npm - terraform-cdk-serverless-github-actions-runner-controller - Versions diffs - 0.0.0 → 0.0.2 - Mend

terraform-cdk-serverless-github-actions-runner-controller 0.0.0 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/.jsii +3647 -2
package/API.md +212 -0
package/lib/__tests__/index-test.js +16 -4
package/lib/index.d.ts +2 -0
package/lib/index.js +3 -1
package/lib/lib/aws.d.ts +4 -0
package/lib/lib/aws.js +395 -0
package/lib/lib/azure.js +1 -1
package/lib/lib/gcp.d.ts +4 -0
package/lib/lib/gcp.js +251 -0
package/lib/lib/variables.js +3 -1
package/lib/tfModules.js +17 -1
package/main.tf +26 -0
package/modules/azure-container-apps/README.md +3 -3
package/modules/azure-container-apps/cdk.tf.json +7 -7
package/modules/elastic-container-service/README.md +66 -0
package/modules/elastic-container-service/cdk.tf.json +314 -0
package/modules/google-cloud-run/README.md +62 -0
package/modules/google-cloud-run/cdk.tf.json +355 -0
package/package.json +8 -1
package/scripts/collect-variables.ts +188 -0
package/variables.tf +27 -0

package/modules/google-cloud-run/cdk.tf.json ADDED Viewed

@@ -0,0 +1,355 @@
+{
+  "//": {
+    "metadata": {
+      "backend": "local",
+      "stackName": "google-cloud-run",
+      "version": "0.20.0"
+    },
+    "outputs": {
+    }
+  },
+  "locals": {
+    "cr_autoscalerMember_AA00D082": "serviceAccount:${google_service_account.cr_autoscalerServiceAccount_37C5FFAD.email}",
+    "cr_bucketModification_B1ECB227": "CLOUDSDK_CORE_DISABLE_PROMPTS=1 gcloud alpha storage buckets create gs://gha-runner-job-externals --project=gha-runner-example --location=europe-north1 --uniform-bucket-level-access --enable-hierarchical-namespace",
+    "cr_ghaMember_2ADFD977": "serviceAccount:${google_service_account.cr_jobServiceAccount_4D2CB679.email}"
+  },
+  "resource": {
+    "google_artifact_registry_repository": {
+      "cr_registry_886F88F0": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/registry",
+            "uniqueId": "cr_registry_886F88F0"
+          }
+        },
+        "description": "Repository to host run and resulting images from GHA runs",
+        "format": "DOCKER",
+        "mode": "REMOTE_REPOSITORY",
+        "remote_repository_config": {
+          "docker_repository": {
+            "custom_repository": {
+              "uri": "https://ghcr.io"
+            }
+          }
+        },
+        "repository_id": "gha-runner-test"
+      }
+    },
+    "google_cloud_run_service": {
+      "cr_autoscalerService_A4FAA2B6": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/autoscalerService",
+            "uniqueId": "cr_autoscalerService_A4FAA2B6"
+          }
+        },
+        "location": "europe-north1",
+        "metadata": {
+          "annotations": {
+            "run.googleapis.com/ingress": "internal"
+          }
+        },
+        "name": "gha-autoscaler",
+        "template": {
+          "metadata": {
+            "annotations": {
+              "autoscaling.knative.dev/maxScale": "1",
+              "autoscaling.knative.dev/minScale": "1",
+              "run.googleapis.com/cpu-throttling": "false",
+              "run.googleapis.com/startup-cpu-boost": "false"
+            }
+          },
+          "spec": {
+            "container_concurrency": 1,
+            "containers": [
+              {
+                "env": [
+                  {
+                    "name": "PAT",
+                    "value": "${var.PAT}"
+                  },
+                  {
+                    "name": "GITHUB_CONFIG_URL",
+                    "value": "${var.github_config_url}"
+                  },
+                  {
+                    "name": "JOB_NAME",
+                    "value": "${google_cloud_run_v2_job.cr_ghaJob_3BDFC08A.name}"
+                  },
+                  {
+                    "name": "SCALE_SET_NAME",
+                    "value": "cr-runner-set"
+                  },
+                  {
+                    "name": "CLOUDSDK_RUN_REGION",
+                    "value": "europe-north1"
+                  },
+                  {
+                    "name": "GOOGLE_CLOUD_PROJECT",
+                    "value": "gha-runner-example"
