@cloudsnorkel/cdk-github-runners 0.9.0 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +305 -58
- package/API.md +219 -4
- package/README.md +15 -11
- package/assets/lambdas/setup.lambda/index.js +10 -6
- package/assets/lambdas/status.lambda/index.js +22 -10
- package/assets/lambdas/webhook-handler.lambda/index.js +16 -8
- package/lib/access.d.ts +65 -0
- package/lib/access.js +160 -0
- package/lib/index.d.ts +1 -0
- package/lib/index.js +2 -1
- package/lib/lambdas/setup.lambda.js +11 -7
- package/lib/lambdas/status.lambda.js +24 -11
- package/lib/lambdas/webhook-handler.lambda.js +20 -11
- package/lib/providers/codebuild.d.ts +1 -1
- package/lib/providers/codebuild.js +3 -3
- package/lib/providers/common.js +3 -3
- package/lib/providers/ec2.js +2 -2
- package/lib/providers/ecs.d.ts +214 -0
- package/lib/providers/ecs.js +258 -0
- package/lib/providers/fargate.d.ts +7 -4
- package/lib/providers/fargate.js +41 -32
- package/lib/providers/image-builders/api.js +1 -1
- package/lib/providers/image-builders/aws-image-builder/builder.js +1 -1
- package/lib/providers/image-builders/aws-image-builder/deprecated/ami.js +1 -1
- package/lib/providers/image-builders/aws-image-builder/deprecated/container.js +1 -1
- package/lib/providers/image-builders/aws-image-builder/deprecated/linux-components.js +1 -1
- package/lib/providers/image-builders/aws-image-builder/deprecated/windows-components.js +1 -1
- package/lib/providers/image-builders/codebuild-deprecated.js +1 -1
- package/lib/providers/image-builders/components.js +3 -2
- package/lib/providers/image-builders/static.js +1 -1
- package/lib/providers/lambda.d.ts +1 -1
- package/lib/providers/lambda.js +3 -3
- package/lib/runner.d.ts +23 -0
- package/lib/runner.js +14 -5
- package/lib/secrets.js +1 -1
- package/lib/webhook.d.ts +5 -0
- package/lib/webhook.js +5 -4
- package/package.json +1 -1
package/.jsii
CHANGED
|
@@ -3138,7 +3138,7 @@
|
|
|
3138
3138
|
},
|
|
3139
3139
|
"name": "@cloudsnorkel/cdk-github-runners",
|
|
3140
3140
|
"readme": {
|
|
3141
|
-
"markdown": "# GitHub Self-Hosted Runners CDK Constructs\n\n[][7]\n[][6]\n[][8]\n[][11]\n[][12]\n[](https://github.com/CloudSnorkel/cdk-github-runners/actions/workflows/release.yml)\n[](https://github.com/CloudSnorkel/cdk-github-runners/blob/main/LICENSE)\n\nUse this CDK construct to create ephemeral [self-hosted GitHub runners][1] on-demand inside your AWS account.\n\n* Easy to configure GitHub integration with a web-based interface\n* Customizable runners with decent defaults\n* Multiple runner configurations controlled by labels\n* Everything fully hosted in your account\n* Automatically updated build environment with latest runner version\n\nSelf-hosted runners in AWS are useful when:\n\n* You need easy access to internal resources in your actions\n* You want to pre-install some software for your actions\n* You want to provide some basic AWS API access (but [aws-actions/configure-aws-credentials][2] has more security controls)\n\nEphemeral (or on-demand) runners are the [recommended way by GitHub][14] for auto-scaling, and they make sure all jobs run with a clean image. Runners are started on-demand. You don't pay unless a job is running.\n\n## API\n\nThe best way to browse API documentation is on [Constructs Hub][13]. It is available in all supported programming languages.\n\n## Providers\n\nA runner provider creates compute resources on-demand and uses [actions/runner][5] to start a runner.\n\n| | EC2 | CodeBuild | Fargate | Lambda |\n|------------------|-------------------|----------------------------|----------------|---------------|\n| **Time limit** | Unlimited | 8 hours | Unlimited | 15 minutes |\n| **vCPUs** | Unlimited | 2, 4, 8, or 72 | 0.25 to 4 | 1 to 6 |\n| **RAM** | Unlimited | 3gb, 7gb, 15gb, or 145gb | 512mb to 30gb | 128mb to 10gb |\n| **Storage** | Unlimited | 50gb to 824gb | 20gb to 200gb | Up to 10gb |\n| **Architecture** | x86_64, ARM64 | x86_64, ARM64 | x86_64, ARM64 | x86_64, ARM64 |\n| **sudo** | ✔ | ✔ | ✔ | ❌ |\n| **Docker** | ✔ | ✔ (Linux only) | ❌ | ❌ |\n| **Spot pricing** | ✔ | ❌ | ✔ | ❌ |\n| **OS** | Linux, Windows | Linux, Windows | Linux, Windows | Linux |\n\nThe best provider to use mostly depends on your current infrastructure. When in doubt, CodeBuild is always a good choice. Execution history and logs are easy to view, and it has no restrictive limits unless you need to run for more than 8 hours.\n\nYou can also create your own provider by implementing `IRunnerProvider`.\n\n## Installation\n\n1. Confirm you're using CDK v2\n2. Install the appropriate package\n 1. [Python][6]\n ```\n pip install cloudsnorkel.cdk-github-runners\n ```\n 2. [TypeScript or JavaScript][7]\n ```\n npm i @cloudsnorkel/cdk-github-runners\n ```\n 3. [Java][8]\n ```xml\n <dependency>\n <groupId>com.cloudsnorkel</groupId>\n <artifactId>cdk.github.runners</artifactId>\n </dependency>\n ```\n 4. [Go][11]\n ```\n go get github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners\n ```\n 5. [.NET][12]\n ```\n dotnet add package CloudSnorkel.Cdk.Github.Runners\n ```\n3. Use `GitHubRunners` construct in your code (starting with default arguments is fine)\n4. Deploy your stack\n5. Look for the status command output similar to `aws --region us-east-1 lambda invoke --function-name status-XYZ123 status.json`\n6. Execute the status command (you may need to specify `--profile` too) and open the resulting `status.json` file\n7. Open the URL in `github.setup.url` from `status.json` or [manually setup GitHub](SETUP_GITHUB.md) integration as an app or with personal access token\n8. Run status command again to confirm `github.auth.status` and `github.webhook.status` are OK\n9. Trigger a GitHub action that has a `self-hosted` label with `runs-on: [self-hosted, linux, codebuild]` or similar\n10. If the action is not successful, see [troubleshooting](#Troubleshooting)\n\n[](https://youtu.be/wlyv_3V8lIw)\n\n## Customizing\n\nThe default providers configured by `GitHubRunners` are useful for testing but probably not too much for actual production work. They run in the default VPC or no VPC and have no added IAM permissions. You would usually want to configure the providers yourself.\n\nFor example:\n\n```typescript\nlet vpc: ec2.Vpc;\nlet runnerSg: ec2.SecurityGroup;\nlet dbSg: ec2.SecurityGroup;\nlet bucket: s3.Bucket;\n\n// create a custom CodeBuild provider\nconst myProvider = new CodeBuildRunnerProvider(this, 'codebuild runner', {\n label: 'my-codebuild',\n vpc: vpc,\n securityGroup: runnerSg,\n});\n// grant some permissions to the provider\nbucket.grantReadWrite(myProvider);\ndbSg.connections.allowFrom(runnerSg, ec2.Port.tcp(3306), 'allow runners to connect to MySQL database');\n\n// create the runner infrastructure\nnew GitHubRunners(this, 'runners', {\n providers: [myProvider],\n});\n```\n\nAnother way to customize runners is by modifying the image used to spin them up. The image contains the [runner][5], any required dependencies, and integration code with the provider. You may choose to customize this image by adding more packages, for example.\n\n```typescript\nconst myBuilder = CodeBuildRunnerProvider.imageBuilder(this, 'image builder', {\n dockerfilePath: FargateRunner.LINUX_X64_DOCKERFILE_PATH,\n runnerVersion: RunnerVersion.specific('2.291.0'),\n rebuildInterval: Duration.days(14),\n});\nmyBuilder.addComponent(\n RunnerImageComponent.custom({ commands: ['apt install -y nginx xz-utils'] })\n);\n\nconst myProvider = new FargateRunnerProvider(this, 'fargate runner', {\n label: 'customized-fargate',\n vpc: vpc,\n securityGroup: runnerSg,\n imageBuilder: myBuilder,\n});\n\n// create the runner infrastructure\nnew GitHubRunners(this, 'runners', {\n providers: [myProvider],\n});\n```\n\nYour workflow will then look like:\n\n```yaml\nname: self-hosted example\non: push\njobs:\n self-hosted:\n runs-on: [self-hosted, customized-fargate]\n steps:\n - run: echo hello world\n```\n\nWindows images can also be customized the same way.