@cloudsnorkel/cdk-github-runners 0.9.4 → 0.9.6

package/API.md

@@ -29,8 +29,8 @@ builder.addComponent(new ImageBuilderComponent(scope, id, {
     'apt-get install p7zip',
   ],
 }));
-new Ec2Runner(this, 'EC2 provider', {
-    label: 'custom-ec2',
+new Ec2RunnerProvider(this, 'EC2 provider', {
+    labels: ['custom-ec2'],
     amiBuilder: builder,
 });
 ```
@@ -240,13 +240,13 @@ For example, to set a specific runner version, rebuild the image every 2 weeks,
 
 ```
 const builder = new CodeBuildImageBuilder(this, 'Builder', {
-    dockerfilePath: FargateProvider.LINUX_X64_DOCKERFILE_PATH,
+    dockerfilePath: FargateRunnerProvider.LINUX_X64_DOCKERFILE_PATH,
     runnerVersion: RunnerVersion.specific('2.293.0'),
     rebuildInterval: Duration.days(14),
 });
 builder.setBuildArg('EXTRA_PACKAGES', 'nginx xz-utils');
-new FargateRunner(this, 'Fargate provider', {
-    label: 'customized-fargate',
+new FargateRunnerProvider(this, 'Fargate provider', {
+    labels: ['customized-fargate'],
     imageBuilder: builder,
 });
 ```
@@ -1221,8 +1221,8 @@ const builder = new ContainerImageBuilder(this, 'Builder', {
     runnerVersion: RunnerVersion.specific('2.293.0'),
     rebuildInterval: Duration.days(14),
 });
-new CodeBuildRunner(this, 'CodeBuild provider', {
-    label: 'custom-codebuild',
+new CodeBuildRunnerProvider(this, 'CodeBuild provider', {
+    labels: ['custom-codebuild'],
     imageBuilder: builder,
 });
 ```
@@ -3039,12 +3039,12 @@ const dbSg = ec2.SecurityGroup.fromSecurityGroupId(this, 'database security grou
 const bucket = new s3.Bucket(this, 'runner bucket');
 
 // create a custom CodeBuild provider
-const myProvider = new CodeBuildRunner(
+const myProvider = new CodeBuildRunnerProvider(
   this, 'codebuild runner',
   {
-     label: 'my-codebuild',
+     labels: ['my-codebuild'],
      vpc: vpc,
-     securityGroup: runnerSg,
+     securityGroups: [runnerSg],
   },
 );
 // grant some permissions to the provider
@@ -3294,7 +3294,8 @@ new ImageBuilderComponent(this, 'AWS CLI', {
   displayName: 'AWS CLI',
   description: 'Install latest version of AWS CLI',
   commands: [
-    'Start-Process msiexec.exe -Wait -ArgumentList \'/i https://awscli.amazonaws.com/AWSCLIV2.msi /qn\'',
+    '$p = Start-Process msiexec.exe -PassThru -Wait -ArgumentList \'/i https://awscli.amazonaws.com/AWSCLIV2.msi /qn\'',
+    'if ($p.ExitCode -ne 0) { throw "Exit code is $p.ExitCode" }',
   ],
 }
 ```
@@ -4666,8 +4667,6 @@ public readonly installDocker: boolean;
 
 Install Docker inside the image, so it can be used by the runner.
 
-You may want to disable this if you are building a Windows image and don't have a Docker Desktop license.
-
 ---
 
 ##### `instanceType`<sup>Optional</sup> <a name="instanceType" id="@cloudsnorkel/cdk-github-runners.AmiBuilderProps.property.instanceType"></a>
@@ -4975,7 +4974,7 @@ public readonly buildImage: IBuildImage;
 ```
 
 - *Type:* aws-cdk-lib.aws_codebuild.IBuildImage
-- *Default:* Ubuntu 20.04 for x64 and Amazon Linux 2 for ARM64
+- *Default:* Ubuntu 22.04 for x64 and Amazon Linux 2 for ARM64
 
 Build image to use in CodeBuild.
 
