@cloudsnorkel/cdk-github-runners 0.9.3 → 0.9.5

package/API.md

@@ -26,7 +26,6 @@ builder.addComponent(new ImageBuilderComponent(scope, id, {
   displayName: 'p7zip',
   description: 'Install some more packages',
   commands: [
-    'set -ex',
     'apt-get install p7zip',
   ],
 }));
@@ -3101,6 +3100,7 @@ new GitHubRunners(scope: Construct, id: string, props?: GitHubRunnersProps)
 | **Name** | **Description** |
 | --- | --- |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunners.toString">toString</a></code> | Returns a string representation of this construct. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunners.failedImageBuildsTopic">failedImageBuildsTopic</a></code> | Creates a topic for notifications when a runner image build fails. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunners.metricFailed">metricFailed</a></code> | Metric for failed runner executions. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunners.metricJobCompleted">metricJobCompleted</a></code> | Metric for the number of GitHub Actions jobs completed. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunners.metricSucceeded">metricSucceeded</a></code> | Metric for successful executions. |
@@ -3116,6 +3116,18 @@ public toString(): string
 
 Returns a string representation of this construct.
 
+##### `failedImageBuildsTopic` <a name="failedImageBuildsTopic" id="@cloudsnorkel/cdk-github-runners.GitHubRunners.failedImageBuildsTopic"></a>
+
+```typescript
+public failedImageBuildsTopic(): Topic
+```
+
+Creates a topic for notifications when a runner image build fails.
+
+Runner images are rebuilt every week by default. This provides the latest GitHub Runner version and software updates.
+
+If you want to be sure you are using the latest runner version, you can use this topic to be notified when a build fails.
+
 ##### `metricFailed` <a name="metricFailed" id="@cloudsnorkel/cdk-github-runners.GitHubRunners.metricFailed"></a>
 
 ```typescript
@@ -3282,8 +3294,8 @@ new ImageBuilderComponent(this, 'AWS CLI', {
   displayName: 'AWS CLI',
   description: 'Install latest version of AWS CLI',
   commands: [
-    '$ErrorActionPreference = \'Stop\'',
-    'Start-Process msiexec.exe -Wait -ArgumentList \'/i https://awscli.amazonaws.com/AWSCLIV2.msi /qn\'',
+    '$p = Start-Process msiexec.exe -PassThru -Wait -ArgumentList \'/i https://awscli.amazonaws.com/AWSCLIV2.msi /qn\'',
+    'if ($p.ExitCode -ne 0) { throw "Exit code is $p.ExitCode" }',
   ],
 }
 ```
@@ -4655,8 +4667,6 @@ public readonly installDocker: boolean;
 
 Install Docker inside the image, so it can be used by the runner.
 
-You may want to disable this if you are building a Windows image and don't have a Docker Desktop license.
-
 ---
 
 ##### `instanceType`<sup>Optional</sup> <a name="instanceType" id="@cloudsnorkel/cdk-github-runners.AmiBuilderProps.property.instanceType"></a>
@@ -4964,7 +4974,7 @@ public readonly buildImage: IBuildImage;
 ```
 
 - *Type:* aws-cdk-lib.aws_codebuild.IBuildImage
-- *Default:* Ubuntu 20.04 for x64 and Amazon Linux 2 for ARM64
+- *Default:* Ubuntu 22.04 for x64 and Amazon Linux 2 for ARM64
 
 Build image to use in CodeBuild.
 
@@ -5148,7 +5158,7 @@ public readonly buildImage: IBuildImage;
 ```
 
 - *Type:* aws-cdk-lib.aws_codebuild.IBuildImage
-- *Default:* Ubuntu 20.04 for x64 and Amazon Linux 2 for ARM64
+- *Default:* Ubuntu 22.04 for x64 and Amazon Linux 2 for ARM64
 
 Build image to use in CodeBuild.
 