+                  }
+                ],
+                "image": "${google_artifact_registry_repository.cr_registry_886F88F0.location}-docker.pkg.dev/gha-runner-example/${google_artifact_registry_repository.cr_registry_886F88F0.repository_id}/hi-fi/gha-runners-on-managed-env:test",
+                "resources": {
+                  "limits": {
+                    "cpu": "1000m",
+                    "memory": "512Mi"
+                  }
+                }
+              }
+            ],
+            "service_account_name": "${google_service_account.cr_autoscalerServiceAccount_37C5FFAD.email}"
+          }
+        }
+      }
+    },
+    "google_cloud_run_v2_job": {
+      "cr_ghaJob_3BDFC08A": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/ghaJob",
+            "uniqueId": "cr_ghaJob_3BDFC08A"
+          }
+        },
+        "deletion_protection": false,
+        "depends_on": [
+          "null_resource.cr_gcloud_3D7A726F"
+        ],
+        "location": "europe-north1",
+        "name": "gha-runner-job",
+        "template": {
+          "template": {
+            "containers": [
+              {
+                "command": [
+                  "/home/runner/ephemeral_runner.sh"
+                ],
+                "env": [
+                  {
+                    "name": "CLOUDSDK_RUN_REGION",
+                    "value": "europe-north1"
+                  },
+                  {
+                    "name": "GOOGLE_CLOUD_PROJECT",
+                    "value": "gha-runner-example"
+                  },
+                  {
+                    "name": "EXTERNAL_STORAGE_NAME",
+                    "value": "gha-runner-job-externals"
+                  },
+                  {
+                    "name": "TAR_OPTIONS",
+                    "value": "--touch --no-overwrite-dir --no-same-owner"
+                  }
+                ],
+                "image": "${google_artifact_registry_repository.cr_registry_886F88F0.location}-docker.pkg.dev/gha-runner-example/${google_artifact_registry_repository.cr_registry_886F88F0.repository_id}/hi-fi/actions-runner:cr",
+                "resources": {
+                  "limits": {
+                    "cpu": "1",
+                    "memory": "2Gi"
+                  }
+                },
+                "volume_mounts": [
+                  {
+                    "mount_path": "/home/runner/_work/externals",
+                    "name": "externals"
+                  }
+                ]
+              }
+            ],
+            "max_retries": 0,
+            "service_account": "${google_service_account.cr_jobServiceAccount_4D2CB679.email}",
+            "volumes": [
+              {
+                "gcs": {
+                  "bucket": "gha-runner-job-externals"
+                },
+                "name": "externals"
+              }
+            ]
+          }
+        }
+      }
+    },
+    "google_project_iam_custom_role": {
+      "cr_autoscalerRole_8A950337": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/autoscalerRole",
+            "uniqueId": "cr_autoscalerRole_8A950337"
+          }
+        },
+        "permissions": [
+          "artifactregistry.dockerimages.get",
+          "artifactregistry.dockerimages.list",
+          "run.jobs.run",
+          "run.jobs.create",
+          "run.jobs.delete"
+        ],
+        "role_id": "ghaAutoscalerRole",
+        "title": "GHA Autoscaler Role"
+      },
+      "cr_runnerRole_07508BC4": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/runnerRole",
+            "uniqueId": "cr_runnerRole_07508BC4"
+          }
+        },
+        "permissions": [
+          "artifactregistry.dockerimages.get",
+          "artifactregistry.dockerimages.list",
+          "run.jobs.run",
+          "run.jobs.create",
+          "run.jobs.delete",
+          "run.jobs.list",
+          "run.executions.get"
+        ],
+        "role_id": "ghaRunnerRole",
+        "title": "GHA Runner Role"
+      }
+    },
+    "google_project_iam_member": {
+      "cr_autoscalerRoleBindingRunServiceAgent_83C78179": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/autoscalerRoleBindingRunServiceAgent",