\n\n```typescript\nconst myWindowsBuilder = FargateRunnerProvider.imageBuilder(this, 'Windows image builder', {\n architecture: Architecture.X86_64,\n os: Os.WINDOWS,\n runnerVersion: RunnerVersion.specific('2.291.0'),\n rebuildInterval: Duration.days(14),\n});\nmyWindowsBuilder.addComponent(\n RunnerImageComponent.custom({\n name: 'Ninja',\n commands: [\n 'Invoke-WebRequest -UseBasicParsing -Uri \"https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-win.zip\" -OutFile ninja.zip',\n 'Expand-Archive ninja.zip -DestinationPath C:\\\\actions',\n 'del ninja.zip',\n ],\n })\n);\n\nconst myProvider = new FargateRunnerProvider(this, 'fargate runner', {\n label: 'customized-windows-fargate',\n vpc: vpc,\n securityGroup: runnerSg,\n imageBuidler: myWindowsBuilder,\n});\n\nnew GitHubRunners(this, 'runners', {\n providers: [myProvider],\n});\n```\n\nThe runner OS and architecture is determined by the image it is set to use. For example, to create a Fargate runner provider for ARM64 set the `architecture` property for the image builder to `Architecture.ARM64` in the image builder properties.\n\n```typescript\nnew GitHubRunners(this, 'runners', {\n providers: [\n new FargateRunnerProvider(this, 'fargate runner', {\n labels: ['arm64', 'fargate'],\n imageBuidler: FargateRunnerProvider.imageBuilder(this, 'image builder', {\n architecture: Architecture.ARM64,\n os: Os.LINUX,\n }),\n }),\n ],\n});\n```\n\n## Architecture\n\n\n\n## Troubleshooting\n\n1. Always start with the status function, make sure no errors are reported, and confirm all status codes are OK\n2. If jobs are stuck on pending:\n 1. Make sure `runs-on` in the workflow matches the expected labels set in the runner provider\n 2. If it happens every time, cancel the job and start it again\n4. Confirm the webhook Lambda was called by visiting the URL in `troubleshooting.webhookHandlerUrl` from `status.json`\n 1. If it's not called or logs errors, confirm the webhook settings on the GitHub side\n 2. If you see too many errors, make sure you're only sending `workflow_job` events\n5. When using GitHub app, make sure there are active installation in `github.auth.app.installations`\n6. Check execution details of the orchestrator step function by visiting the URL in `troubleshooting.stepFunctionUrl` from `status.json`\n 1. Use the details tab to find the specific execution of the provider (Lambda, CodeBuild, Fargate, etc.)\n 2. Every step function execution should be successful, even if the runner action inside it failed\n\n## Other Options\n\n1. [philips-labs/terraform-aws-github-runner][3] if you're using Terraform\n2. [actions/actions-runner-controller][4] if you're using Kubernetes\n\n\n[1]: https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners\n[2]: https://github.com/marketplace/actions/configure-aws-credentials-action-for-github-actions\n[3]: https://github.com/philips-labs/terraform-aws-github-runner\n[4]: https://github.com/actions/actions-runner-controller\n[5]: https://github.com/actions/runner\n[6]: https://pypi.org/project/cloudsnorkel.cdk-github-runners\n[7]: https://www.npmjs.com/package/@cloudsnorkel/cdk-github-runners\n[8]: https://search.maven.org/search?q=g:%22com.cloudsnorkel%22%20AND%20a:%22cdk.github.runners%22\n[9]: https://docs.github.com/en/developers/apps/getting-started-with-apps/about-apps\n[10]: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token\n[11]: https://pkg.go.dev/github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners\n[12]: https://www.nuget.org/packages/CloudSnorkel.Cdk.Github.Runners/\n[13]: https://constructs.dev/packages/@cloudsnorkel/cdk-github-runners/\n[14]: https://docs.github.com/en/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners#using-ephemeral-runners-for-autoscaling\n"
|
|
3141
|
+
"markdown": "# GitHub Self-Hosted Runners CDK Constructs\n\n[][7]\n[][6]\n[][8]\n[][11]\n[][12]\n[](https://github.com/CloudSnorkel/cdk-github-runners/actions/workflows/release.yml)\n[](https://github.com/CloudSnorkel/cdk-github-runners/blob/main/LICENSE)\n\nUse this CDK construct to create ephemeral [self-hosted GitHub runners][1] on-demand inside your AWS account.\n\n* Easy to configure GitHub integration with a web-based interface\n* Customizable runners with decent defaults\n* Multiple runner configurations controlled by labels\n* Everything fully hosted in your account\n* Automatically updated build environment with latest runner version\n\nSelf-hosted runners in AWS are useful when:\n\n* You need easy access to internal resources in your actions\n* You want to pre-install some software for your actions\n* You want to provide some basic AWS API access (but [aws-actions/configure-aws-credentials][2] has more security controls)\n\nEphemeral (or on-demand) runners are the [recommended way by GitHub][14] for auto-scaling, and they make sure all jobs run with a clean image. Runners are started on-demand. You don't pay unless a job is running.\n\n## API\n\nThe best way to browse API documentation is on [Constructs Hub][13]. It is available in all supported programming languages.\n\n## Providers\n\nA runner provider creates compute resources on-demand and uses [actions/runner][5] to start a runner.\n\n| | EC2 | CodeBuild | Fargate | ECS | Lambda |\n|------------------|-------------------|----------------------------|----------------|----------------|---------------|\n| **Time limit** | Unlimited | 8 hours | Unlimited | Unlimited | 15 minutes |\n| **vCPUs** | Unlimited | 2, 4, 8, or 72 | 0.25 to 4 | Unlimited | 1 to 6 |\n| **RAM** | Unlimited | 3gb, 7gb, 15gb, or 145gb | 512mb to 30gb | Unlimited | 128mb to 10gb |\n| **Storage** | Unlimited | 50gb to 824gb | 20gb to 200gb | Unlimited | Up to 10gb |\n| **Architecture** | x86_64, ARM64 | x86_64, ARM64 | x86_64, ARM64 | x86_64, ARM64 | x86_64, ARM64 |\n| **sudo** | ✔ | ✔ | ✔ | ✔ | ❌ |\n| **Docker** | ✔ | ✔ (Linux only) | ❌ | ✔ | ❌ |\n| **Spot pricing** | ✔ | ❌ | ✔ | ✔ | ❌ |\n| **OS** | Linux, Windows | Linux, Windows | Linux, Windows | Linux, Windows | Linux |\n\nThe best provider to use mostly depends on your current infrastructure. When in doubt, CodeBuild is always a good choice. Execution history and logs are easy to view, and it has no restrictive limits unless you need to run for more than 8 hours.\n\n* EC2 is useful when you want runners to have complete access to the host\n* ECS is useful when you want to control the infrastructure, like leaving the runner host running for faster startups\n* Lambda is useful for short jobs that can work within time, size and readonly system constraints\n\nYou can also create your own provider by implementing `IRunnerProvider`.