@@ -6689,6 +6699,7 @@ const imageBuilderComponentProperties: ImageBuilderComponentProperties = { ... }
 | <code><a href="#@cloudsnorkel/cdk-github-runners.ImageBuilderComponentProperties.property.displayName">displayName</a></code> | <code>string</code> | Component display name. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.ImageBuilderComponentProperties.property.platform">platform</a></code> | <code>string</code> | Component platform. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.ImageBuilderComponentProperties.property.assets">assets</a></code> | <code><a href="#@cloudsnorkel/cdk-github-runners.ImageBuilderAsset">ImageBuilderAsset</a>[]</code> | Optional assets to add to the built image. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.ImageBuilderComponentProperties.property.reboot">reboot</a></code> | <code>boolean</code> | Require a reboot after installing this component. |
 
 ---
 
@@ -6756,6 +6767,19 @@ Optional assets to add to the built image.
 
 ---
 
+##### `reboot`<sup>Optional</sup> <a name="reboot" id="@cloudsnorkel/cdk-github-runners.ImageBuilderComponentProperties.property.reboot"></a>
+
+```typescript
+public readonly reboot: boolean;
+```
+
+- *Type:* boolean
+- *Default:* false
+
+Require a reboot after installing this component.
+
+---
+
 ### LambdaRunnerProviderProps <a name="LambdaRunnerProviderProps" id="@cloudsnorkel/cdk-github-runners.LambdaRunnerProviderProps"></a>
 