+            "uniqueId": "cr_autoscalerRoleBindingRunServiceAgent_83C78179"
+          }
+        },
+        "member": "${local.cr_autoscalerMember_AA00D082}",
+        "project": "gha-runner-example",
+        "role": "roles/run.serviceAgent"
+      },
+      "cr_autoscalerRoleBindingRun_76E1E813": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/autoscalerRoleBindingRun",
+            "uniqueId": "cr_autoscalerRoleBindingRun_76E1E813"
+          }
+        },
+        "member": "${local.cr_autoscalerMember_AA00D082}",
+        "project": "gha-runner-example",
+        "role": "roles/run.developer"
+      },
+      "cr_autoscalerRoleBindingStorage_C1A676AA": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/autoscalerRoleBindingStorage",
+            "uniqueId": "cr_autoscalerRoleBindingStorage_C1A676AA"
+          }
+        },
+        "member": "${local.cr_autoscalerMember_AA00D082}",
+        "project": "gha-runner-example",
+        "role": "roles/storage.admin"
+      },
+      "cr_runnerRoleBindingRunServiceAgent_88652FB8": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/runnerRoleBindingRunServiceAgent",
+            "uniqueId": "cr_runnerRoleBindingRunServiceAgent_88652FB8"
+          }
+        },
+        "member": "${local.cr_ghaMember_2ADFD977}",
+        "project": "gha-runner-example",
+        "role": "roles/run.serviceAgent"
+      },
+      "cr_runnerRoleBindingRunViewer_328C548F": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/runnerRoleBindingRunViewer",
+            "uniqueId": "cr_runnerRoleBindingRunViewer_328C548F"
+          }
+        },
+        "member": "${local.cr_ghaMember_2ADFD977}",
+        "project": "gha-runner-example",
+        "role": "roles/run.viewer"
+      },
+      "cr_runnerRoleBindingStorage_8D8C3B87": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/runnerRoleBindingStorage",
+            "uniqueId": "cr_runnerRoleBindingStorage_8D8C3B87"
+          }
+        },
+        "member": "${local.cr_ghaMember_2ADFD977}",
+        "project": "gha-runner-example",
+        "role": "roles/storage.admin"
+      },
+      "cr_runnerRoleBinding_E20193A5": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/runnerRoleBinding",
+            "uniqueId": "cr_runnerRoleBinding_E20193A5"
+          }
+        },
+        "member": "${local.cr_ghaMember_2ADFD977}",
+        "project": "gha-runner-example",
+        "role": "${google_project_iam_custom_role.cr_runnerRole_07508BC4.id}"
+      }
+    },
+    "google_service_account": {
+      "cr_autoscalerServiceAccount_37C5FFAD": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/autoscalerServiceAccount",
+            "uniqueId": "cr_autoscalerServiceAccount_37C5FFAD"
+          }
+        },
+        "account_id": "autoscaler-sa"
+      },
+      "cr_jobServiceAccount_4D2CB679": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/jobServiceAccount",
+            "uniqueId": "cr_jobServiceAccount_4D2CB679"
+          }
+        },
+        "account_id": "gha-runner-job-sa"
+      }
+    },
+    "null_resource": {
+      "cr_gcloud_3D7A726F": {
+        "//": {
+          "metadata": {
+            "path": "google-cloud-run/cr/gcloud",
+            "uniqueId": "cr_gcloud_3D7A726F"
+          }
+        },
+        "provisioner": [
+          {
+            "local-exec": {
+              "command": "${local.cr_bucketModification_B1ECB227}"
+            }
+          }
+        ],
+        "triggers": {
+          "fqn": "${local.cr_bucketModification_B1ECB227}"
+        }
+      }
+    }
+  },
+  "terraform": {
+    "required_providers": {
+      "google": {
+        "source": "google",
+        "version": "6.32.0"
+      },
+      "null": {
+        "source": "null",
+        "version": "3.2.4"
+      }
+    }
+  },
+  "variable": {
+    "PAT": {
+      "description": "Github PAT with Actions:Read and Admin:Read+Write scopes",
+      "nullable": false,
+      "sensitive": true
+    },
+    "github_config_url": {
+      "description": "Github URL where runners should register to. Format https://<GitHub host>/<your_enterprise/org/repo>",
+      "nullable": false
+    }
+  }
+}