@@ -5159,7 +5158,7 @@ public readonly buildImage: IBuildImage;
 ```
 
 - *Type:* aws-cdk-lib.aws_codebuild.IBuildImage
-- *Default:* Ubuntu 20.04 for x64 and Amazon Linux 2 for ARM64
+- *Default:* Ubuntu 22.04 for x64 and Amazon Linux 2 for ARM64
 
 Build image to use in CodeBuild.
 
@@ -5694,7 +5693,7 @@ public readonly imageBuilder: IRunnerImageBuilder;
 ```
 
 - *Type:* <a href="#@cloudsnorkel/cdk-github-runners.IRunnerImageBuilder">IRunnerImageBuilder</a>
-- *Default:* Ec2ProviderProps.imageBuilder()
+- *Default:* Ec2RunnerProvider.imageBuilder()
 
 Runner image builder used to build AMI containing GitHub Runner and all requirements.
 
@@ -6700,6 +6699,7 @@ const imageBuilderComponentProperties: ImageBuilderComponentProperties = { ... }
 | <code><a href="#@cloudsnorkel/cdk-github-runners.ImageBuilderComponentProperties.property.displayName">displayName</a></code> | <code>string</code> | Component display name. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.ImageBuilderComponentProperties.property.platform">platform</a></code> | <code>string</code> | Component platform. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.ImageBuilderComponentProperties.property.assets">assets</a></code> | <code><a href="#@cloudsnorkel/cdk-github-runners.ImageBuilderAsset">ImageBuilderAsset</a>[]</code> | Optional assets to add to the built image. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.ImageBuilderComponentProperties.property.reboot">reboot</a></code> | <code>boolean</code> | Require a reboot after installing this component. |
 
 ---
 
@@ -6767,6 +6767,19 @@ Optional assets to add to the built image.
 
 ---
 
+##### `reboot`<sup>Optional</sup> <a name="reboot" id="@cloudsnorkel/cdk-github-runners.ImageBuilderComponentProperties.property.reboot"></a>
+
+```typescript
+public readonly reboot: boolean;
+```
+
+- *Type:* boolean
+- *Default:* false
+
+Require a reboot after installing this component.
+
+---
+
 ### LambdaRunnerProviderProps <a name="LambdaRunnerProviderProps" id="@cloudsnorkel/cdk-github-runners.LambdaRunnerProviderProps"></a>
 
 #### Initializer <a name="Initializer" id="@cloudsnorkel/cdk-github-runners.LambdaRunnerProviderProps.Initializer"></a>
@@ -7432,10 +7445,12 @@ public readonly baseAmi: string;
 ```
 
 - *Type:* string
-- *Default:* latest Ubuntu 20.04 AMI for Os.LINUX_UBUNTU, latest Amazon Linux 2 AMI for Os.LINUX_AMAZON_2, latest Windows Server 2022 AMI for Os.WINDOWS
+- *Default:* latest Ubuntu 22.04 AMI for Os.LINUX_UBUNTU, latest Amazon Linux 2 AMI for Os.LINUX_AMAZON_2, latest Windows Server 2022 AMI for Os.WINDOWS
 
 Base AMI from which runner AMIs will be built.
 
+This can be an actual AMI or an AWS Image Builder ARN that points to the latest AMI. For example `arn:aws:imagebuilder:us-east-1:aws:image/ubuntu-server-22-lts-x86/x.x.x` would always use the latest version of Ubuntu 22.04 in each build. If you want a specific version, you can replace `x.x.x` with that version.
+
 ---
 
 ##### `baseDockerImage`<sup>Optional</sup> <a name="baseDockerImage" id="@cloudsnorkel/cdk-github-runners.RunnerImageBuilderProps.property.baseDockerImage"></a>
@@ -7530,7 +7545,7 @@ public readonly os: Os;
 ```
 
 - *Type:* <a href="#@cloudsnorkel/cdk-github-runners.Os">Os</a>
-- *Default:* OS.LINUX
+- *Default:* OS.LINUX_UBUNTU
 
 Image OS.
 
@@ -8443,6 +8458,7 @@ new RunnerImageComponent()
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImageComponent.getAssets">getAssets</a></code> | Returns assets to copy into the built image. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImageComponent.getCommands">getCommands</a></code> | Returns commands to run to in built image. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImageComponent.getDockerCommands">getDockerCommands</a></code> | Returns Docker commands to run to in built image. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.RunnerImageComponent.shouldReboot">shouldReboot</a></code> | Returns true if the image builder should be rebooted after this component is installed. |
 
 ---
 
@@ -8514,6 +8530,26 @@ Docker commands are added after assets and normal commands.
 