 #### Initializer <a name="Initializer" id="@cloudsnorkel/cdk-github-runners.LambdaRunnerProviderProps.Initializer"></a>
@@ -7421,10 +7445,12 @@ public readonly baseAmi: string;
 ```
 
 - *Type:* string
-- *Default:* latest Ubuntu 20.04 AMI for Os.LINUX_UBUNTU, latest Amazon Linux 2 AMI for Os.LINUX_AMAZON_2, latest Windows Server 2022 AMI for Os.WINDOWS
+- *Default:* latest Ubuntu 22.04 AMI for Os.LINUX_UBUNTU, latest Amazon Linux 2 AMI for Os.LINUX_AMAZON_2, latest Windows Server 2022 AMI for Os.WINDOWS
 
 Base AMI from which runner AMIs will be built.
 
+This can be an actual AMI or an AWS Image Builder ARN that points to the latest AMI. For example `arn:aws:imagebuilder:us-east-1:aws:image/ubuntu-server-22-lts-x86/x.x.x` would always use the latest version of Ubuntu 22.04 in each build. If you want a specific version, you can replace `x.x.x` with that version.
+
 ---
 
 ##### `baseDockerImage`<sup>Optional</sup> <a name="baseDockerImage" id="@cloudsnorkel/cdk-github-runners.RunnerImageBuilderProps.property.baseDockerImage"></a>
@@ -8432,6 +8458,7 @@ new RunnerImageComponent()
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImageComponent.getAssets">getAssets</a></code> | Returns assets to copy into the built image. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImageComponent.getCommands">getCommands</a></code> | Returns commands to run to in built image. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImageComponent.getDockerCommands">getDockerCommands</a></code> | Returns Docker commands to run to in built image. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImageComponent.shouldReboot">shouldReboot</a></code> | Returns true if the image builder should be rebooted after this component is installed. |
 
 ---
 
@@ -8503,6 +8530,26 @@ Docker commands are added after assets and normal commands.
 
 ---
 
+##### `shouldReboot` <a name="shouldReboot" id="@cloudsnorkel/cdk-github-runners.RunnerImageComponent.shouldReboot"></a>
+
+```typescript
+public shouldReboot(_os: Os, _architecture: Architecture): boolean
+```
+
+Returns true if the image builder should be rebooted after this component is installed.
+
+###### `_os`<sup>Required</sup> <a name="_os" id="@cloudsnorkel/cdk-github-runners.RunnerImageComponent.shouldReboot.parameter._os"></a>
+
+- *Type:* <a href="#@cloudsnorkel/cdk-github-runners.Os">Os</a>
+
+---
+
+###### `_architecture`<sup>Required</sup> <a name="_architecture" id="@cloudsnorkel/cdk-github-runners.RunnerImageComponent.shouldReboot.parameter._architecture"></a>
+
+- *Type:* <a href="#@cloudsnorkel/cdk-github-runners.Architecture">Architecture</a>
+
+---
+
 #### Static Functions <a name="Static Functions" id="Static Functions"></a>
 
 | **Name** | **Description** |
@@ -8563,7 +8610,7 @@ RunnerImageComponent.docker()
 
 A component to install Docker.
 
-On Windows this installs Docker Desktop.
+On Windows this sets up dockerd for Windows containers without Docker Desktop. If you need Linux containers on Windows, you'll need to install Docker Desktop which doesn't seem to play well with servers (PRs welcome).
 
 ##### `dockerInDocker` <a name="dockerInDocker" id="@cloudsnorkel/cdk-github-runners.RunnerImageComponent.dockerInDocker"></a>
 

package/README.md

@@ -2,7 +2,7 @@
 
 [![NPM](https://img.shields.io/npm/v/@cloudsnorkel/cdk-github-runners?label=npm&logo=npm)][7]
 [![PyPI](https://img.shields.io/pypi/v/cloudsnorkel.cdk-github-runners?label=pypi&logo=pypi)][6]
-[![Maven Central](https://img.shields.io/maven-central/v/com.cloudsnorkel/cdk.github.runners.svg?label=Maven%20Central&logo=java)][8]
+[![Maven Central](https://img.shields.io/maven-central/v/com.cloudsnorkel/cdk.github.runners.svg?label=Maven%20Central&logo=apachemaven)][8]
 [![Go](https://img.shields.io/github/v/tag/CloudSnorkel/cdk-github-runners?color=red&label=go&logo=go)][11]
 [![Nuget](https://img.shields.io/nuget/v/CloudSnorkel.Cdk.Github.Runners?color=red&&logo=nuget)][12]
 [![Release](https://github.com/CloudSnorkel/cdk-github-runners/actions/workflows/release.yml/badge.svg)](https://github.com/CloudSnorkel/cdk-github-runners/actions/workflows/release.yml)
@@ -21,6 +21,7 @@ Self-hosted runners in AWS are useful when:
 * You need easy access to internal resources in your actions
