@cloudsnorkel/cdk-github-runners 0.9.7 → 0.9.8

package/.gitattributes

@@ -17,6 +17,7 @@
 /.gitignore linguist-generated
 /.mergify.yml linguist-generated
 /.npmignore linguist-generated
+/.npmrc linguist-generated
 /.projen/** linguist-generated
 /.projen/deps.json linguist-generated
 /.projen/files.json linguist-generated
@@ -26,6 +27,7 @@
 /LICENSE linguist-generated
 /package.json linguist-generated
 /src/delete-runner-function.ts linguist-generated
+/src/idle-runner-repear-function.ts linguist-generated
 /src/image-builders/aws-image-builder/delete-ami-function.ts linguist-generated
 /src/image-builders/aws-image-builder/filter-failed-builds-function.ts linguist-generated
 /src/image-builders/aws-image-builder/reaper-function.ts linguist-generated

package/.jsii

@@ -3851,7 +3851,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/access.ts",
-            "line": 17
+            "line": 26
           },
           "name": "allowedIps",
           "optional": true,
@@ -3874,7 +3874,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/access.ts",
-            "line": 29
+            "line": 38
           },
           "name": "allowedSecurityGroups",
           "optional": true,
@@ -3891,18 +3891,41 @@
           "abstract": true,
           "docs": {
             "stability": "experimental",
-            "summary": "Creates a private API Gateway and allows access from the specified VPC."
+            "summary": "Create a private API Gateway and allow access from the specified VPC."
           },
           "immutable": true,
           "locationInModule": {
             "filename": "src/access.ts",
-            "line": 22
+            "line": 31
           },
           "name": "allowedVpc",
           "optional": true,
           "type": {
             "fqn": "aws-cdk-lib.aws_ec2.IVpc"
           }
+        },
+        {
+          "abstract": true,
+          "docs": {
+            "remarks": "Use this to make use of existing VPC endpoints. The VPC endpoint must point to `ec2.InterfaceVpcEndpointAwsService.APIGATEWAY`.\n\nNo other settings are supported when using this option.",
+            "stability": "experimental",
+            "summary": "Create a private API Gateway and allow access from the specified VPC endpoints."
+          },
+          "immutable": true,
+          "locationInModule": {
+            "filename": "src/access.ts",
+            "line": 17
+          },
+          "name": "allowedVpcEndpoints",
+          "optional": true,
+          "type": {
+            "collection": {
+              "elementtype": {
+                "fqn": "aws-cdk-lib.aws_ec2.IVpcEndpoint"
+              },
+              "kind": "array"
+            }
+          }
         }
       ],
       "symbolId": "src/access:ApiGatewayAccessProps"
@@ -8143,7 +8166,7 @@
         },
         "locationInModule": {
           "filename": "src/runner.ts",
-          "line": 223
+          "line": 234
         },
         "parameters": [
           {
@@ -8170,7 +8193,7 @@
       "kind": "class",
       "locationInModule": {
         "filename": "src/runner.ts",
-        "line": 204
+        "line": 215
       },
       "methods": [
         {
@@ -8181,7 +8204,7 @@
           },
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 630
+            "line": 664
           },
           "name": "failedImageBuildsTopic",
           "returns": {
@@ -8198,7 +8221,7 @@
           },
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 612
+            "line": 646
           },
           "name": "metricFailed",
           "parameters": [
@@ -8224,7 +8247,7 @@
           },
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 557
+            "line": 591
           },
           "name": "metricJobCompleted",
           "parameters": [
@@ -8250,7 +8273,7 @@
           },
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 603
+            "line": 637
           },
           "name": "metricSucceeded",
           "parameters": [
@@ -8276,7 +8299,7 @@
           },
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 619
+            "line": 653
           },
           "name": "metricTime",
           "parameters": [
@@ -8305,7 +8328,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 208
+            "line": 219
           },
           "name": "providers",
           "type": {
@@ -8325,7 +8348,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 213
+            "line": 224
           },
           "name": "secrets",
           "type": {
@@ -8339,7 +8362,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 223
+            "line": 234
           },
           "name": "props",
           "optional": true,
@@ -8361,7 +8384,7 @@
       "kind": "interface",
       "locationInModule": {
         "filename": "src/runner.ts",
-        "line": 35
+        "line": 37
       },
       "name": "GitHubRunnersProps",
       "properties": [
@@ -8376,7 +8399,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 58
+            "line": 69
           },
           "name": "allowPublicSubnet",
           "optional": true,
@@ -8394,7 +8417,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 88
+            "line": 99
