cloudsnorkelcdkgithubrunners

package module
v0.14.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

README

GitHub Self-Hosted Runners CDK Constructs

NPM PyPI Maven Central Go Nuget Release License

Use this CDK construct to create ephemeral self-hosted GitHub runners on-demand inside your AWS account.

  • 🧩 Easy to configure GitHub integration with a web-based interface
  • 🧠 Customizable runners with decent defaults
  • 🏃🏻 Multiple runner configurations controlled by labels
  • 🔐 Everything fully hosted in your account
  • 🔃 Automatically updated build environment with latest runner version

Self-hosted runners in AWS are useful when:

  • You need easy access to internal resources in your actions
  • You want to pre-install some software for your actions
  • You want to provide some basic AWS API access (but aws-actions/configure-aws-credentials has more security controls)
  • You are using GitHub Enterprise Server

Ephemeral (or on-demand) runners are the recommended way by GitHub for auto-scaling, and they make sure all jobs run with a clean image. Runners are started on-demand. You don't pay unless a job is running.

API

The best way to browse API documentation is on Constructs Hub. It is available in all supported programming languages.

Providers

A runner provider creates compute resources on-demand and uses actions/runner to start a runner.

EC2 CodeBuild Fargate ECS Lambda
Time limit Unlimited 8 hours Unlimited Unlimited 15 minutes
vCPUs Unlimited 2, 4, 8, or 72 0.25 to 4 Unlimited 1 to 6
RAM Unlimited 3gb, 7gb, 15gb, or 145gb 512mb to 30gb Unlimited 128mb to 10gb
Storage Unlimited 50gb to 824gb 20gb to 200gb Unlimited Up to 10gb
Architecture x86_64, ARM64 x86_64, ARM64 x86_64, ARM64 x86_64, ARM64 x86_64, ARM64
sudo
Docker ✔ (Linux only)
Spot pricing
OS Linux, Windows Linux, Windows Linux, Windows Linux, Windows Linux

The best provider to use mostly depends on your current infrastructure. When in doubt, CodeBuild is always a good choice. Execution history and logs are easy to view, and it has no restrictive limits unless you need to run for more than 8 hours.

  • EC2 is useful when you want runners to have complete access to the host
  • ECS is useful when you want to control the infrastructure, like leaving the runner host running for faster startups
  • Lambda is useful for short jobs that can work within time, size and readonly system constraints

You can also create your own provider by implementing IRunnerProvider.

Installation

  1. Install and use the appropriate package

    Python
    Install

    Available on PyPI.

    pip install cloudsnorkel.cdk-github-runners
    Use
    from aws_cdk import App, Stack
from cloudsnorkel.cdk_github_runners import GitHubRunners

app = App()
stack = Stack(app, "github-runners")
GitHubRunners(stack, "runners")

app.synth()
    TypeScript or JavaScript
    Install

    Available on npm.

    npm i @cloudsnorkel/cdk-github-runners
    Use
    import { App, Stack } from 'aws-cdk-lib';
import { GitHubRunners } from '@cloudsnorkel/cdk-github-runners';

const app = new App();
const stack = new Stack(app, 'github-runners');
new GitHubRunners(stack, 'runners');

app.synth();
    Java
    Install

    Available on Maven.

    <dependency>
   <groupId>com.cloudsnorkel</groupId>
   <artifactId>cdk.github.runners</artifactId>
</dependency>
    Use
    import software.amazon.awscdk.App;
import software.amazon.awscdk.Stack;
import com.cloudsnorkel.cdk.github.runners.GitHubRunners;

public class Example {
  public static void main(String[] args){
    App app = new App();
    Stack stack = new Stack(app, "github-runners");
    GitHubRunners.Builder.create(stack, "runners").build();

    app.synth();
  }
}
    Go
    Install

    Available on GitHub.

    go get github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners
    Use
    package main

import (
  "github.com/CloudSnorkel/cdk-github-runners-go/cloudsnorkelcdkgithubrunners"
  "github.com/aws/aws-cdk-go/awscdk/v2"
  "github.com/aws/jsii-runtime-go"
)

func main() {
  app := awscdk.NewApp(nil)
  stack := awscdk.NewStack(app, jsii.String("github-runners"), &awscdk.StackProps{})
  cloudsnorkelcdkgithubrunners.NewGitHubRunners(stack, jsii.String("runners"), &cloudsnorkelcdkgithubrunners.GitHubRunnersProps{})

  app.Synth(nil)
}
    .NET
    Install

    Available on Nuget.