 * You want to pre-install some software for your actions
 * You want to provide some basic AWS API access (but [aws-actions/configure-aws-credentials][2] has more security controls)
+* You are using GitHub Enterprise Server
 
 Ephemeral (or on-demand) runners are the [recommended way by GitHub][14] for auto-scaling, and they make sure all jobs run with a clean image. Runners are started on-demand. You don't pay unless a job is running.
 
@@ -212,7 +213,7 @@ new GitHubRunners(this, 'runners', {
 1. Always start with the status function, make sure no errors are reported, and confirm all status codes are OK
 2. If jobs are stuck on pending:
    1. Make sure `runs-on` in the workflow matches the expected labels set in the runner provider
-   2. If it happens every time, cancel the job and start it again
+   2. If jobs get stuck often and take a long time to start, cancel the pending jobs and start them again
 4. Confirm the webhook Lambda was called by visiting the URL in `troubleshooting.webhookHandlerUrl` from `status.json`
    1. If it's not called or logs errors, confirm the webhook settings on the GitHub side
    2. If you see too many errors, make sure you're only sending `workflow_job` events
@@ -221,6 +222,18 @@ new GitHubRunners(this, 'runners', {
    1. Use the details tab to find the specific execution of the provider (Lambda, CodeBuild, Fargate, etc.)
    2. Every step function execution should be successful, even if the runner action inside it failed
 
+## Monitoring
+
+There are two important ways to monitor your runners:
+
+1. Make sure runners don't fail to start. When that happens, jobs may sit and wait. Use `GitHubRunners.metricFailed()` to get a metric for the number of failed runner starts. You should use this metric to trigger an alarm.
+2. Make sure runner images don't fail to build. Failed runner image builds mean you will get stuck with out-of-date software on your runners. It may lead to security vulnerabilities, or it may lead to slower runner start-ups as the runner software itself needs to be updated. Use `GitHubRunners.failedImageBuildsTopic()` to get SNS topic that gets notified of failed runner image builds. You should subscribe to this topic.
+
+Other useful metrics to track:
+
+1. Use `GitHubRunners.metricJobCompleted()` to get a metric for the number of completed jobs broken down by labels and job success.
+2. Use `GitHubRunners.metricTime()` to get a metric for the total time a runner is running. This includes the overhead of starting the runner.
+
 ## Other Options
 
 1. [philips-labs/terraform-aws-github-runner][3] if you're using Terraform

package/assets/{lambdas/delete-runner.lambda → delete-runner.lambda}/index.js

@@ -10172,11 +10172,23 @@ var require_constants = __commonJS({
     var MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER || /* istanbul ignore next */
     9007199254740991;
     var MAX_SAFE_COMPONENT_LENGTH = 16;
+    var RELEASE_TYPES = [
+      "major",
+      "premajor",
+      "minor",
+      "preminor",
+      "patch",
+      "prepatch",
+      "prerelease"
+    ];
     module2.exports = {
-      SEMVER_SPEC_VERSION,
       MAX_LENGTH,
+      MAX_SAFE_COMPONENT_LENGTH,
       MAX_SAFE_INTEGER,
-      MAX_SAFE_COMPONENT_LENGTH
+      RELEASE_TYPES,
+      SEMVER_SPEC_VERSION,
+      FLAG_INCLUDE_PRERELEASE: 1,
+      FLAG_LOOSE: 2
     };
   }
 });
@@ -10256,11 +10268,17 @@ var require_re = __commonJS({
 // node_modules/semver/internal/parse-options.js
 var require_parse_options = __commonJS({
   "node_modules/semver/internal/parse-options.js"(exports2, module2) {
-    var opts = ["includePrerelease", "loose", "rtl"];
-    var parseOptions = (options) => !options ? {} : typeof options !== "object" ? { loose: true } : opts.filter((k) => options[k]).reduce((o, k) => {
-      o[k] = true;
-      return o;
-    }, {});
+    var looseOption = Object.freeze({ loose: true });
+    var emptyOpts = Object.freeze({});
+    var parseOptions = (options) => {
+      if (!options) {
+        return emptyOpts;
+      }
+      if (typeof options !== "object") {
+        return looseOption;
+      }
+      return options;
+    };
     module2.exports = parseOptions;
   }
 });
@@ -10430,31 +10448,31 @@ var require_semver = __commonJS({
       }