package/package.json CHANGED Viewed

@@ -35,7 +35,11 @@
     "organization": false
   },
   "devDependencies": {
+    "@aws-sdk/client-ecs": "^3.797.0",
+    "@cdktf/provider-aws": "19.62.0",
     "@cdktf/provider-azurerm": "13.26.0",
+    "@cdktf/provider-google": "14.31.0",
+    "@cdktf/provider-null": "10.0.2",
     "@cdktf/provider-random": "11.1.1",
     "@types/jest": "^29.5.14",
     "@types/node": "ts5.6",
@@ -65,7 +69,10 @@
     "typescript": "~5.6.0"
   },
   "peerDependencies": {
+    "@cdktf/provider-aws": "^19.62.0",
     "@cdktf/provider-azurerm": "^13.26.0",
+    "@cdktf/provider-google": "^14.31.0",
+    "@cdktf/provider-null": "^10.0.2",
     "@cdktf/provider-random": "^11.1.1",
     "cdktf": ">=0.20.0",
     "constructs": ">=10.4.2"
@@ -84,7 +91,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "0.0.0",
+  "version": "0.0.2",
   "jest": {
     "coverageProvider": "v8",
     "testMatch": [

package/scripts/collect-variables.ts ADDED Viewed

@@ -0,0 +1,188 @@
+// Code generated with Gemini
+import * as fs from 'fs';
+import * as path from 'path';
+interface VariableDefinition {
+  name: string;
+  description: string;
+  submodules: string[];
+  customInfo?: Record<string, any>;
+}
+interface SubmoduleVariables {
+  [submodulePath: string]: VariableDefinition[];
+}
+const ROOT_DIR = '.';
+const OUTPUT_FILE = 'variables.tf';
+const VARIABLE_FILE_NAME = 'cdk.tf.json';
+const GENERATED_COMMENT_START = '# Variables generated by terraform-variable-collector start';
+const GENERATED_COMMENT_END = '# Variables generated by terraform-variable-collector end';
+/**
+ * Extracts variable definitions from a cdk.tf.json file.
+ */
+function extractVariables(filePath: string): VariableDefinition[] {
+  try {
+    const fileContent = fs.readFileSync(filePath, 'utf-8');
+    const jsonData = JSON.parse(fileContent);
+    if (!jsonData.variable || typeof jsonData.variable !== 'object') {
+      return [];
+    }
+    const variables: VariableDefinition[] = [];
+    for (const varName in jsonData.variable) {
+      if (jsonData.variable.hasOwnProperty(varName)) {
+        const varConfig = jsonData.variable[varName];
+        if (typeof varConfig === 'object' && varConfig !== null) {
+          const description = typeof varConfig.description === 'string' ? varConfig.description : 'No description provided.';
+          const customInfo = varConfig.customInfo ? varConfig.customInfo : {};
+          variables.push({ name: varName, description, submodules: [], customInfo });
+        }
+      }
+    }
+    return variables;
+  } catch (error) {
+    console.error(`Error processing file: ${filePath}`, error);
+    return [];
+  }
+}
+/**
+ * Recursively searches for cdk.tf.json files within the "modules" subdirectory.
+ */
+function findSubmoduleVariables(dir: string): SubmoduleVariables {
+  const submoduleVariables: SubmoduleVariables = {};
+  const modulesDir = path.join(dir, 'modules');
+  if (!fs.existsSync(modulesDir)) {
+    console.warn(`Warning: 'modules' directory not found at ${modulesDir}.  No variables will be collected.`);
+    return {};
+  }
+  function walk(currentDir: string) {
+    const files = fs.readdirSync(currentDir);
+    for (const file of files) {
+      const filePath = path.join(currentDir, file);
+      const stat = fs.statSync(filePath);
+      if (stat.isDirectory()) {
+        walk(filePath);
+      } else if (file === VARIABLE_FILE_NAME) {
+        const submodulePath = path.relative(modulesDir, currentDir);
+        if (submodulePath) {
+          const variables = extractVariables(filePath);
+          if (variables.length > 0) {
+            submoduleVariables[submodulePath] = variables;
+          }
+        }
+      }
+    }
+  }
+  walk(modulesDir);
+  return submoduleVariables;
+}
+/**
+ * Generates the content for the root module's variables.tf file, combining
+ * similarly named variables. It uses the description from the first
+ * occurrence of the variable.  It now updates an existing file, preserving
+ * content outside of the generated variable block.
+ */
+function generateRootVariablesTf(collectedVariables: SubmoduleVariables): void {
+  let existingContent = '';
+  if (fs.existsSync(OUTPUT_FILE)) {
+    existingContent = fs.readFileSync(OUTPUT_FILE, 'utf-8');
+  }
+  let outputContent = `${GENERATED_COMMENT_START}\n`;
+  const combinedVariables: { [name: string]: VariableDefinition } = {};
+  for (const submodulePath in collectedVariables) {
+    if (collectedVariables.hasOwnProperty(submodulePath)) {