\n\n## Installation\n\n1. Confirm you're using CDK v2\n2. Install the appropriate package\n 1. [Python][6]\n ```\n pip install cloudsnorkel.cdk-github-runners\n ```\n 2. [TypeScript or JavaScript][7]\n ```\n npm i @cloudsnorkel/cdk-github-runners\n ```\n 3. [Java][8]\n ```xml\n <dependency>\n <groupId>com.cloudsnorkel</groupId>\n <artifactId>cdk.github.runners</artifactId>\n </dependency>\n ```\n 4. [Go][11]\n ```\n go get github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners\n ```\n 5. [.NET][12]\n ```\n dotnet add package CloudSnorkel.Cdk.Github.Runners\n ```\n3. Use `GitHubRunners` construct in your code (starting with default arguments is fine)\n4. Deploy your stack\n5. Look for the status command output similar to `aws --region us-east-1 lambda invoke --function-name status-XYZ123 status.json`\n6. Execute the status command (you may need to specify `--profile` too) and open the resulting `status.json` file\n7. Open the URL in `github.setup.url` from `status.json` or [manually setup GitHub](SETUP_GITHUB.md) integration as an app or with personal access token\n8. Run status command again to confirm `github.auth.status` and `github.webhook.status` are OK\n9. Trigger a GitHub action that has a `self-hosted` label with `runs-on: [self-hosted, linux, codebuild]` or similar\n10. If the action is not successful, see [troubleshooting](#Troubleshooting)\n\n[](https://youtu.be/wlyv_3V8lIw)\n\n## Customizing\n\nThe default providers configured by `GitHubRunners` are useful for testing but probably not too much for actual production work. They run in the default VPC or no VPC and have no added IAM permissions. You would usually want to configure the providers yourself.\n\nFor example:\n\n```typescript\nlet vpc: ec2.Vpc;\nlet runnerSg: ec2.SecurityGroup;\nlet dbSg: ec2.SecurityGroup;\nlet bucket: s3.Bucket;\n\n// create a custom CodeBuild provider\nconst myProvider = new CodeBuildRunnerProvider(this, 'codebuild runner', {\n label: 'my-codebuild',\n vpc: vpc,\n securityGroup: runnerSg,\n});\n// grant some permissions to the provider\nbucket.grantReadWrite(myProvider);\ndbSg.connections.allowFrom(runnerSg, ec2.Port.tcp(3306), 'allow runners to connect to MySQL database');\n\n// create the runner infrastructure\nnew GitHubRunners(this, 'runners', {\n providers: [myProvider],\n});\n```\n\nAnother way to customize runners is by modifying the image used to spin them up. The image contains the [runner][5], any required dependencies, and integration code with the provider. You may choose to customize this image by adding more packages, for example.\n\n```typescript\nconst myBuilder = CodeBuildRunnerProvider.imageBuilder(this, 'image builder', {\n dockerfilePath: FargateRunner.LINUX_X64_DOCKERFILE_PATH,\n runnerVersion: RunnerVersion.specific('2.291.0'),\n rebuildInterval: Duration.days(14),\n});\nmyBuilder.addComponent(\n RunnerImageComponent.custom({ commands: ['apt install -y nginx xz-utils'] })\n);\n\nconst myProvider = new FargateRunnerProvider(this, 'fargate runner', {\n label: 'customized-fargate',\n vpc: vpc,\n securityGroup: runnerSg,\n imageBuilder: myBuilder,\n});\n\n// create the runner infrastructure\nnew GitHubRunners(this, 'runners', {\n providers: [myProvider],\n});\n```\n\nYour workflow will then look like:\n\n```yaml\nname: self-hosted example\non: push\njobs:\n self-hosted:\n runs-on: [self-hosted, customized-fargate]\n steps:\n - run: echo hello world\n```\n\nWindows images can also be customized the same way.\n\n```typescript\nconst myWindowsBuilder = FargateRunnerProvider.imageBuilder(this, 'Windows image builder', {\n architecture: Architecture.X86_64,\n os: Os.WINDOWS,\n runnerVersion: RunnerVersion.specific('2.291.0'),\n rebuildInterval: Duration.days(14),\n});\nmyWindowsBuilder.addComponent(\n RunnerImageComponent.custom({\n name: 'Ninja',\n commands: [\n 'Invoke-WebRequest -UseBasicParsing -Uri \"https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-win.zip\" -OutFile ninja.zip',\n 'Expand-Archive ninja.zip -DestinationPath C:\\\\actions',\n 'del ninja.zip',\n ],\n })\n);\n\nconst myProvider = new FargateRunnerProvider(this, 'fargate runner', {\n label: 'customized-windows-fargate',\n vpc: vpc,\n securityGroup: runnerSg,\n imageBuidler: myWindowsBuilder,\n});\n\nnew GitHubRunners(this, 'runners', {\n providers: [myProvider],\n});\n```\n\nThe runner OS and architecture is determined by the image it is set to use. For example, to create a Fargate runner provider for ARM64 set the `architecture` property for the image builder to `Architecture.ARM64` in the image builder properties.\n\n```typescript\nnew GitHubRunners(this, 'runners', {\n providers: [\n new FargateRunnerProvider(this, 'fargate runner', {\n labels: ['arm64', 'fargate'],\n imageBuidler: FargateRunnerProvider.imageBuilder(this, 'image builder', {\n architecture: Architecture.ARM64,\n os: Os.LINUX,\n }),\n }),\n ],\n});\n```\n\n## Architecture\n\n\n\n## Troubleshooting\n\n1. Always start with the status function, make sure no errors are reported, and confirm all status codes are OK\n2. If jobs are stuck on pending:\n 1. Make sure `runs-on` in the workflow matches the expected labels set in the runner provider\n 2. If it happens every time, cancel the job and start it again\n4. Confirm the webhook Lambda was called by visiting the URL in `troubleshooting.webhookHandlerUrl` from `status.json`\n 1. If it's not called or logs errors, confirm the webhook settings on the GitHub side\n 2. If you see too many errors, make sure you're only sending `workflow_job` events\n5. When using GitHub app, make sure there are active installation in `github.auth.app.installations`\n6. Check execution details of the orchestrator step function by visiting the URL in `troubleshooting.stepFunctionUrl` from `status.json`\n 1. Use the details tab to find the specific execution of the provider (Lambda, CodeBuild, Fargate, etc.)\n 2. Every step function execution should be successful, even if the runner action inside it failed\n\n## Other Options\n\n1. [philips-labs/terraform-aws-github-runner][3] if you're using Terraform\n2. [actions/actions-runner-controller][4] if you're using Kubernetes\n\n\n[1]: https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners\n[2]: https://github.com/marketplace/actions/configure-aws-credentials-action-for-github-actions\n[3]: https://github.com/philips-labs/terraform-aws-github-runner\n[4]: https://github.com/actions/actions-runner-controller\n[5]: https://github.com/actions/runner\n[6]: https://pypi.org/project/cloudsnorkel.cdk-github-runners\n[7]: https://www.npmjs.com/package/@cloudsnorkel/cdk-github-runners\n[8]: https://search.maven.org/search?q=g:%22com.cloudsnorkel%22%20AND%20a:%22cdk.github.runners%22\n[9]: https://docs.github.com/en/developers/apps/getting-started-with-apps/about-apps\n[10]: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token\n[11]: https://pkg.go.dev/github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners\n[12]: https://www.nuget.org/packages/CloudSnorkel.Cdk.Github.Runners/\n[13]: https://constructs.dev/packages/@cloudsnorkel/cdk-github-runners/\n[14]: https://docs.github.com/en/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners#using-ephemeral-runners-for-autoscaling\n"
|
|
3142
3142
|
},
|
|
3143
3143
|
"repository": {
|
|
3144
3144
|
"type": "git",
|
|
@@ -3828,6 +3828,86 @@
|
|
|
3828
3828
|
],
|
|
3829
3829
|
"symbolId": "src/providers/image-builders/aws-image-builder/deprecated/ami:AmiBuilderProps"
|
|
3830
3830
|
},
|
|
3831
|
+
"@cloudsnorkel/cdk-github-runners.ApiGatewayAccessProps": {
|
|
3832
|
+
"assembly": "@cloudsnorkel/cdk-github-runners",
|
|
3833
|
+
"datatype": true,
|
|
3834
|
+
"docs": {
|
|
3835
|
+
"stability": "experimental"
|
|
3836
|
+
},
|
|
3837
|
+
"fqn": "@cloudsnorkel/cdk-github-runners.ApiGatewayAccessProps",
|
|
3838
|
+
"kind": "interface",
|
|
3839
|
+
"locationInModule": {
|
|
3840
|
+
"filename": "src/access.ts",
|
|
3841
|
+
"line": 9
|
|
3842
|
+
},
|
|
3843
|
+
"name": "ApiGatewayAccessProps",
|
|
3844
|
+
"properties": [
|
|
3845
|
+
{
|
|
3846
|
+
"abstract": true,
|
|
3847
|
+
"docs": {
|
|
3848
|
+
"remarks": "If not specified on public API Gateway, all IP addresses are allowed.\n\nIf not specified on private API Gateway, no IP addresses are allowed (but specified security groups are).",
|
|
3849
|
+
"stability": "experimental",
|
|
3850
|
+
"summary": "List of IP addresses in CIDR notation that are allowed to access the API Gateway."