 ---
 
+##### `shouldReboot` <a name="shouldReboot" id="@cloudsnorkel/cdk-github-runners.RunnerImageComponent.shouldReboot"></a>
+
+```typescript
+public shouldReboot(_os: Os, _architecture: Architecture): boolean
+```
+
+Returns true if the image builder should be rebooted after this component is installed.
+
+###### `_os`<sup>Required</sup> <a name="_os" id="@cloudsnorkel/cdk-github-runners.RunnerImageComponent.shouldReboot.parameter._os"></a>
+
+- *Type:* <a href="#@cloudsnorkel/cdk-github-runners.Os">Os</a>
+
+---
+
+###### `_architecture`<sup>Required</sup> <a name="_architecture" id="@cloudsnorkel/cdk-github-runners.RunnerImageComponent.shouldReboot.parameter._architecture"></a>
+
+- *Type:* <a href="#@cloudsnorkel/cdk-github-runners.Architecture">Architecture</a>
+
+---
+
 #### Static Functions <a name="Static Functions" id="Static Functions"></a>
 
 | **Name** | **Description** |
@@ -8574,7 +8610,7 @@ RunnerImageComponent.docker()
 
 A component to install Docker.
 
-On Windows this installs Docker Desktop.
+On Windows this sets up dockerd for Windows containers without Docker Desktop. If you need Linux containers on Windows, you'll need to install Docker Desktop which doesn't seem to play well with servers (PRs welcome).
 
 ##### `dockerInDocker` <a name="dockerInDocker" id="@cloudsnorkel/cdk-github-runners.RunnerImageComponent.dockerInDocker"></a>
 

package/README.md

@@ -2,7 +2,7 @@
 
 [![NPM](https://img.shields.io/npm/v/@cloudsnorkel/cdk-github-runners?label=npm&logo=npm)][7]
 [![PyPI](https://img.shields.io/pypi/v/cloudsnorkel.cdk-github-runners?label=pypi&logo=pypi)][6]
-[![Maven Central](https://img.shields.io/maven-central/v/com.cloudsnorkel/cdk.github.runners.svg?label=Maven%20Central&logo=java)][8]
+[![Maven Central](https://img.shields.io/maven-central/v/com.cloudsnorkel/cdk.github.runners.svg?label=Maven%20Central&logo=apachemaven)][8]
 [![Go](https://img.shields.io/github/v/tag/CloudSnorkel/cdk-github-runners?color=red&label=go&logo=go)][11]
 [![Nuget](https://img.shields.io/nuget/v/CloudSnorkel.Cdk.Github.Runners?color=red&&logo=nuget)][12]
 [![Release](https://github.com/CloudSnorkel/cdk-github-runners/actions/workflows/release.yml/badge.svg)](https://github.com/CloudSnorkel/cdk-github-runners/actions/workflows/release.yml)
@@ -21,6 +21,7 @@ Self-hosted runners in AWS are useful when:
 * You need easy access to internal resources in your actions
 * You want to pre-install some software for your actions
 * You want to provide some basic AWS API access (but [aws-actions/configure-aws-credentials][2] has more security controls)
+* You are using GitHub Enterprise Server
 
 Ephemeral (or on-demand) runners are the [recommended way by GitHub][14] for auto-scaling, and they make sure all jobs run with a clean image. Runners are started on-demand. You don't pay unless a job is running.
 
@@ -54,39 +55,96 @@ You can also create your own provider by implementing `IRunnerProvider`.
 