    dotnet add package CloudSnorkel.Cdk.Github.Runners
    Use
    using Amazon.CDK;
using CloudSnorkel;

namespace Example
{
  sealed class Program
  {
    public static void Main(string[] args)
    {
      var app = new App();
      var stack = new Stack(app, "github-runners");
      new GitHubRunners(stack, "runners");
      app.Synth();
    }
  }
}

  2. Use GitHubRunners construct in your code (starting with default arguments is fine)

  3. Deploy your stack

  4. Look for the status command output similar to aws --region us-east-1 lambda invoke --function-name status-XYZ123 status.json

     ✅  github-runners-test

✨  Deployment time: 260.01s

Outputs:
github-runners-test.runnersstatuscommand4A30F0F5 = aws --region us-east-1 lambda invoke --function-name github-runners-test-runnersstatus1A5771C0-mvttg8oPQnQS status.json

  5. Execute the status command (you may need to specify --profile too) and open the resulting status.json file

  6. Open the URL in github.setup.url from status.json or manually setup GitHub integration as an app or with personal access token

  7. Run status command again to confirm github.auth.status and github.webhook.status are OK

  8. Trigger a GitHub action that has a self-hosted label with runs-on: [self-hosted, codebuild] (or non-default labels you set in step 2)

  9. If the action is not successful, see troubleshooting

Demo

Customizing

The default providers configured by GitHubRunners are useful for testing but probably not too much for actual production work. They run in the default VPC or no VPC and have no added IAM permissions. You would usually want to configure the providers yourself.

For example:

let vpc: ec2.Vpc;
let runnerSg: ec2.SecurityGroup;
let dbSg: ec2.SecurityGroup;
let bucket: s3.Bucket;

// create a custom CodeBuild provider
const myProvider = new CodeBuildRunnerProvider(this, 'codebuild runner', {
   labels: ['my-codebuild'],
   vpc: vpc,
   securityGroups: [runnerSg],
});
// grant some permissions to the provider
bucket.grantReadWrite(myProvider);
dbSg.connections.allowFrom(runnerSg, ec2.Port.tcp(3306), 'allow runners to connect to MySQL database');

// create the runner infrastructure
new GitHubRunners(this, 'runners', {
   providers: [myProvider],
});

Another way to customize runners is by modifying the image used to spin them up. The image contains the runner, any required dependencies, and integration code with the provider. You may choose to customize this image by adding more packages, for example.

const myBuilder = FargateRunnerProvider.imageBuilder(this, 'image builder');
myBuilder.addComponent(
  RunnerImageComponent.custom({ commands: ['apt install -y nginx xz-utils'] }),
);

const myProvider = new FargateRunnerProvider(this, 'fargate runner', {
   labels: ['customized-fargate'],
   imageBuilder: myBuilder,
});

// create the runner infrastructure
new GitHubRunners(this, 'runners', {
   providers: [myProvider],
});

Your workflow will then look like:

name: self-hosted example
on: push
jobs:
  self-hosted:
    runs-on: [self-hosted, customized-fargate]
    steps:
      - run: echo hello world

Windows images can also be customized the same way.

const myWindowsBuilder = FargateRunnerProvider.imageBuilder(this, 'Windows image builder', {
   architecture: Architecture.X86_64,
   os: Os.WINDOWS,
});
myWindowsBuilder.addComponent(
   RunnerImageComponent.custom({
     name: 'Ninja',
     commands: [
       'Invoke-WebRequest -UseBasicParsing -Uri "https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-win.zip" -OutFile ninja.zip',
       'Expand-Archive ninja.zip -DestinationPath C:\\actions',
       'del ninja.zip',
     ],
   }),
);

const myProvider = new FargateRunnerProvider(this, 'fargate runner', {
   labels: ['customized-windows-fargate'],
   imageBuilder: myWindowsBuilder,
});

new GitHubRunners(this, 'runners', {
   providers: [myProvider],
});

The runner OS and architecture is determined by the image it is set to use. For example, to create a Fargate runner provider for ARM64 set the architecture property for the image builder to Architecture.ARM64 in the image builder properties.

new GitHubRunners(this, 'runners', {
   providers: [
      new FargateRunnerProvider(this, 'fargate runner', {
         labels: ['arm64', 'fargate'],
         imageBuilder: FargateRunnerProvider.imageBuilder(this, 'image builder', {
            architecture: Architecture.ARM64,
            os: Os.LINUX_UBUNTU,
         }),
      }),
   ],
});

Architecture

Architecture diagram

Troubleshooting

Runners are started in response to a webhook coming in from GitHub. If there are any issues starting the runner like missing capacity or transient API issues, the provider will keep retrying for 24 hours. Configuration issue related errors like pointing to a missing AMI will not be retried. GitHub itself will cancel the job if it can't find a runner for 24 hours. If your jobs don't start, follow the steps below to examine all parts of this workflow.