|
|
3851
|
+
},
|
|
3852
|
+
"immutable": true,
|
|
3853
|
+
"locationInModule": {
|
|
3854
|
+
"filename": "src/access.ts",
|
|
3855
|
+
"line": 17
|
|
3856
|
+
},
|
|
3857
|
+
"name": "allowedIps",
|
|
3858
|
+
"optional": true,
|
|
3859
|
+
"type": {
|
|
3860
|
+
"collection": {
|
|
3861
|
+
"elementtype": {
|
|
3862
|
+
"primitive": "string"
|
|
3863
|
+
},
|
|
3864
|
+
"kind": "array"
|
|
3865
|
+
}
|
|
3866
|
+
}
|
|
3867
|
+
},
|
|
3868
|
+
{
|
|
3869
|
+
"abstract": true,
|
|
3870
|
+
"docs": {
|
|
3871
|
+
"remarks": "Only works for private API Gateways with {@link allowedVpc}.",
|
|
3872
|
+
"stability": "experimental",
|
|
3873
|
+
"summary": "List of security groups that are allowed to access the API Gateway."
|
|
3874
|
+
},
|
|
3875
|
+
"immutable": true,
|
|
3876
|
+
"locationInModule": {
|
|
3877
|
+
"filename": "src/access.ts",
|
|
3878
|
+
"line": 29
|
|
3879
|
+
},
|
|
3880
|
+
"name": "allowedSecurityGroups",
|
|
3881
|
+
"optional": true,
|
|
3882
|
+
"type": {
|
|
3883
|
+
"collection": {
|
|
3884
|
+
"elementtype": {
|
|
3885
|
+
"fqn": "aws-cdk-lib.aws_ec2.ISecurityGroup"
|
|
3886
|
+
},
|
|
3887
|
+
"kind": "array"
|
|
3888
|
+
}
|
|
3889
|
+
}
|
|
3890
|
+
},
|
|
3891
|
+
{
|
|
3892
|
+
"abstract": true,
|
|
3893
|
+
"docs": {
|
|
3894
|
+
"stability": "experimental",
|
|
3895
|
+
"summary": "Creates a private API Gateway and allows access from the specified VPC."
|
|
3896
|
+
},
|
|
3897
|
+
"immutable": true,
|
|
3898
|
+
"locationInModule": {
|
|
3899
|
+
"filename": "src/access.ts",
|
|
3900
|
+
"line": 22
|
|
3901
|
+
},
|
|
3902
|
+
"name": "allowedVpc",
|
|
3903
|
+
"optional": true,
|
|
3904
|
+
"type": {
|
|
3905
|
+
"fqn": "aws-cdk-lib.aws_ec2.IVpc"
|
|
3906
|
+
}
|
|
3907
|
+
}
|
|
3908
|
+
],
|
|
3909
|
+
"symbolId": "src/access:ApiGatewayAccessProps"
|
|
3910
|
+
},
|
|
3831
3911
|
"@cloudsnorkel/cdk-github-runners.Architecture": {
|
|
3832
3912
|
"assembly": "@cloudsnorkel/cdk-github-runners",
|
|
3833
3913
|
"docs": {
|
|
@@ -5115,7 +5195,7 @@
|
|
|
5115
5195
|
{
|
|
5116
5196
|
"abstract": true,
|
|
5117
5197
|
"docs": {
|
|
5118
|
-
"default": "
|
|
5198
|
+
"default": "CodeBuildRunnerProvider.imageBuilder()",
|
|
5119
5199
|
"remarks": "The image builder must contain the {@link RunnerImageComponent.dockerInDocker} component unless `dockerInDocker` is set to false.\n\nThe image builder determines the OS and architecture of the runner.",
|
|
5120
5200
|
"stability": "experimental",
|
|
5121
5201
|
"summary": "Runner image builder used to build Docker images containing GitHub Runner and all requirements."
|
|
@@ -6585,7 +6665,7 @@
|
|
|
6585
6665
|
},
|
|
6586
6666
|
"locationInModule": {
|
|
6587
6667
|
"filename": "src/providers/fargate.ts",
|
|
6588
|
-
"line":
|
|
6668
|
+
"line": 356
|
|
6589
6669
|
},
|
|
6590
6670
|
"parameters": [
|
|
6591
6671
|
{
|
|
@@ -6612,7 +6692,7 @@
|
|
|
6612
6692
|
"kind": "class",
|
|
6613
6693
|
"locationInModule": {
|
|
6614
6694
|
"filename": "src/providers/fargate.ts",
|
|
6615
|
-
"line":
|
|
6695
|
+
"line": 519
|
|
6616
6696
|
},
|
|
6617
6697
|
"name": "FargateRunner",
|
|
6618
6698
|
"symbolId": "src/providers/fargate:FargateRunner"
|
|
@@ -6632,7 +6712,7 @@
|
|
|
6632
6712
|
},
|
|
6633
6713
|
"locationInModule": {
|
|
6634
6714
|
"filename": "src/providers/fargate.ts",
|
|
6635
|
-
"line":
|
|
6715
|
+
"line": 356
|
|
6636
6716
|
},
|
|
6637
6717
|
"parameters": [
|
|
6638
6718
|
{
|
|
@@ -6662,7 +6742,7 @@
|
|
|
6662
6742
|
"kind": "class",
|
|
6663
6743
|
"locationInModule": {
|
|
6664
6744
|
"filename": "src/providers/fargate.ts",
|
|
6665
|
-
"line":
|
|
6745
|
+
"line": 242
|
|
6666
6746
|
},
|
|
6667
6747
|
"methods": [
|
|
6668
6748
|
{
|
|
@@ -6673,7 +6753,7 @@
|
|
|
6673
6753
|
},
|
|
6674
6754
|
"locationInModule": {
|
|
6675
6755
|
"filename": "src/providers/fargate.ts",
|
|
6676
|
-
"line":
|
|
6756
|
+
"line": 276
|
|
6677
6757
|
},
|
|
6678
6758
|
"name": "imageBuilder",
|
|
6679
6759
|
"parameters": [
|
|
@@ -6751,7 +6831,7 @@
|
|
|
6751
6831
|
},
|
|
6752
6832
|
"locationInModule": {
|
|
6753
6833
|
"filename": "src/providers/fargate.ts",
|
|
6754
|
-
"line":
|
|
6834
|
+
"line": 440
|
|
6755
6835
|
},
|
|
6756
6836
|
"name": "getStepFunctionTask",
|
|
6757
6837
|
"overrides": "@cloudsnorkel/cdk-github-runners.IRunnerProvider",
|
|
@@ -6780,7 +6860,7 @@
|
|
|
6780
6860
|
},
|
|
6781
6861
|
"locationInModule": {
|
|
6782
6862
|
"filename": "src/providers/fargate.ts",
|
|
6783
|
-
"line":
|
|
6863
|
+
"line": 494
|
|
6784
6864
|
},
|
|
6785
6865
|
"name": "grantStateMachine",
|
|
6786
6866
|
"overrides": "@cloudsnorkel/cdk-github-runners.IRunnerProvider",
|
|
@@ -6849,7 +6929,7 @@
|
|
|
6849
6929
|
},
|
|
6850
6930
|
"locationInModule": {
|
|
6851
6931
|
"filename": "src/providers/fargate.ts",
|
|
6852
|
-
"line":
|
|
6932
|
+
"line": 497
|
|
6853
6933
|
},
|
|
6854
6934
|
"name": "status",
|
|
6855
6935
|
"overrides": "@cloudsnorkel/cdk-github-runners.IRunnerProvider",
|
|
@@ -6881,7 +6961,7 @@
|
|
|
6881
6961
|