 ## Installation
 
-1. Confirm you're using CDK v2
-2. Install the appropriate package
-   1. [Python][6]
-      ```
-      pip install cloudsnorkel.cdk-github-runners
-      ```
-   2. [TypeScript or JavaScript][7]
-      ```
-      npm i @cloudsnorkel/cdk-github-runners
-      ```
-   3. [Java][8]
-      ```xml
-      <dependency>
+1. Install and use the appropriate package
+   <details><summary>Python</summary>
+
+   ### Install
+   Available on [PyPI][6].
+   ```bash
+   pip install cloudsnorkel.cdk-github-runners
+   ```
+   ### Use
+   ```python
+   from cloudsnorkel.cdk_github_runners import GitHubRunners
+   
+   GitHubRunners(self, "runners")
+   ```
+   </details>
+   <details><summary>TypeScript or JavaScript</summary>
+
+   ### Install
+   Available on [npm][7].
+   ```bash
+   npm i @cloudsnorkel/cdk-github-runners
+   ```
+   ### Use
+   ```typescript
+   import { GitHubRunners } from '@cloudsnorkel/cdk-github-runners';
+   
+   new GitHubRunners(this, "runners");
+   ```
+   </details>
+   <details><summary>Java</summary>
+
+   ### Install
+   Available on [Maven][8].
+   ```xml
+   <dependency>
       <groupId>com.cloudsnorkel</groupId>
       <artifactId>cdk.github.runners</artifactId>
-      </dependency>
-      ```
-   4. [Go][11]
-      ```
-      go get github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners
-      ```
-   5. [.NET][12]
-      ```
-      dotnet add package CloudSnorkel.Cdk.Github.Runners
-      ```
-3. Use `GitHubRunners` construct in your code (starting with default arguments is fine)
-4. Deploy your stack
-5. Look for the status command output similar to `aws --region us-east-1 lambda invoke --function-name status-XYZ123 status.json`
-6. Execute the status command (you may need to specify `--profile` too) and open the resulting `status.json` file
-7. Open the URL in `github.setup.url` from `status.json` or [manually setup GitHub](SETUP_GITHUB.md) integration as an app or with personal access token
-8. Run status command again to confirm `github.auth.status` and `github.webhook.status` are OK
-9. Trigger a GitHub action that has a `self-hosted` label with `runs-on: [self-hosted, linux, codebuild]` or similar
-10. If the action is not successful, see [troubleshooting](#Troubleshooting)
+   </dependency>
+   ```
+   ### Use
+   ```java
+   import com.cloudsnorkel.cdk.github.runners.GitHubRunners;
+   
+   GitHubRunners.Builder.create(this, "runners").build();
+   ```
+   </details>
+   <details><summary>Go</summary>
+
+   ### Install
+   Available on [GitHub][11].
+   ```bash
+   go get github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners
+   ```
+   ### Use
+   ```go
+   import "github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners"
+   
+   NewGitHubRunners(this, jsii.String("runners"))
+   ```
+   </details>
+   <details><summary>.NET</summary>
+
+   ### Install
+   Available on [Nuget][12].
+   ```bash
+   dotnet add package CloudSnorkel.Cdk.Github.Runners
+   ```
+   ### Use
+   ```csharp
+   using CloudSnorkel;
+   
+   new GitHubRunners(this, "runners");
+   ```
+   </details>
+2. Use `GitHubRunners` construct in your code (starting with default arguments is fine)
+3. Deploy your stack
+4. Look for the status command output similar to `aws --region us-east-1 lambda invoke --function-name status-XYZ123 status.json`
+   ```
+    ✅  github-runners-test
+
+   ✨  Deployment time: 260.01s
+   
+   Outputs:
+   github-runners-test.runnersstatuscommand4A30F0F5 = aws --region us-east-1 lambda invoke --function-name github-runners-test-runnersstatus1A5771C0-mvttg8oPQnQS status.json
+   ```
+5. Execute the status command (you may need to specify `--profile` too) and open the resulting `status.json` file
+6. Open the URL in `github.setup.url` from `status.json` or [manually setup GitHub](SETUP_GITHUB.md) integration as an app or with personal access token
+7. Run status command again to confirm `github.auth.status` and `github.webhook.status` are OK
+8. Trigger a GitHub action that has a `self-hosted` label with `runs-on: [self-hosted, linux, codebuild]` or similar
+9. If the action is not successful, see [troubleshooting](#Troubleshooting)
 
 [![Demo](demo-thumbnail.jpg)](https://youtu.be/wlyv_3V8lIw)
 
@@ -103,10 +161,10 @@ let dbSg: ec2.SecurityGroup;
 let bucket: s3.Bucket;
 