  1. Always start with the status function, make sure no errors are reported, and confirm all status codes are OK

  2. Make sure runs-on in the workflow matches the expected labels set in the runner provider

  3. Diagnose relevant executions of the orchestrator step function by visiting the URL in troubleshooting.stepFunctionUrl from status.json

    1. If the execution failed, check your runner provider configuration for errors
    2. If the execution is still running for a long time, check the execution events to see why runner starting is being retried
    3. If there are no relevant executions, move to the next step

  4. Confirm the webhook Lambda was called by visiting the URL in troubleshooting.webhookHandlerUrl from status.json

    1. If it's not called or logs errors, confirm the webhook settings on the GitHub side
    2. If you see too many errors, make sure you're only sending workflow_job events

  5. When using GitHub app, make sure there are active installations in github.auth.app.installations

All logs are saved in CloudWatch.

  • Log group names can be found in status.json for each provider, image builder, and other parts of the system
  • Some useful Logs Insights queries can be enabled with GitHubRunners.createLogsInsightsQueries()

To get status.json, check out the CloudFormation stack output for a command that generates it. The command looks like:

aws --region us-east-1 lambda invoke --function-name status-XYZ123 status.json

Monitoring

There are two important ways to monitor your runners:

  1. Make sure runners don't fail to start. When that happens, jobs may sit and wait. Use GitHubRunners.metricFailed() to get a metric for the number of failed runner starts. You should use this metric to trigger an alarm.
  2. Make sure runner images don't fail to build. Failed runner image builds mean you will get stuck with out-of-date software on your runners. It may lead to security vulnerabilities, or it may lead to slower runner start-ups as the runner software itself needs to be updated. Use GitHubRunners.failedImageBuildsTopic() to get SNS topic that gets notified of failed runner image builds. You should subscribe to this topic.

Other useful metrics to track:

  1. Use GitHubRunners.metricJobCompleted() to get a metric for the number of completed jobs broken down by labels and job success.
  2. Use GitHubRunners.metricTime() to get a metric for the total time a runner is running. This includes the overhead of starting the runner.

Contributing

If you use and love this project, please consider contributing.

  1. 🪳 If you see something, say something. Issues help improve the quality of the project.

    • Include relevant logs and package versions for bugs.
    • When possible, describe the use-case behind feature requests.

  2. 🛠️ Pull requests are welcome.

    • Run npm run build before submitting to make sure all tests pass.
    • Allow edits from maintainers so small adjustments can be made easily.

  3. 💵 Consider sponsoring the project to show your support and optionally get your name listed below.

Other Options

  1. philips-labs/terraform-aws-github-runner if you're using Terraform
  2. actions/actions-runner-controller if you're using Kubernetes

Documentation

Overview

CDK construct to create GitHub Actions self-hosted runners. Creates ephemeral runners on demand. Easy to deploy and highly customizable.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AmiBuilder_IsConstruct added in v0.7.2 

func AmiBuilder_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func CodeBuildImageBuilder_IsConstruct added in v0.3.0 

func CodeBuildImageBuilder_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func CodeBuildRunnerProvider_IsConstruct added in v0.8.2 

func CodeBuildRunnerProvider_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func CodeBuildRunnerProvider_LINUX_ARM64_DOCKERFILE_PATH added in v0.8.2 

func CodeBuildRunnerProvider_LINUX_ARM64_DOCKERFILE_PATH() *string

func CodeBuildRunnerProvider_LINUX_X64_DOCKERFILE_PATH added in v0.8.2 

func CodeBuildRunnerProvider_LINUX_X64_DOCKERFILE_PATH() *string

func CodeBuildRunner_IsConstruct 

func CodeBuildRunner_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func CodeBuildRunner_LINUX_ARM64_DOCKERFILE_PATH added in v0.3.0 

