218
+            "line": 232
           },
           "name": "grantPrincipal",
           "overrides": "aws-cdk-lib.aws_iam.IGrantable",
@@ -4727,7 +4727,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 233
+            "line": 247
           },
           "name": "image",
           "overrides": "@cloudsnorkel/cdk-github-runners.IRunnerProvider",
@@ -4743,7 +4743,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 198
+            "line": 212
           },
           "name": "label",
           "overrides": "@cloudsnorkel/cdk-github-runners.IRunnerProvider",
@@ -4759,7 +4759,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 228
+            "line": 242
           },
           "name": "spot",
           "type": {
@@ -4774,7 +4774,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 188
+            "line": 202
           },
           "name": "task",
           "type": {
@@ -4789,7 +4789,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 208
+            "line": 222
           },
           "name": "securityGroup",
           "optional": true,
@@ -4806,7 +4806,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/fargate.ts",
-            "line": 203
+            "line": 217
           },
           "name": "vpc",
           "optional": true,
@@ -5253,7 +5253,7 @@
       "kind": "interface",
       "locationInModule": {
         "filename": "src/providers/common.ts",
-        "line": 136
+        "line": 127
       },
       "methods": [
         {
@@ -5266,7 +5266,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 144
+            "line": 135
           },
           "name": "bind",
           "returns": {
@@ -5289,7 +5289,7 @@
       "kind": "interface",
       "locationInModule": {
         "filename": "src/providers/common.ts",
-        "line": 200
+        "line": 191
       },
       "name": "IRunnerImageStatus",
       "properties": [
@@ -5302,7 +5302,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 214
+            "line": 205
           },
           "name": "imageBuilderLogGroup",
           "optional": true,
@@ -5319,7 +5319,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 204
+            "line": 195
           },
           "name": "imageRepository",
           "optional": true,
@@ -5336,7 +5336,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 209
+            "line": 200
           },
           "name": "imageTag",
           "optional": true,
@@ -5362,7 +5362,7 @@
       "kind": "interface",
       "locationInModule": {
         "filename": "src/providers/common.ts",
-        "line": 220
+        "line": 211
       },
       "methods": [
         {
@@ -5374,7 +5374,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 248
+            "line": 239
           },
           "name": "getStepFunctionTask",
           "parameters": [
@@ -5407,7 +5407,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 239
+            "line": 230
           },
           "name": "image",
           "type": {
@@ -5423,7 +5423,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 224
+            "line": 215
           },
           "name": "label",
           "type": {
@@ -5439,7 +5439,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 234
+            "line": 225
           },
           "name": "securityGroup",
           "optional": true,
@@ -5456,7 +5456,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 229
+            "line": 220
           },
           "name": "vpc",
           "optional": true,
@@ -5818,7 +5818,7 @@
           },
           "locationInModule": {
             "filename": "src/providers/lambda.ts",
-            "line": 215
+            "line": 221
           },
           "name": "getStepFunctionTask",
           "overrides": "@cloudsnorkel/cdk-github-runners.IRunnerProvider",
@@ -5886,7 +5886,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/lambda.ts",
-            "line": 204
+            "line": 210
           },
           "name": "connections",
           "overrides": "aws-cdk-lib.aws_ec2.IConnectable",
@@ -6279,7 +6279,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 114
+            "line": 105
           },
           "name": "architecture",
           "type": {
@@ -6327,31 +6327,13 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 119
+            "line": 110
           },
           "name": "os",
           "type": {
             "fqn": "@cloudsnorkel/cdk-github-runners.Os"
           }
         },
-        {
-          "abstract": true,
-          "docs": {
-            "remarks": "If the digest is not specified, imageTag must always point to a new tag on update. If not, the build may try to use the old image.\n\nWARNING: the digest might change when the builder automatically rebuilds the image on a schedule. Do not expect for this digest to stay the same between deploys.",
-            "stability": "experimental",
-            "summary": "Image digest for providers that need to know the digest like Lambda."
-          },
-          "immutable": true,
-          "locationInModule": {
-            "filename": "src/providers/common.ts",
-            "line": 109
-          },
-          "name": "imageDigest",
-          "optional": true,
-          "type": {
-            "primitive": "string"
-          }
-        },
         {
           "abstract": true,
           "docs": {
@@ -6361,7 +6343,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 124
+            "line": 115
           },
           "name": "logGroup",
           "optional": true,
@@ -6383,7 +6365,7 @@
       "kind": "interface",
       "locationInModule": {
         "filename": "src/providers/common.ts",
-        "line": 150
+        "line": 141
       },
       "name": "RunnerProviderProps",
       "properties": [
@@ -6398,7 +6380,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 158
+            "line": 149
           },
           "name": "logRetention",
           "optional": true,
@@ -6421,7 +6403,7 @@
       "kind": "interface",
       "locationInModule": {
         "filename": "src/providers/common.ts",
-        "line": 170
+        "line": 161
       },
       "name": "RunnerRuntimeParameters",
       "properties": [
@@ -6435,7 +6417,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 184
+            "line": 175
           },
           "name": "githubDomainPath",
           "type": {
@@ -6451,7 +6433,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 189
+            "line": 180
           },
           "name": "ownerPath",
           "type": {
@@ -6467,7 +6449,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 194
+            "line": 185
           },
           "name": "repoPath",
           "type": {
@@ -6484,7 +6466,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 179
+            "line": 170
           },
           "name": "runnerNamePath",
           "type": {
@@ -6500,7 +6482,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/providers/common.ts",
-            "line": 174
+            "line": 165
           },
           "name": "runnerTokenPath",
           "type": {
@@ -6854,6 +6836,6 @@
       "symbolId": "src/providers/image-builders/static:StaticRunnerImage"
     }
   },
-  "version": "0.4.0",
-  "fingerprint": "OnQ8gp6EqMIbSnMbq8KwwAQg4rS47KAGjpDJMeE1XEA="
+  "version": "0.5.0",
+  "fingerprint": "TrXXmr6DqZTAl+tOVxWtqOc8yYawCSk66gd7FL7DqLY="
 }

package/API.md

@@ -549,7 +549,7 @@ The CodeBuild builder is better and faster. Only use this one if you have no cho
 
 Each builder re-runs automatically at a set interval to make sure the images contain the latest versions of everything.
 