 // create a custom CodeBuild provider
-const myProvider = new CodeBuildRunnerProvider(this, 'codebuild runner', { 
-  label: 'my-codebuild',
-  vpc: vpc,
-  securityGroup: runnerSg,
+const myProvider = new CodeBuildRunnerProvider(this, 'codebuild runner', {
+   labels: ['my-codebuild'],
+   vpc: vpc,
+   securityGroups: [runnerSg],
 });
 // grant some permissions to the provider
 bucket.grantReadWrite(myProvider);
@@ -131,9 +189,9 @@ myBuilder.addComponent(
 );
 
 const myProvider = new FargateRunnerProvider(this, 'fargate runner', {
-   label: 'customized-fargate',
+   labels: ['customized-fargate'],
    vpc: vpc,
-   securityGroup: runnerSg,
+   securityGroups: [runnerSg],
    imageBuilder: myBuilder,
 });
 
@@ -159,31 +217,31 @@ Windows images can also be customized the same way.
 
 ```typescript
 const myWindowsBuilder = FargateRunnerProvider.imageBuilder(this, 'Windows image builder', {
-  architecture: Architecture.X86_64,
-  os: Os.WINDOWS,
-  runnerVersion: RunnerVersion.specific('2.291.0'),
-  rebuildInterval: Duration.days(14),    
+   architecture: Architecture.X86_64,
+   os: Os.WINDOWS,
+   runnerVersion: RunnerVersion.specific('2.291.0'),
+   rebuildInterval: Duration.days(14),
 });
 myWindowsBuilder.addComponent(
-  RunnerImageComponent.custom({
-    name: 'Ninja',
-    commands: [
-      'Invoke-WebRequest -UseBasicParsing -Uri "https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-win.zip" -OutFile ninja.zip',
-      'Expand-Archive ninja.zip -DestinationPath C:\\actions',
-      'del ninja.zip',
-    ],
-  })
+        RunnerImageComponent.custom({
+           name: 'Ninja',
+           commands: [
+              'Invoke-WebRequest -UseBasicParsing -Uri "https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-win.zip" -OutFile ninja.zip',
+              'Expand-Archive ninja.zip -DestinationPath C:\\actions',
+              'del ninja.zip',
+           ],
+        })
 );
 
 const myProvider = new FargateRunnerProvider(this, 'fargate runner', {
-  label: 'customized-windows-fargate',
-  vpc: vpc,
-  securityGroup: runnerSg,
-  imageBuidler: myWindowsBuilder,
+   labels: ['customized-windows-fargate'],
+   vpc: vpc,
+   securityGroups: [runnerSg],
+   imageBuidler: myWindowsBuilder,
 });
 
 new GitHubRunners(this, 'runners', {
-  providers: [myProvider],
+   providers: [myProvider],
 });
 ```
 
@@ -191,15 +249,15 @@ The runner OS and architecture is determined by the image it is set to use. For
 
 ```typescript
 new GitHubRunners(this, 'runners', {
-  providers: [
-    new FargateRunnerProvider(this, 'fargate runner', {
-      labels: ['arm64', 'fargate'],
-      imageBuidler: FargateRunnerProvider.imageBuilder(this, 'image builder', {
-        architecture: Architecture.ARM64,
-        os: Os.LINUX,
+   providers: [
+      new FargateRunnerProvider(this, 'fargate runner', {
+         labels: ['arm64', 'fargate'],
+         imageBuidler: FargateRunnerProvider.imageBuilder(this, 'image builder', {
+            architecture: Architecture.ARM64,
+            os: Os.LINUX_UBUNTU,
+         }),
       }),
-    }),
-  ],
+   ],
 });
 ```
 