       // preminor will bump the version up to the next minor release, and immediately
       // down to pre-release. premajor and prepatch work the same way.
-      inc(release, identifier) {
+      inc(release, identifier, identifierBase) {
         switch (release) {
           case "premajor":
             this.prerelease.length = 0;
             this.patch = 0;
             this.minor = 0;
             this.major++;
-            this.inc("pre", identifier);
+            this.inc("pre", identifier, identifierBase);
             break;
           case "preminor":
             this.prerelease.length = 0;
             this.patch = 0;
             this.minor++;
-            this.inc("pre", identifier);
+            this.inc("pre", identifier, identifierBase);
             break;
           case "prepatch":
             this.prerelease.length = 0;
-            this.inc("patch", identifier);
-            this.inc("pre", identifier);
+            this.inc("patch", identifier, identifierBase);
+            this.inc("pre", identifier, identifierBase);
             break;
           case "prerelease":
             if (this.prerelease.length === 0) {
-              this.inc("patch", identifier);
+              this.inc("patch", identifier, identifierBase);
             }
-            this.inc("pre", identifier);
+            this.inc("pre", identifier, identifierBase);
             break;
           case "major":
             if (this.minor !== 0 || this.patch !== 0 || this.prerelease.length === 0) {
@@ -10493,12 +10511,13 @@ var require_semver = __commonJS({
               }
             }
             if (identifier) {
+              const base = Number(identifierBase) ? 1 : 0;
               if (compareIdentifiers(this.prerelease[0], identifier) === 0) {
                 if (isNaN(this.prerelease[1])) {
-                  this.prerelease = [identifier, 0];
+                  this.prerelease = [identifier, base];
                 }
               } else {
-                this.prerelease = [identifier, 0];
+                this.prerelease = [identifier, base];
               }
             }
             break;
@@ -10518,11 +10537,8 @@ var require_semver = __commonJS({
 var require_parse = __commonJS({
   "node_modules/semver/functions/parse.js"(exports2, module2) {
     var { MAX_LENGTH } = require_constants();
-    var { re, t } = require_re();
     var SemVer = require_semver();
-    var parseOptions = require_parse_options();
     var parse = (version, options) => {
-      options = parseOptions(options);
       if (version instanceof SemVer) {
         return version;
       }
@@ -10532,10 +10548,6 @@ var require_parse = __commonJS({
       if (version.length > MAX_LENGTH) {
         return null;
       }
-      const r = options.loose ? re[t.LOOSE] : re[t.FULL];
-      if (!r.test(version)) {
-        return null;
-      }
       try {
         return new SemVer(version, options);
       } catch (er) {
@@ -10574,8 +10586,9 @@ var require_clean = __commonJS({
 var require_inc = __commonJS({
   "node_modules/semver/functions/inc.js"(exports2, module2) {
     var SemVer = require_semver();
-    var inc = (version, release, options, identifier) => {
+    var inc = (version, release, options, identifier, identifierBase) => {
       if (typeof options === "string") {
+        identifierBase = identifier;
         identifier = options;
         options = void 0;
       }
@@ -10583,7 +10596,7 @@ var require_inc = __commonJS({
         return new SemVer(
           version instanceof SemVer ? version.version : version,
           options
-        ).inc(release, identifier).version;
+        ).inc(release, identifier, identifierBase).version;
       } catch (er) {
         return null;
       }
@@ -10616,19 +10629,32 @@ var require_diff = __commonJS({
     var parse = require_parse();
     var eq = require_eq();
     var diff = (version1, version2) => {
-      if (eq(version1, version2)) {
+      const v1 = parse(version1);
+      const v2 = parse(version2);
+      if (eq(v1, v2)) {
         return null;
       } else {
-        const v1 = parse(version1);
-        const v2 = parse(version2);
         const hasPre = v1.prerelease.length || v2.prerelease.length;
         const prefix = hasPre ? "pre" : "";
         const defaultResult = hasPre ? "prerelease" : "";