"immutable": true,
|
|
6882
6962
|
"locationInModule": {
|
|
6883
6963
|
"filename": "src/providers/fargate.ts",
|
|
6884
|
-
"line":
|
|
6964
|
+
"line": 263
|
|
6885
6965
|
},
|
|
6886
6966
|
"name": "LINUX_ARM64_DOCKERFILE_PATH",
|
|
6887
6967
|
"static": true,
|
|
@@ -6900,7 +6980,7 @@
|
|
|
6900
6980
|
"immutable": true,
|
|
6901
6981
|
"locationInModule": {
|
|
6902
6982
|
"filename": "src/providers/fargate.ts",
|
|
6903
|
-
"line":
|
|
6983
|
+
"line": 252
|
|
6904
6984
|
},
|
|
6905
6985
|
"name": "LINUX_X64_DOCKERFILE_PATH",
|
|
6906
6986
|
"static": true,
|
|
@@ -6916,7 +6996,7 @@
|
|
|
6916
6996
|
"immutable": true,
|
|
6917
6997
|
"locationInModule": {
|
|
6918
6998
|
"filename": "src/providers/fargate.ts",
|
|
6919
|
-
"line":
|
|
6999
|
+
"line": 325
|
|
6920
7000
|
},
|
|
6921
7001
|
"name": "assignPublicIp",
|
|
6922
7002
|
"type": {
|
|
@@ -6931,7 +7011,7 @@
|
|
|
6931
7011
|
"immutable": true,
|
|
6932
7012
|
"locationInModule": {
|
|
6933
7013
|
"filename": "src/providers/fargate.ts",
|
|
6934
|
-
"line":
|
|
7014
|
+
"line": 295
|
|
6935
7015
|
},
|
|
6936
7016
|
"name": "cluster",
|
|
6937
7017
|
"type": {
|
|
@@ -6946,7 +7026,7 @@
|
|
|
6946
7026
|
"immutable": true,
|
|
6947
7027
|
"locationInModule": {
|
|
6948
7028
|
"filename": "src/providers/fargate.ts",
|
|
6949
|
-
"line":
|
|
7029
|
+
"line": 335
|
|
6950
7030
|
},
|
|
6951
7031
|
"name": "connections",
|
|
6952
7032
|
"overrides": "aws-cdk-lib.aws_ec2.IConnectable",
|
|
@@ -6962,7 +7042,7 @@
|
|
|
6962
7042
|
"immutable": true,
|
|
6963
7043
|
"locationInModule": {
|
|
6964
7044
|
"filename": "src/providers/fargate.ts",
|
|
6965
|
-
"line":
|
|
7045
|
+
"line": 305
|
|
6966
7046
|
},
|
|
6967
7047
|
"name": "container",
|
|
6968
7048
|
"type": {
|
|
@@ -6977,7 +7057,7 @@
|
|
|
6977
7057
|
"immutable": true,
|
|
6978
7058
|
"locationInModule": {
|
|
6979
7059
|
"filename": "src/providers/fargate.ts",
|
|
6980
|
-
"line":
|
|
7060
|
+
"line": 330
|
|
6981
7061
|
},
|
|
6982
7062
|
"name": "grantPrincipal",
|
|
6983
7063
|
"overrides": "aws-cdk-lib.aws_iam.IGrantable",
|
|
@@ -6994,7 +7074,7 @@
|
|
|
6994
7074
|
"immutable": true,
|
|
6995
7075
|
"locationInModule": {
|
|
6996
7076
|
"filename": "src/providers/fargate.ts",
|
|
6997
|
-
"line":
|
|
7077
|
+
"line": 345
|
|
6998
7078
|
},
|
|
6999
7079
|
"name": "image",
|
|
7000
7080
|
"type": {
|
|
@@ -7009,7 +7089,7 @@
|
|
|
7009
7089
|
"immutable": true,
|
|
7010
7090
|
"locationInModule": {
|
|
7011
7091
|
"filename": "src/providers/fargate.ts",
|
|
7012
|
-
"line":
|
|
7092
|
+
"line": 310
|
|
7013
7093
|
},
|
|
7014
7094
|
"name": "labels",
|
|
7015
7095
|
"overrides": "@cloudsnorkel/cdk-github-runners.IRunnerProvider",
|
|
@@ -7031,7 +7111,7 @@
|
|
|
7031
7111
|
"immutable": true,
|
|
7032
7112
|
"locationInModule": {
|
|
7033
7113
|
"filename": "src/providers/fargate.ts",
|
|
7034
|
-
"line":
|
|
7114
|
+
"line": 352
|
|
7035
7115
|
},
|
|
7036
7116
|
"name": "logGroup",
|
|
7037
7117
|
"overrides": "@cloudsnorkel/cdk-github-runners.IRunnerProvider",
|
|
@@ -7047,7 +7127,7 @@
|
|
|
7047
7127
|
"immutable": true,
|
|
7048
7128
|
"locationInModule": {
|
|
7049
7129
|
"filename": "src/providers/fargate.ts",
|
|
7050
|
-
"line":
|
|
7130
|
+
"line": 340
|
|
7051
7131
|
},
|
|
7052
7132
|
"name": "spot",
|
|
7053
7133
|
"type": {
|
|
@@ -7062,7 +7142,7 @@
|
|
|
7062
7142
|
"immutable": true,
|
|
7063
7143
|
"locationInModule": {
|
|
7064
7144
|
"filename": "src/providers/fargate.ts",
|
|
7065
|
-
"line":
|
|
7145
|
+
"line": 300
|
|
7066
7146
|
},
|
|
7067
7147
|
"name": "task",
|
|
7068
7148
|
"type": {
|
|
@@ -7077,7 +7157,7 @@
|
|
|
7077
7157
|
"immutable": true,
|
|
7078
7158
|
"locationInModule": {
|
|
7079
7159
|
"filename": "src/providers/fargate.ts",
|
|
7080
|
-
"line":
|
|
7160
|
+
"line": 320
|
|
7081
7161
|
},
|
|
7082
7162
|
"name": "subnetSelection",
|
|
7083
7163
|
"optional": true,
|
|
@@ -7093,7 +7173,7 @@
|
|
|
7093
7173
|
"immutable": true,
|
|
7094
7174
|
"locationInModule": {
|
|
7095
7175
|
"filename": "src/providers/fargate.ts",
|
|
7096
|
-
"line":
|
|
7176
|
+
"line": 315
|
|
7097
7177
|
},
|
|
7098
7178
|
"name": "vpc",
|
|
7099
7179
|
"optional": true,
|
|
@@ -7109,7 +7189,7 @@
|
|
|
7109
7189
|
"datatype": true,
|
|
7110
7190
|
"docs": {
|
|
7111
7191
|
"stability": "experimental",
|
|
7112
|
-
"summary": "Properties for
|
|
7192
|
+
"summary": "Properties for FargateRunnerProvider."
|
|
7113
7193
|
},
|
|
7114
7194
|
"fqn": "@cloudsnorkel/cdk-github-runners.FargateRunnerProviderProps",
|
|
7115
7195
|
"interfaces": [
|
|
@@ -7200,7 +7280,7 @@
|
|
|
7200
7280
|
{
|
|
7201
7281
|
"abstract": true,
|
|
7202
7282
|
"docs": {
|
|
7203
|
-
"default": "
|
|
7283
|
+
"default": "FargateRunnerProvider.imageBuilder()",
|
|
7204
7284
|
"remarks": "The image builder determines the OS and architecture of the runner.",
|
|
7205
7285
|
"stability": "experimental",
|
|
7206
7286
|
"summary": "Runner image builder used to build Docker images containing GitHub Runner and all requirements."