           },
           "name": "extraCertificates",
           "optional": true,
@@ -8405,7 +8428,7 @@
         {
           "abstract": true,
           "docs": {
-            "default": "10 minutes",
+            "default": "5 minutes",
             "remarks": "If the user cancelled the job, or if another runner stole it, this stops the runner to avoid wasting resources.",
             "stability": "experimental",
             "summary": "Time to wait before stopping a runner that remains idle."
@@ -8413,7 +8436,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 95
+            "line": 106
           },
           "name": "idleTimeout",
           "optional": true,
@@ -8431,7 +8454,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 102
+            "line": 113
           },
           "name": "logOptions",
           "optional": true,
@@ -8450,7 +8473,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 41
+            "line": 43
           },
           "name": "providers",
           "optional": true,
@@ -8473,7 +8496,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 63
+            "line": 74
           },
           "name": "securityGroup",
           "optional": true,
@@ -8492,7 +8515,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 109
+            "line": 120
           },
           "name": "setupAccess",
           "optional": true,
@@ -8511,7 +8534,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 128
+            "line": 139
           },
           "name": "statusAccess",
           "optional": true,
@@ -8522,14 +8545,14 @@
         {
           "abstract": true,
           "docs": {
-            "remarks": "Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.",
+            "remarks": "Make sure the selected VPC and subnets have access to the following with either NAT Gateway or VPC Endpoints:\n* GitHub Enterprise Server\n* Secrets Manager\n* SQS\n* Step Functions\n* CloudFormation (status function only)\n* EC2 (status function only)\n* ECR (status function only)",
             "stability": "experimental",
-            "summary": "VPC used for all management functions."
+            "summary": "VPC used for all management functions. Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC."
           },
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 46
+            "line": 57
           },
           "name": "vpc",
           "optional": true,
@@ -8547,7 +8570,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 51
+            "line": 62
           },
           "name": "vpcSubnets",
           "optional": true,
@@ -8566,7 +8589,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 121
+            "line": 132
           },
           "name": "webhookAccess",
           "optional": true,
@@ -9425,7 +9448,7 @@
       "kind": "class",
       "locationInModule": {
         "filename": "src/access.ts",
-        "line": 35
+        "line": 44
       },
       "methods": [
         {
@@ -9436,7 +9459,7 @@
           },
           "locationInModule": {
             "filename": "src/access.ts",
-            "line": 67
+            "line": 76
           },
           "name": "apiGateway",
           "parameters": [
@@ -9463,7 +9486,7 @@
           },
           "locationInModule": {
             "filename": "src/access.ts",
-            "line": 76
+            "line": 85
           },
           "name": "githubWebhookIps",
           "returns": {
@@ -9486,7 +9509,7 @@
           },
           "locationInModule": {
             "filename": "src/access.ts",
-            "line": 46
+            "line": 55
           },
           "name": "lambdaUrl",
           "returns": {
@@ -9504,7 +9527,7 @@
           },
           "locationInModule": {
             "filename": "src/access.ts",
-            "line": 39
+            "line": 48
           },
           "name": "noAccess",
           "returns": {
@@ -10504,7 +10527,7 @@
       "kind": "interface",
       "locationInModule": {
         "filename": "src/runner.ts",
-        "line": 134
+        "line": 145
       },
       "name": "LogOptions",
       "properties": [
@@ -10518,7 +10541,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 145
+            "line": 156
           },
           "name": "includeExecutionData",
           "optional": true,
@@ -10536,7 +10559,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 152
+            "line": 163
           },
           "name": "level",
           "optional": true,
@@ -10553,7 +10576,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 138
+            "line": 149
           },
           "name": "logGroupName",
           "optional": true,
@@ -10572,7 +10595,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/runner.ts",
-            "line": 161
+            "line": 172
           },
           "name": "logRetention",
           "optional": true,
@@ -12957,6 +12980,6 @@
       "symbolId": "src/image-builders/aws-image-builder/deprecated/windows-components:WindowsComponents"
     }
   },
-  "version": "0.9.7",
-  "fingerprint": "WvNV3e021YDh9bxgjpR92gFXUW/VDrTfwOfAn6GsGO8="
+  "version": "0.9.8",
+  "fingerprint": "KTRap0kR/oTc3SHqu9GL3ooB+DmlTzGItu5hqDl2D78="
 }