-        for (const key in v1) {
-          if (key === "major" || key === "minor" || key === "patch") {
-            if (v1[key] !== v2[key]) {
-              return prefix + key;
-            }
+        if (v1.major !== v2.major) {
+          return prefix + "major";
+        }
+        if (v1.minor !== v2.minor) {
+          return prefix + "minor";
+        }
+        if (v1.patch !== v2.patch) {
+          return prefix + "patch";
+        }
+        if (!v1.prerelease.length || !v2.prerelease.length) {
+          if (v1.patch) {
+            return "patch";
+          }
+          if (v1.minor) {
+            return "minor";
+          }
+          if (v1.major) {
+            return "major";
           }
         }
         return defaultResult;
@@ -11566,8 +11592,8 @@ var require_range = __commonJS({
       }
       parseRange(range) {
         range = range.trim();
-        const memoOpts = Object.keys(this.options).join(",");
-        const memoKey = `parseRange:${memoOpts}:${range}`;
+        const memoOpts = (this.options.includePrerelease && FLAG_INCLUDE_PRERELEASE) | (this.options.loose && FLAG_LOOSE);
+        const memoKey = memoOpts + ":" + range;
         const cached = cache.get(memoKey);
         if (cached) {
           return cached;
@@ -11652,6 +11678,7 @@ var require_range = __commonJS({
       tildeTrimReplace,
       caretTrimReplace
     } = require_re();
+    var { FLAG_INCLUDE_PRERELEASE, FLAG_LOOSE } = require_constants();
     var isNullSet = (c) => c.value === "<0.0.0-0";
     var isAny = (c) => c.value === "";
     var isSatisfiable = (comparators, options) => {
@@ -11937,12 +11964,6 @@ var require_comparator = __commonJS({
         if (!(comp instanceof Comparator)) {
           throw new TypeError("a Comparator is required");
         }
-        if (!options || typeof options !== "object") {
-          options = {
-            loose: !!options,
-            includePrerelease: false
-          };
-        }
         if (this.operator === "") {
           if (this.value === "") {
             return true;
@@ -11954,13 +11975,29 @@ var require_comparator = __commonJS({
           }
           return new Range(this.value, options).test(comp.semver);
         }
-        const sameDirectionIncreasing = (this.operator === ">=" || this.operator === ">") && (comp.operator === ">=" || comp.operator === ">");
-        const sameDirectionDecreasing = (this.operator === "<=" || this.operator === "<") && (comp.operator === "<=" || comp.operator === "<");
-        const sameSemVer = this.semver.version === comp.semver.version;
-        const differentDirectionsInclusive = (this.operator === ">=" || this.operator === "<=") && (comp.operator === ">=" || comp.operator === "<=");
-        const oppositeDirectionsLessThan = cmp(this.semver, "<", comp.semver, options) && (this.operator === ">=" || this.operator === ">") && (comp.operator === "<=" || comp.operator === "<");
-        const oppositeDirectionsGreaterThan = cmp(this.semver, ">", comp.semver, options) && (this.operator === "<=" || this.operator === "<") && (comp.operator === ">=" || comp.operator === ">");
-        return sameDirectionIncreasing || sameDirectionDecreasing || sameSemVer && differentDirectionsInclusive || oppositeDirectionsLessThan || oppositeDirectionsGreaterThan;
+        options = parseOptions(options);
+        if (options.includePrerelease && (this.value === "<0.0.0-0" || comp.value === "<0.0.0-0")) {
+          return false;
+        }
+        if (!options.includePrerelease && (this.value.startsWith("<0.0.0") || comp.value.startsWith("<0.0.0"))) {
+          return false;
+        }
+        if (this.operator.startsWith(">") && comp.operator.startsWith(">")) {
+          return true;
+        }
+        if (this.operator.startsWith("<") && comp.operator.startsWith("<")) {
+          return true;
+        }
+        if (this.semver.version === comp.semver.version && this.operator.includes("=") && comp.operator.includes("=")) {
+          return true;
+        }
+        if (cmp(this.semver, "<", comp.semver, options) && this.operator.startsWith(">") && comp.operator.startsWith("<")) {
+          return true;
+        }