-You can create an instance of this construct to customize the image used to spin-up runners. Some runner providers may require custom components. Check the runner provider documentation. The default components work with CodeBuild.
+You can create an instance of this construct to customize the image used to spin-up runners. Some runner providers may require custom components. Check the runner provider documentation. The default components work with CodeBuild and Fargate.
 
 For example, to set a specific runner version, rebuild the image every 2 weeks, and add a few packages for the Fargate provider, use:
 
@@ -558,7 +558,7 @@ const builder = new ContainerImageBuilder(this, 'Builder', {
      runnerVersion: RunnerVersion.specific('2.293.0'),
      rebuildInterval: Duration.days(14),
 });
-new CodeBuildRunner(this, 'Fargate provider', {
+new CodeBuildRunner(this, 'CodeBuild provider', {
      label: 'windows-codebuild',
      imageBuilder: builder,
 });
@@ -3162,7 +3162,6 @@ const runnerImage: RunnerImage = { ... }
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImage.property.imageRepository">imageRepository</a></code> | <code>aws-cdk-lib.aws_ecr.IRepository</code> | ECR repository containing the image. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImage.property.imageTag">imageTag</a></code> | <code>string</code> | Static image tag where the image will be pushed. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImage.property.os">os</a></code> | <code><a href="#@cloudsnorkel/cdk-github-runners.Os">Os</a></code> | OS type of the image. |
-| <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImage.property.imageDigest">imageDigest</a></code> | <code>string</code> | Image digest for providers that need to know the digest like Lambda. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImage.property.logGroup">logGroup</a></code> | <code>aws-cdk-lib.aws_logs.LogGroup</code> | Log group where image builds are logged. |
 
 ---
@@ -3215,22 +3214,6 @@ OS type of the image.
 
 ---
 
-##### `imageDigest`<sup>Optional</sup> <a name="imageDigest" id="@cloudsnorkel/cdk-github-runners.RunnerImage.property.imageDigest"></a>
-
-```typescript
-public readonly imageDigest: string;
-```
-
-- *Type:* string
-
-Image digest for providers that need to know the digest like Lambda.
-
-If the digest is not specified, imageTag must always point to a new tag on update. If not, the build may try to use the old image.
-
-WARNING: the digest might change when the builder automatically rebuilds the image on a schedule. Do not expect for this digest to stay the same between deploys.
-
----
-
 ##### `logGroup`<sup>Optional</sup> <a name="logGroup" id="@cloudsnorkel/cdk-github-runners.RunnerImage.property.logGroup"></a>
 
 ```typescript

package/README.md

@@ -32,17 +32,17 @@ The best way to browse API documentation is on [Constructs Hub][13]. It is avail
 
 A runner provider creates compute resources on-demand and uses [actions/runner][5] to start a runner.
 
-|                  | CodeBuild                  | Fargate       | Lambda        |
-|------------------|----------------------------|---------------|---------------|
-| **Time limit**   | 8 hours                    | Unlimited     | 15 minutes    |
-| **vCPUs**        | 2, 4, 8, or 72             | 0.25 to 4     | 1 to 6        |
-| **RAM**          | 3gb, 7gb, 15gb, or 145gb   | 512mb to 30gb | 128mb to 10gb |
-| **Storage**      | 50gb to 824gb              | 20gb to 200gb | Up to 10gb    |
-| **Architecture** | x86_64, ARM64              | x86_64, ARM64 | x86_64, ARM64 |
-| **sudo**         | ✔                         | ✔            | ❌           |
-| **Docker**       | ✔ (Linux only)            | ❌            | ❌           |
-| **Spot pricing** | ❌                         | ✔            | ❌           |
-| **OS**           | Linux, Windows             | Linux         | Linux         |
+|                  | CodeBuild                  | Fargate        | Lambda        |
+|------------------|----------------------------|----------------|---------------|
+| **Time limit**   | 8 hours                    | Unlimited      | 15 minutes    |
+| **vCPUs**        | 2, 4, 8, or 72             | 0.25 to 4      | 1 to 6        |
+| **RAM**          | 3gb, 7gb, 15gb, or 145gb   | 512mb to 30gb  | 128mb to 10gb |
+| **Storage**      | 50gb to 824gb              | 20gb to 200gb  | Up to 10gb    |
+| **Architecture** | x86_64, ARM64              | x86_64, ARM64  | x86_64, ARM64 |
+| **sudo**         | ✔                         | ✔              | ❌           |
+| **Docker**       | ✔ (Linux only)            | ❌              | ❌           |
+| **Spot pricing** | ❌                         | ✔              | ❌           |
+| **OS**           | Linux, Windows             | Linux, Windows | Linux         |
 
 The best provider to use mostly depends on your current infrastructure. When in doubt, CodeBuild is always a good choice. Execution history and logs are easy to view, and it has no restrictive limits unless you need to run for more than 8 hours.