package/API.md

@@ -4831,7 +4831,8 @@ const apiGatewayAccessProps: ApiGatewayAccessProps = { ... }
 | --- | --- | --- |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.ApiGatewayAccessProps.property.allowedIps">allowedIps</a></code> | <code>string[]</code> | List of IP addresses in CIDR notation that are allowed to access the API Gateway. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.ApiGatewayAccessProps.property.allowedSecurityGroups">allowedSecurityGroups</a></code> | <code>aws-cdk-lib.aws_ec2.ISecurityGroup[]</code> | List of security groups that are allowed to access the API Gateway. |
-| <code><a href="#@cloudsnorkel/cdk-github-runners.ApiGatewayAccessProps.property.allowedVpc">allowedVpc</a></code> | <code>aws-cdk-lib.aws_ec2.IVpc</code> | Creates a private API Gateway and allows access from the specified VPC. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.ApiGatewayAccessProps.property.allowedVpc">allowedVpc</a></code> | <code>aws-cdk-lib.aws_ec2.IVpc</code> | Create a private API Gateway and allow access from the specified VPC. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.ApiGatewayAccessProps.property.allowedVpcEndpoints">allowedVpcEndpoints</a></code> | <code>aws-cdk-lib.aws_ec2.IVpcEndpoint[]</code> | Create a private API Gateway and allow access from the specified VPC endpoints. |
 
 ---
 
@@ -4873,7 +4874,23 @@ public readonly allowedVpc: IVpc;
 
 - *Type:* aws-cdk-lib.aws_ec2.IVpc
 
-Creates a private API Gateway and allows access from the specified VPC.
+Create a private API Gateway and allow access from the specified VPC.
+
+---
+
+##### `allowedVpcEndpoints`<sup>Optional</sup> <a name="allowedVpcEndpoints" id="@cloudsnorkel/cdk-github-runners.ApiGatewayAccessProps.property.allowedVpcEndpoints"></a>
+
+```typescript
+public readonly allowedVpcEndpoints: IVpcEndpoint[];
+```
+
+- *Type:* aws-cdk-lib.aws_ec2.IVpcEndpoint[]
+
+Create a private API Gateway and allow access from the specified VPC endpoints.
+
+Use this to make use of existing VPC endpoints. The VPC endpoint must point to `ec2.InterfaceVpcEndpointAwsService.APIGATEWAY`.
+
+No other settings are supported when using this option.
 
 ---
 
@@ -6459,7 +6476,7 @@ const gitHubRunnersProps: GitHubRunnersProps = { ... }
 | <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.securityGroup">securityGroup</a></code> | <code>aws-cdk-lib.aws_ec2.ISecurityGroup</code> | Security group attached to all management functions. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.setupAccess">setupAccess</a></code> | <code><a href="#@cloudsnorkel/cdk-github-runners.LambdaAccess">LambdaAccess</a></code> | Access configuration for the setup function. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.statusAccess">statusAccess</a></code> | <code><a href="#@cloudsnorkel/cdk-github-runners.LambdaAccess">LambdaAccess</a></code> | Access configuration for the status function. |
-| <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.vpc">vpc</a></code> | <code>aws-cdk-lib.aws_ec2.IVpc</code> | VPC used for all management functions. |
+| <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.vpc">vpc</a></code> | <code>aws-cdk-lib.aws_ec2.IVpc</code> | VPC used for all management functions. Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.vpcSubnets">vpcSubnets</a></code> | <code>aws-cdk-lib.aws_ec2.SubnetSelection</code> | VPC subnets used for all management functions. |
 | <code><a href="#@cloudsnorkel/cdk-github-runners.GitHubRunnersProps.property.webhookAccess">webhookAccess</a></code> | <code><a href="#@cloudsnorkel/cdk-github-runners.LambdaAccess">LambdaAccess</a></code> | Access configuration for the webhook function. |
 
@@ -6519,7 +6536,7 @@ public readonly idleTimeout: Duration;
 ```
 
 - *Type:* aws-cdk-lib.Duration
-- *Default:* 10 minutes
+- *Default:* 5 minutes
 
 Time to wait before stopping a runner that remains idle.
 
@@ -6607,9 +6624,16 @@ public readonly vpc: IVpc;
 
 - *Type:* aws-cdk-lib.aws_ec2.IVpc
 
-VPC used for all management functions.
+VPC used for all management functions. Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.
 
-Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.
+Make sure the selected VPC and subnets have access to the following with either NAT Gateway or VPC Endpoints:
+* GitHub Enterprise Server
+* Secrets Manager
+* SQS
+* Step Functions
+* CloudFormation (status function only)
+* EC2 (status function only)
+* ECR (status function only)
 
 ---