|
|
@@ -7393,7 +7473,7 @@
|
|
|
7393
7473
|
},
|
|
7394
7474
|
"locationInModule": {
|
|
7395
7475
|
"filename": "src/runner.ts",
|
|
7396
|
-
"line":
|
|
7476
|
+
"line": 218
|
|
7397
7477
|
},
|
|
7398
7478
|
"parameters": [
|
|
7399
7479
|
{
|
|
@@ -7420,7 +7500,7 @@
|
|
|
7420
7500
|
"kind": "class",
|
|
7421
7501
|
"locationInModule": {
|
|
7422
7502
|
"filename": "src/runner.ts",
|
|
7423
|
-
"line":
|
|
7503
|
+
"line": 199
|
|
7424
7504
|
},
|
|
7425
7505
|
"methods": [
|
|
7426
7506
|
{
|
|
@@ -7431,7 +7511,7 @@
|
|
|
7431
7511
|
},
|
|
7432
7512
|
"locationInModule": {
|
|
7433
7513
|
"filename": "src/runner.ts",
|
|
7434
|
-
"line":
|
|
7514
|
+
"line": 607
|
|
7435
7515
|
},
|
|
7436
7516
|
"name": "metricFailed",
|
|
7437
7517
|
"parameters": [
|
|
@@ -7457,7 +7537,7 @@
|
|
|
7457
7537
|
},
|
|
7458
7538
|
"locationInModule": {
|
|
7459
7539
|
"filename": "src/runner.ts",
|
|
7460
|
-
"line":
|
|
7540
|
+
"line": 552
|
|
7461
7541
|
},
|
|
7462
7542
|
"name": "metricJobCompleted",
|
|
7463
7543
|
"parameters": [
|
|
@@ -7483,7 +7563,7 @@
|
|
|
7483
7563
|
},
|
|
7484
7564
|
"locationInModule": {
|
|
7485
7565
|
"filename": "src/runner.ts",
|
|
7486
|
-
"line":
|
|
7566
|
+
"line": 598
|
|
7487
7567
|
},
|
|
7488
7568
|
"name": "metricSucceeded",
|
|
7489
7569
|
"parameters": [
|
|
@@ -7509,7 +7589,7 @@
|
|
|
7509
7589
|
},
|
|
7510
7590
|
"locationInModule": {
|
|
7511
7591
|
"filename": "src/runner.ts",
|
|
7512
|
-
"line":
|
|
7592
|
+
"line": 614
|
|
7513
7593
|
},
|
|
7514
7594
|
"name": "metricTime",
|
|
7515
7595
|
"parameters": [
|
|
@@ -7538,7 +7618,7 @@
|
|
|
7538
7618
|
"immutable": true,
|
|
7539
7619
|
"locationInModule": {
|
|
7540
7620
|
"filename": "src/runner.ts",
|
|
7541
|
-
"line":
|
|
7621
|
+
"line": 203
|
|
7542
7622
|
},
|
|
7543
7623
|
"name": "providers",
|
|
7544
7624
|
"type": {
|
|
@@ -7558,7 +7638,7 @@
|
|
|
7558
7638
|
"immutable": true,
|
|
7559
7639
|
"locationInModule": {
|
|
7560
7640
|
"filename": "src/runner.ts",
|
|
7561
|
-
"line":
|
|
7641
|
+
"line": 208
|
|
7562
7642
|
},
|
|
7563
7643
|
"name": "secrets",
|
|
7564
7644
|
"type": {
|
|
@@ -7572,7 +7652,7 @@
|
|
|
7572
7652
|
"immutable": true,
|
|
7573
7653
|
"locationInModule": {
|
|
7574
7654
|
"filename": "src/runner.ts",
|
|
7575
|
-
"line":
|
|
7655
|
+
"line": 218
|
|
7576
7656
|
},
|
|
7577
7657
|
"name": "props",
|
|
7578
7658
|
"optional": true,
|
|
@@ -7594,7 +7674,7 @@
|
|
|
7594
7674
|
"kind": "interface",
|
|
7595
7675
|
"locationInModule": {
|
|
7596
7676
|
"filename": "src/runner.ts",
|
|
7597
|
-
"line":
|
|
7677
|
+
"line": 30
|
|
7598
7678
|
},
|
|
7599
7679
|
"name": "GitHubRunnersProps",
|
|
7600
7680
|
"properties": [
|
|
@@ -7609,7 +7689,7 @@
|
|
|
7609
7689
|
"immutable": true,
|
|
7610
7690
|
"locationInModule": {
|
|
7611
7691
|
"filename": "src/runner.ts",
|
|
7612
|
-
"line":
|
|
7692
|
+
"line": 53
|
|
7613
7693
|
},
|
|
7614
7694
|
"name": "allowPublicSubnet",
|
|
7615
7695
|
"optional": true,
|
|
@@ -7627,7 +7707,7 @@
|
|
|
7627
7707
|
"immutable": true,
|
|
7628
7708
|
"locationInModule": {
|
|
7629
7709
|
"filename": "src/runner.ts",
|
|
7630
|
-
"line":
|
|
7710
|
+
"line": 83
|
|
7631
7711
|
},
|
|
7632
7712
|
"name": "extraCertificates",
|
|
7633
7713
|
"optional": true,
|
|
@@ -7646,7 +7726,7 @@
|
|
|
7646
7726
|
"immutable": true,
|
|
7647
7727
|
"locationInModule": {
|
|
7648
7728
|
"filename": "src/runner.ts",
|
|
7649
|
-
"line":
|
|
7729
|
+
"line": 90
|
|
7650
7730
|
},
|
|
7651
7731
|
"name": "idleTimeout",
|
|
7652
7732
|
"optional": true,
|
|
@@ -7664,7 +7744,7 @@
|
|
|
7664
7744
|
"immutable": true,
|
|
7665
7745
|
"locationInModule": {
|
|
7666
7746
|
"filename": "src/runner.ts",
|
|
7667
|
-
"line":
|
|
7747
|
+
"line": 97
|
|
7668
7748
|
},
|
|
7669
7749
|
"name": "logOptions",
|
|
7670
7750
|
"optional": true,
|
|
@@ -7683,7 +7763,7 @@
|
|
|
7683
7763
|
"immutable": true,
|
|
7684
7764
|
"locationInModule": {
|
|
7685
7765
|
"filename": "src/runner.ts",
|
|
7686
|
-
"line":
|
|
7766
|
+
"line": 36
|
|
7687
7767
|
},
|
|
7688
7768
|
"name": "providers",
|
|
7689
7769
|
"optional": true,
|
|
@@ -7706,7 +7786,7 @@
|
|
|
7706
7786
|
"immutable": true,
|
|
7707
7787
|
"locationInModule": {
|
|
7708
7788
|
"filename": "src/runner.ts",
|
|
7709
|
-
"line":
|
|
7789
|
+
"line": 58
|
|
7710
7790
|
},
|
|
7711
7791
|
"name": "securityGroup",
|
|
7712
7792
|
"optional": true,
|
|
@@ -7714,6 +7794,44 @@
|
|
|
7714
7794
|
"fqn": "aws-cdk-lib.aws_ec2.ISecurityGroup"
|
|
7715
7795
|
}
|
|
7716
7796
|
},
|
|
7797
|
+
{
|
|
7798
|
+
"abstract": true,
|
|
7799
|
+
"docs": {
|
|
7800
|
+
"default": "LambdaAccess.lambdaUrl()",
|
|
7801
|
+
"remarks": "Once you finish the setup process, you can set this to `LambdaAccess.noAccess()` to remove access to the setup function. You can also use `LambdaAccess.apiGateway({ allowedIps: ['my-ip/0']})` to limit access to your IP only.",
|
|
7802
|
+
"stability": "experimental",
|
|
7803
|
+
"summary": "Access configuration for the setup function."
|
|
7804
|
+
},
|
|
7805
|
+
"immutable": true,
|
|
7806
|
+
"locationInModule": {
|
|
7807
|
+
"filename": "src/runner.ts",
|
|
7808
|
+
"line": 104
|
|
7809
|
+
},
|
|
7810
|
+
"name": "setupAccess",
|
|
7811
|
+
"optional": true,
|
|
7812
|
+
"type": {
|
|
7813
|
+
"fqn": "@cloudsnorkel/cdk-github-runners.LambdaAccess"
|
|
7814
|
+
}
|
|
7815
|
+
},
|
|
7816
|
+
{
|
|
7817
|
+
"abstract": true,
|
|
7818
|
+
"docs": {
|
|
7819
|
+
"default": "LambdaAccess.noAccess()",
|
|
7820
|
+
"remarks": "This function returns a lot of sensitive information about the runner, so you should only allow access to it from trusted IPs, if at all.",
|
|
7821
|
+
"stability": "experimental",
|
|
7822
|
+
"summary": "Access configuration for the status function."