+        if (cmp(this.semver, ">", comp.semver, options) && this.operator.startsWith("<") && comp.operator.startsWith(">")) {
+          return true;
+        }
+        return false;
       }
     };
     module2.exports = Comparator;
@@ -12218,7 +12255,7 @@ var require_intersects = __commonJS({
     var intersects = (r1, r2, options) => {
       r1 = new Range(r1, options);
       r2 = new Range(r2, options);
-      return r1.intersects(r2);
+      return r1.intersects(r2, options);
     };
     module2.exports = intersects;
   }
@@ -12303,6 +12340,8 @@ var require_subset = __commonJS({
         }
       return true;
     };
+    var minimumVersionWithPreRelease = [new Comparator(">=0.0.0-0")];
+    var minimumVersion = [new Comparator(">=0.0.0")];
     var simpleSubset = (sub, dom, options) => {
       if (sub === dom) {
         return true;
@@ -12311,16 +12350,16 @@ var require_subset = __commonJS({
         if (dom.length === 1 && dom[0].semver === ANY) {
           return true;
         } else if (options.includePrerelease) {
-          sub = [new Comparator(">=0.0.0-0")];
+          sub = minimumVersionWithPreRelease;
         } else {
-          sub = [new Comparator(">=0.0.0")];
+          sub = minimumVersion;
         }
       }
       if (dom.length === 1 && dom[0].semver === ANY) {
         if (options.includePrerelease) {
           return true;
         } else {
-          dom = [new Comparator(">=0.0.0")];
+          dom = minimumVersion;
         }
       }
       const eqSet = /* @__PURE__ */ new Set();
@@ -12520,6 +12559,7 @@ var require_semver2 = __commonJS({
       src: internalRe.src,
       tokens: internalRe.t,
       SEMVER_SPEC_VERSION: constants.SEMVER_SPEC_VERSION,
+      RELEASE_TYPES: constants.RELEASE_TYPES,
       compareIdentifiers: identifiers.compareIdentifiers,
       rcompareIdentifiers: identifiers.rcompareIdentifiers
     };
@@ -22367,11 +22407,11 @@ var require_dist_node31 = __commonJS({
   }
 });
 
-// src/lambdas/github.ts
+// src/github.ts
 var import_auth_app = __toESM(require_dist_node24());
 var import_rest = __toESM(require_dist_node31());
 
-// src/lambdas/helpers.ts
+// src/lambda-helpers.ts
 var AWS = __toESM(require("aws-sdk"));
 var sm = new AWS.SecretsManager();
 async function getSecretValue(arn) {
@@ -22388,7 +22428,7 @@ async function getSecretJsonValue(arn) {
   return JSON.parse(await getSecretValue(arn));
 }
 
-// src/lambdas/github.ts
+// src/github.ts
 function baseUrlFromDomain(domain) {
   if (domain == "github.com") {
     return "https://api.github.com";
@@ -22429,7 +22469,7 @@ async function getOctokit(installationId) {
   };
 }
 
-// src/lambdas/delete-runner.lambda.ts
+// src/delete-runner.lambda.ts
 async function getRunnerId(octokit, owner, repo, name, idleOnly) {
   let page = 1;
   while (true) {

package/assets/{lambdas → image-builders/aws-image-builder}/delete-ami.lambda/index.js

@@ -22,10 +22,10 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
-// src/lambdas/delete-ami.lambda.ts
+// src/image-builders/aws-image-builder/delete-ami.lambda.ts
 var AWS2 = __toESM(require("aws-sdk"));
 
-// src/lambdas/helpers.ts
+// src/lambda-helpers.ts
 var AWS = __toESM(require("aws-sdk"));
 var sm = new AWS.SecretsManager();
 async function customResourceRespond(event, responseStatus, reason, physicalResourceId, data) {
@@ -62,7 +62,7 @@ async function customResourceRespond(event, responseStatus, reason, physicalReso
   });
 }
 
-// src/lambdas/delete-ami.lambda.ts
+// src/image-builders/aws-image-builder/delete-ami.lambda.ts
 var ec2 = new AWS2.EC2();
 async function deleteAmis(launchTemplateId, stackName, builderName, deleteAll) {
   var _a;

package/assets/image-builders/aws-image-builder/filter-failed-builds.lambda/index.js

@@ -0,0 +1,39 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// src/image-builders/aws-image-builder/filter-failed-builds.lambda.ts
+var AWS = __toESM(require("aws-sdk"));
+var sns = new AWS.SNS();
+exports.handler = async function(event) {
+  console.log(JSON.stringify(event));
+  for (const record of event.Records) {
+    let message = JSON.parse(record.Sns.Message);
+    if (message.state.status === "FAILED") {
+      await sns.publish({
+        TopicArn: process.env.TARGET_TOPIC_ARN,
+        Message: record.Sns.Message
+      }).promise();
+    }
+  }
+};