+      const variables = collectedVariables[submodulePath];
+      for (const variable of variables) {
+        if (combinedVariables[variable.name]) {
+          // Variable name already exists, so combine, but keep original description
+          combinedVariables[variable.name].submodules.push(`modules/${submodulePath}`);
+        } else {
+          // Variable name doesn't exist, so add it
+          combinedVariables[variable.name] = {
+            ...variable,
+            submodules: [`modules/${submodulePath}`],
+          };
+        }
+      }
+    }
+  }
+  for (const varName in combinedVariables) {
+    if (combinedVariables.hasOwnProperty(varName)) {
+      const variable = combinedVariables[varName];
+      const submoduleList = variable.submodules.join(', ');
+      outputContent += `variable "${varName}" {\n`;
+      outputContent += `  type = any\n`;
+      outputContent += `  description = "${variable.description} (Defined in: ${submoduleList})"\n`;
+      if (variable.customInfo && Object.keys(variable.customInfo).length > 0) {
+        outputContent += `  # Custom Information:\n`;
+        for (const key in variable.customInfo) {
+          if (variable.customInfo.hasOwnProperty(key)) {
+            const value = variable.customInfo[key];
+            outputContent += `  #   ${key} = ${JSON.stringify(value)}\n`;
+          }
+        }
+      }
+      outputContent += `}\n\n`;
+    }
+  }
+  outputContent += `${GENERATED_COMMENT_END}\n`;
+  // Use regular expressions to find and replace the generated block
+  const startMarkerRegex = new RegExp(GENERATED_COMMENT_START.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'));
+  const endMarkerRegex = new RegExp(GENERATED_COMMENT_END.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'));
+  const existingGeneratedBlockRegex = new RegExp(
+    `${startMarkerRegex.source}[\\s\\S]*${endMarkerRegex.source}`,
+    'g',
+  );
+  let updatedContent: string;
+  if (existingGeneratedBlockRegex.test(existingContent)) {
+    // Replace the existing generated block with the new content
+    updatedContent = existingContent.replace(existingGeneratedBlockRegex, outputContent);
+  } else {
+    // Append the generated block to the end of the file, or create a new file
+    updatedContent = existingContent + outputContent;
+  }
+  fs.writeFileSync(OUTPUT_FILE, updatedContent);
+  console.log(
+    `Generated (or updated) root module's ${OUTPUT_FILE} with combined variables, preserving existing content.`,
+  );
+  console.log('Review and adjust the types and other attributes as needed.');
+}
+function main(): void {
+  const collectedVars = findSubmoduleVariables(ROOT_DIR);
+  if (Object.keys(collectedVars).length > 0) {
+    console.log('Collected variables from submodules:');
+    for (const submodulePath in collectedVars) {
+      if (collectedVars.hasOwnProperty(submodulePath)) {
+        console.log(`  Submodule: modules/${submodulePath}`);
+        const variables = collectedVars[submodulePath];
+        for (const varDef of variables) {
+          console.log(`    - Name: ${varDef.name}, Description: ${varDef.description}`);
+        }
+      }
+    }
+    generateRootVariablesTf(collectedVars);
+  } else {
+    console.log('No submodules with cdk.tf.json files found in the "modules" directory.');
+  }
+}
+main();

package/variables.tf ADDED Viewed

@@ -0,0 +1,27 @@
+variable "runner_platform" {
+    nullable = false
+    type = string
+    description = "Runner platform hosting ARC and runners. Possible values ACA (Azure Container Apps), ECS (Elastic Container Service) and GCR (Google Cloud Run)"
+    validation {
+     condition     = can(regex("^(ACA|ECR|GCR)$", upper(var.runner_platform)))
+     error_message = "Runner platform has to be either ACA, ECR or GCR (case insensitive)."
+   }
+}
+# Variables generated by terraform-variable-collector start
+variable "PAT" {
+  type = any
+  description = "Github PAT with Actions:Read and Admin:Read+Write scopes (Defined in: modules/azure-container-apps, modules/elastic-container-service, modules/google-cloud-run)"
+}
+variable "aca_location_486B7D73" {
+  type = any
+  description = "Location where to provision resources to (Defined in: modules/azure-container-apps)"
+}
+variable "github_config_url" {
+  type = any
+  description = "Github URL where runners should register to. Format https://<GitHub host>/<your_enterprise/org/repo> (Defined in: modules/azure-container-apps, modules/elastic-container-service, modules/google-cloud-run)"
+}
+# Variables generated by terraform-variable-collector end