|
|
7823
|
+
},
|
|
7824
|
+
"immutable": true,
|
|
7825
|
+
"locationInModule": {
|
|
7826
|
+
"filename": "src/runner.ts",
|
|
7827
|
+
"line": 123
|
|
7828
|
+
},
|
|
7829
|
+
"name": "statusAccess",
|
|
7830
|
+
"optional": true,
|
|
7831
|
+
"type": {
|
|
7832
|
+
"fqn": "@cloudsnorkel/cdk-github-runners.LambdaAccess"
|
|
7833
|
+
}
|
|
7834
|
+
},
|
|
7717
7835
|
{
|
|
7718
7836
|
"abstract": true,
|
|
7719
7837
|
"docs": {
|
|
@@ -7724,7 +7842,7 @@
|
|
|
7724
7842
|
"immutable": true,
|
|
7725
7843
|
"locationInModule": {
|
|
7726
7844
|
"filename": "src/runner.ts",
|
|
7727
|
-
"line":
|
|
7845
|
+
"line": 41
|
|
7728
7846
|
},
|
|
7729
7847
|
"name": "vpc",
|
|
7730
7848
|
"optional": true,
|
|
@@ -7742,13 +7860,32 @@
|
|
|
7742
7860
|
"immutable": true,
|
|
7743
7861
|
"locationInModule": {
|
|
7744
7862
|
"filename": "src/runner.ts",
|
|
7745
|
-
"line":
|
|
7863
|
+
"line": 46
|
|
7746
7864
|
},
|
|
7747
7865
|
"name": "vpcSubnets",
|
|
7748
7866
|
"optional": true,
|
|
7749
7867
|
"type": {
|
|
7750
7868
|
"fqn": "aws-cdk-lib.aws_ec2.SubnetSelection"
|
|
7751
7869
|
}
|
|
7870
|
+
},
|
|
7871
|
+
{
|
|
7872
|
+
"abstract": true,
|
|
7873
|
+
"docs": {
|
|
7874
|
+
"default": "LambdaAccess.lambdaUrl()",
|
|
7875
|
+
"remarks": "This function is called by GitHub when a new workflow job is scheduled. For an extra layer of security, you can set this to `LambdaAccess.apiGateway({ allowedIps: LambdaAccess.githubWebhookIps() })`.\n\nYou can also set this to `LambdaAccess.privateApiGateway()` if your GitHub Enterprise Server is hosted in a VPC. This will create an API Gateway endpoint that's only accessible from within the VPC.\n\n*WARNING*: changing access type may change the URL. When the URL changes, you must update GitHub as well.",
|
|
7876
|
+
"stability": "experimental",
|
|
7877
|
+
"summary": "Access configuration for the webhook function."
|
|
7878
|
+
},
|
|
7879
|
+
"immutable": true,
|
|
7880
|
+
"locationInModule": {
|
|
7881
|
+
"filename": "src/runner.ts",
|
|
7882
|
+
"line": 116
|
|
7883
|
+
},
|
|
7884
|
+
"name": "webhookAccess",
|
|
7885
|
+
"optional": true,
|
|
7886
|
+
"type": {
|
|
7887
|
+
"fqn": "@cloudsnorkel/cdk-github-runners.LambdaAccess"
|
|
7888
|
+
}
|
|
7752
7889
|
}
|
|
7753
7890
|
],
|
|
7754
7891
|
"symbolId": "src/runner:GitHubRunnersProps"
|
|
@@ -8566,6 +8703,116 @@
|
|
|
8566
8703
|
],
|
|
8567
8704
|
"symbolId": "src/providers/image-builders/aws-image-builder/builder:ImageBuilderComponentProperties"
|
|
8568
8705
|
},
|
|
8706
|
+
"@cloudsnorkel/cdk-github-runners.LambdaAccess": {
|
|
8707
|
+
"abstract": true,
|
|
8708
|
+
"assembly": "@cloudsnorkel/cdk-github-runners",
|
|
8709
|
+
"docs": {
|
|
8710
|
+
"remarks": "Use this to limit access to these functions.",
|
|
8711
|
+
"stability": "experimental",
|
|
8712
|
+
"summary": "Access configuration options for Lambda functions like setup and webhook function."
|
|
8713
|
+
},
|
|
8714
|
+
"fqn": "@cloudsnorkel/cdk-github-runners.LambdaAccess",
|
|
8715
|
+
"initializer": {
|
|
8716
|
+
"docs": {
|
|
8717
|
+
"stability": "experimental"
|
|
8718
|
+
}
|
|
8719
|
+
},
|
|
8720
|
+
"kind": "class",
|
|
8721
|
+
"locationInModule": {
|
|
8722
|
+
"filename": "src/access.ts",
|
|
8723
|
+
"line": 35
|
|
8724
|
+
},
|
|
8725
|
+
"methods": [
|
|
8726
|
+
{
|
|
8727
|
+
"docs": {
|
|
8728
|
+
"remarks": "This is the most secure option, but requires additional configuration. It allows you to limit access to specific IP addresses and even to a specific VPC.\n\nTo limit access to GitHub.com use:\n\n```\nLambdaAccess.apiGateway({\n allowedIps: LambdaAccess.githubWebhookIps(),\n});\n```\n\nAlternatively, get and manually update the list manually with:\n\n```\ncurl https://api.github.com/meta | jq .hooks\n```",
|
|
8729
|
+
"stability": "experimental",
|
|
8730
|
+
"summary": "Provide access using API Gateway."
|
|
8731
|
+
},
|
|
8732
|
+
"locationInModule": {
|
|
8733
|
+
"filename": "src/access.ts",
|
|
8734
|
+
"line": 67
|
|
8735
|
+
},
|
|
8736
|
+
"name": "apiGateway",
|
|
8737
|
+
"parameters": [
|
|
8738
|
+
{
|
|
8739
|
+
"name": "props",
|
|
8740
|
+
"optional": true,
|
|
8741
|
+
"type": {
|
|
8742
|
+
"fqn": "@cloudsnorkel/cdk-github-runners.ApiGatewayAccessProps"
|
|
8743
|
+
}
|
|
8744
|
+
}
|
|
8745
|
+
],
|
|
8746
|
+
"returns": {
|
|
8747
|
+
"type": {
|
|
8748
|
+
"fqn": "@cloudsnorkel/cdk-github-runners.LambdaAccess"
|
|
8749
|
+
}
|
|
8750
|
+
},
|
|
8751
|
+
"static": true
|
|
8752
|
+
},
|
|
8753
|
+
{
|
|
8754
|
+
"docs": {
|
|
8755
|
+
"remarks": "Note that downloading dynamic data during deployment is not recommended in CDK. This is a workaround for the lack of a better solution.",
|
|
8756
|
+
"stability": "experimental",
|
|
8757
|
+
"summary": "Downloads the list of IP addresses used by GitHub.com for webhooks."
|
|
8758
|
+
},
|
|
8759
|
+
"locationInModule": {
|
|
8760
|
+
"filename": "src/access.ts",
|
|
8761
|
+
"line": 76
|
|
8762
|
+
},
|
|
8763
|
+
"name": "githubWebhookIps",
|
|
8764
|
+
"returns": {
|
|
8765
|
+
"type": {
|
|
8766
|
+
"collection": {
|
|
8767
|
+
"elementtype": {
|
|
8768
|
+
"primitive": "string"
|
|
8769
|
+
},
|
|
8770
|
+
"kind": "array"
|
|
8771
|
+
}
|
|
8772
|
+
}
|
|
8773
|
+
},
|
|
8774
|
+
"static": true
|
|
8775
|
+
},
|
|
8776
|
+
{
|
|
8777
|
+
"docs": {
|
|
8778
|
+
"remarks": "This is the default and simplest option. It puts no limits on the requester, but the Lambda functions themselves authenticate every request.",
|
|
8779
|
+
"stability": "experimental",
|
|
8780
|
+
"summary": "Provide access using Lambda URL."