@@ -212,7 +270,7 @@ new GitHubRunners(this, 'runners', {
 1. Always start with the status function, make sure no errors are reported, and confirm all status codes are OK
 2. If jobs are stuck on pending:
    1. Make sure `runs-on` in the workflow matches the expected labels set in the runner provider
-   2. If it happens every time, cancel the job and start it again
+   2. If jobs get stuck often and take a long time to start, cancel the pending jobs and start them again
 4. Confirm the webhook Lambda was called by visiting the URL in `troubleshooting.webhookHandlerUrl` from `status.json`
    1. If it's not called or logs errors, confirm the webhook settings on the GitHub side
    2. If you see too many errors, make sure you're only sending `workflow_job` events
@@ -221,6 +279,18 @@ new GitHubRunners(this, 'runners', {
    1. Use the details tab to find the specific execution of the provider (Lambda, CodeBuild, Fargate, etc.)
    2. Every step function execution should be successful, even if the runner action inside it failed
 
+## Monitoring
+
+There are two important ways to monitor your runners:
+
+1. Make sure runners don't fail to start. When that happens, jobs may sit and wait. Use `GitHubRunners.metricFailed()` to get a metric for the number of failed runner starts. You should use this metric to trigger an alarm.
+2. Make sure runner images don't fail to build. Failed runner image builds mean you will get stuck with out-of-date software on your runners. It may lead to security vulnerabilities, or it may lead to slower runner start-ups as the runner software itself needs to be updated. Use `GitHubRunners.failedImageBuildsTopic()` to get SNS topic that gets notified of failed runner image builds. You should subscribe to this topic.
+
+Other useful metrics to track:
+
+1. Use `GitHubRunners.metricJobCompleted()` to get a metric for the number of completed jobs broken down by labels and job success.
+2. Use `GitHubRunners.metricTime()` to get a metric for the total time a runner is running. This includes the overhead of starting the runner.
+
 ## Other Options
 
 1. [philips-labs/terraform-aws-github-runner][3] if you're using Terraform
@@ -234,7 +304,7 @@ new GitHubRunners(this, 'runners', {
 [5]: https://github.com/actions/runner
 [6]: https://pypi.org/project/cloudsnorkel.cdk-github-runners
 [7]: https://www.npmjs.com/package/@cloudsnorkel/cdk-github-runners
-[8]: https://search.maven.org/search?q=g:%22com.cloudsnorkel%22%20AND%20a:%22cdk.github.runners%22
+[8]: https://central.sonatype.com/artifact/com.cloudsnorkel/cdk.github.runners/
 [9]: https://docs.github.com/en/developers/apps/getting-started-with-apps/about-apps
 [10]: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
 [11]: https://pkg.go.dev/github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners

package/assets/{providers/image-builders → image-builders}/aws-image-builder/delete-ami.lambda/index.js

@@ -22,7 +22,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
-// src/providers/image-builders/aws-image-builder/delete-ami.lambda.ts
+// src/image-builders/aws-image-builder/delete-ami.lambda.ts
 var AWS2 = __toESM(require("aws-sdk"));
 
 // src/lambda-helpers.ts
@@ -62,7 +62,7 @@ async function customResourceRespond(event, responseStatus, reason, physicalReso
   });
 }
 
-// src/providers/image-builders/aws-image-builder/delete-ami.lambda.ts
+// src/image-builders/aws-image-builder/delete-ami.lambda.ts
 var ec2 = new AWS2.EC2();
 async function deleteAmis(launchTemplateId, stackName, builderName, deleteAll) {
   var _a;

package/assets/{providers/image-builders → image-builders}/aws-image-builder/filter-failed-builds.lambda/index.js

@@ -22,7 +22,7 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
-// src/providers/image-builders/aws-image-builder/filter-failed-builds.lambda.ts
+// src/image-builders/aws-image-builder/filter-failed-builds.lambda.ts
 var AWS = __toESM(require("aws-sdk"));
 var sns = new AWS.SNS();
 exports.handler = async function(event) {

package/assets/image-builders/aws-image-builder/reaper.lambda/index.js

@@ -0,0 +1,163 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// src/image-builders/aws-image-builder/reaper.lambda.ts
+var AWS = __toESM(require("aws-sdk"));
+var ec2 = new AWS.EC2();
+var ecr = new AWS.ECR();
+var ib = new AWS.Imagebuilder();
+async function iterateImageVersions(imageName) {
+  let result = [];
+  let params = {
+    owner: "Self",
+    filters: [
+      {
+        name: "name",
+        values: [imageName]
+      }
+    ]
+  };
+  while (true) {
+    const response = await ib.listImages(params).promise();
+    if (response.imageVersionList) {
+      for (const imageVersion of response.imageVersionList) {
+        if (imageVersion.arn) {
+          result.push(imageVersion.arn);
+        }
+      }
+    }
+    if (!response.nextToken) {
+      break;
+    }
+    params.nextToken = response.nextToken;
+  }
+  return result;
+}
+async function iterateImageBuildVersions(imageVersionArn) {
+  var _a;
+  let result = [];
+  let params = {
+    imageVersionArn
+  };
+  while (true) {
+    const response = await ib.listImageBuildVersions(params).promise();
+    if (response.imageSummaryList) {
+      for (const imageBuildVersion of response.imageSummaryList) {
+        if (((_a = imageBuildVersion.state) == null ? void 0 : _a.status) !== "AVAILABLE") {
+          console.log(`${imageBuildVersion.arn} is still being created, so we can't delete it`);
+          continue;
+        }
+        result.push(imageBuildVersion);
+      }
+    }
+    if (!response.nextToken) {
+      break;
+    }
+    params.nextToken = response.nextToken;
+  }
+  return result;
+}
+async function amisGone(amis) {
+  var _a;
+  if (!amis) {
+    console.log("No AMIs found, so we can delete the image version build");
+    return true;
+  }
+  for (const ami of amis) {
+    console.log(`Checking if ${ami.image} exists`);
+    if (!ami.image) {
+      console.log("No AMI, so we can delete it");
+      continue;
+    }
+    try {
+      const response = await ec2.describeImages({
+        ImageIds: [ami.image]
+      }).promise();
+      if (((_a = response.Images) == null ? void 0 : _a.length) ?? 0 > 0) {
+        console.log("AMI still available, so we can't delete it");
+        return false;
+      }
+    } catch (e) {
+      if (e.code != "InvalidAMIID.NotFound") {
+        console.error(`Unknown exception while checking if ${ami.image} exists:`, e);
+        return false;
+      }
+    }
+  }
+  console.log("All AMIs are gone, so we can delete the image version build");
+  return true;
+}
+async function dockerImagesGone(dockerImages) {
+  var _a;
+  if (!dockerImages) {
+    console.log("No docker images, so we can delete the image version build");
+    return true;
+  }
+  for (const images of dockerImages) {
+    for (const image of images.imageUris ?? []) {
+      const [repo, version] = image.split(":", 2);
+      const [_, repoName] = repo.split("/", 2);
+      if (version === "latest") {
+        continue;
+      }
+      console.log(`Checking if ${repoName}:${version} exists`);
+      try {
+        const response = await ecr.describeImages({
+          repositoryName: repoName,
+          imageIds: [{ imageTag: version }]
+        }).promise();
+        if (response.imageDetails && response.imageDetails.length > 0) {
+          if ((_a = response.imageDetails[0].imageTags) == null ? void 0 : _a.includes("latest")) {
+            console.log(`Docker image ${repoName}:${version} still available and tagged latest, so we can't delete it`);
+            return false;
+          }
+        }
+      } catch (e) {
+        if (e.code != "RepositoryNotFoundException" && e.code != "ImageNotFoundException") {
+          console.error(`Unknown exception while checking if ${repoName}:${version} exists:`, e);
+          return false;
+        }
+      }
+    }
+  }
+  console.log("All Docker images are gone, so we can delete the image version build");
+  return true;
+}
+exports.handler = async function(event, _context) {
+  var _a, _b;
+  for (const imageVersion of await iterateImageVersions(event.RecipeName)) {
+    for (const imageBuildVersion of await iterateImageBuildVersions(imageVersion)) {
+      if (!imageBuildVersion.arn) {
+        continue;
+      }
+      console.log(`Checking ${imageBuildVersion.name}/${imageBuildVersion.version}`);
+      if (await amisGone((_a = imageBuildVersion.outputResources) == null ? void 0 : _a.amis) && await dockerImagesGone((_b = imageBuildVersion.outputResources) == null ? void 0 : _b.containers)) {
+        console.log("Deleting image version build", imageBuildVersion.arn);
+        await ib.deleteImage({
+          imageBuildVersionArn: imageBuildVersion.arn
+        }).promise();
+      }
+    }
+  }
+};