|
|
8781
|
+
},
|
|
8782
|
+
"locationInModule": {
|
|
8783
|
+
"filename": "src/access.ts",
|
|
8784
|
+
"line": 46
|
|
8785
|
+
},
|
|
8786
|
+
"name": "lambdaUrl",
|
|
8787
|
+
"returns": {
|
|
8788
|
+
"type": {
|
|
8789
|
+
"fqn": "@cloudsnorkel/cdk-github-runners.LambdaAccess"
|
|
8790
|
+
}
|
|
8791
|
+
},
|
|
8792
|
+
"static": true
|
|
8793
|
+
},
|
|
8794
|
+
{
|
|
8795
|
+
"docs": {
|
|
8796
|
+
"remarks": "This is useful for the setup function after setup is done.",
|
|
8797
|
+
"stability": "experimental",
|
|
8798
|
+
"summary": "Disables access to the configured Lambda function."
|
|
8799
|
+
},
|
|
8800
|
+
"locationInModule": {
|
|
8801
|
+
"filename": "src/access.ts",
|
|
8802
|
+
"line": 39
|
|
8803
|
+
},
|
|
8804
|
+
"name": "noAccess",
|
|
8805
|
+
"returns": {
|
|
8806
|
+
"type": {
|
|
8807
|
+
"fqn": "@cloudsnorkel/cdk-github-runners.LambdaAccess"
|
|
8808
|
+
}
|
|
8809
|
+
},
|
|
8810
|
+
"static": true
|
|
8811
|
+
}
|
|
8812
|
+
],
|
|
8813
|
+
"name": "LambdaAccess",
|
|
8814
|
+
"symbolId": "src/access:LambdaAccess"
|
|
8815
|
+
},
|
|
8569
8816
|
"@cloudsnorkel/cdk-github-runners.LambdaRunner": {
|
|
8570
8817
|
"assembly": "@cloudsnorkel/cdk-github-runners",
|
|
8571
8818
|
"base": "@cloudsnorkel/cdk-github-runners.LambdaRunnerProvider",
|
|
@@ -9045,7 +9292,7 @@
|
|
|
9045
9292
|
{
|
|
9046
9293
|
"abstract": true,
|
|
9047
9294
|
"docs": {
|
|
9048
|
-
"default": "
|
|
9295
|
+
"default": "LambdaRunnerProvider.imageBuilder()",
|
|
9049
9296
|
"remarks": "The image builder must contain the {@link RunnerImageComponent.lambdaEntrypoint} component.\n\nThe image builder determines the OS and architecture of the runner.",
|
|
9050
9297
|
"stability": "experimental",
|
|
9051
9298
|
"summary": "Runner image builder used to build Docker images containing GitHub Runner and all requirements."
|
|
@@ -9552,7 +9799,7 @@
|
|
|
9552
9799
|
"kind": "interface",
|
|
9553
9800
|
"locationInModule": {
|
|
9554
9801
|
"filename": "src/runner.ts",
|
|
9555
|
-
"line":
|
|
9802
|
+
"line": 129
|
|
9556
9803
|
},
|
|
9557
9804
|
"name": "LogOptions",
|
|
9558
9805
|
"properties": [
|
|
@@ -9566,7 +9813,7 @@
|
|
|
9566
9813
|
"immutable": true,
|
|
9567
9814
|
"locationInModule": {
|
|
9568
9815
|
"filename": "src/runner.ts",
|
|
9569
|
-
"line":
|
|
9816
|
+
"line": 140
|
|
9570
9817
|
},
|
|
9571
9818
|
"name": "includeExecutionData",
|
|
9572
9819
|
"optional": true,
|
|
@@ -9584,7 +9831,7 @@
|
|
|
9584
9831
|
"immutable": true,
|
|
9585
9832
|
"locationInModule": {
|
|
9586
9833
|
"filename": "src/runner.ts",
|
|
9587
|
-
"line":
|
|
9834
|
+
"line": 147
|
|
9588
9835
|
},
|
|
9589
9836
|
"name": "level",
|
|
9590
9837
|
"optional": true,
|
|
@@ -9601,7 +9848,7 @@
|
|
|
9601
9848
|
"immutable": true,
|
|
9602
9849
|
"locationInModule": {
|
|
9603
9850
|
"filename": "src/runner.ts",
|
|
9604
|
-
"line":
|
|
9851
|
+
"line": 133
|
|
9605
9852
|
},
|
|
9606
9853
|
"name": "logGroupName",
|
|
9607
9854
|
"optional": true,
|
|
@@ -9620,7 +9867,7 @@
|
|
|
9620
9867
|
"immutable": true,
|
|
9621
9868
|
"locationInModule": {
|
|
9622
9869
|
"filename": "src/runner.ts",
|
|
9623
|
-
"line":
|
|
9870
|
+
"line": 156
|
|
9624
9871
|
},
|
|
9625
9872
|
"name": "logRetention",
|
|
9626
9873
|
"optional": true,
|
|
@@ -10822,7 +11069,7 @@
|
|
|
10822
11069
|
},
|
|
10823
11070
|
"locationInModule": {
|
|
10824
11071
|
"filename": "src/providers/image-builders/components.ts",
|
|
10825
|
-
"line":
|
|
11072
|
+
"line": 420
|
|
10826
11073
|
},
|
|
10827
11074
|
"name": "extraCertificates",
|
|
10828
11075
|
"parameters": [
|
|
@@ -10923,7 +11170,7 @@
|
|
|
10923
11170
|
},
|
|
10924
11171
|
"locationInModule": {
|
|
10925
11172
|
"filename": "src/providers/image-builders/components.ts",
|
|
10926
|
-
"line":
|
|
11173
|
+
"line": 470
|
|
10927
11174
|
},
|
|
10928
11175
|
"name": "lambdaEntrypoint",
|
|
10929
11176
|
"returns": {
|
|
@@ -10975,7 +11222,7 @@
|
|
|
10975
11222
|
},
|
|
10976
11223
|
"locationInModule": {
|
|
10977
11224
|
"filename": "src/providers/image-builders/components.ts",
|
|
10978
|
-
"line":
|
|
11225
|
+
"line": 519
|
|
10979
11226
|
},
|
|
10980
11227
|
"name": "getAssets",
|
|
10981
11228
|
"parameters": [
|
|
@@ -11012,7 +11259,7 @@
|
|
|
11012
11259
|
},
|
|
11013
11260
|
"locationInModule": {
|
|
11014
11261
|
"filename": "src/providers/image-builders/components.ts",
|
|
11015
|
-
"line":
|
|
11262
|
+
"line": 514
|
|
11016
11263
|
},
|
|
11017
11264
|
"name": "getCommands",
|
|
11018
11265
|
"parameters": [
|
|
@@ -11048,7 +11295,7 @@
|
|
|
11048
11295
|
},
|
|
11049
11296
|
"locationInModule": {
|
|
11050
11297
|
"filename": "src/providers/image-builders/components.ts",
|
|
11051
|
-
"line":
|
|
11298
|
+
"line": 528
|
|
11052
11299
|
},
|
|
11053
11300
|
"name": "getDockerCommands",
|
|
11054
11301
|
"parameters": [
|
|
@@ -11089,7 +11336,7 @@
|
|
|
11089
11336
|
"immutable": true,
|
|
11090
11337
|
"locationInModule": {
|
|
11091
11338
|
"filename": "src/providers/image-builders/components.ts",
|
|
11092
|
-
"line":
|
|
11339
|
+
"line": 509
|
|
11093
11340
|
},
|
|
11094
11341
|
"name": "name",
|
|
11095
11342
|
"type": {
|
|
@@ -11974,6 +12221,6 @@
|
|
|
11974
12221
|
"symbolId": "src/providers/image-builders/aws-image-builder/deprecated/windows-components:WindowsComponents"
|
|
11975
12222
|
}
|
|
11976
12223
|
},
|
|
11977
|
-
"version": "0.9.
|
|
11978
|
-
"fingerprint": "
|
|
12224
|
+
"version": "0.9.2",
|
|
12225
|
+
"fingerprint": "zmHG8ogvxM4UnuobG3q57zcoNzxuIu+sExYrdG2uOo8="
|
|
11979
12226
|
}
|