func CodeBuildRunner_LINUX_ARM64_DOCKERFILE_PATH() *string

func CodeBuildRunner_LINUX_X64_DOCKERFILE_PATH added in v0.3.0 

func CodeBuildRunner_LINUX_X64_DOCKERFILE_PATH() *string

func ContainerImageBuilder_IsConstruct added in v0.4.0 

func ContainerImageBuilder_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func Ec2RunnerProvider_IsConstruct added in v0.8.2 

func Ec2RunnerProvider_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func Ec2Runner_IsConstruct added in v0.6.1 

func Ec2Runner_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func EcsRunnerProvider_IsConstruct added in v0.9.3 

func EcsRunnerProvider_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func FargateRunnerProvider_IsConstruct added in v0.8.2 

func FargateRunnerProvider_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func FargateRunnerProvider_LINUX_ARM64_DOCKERFILE_PATH added in v0.8.2 

func FargateRunnerProvider_LINUX_ARM64_DOCKERFILE_PATH() *string

func FargateRunnerProvider_LINUX_X64_DOCKERFILE_PATH added in v0.8.2 

func FargateRunnerProvider_LINUX_X64_DOCKERFILE_PATH() *string

func FargateRunner_IsConstruct 

func FargateRunner_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func FargateRunner_LINUX_ARM64_DOCKERFILE_PATH added in v0.3.0 

func FargateRunner_LINUX_ARM64_DOCKERFILE_PATH() *string

func FargateRunner_LINUX_X64_DOCKERFILE_PATH added in v0.3.0 

func FargateRunner_LINUX_X64_DOCKERFILE_PATH() *string

func GitHubRunners_IsConstruct 

func GitHubRunners_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func ImageBuilderComponent_IsConstruct added in v0.4.0 

func ImageBuilderComponent_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func ImageBuilderComponent_IsOwnedResource added in v0.6.0 

func ImageBuilderComponent_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Deprecated: Use `RunnerImageComponent` instead as this be internal soon.

func ImageBuilderComponent_IsResource added in v0.4.0 

func ImageBuilderComponent_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Deprecated: Use `RunnerImageComponent` instead as this be internal soon.

func LambdaAccess_GithubWebhookIps added in v0.9.2 

func LambdaAccess_GithubWebhookIps() *[]*string

Downloads the list of IP addresses used by GitHub.com for webhooks.

Note that downloading dynamic data during deployment is not recommended in CDK. This is a workaround for the lack of a better solution. Experimental.

func LambdaRunnerProvider_IsConstruct added in v0.8.2 

func LambdaRunnerProvider_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func LambdaRunnerProvider_LINUX_ARM64_DOCKERFILE_PATH added in v0.8.2 

func LambdaRunnerProvider_LINUX_ARM64_DOCKERFILE_PATH() *string

func LambdaRunnerProvider_LINUX_X64_DOCKERFILE_PATH added in v0.8.2 

func LambdaRunnerProvider_LINUX_X64_DOCKERFILE_PATH() *string

func LambdaRunner_IsConstruct 

func LambdaRunner_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func LambdaRunner_LINUX_ARM64_DOCKERFILE_PATH added in v0.3.0 

func LambdaRunner_LINUX_ARM64_DOCKERFILE_PATH() *string

func LambdaRunner_LINUX_X64_DOCKERFILE_PATH added in v0.3.0 

func LambdaRunner_LINUX_X64_DOCKERFILE_PATH() *string

func NewAmiBuilder_Override deprecated added in v0.7.2 

func NewAmiBuilder_Override(a AmiBuilder, scope constructs.Construct, id *string, props *AmiBuilderProps)

Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()

func NewCodeBuildImageBuilder_Override deprecated added in v0.3.0 

func NewCodeBuildImageBuilder_Override(c CodeBuildImageBuilder, scope constructs.Construct, id *string, props *CodeBuildImageBuilderProps)

Deprecated: use RunnerImageBuilder.

func NewCodeBuildRunnerProvider_Override added in v0.8.2 

func NewCodeBuildRunnerProvider_Override(c CodeBuildRunnerProvider, scope constructs.Construct, id *string, props *CodeBuildRunnerProviderProps)

Experimental.

func NewCodeBuildRunner_Override deprecated 

func NewCodeBuildRunner_Override(c CodeBuildRunner, scope constructs.Construct, id *string, props *CodeBuildRunnerProviderProps)

Deprecated: use {@link CodeBuildRunnerProvider }.

func NewContainerImageBuilder_Override deprecated added in v0.4.0 

func NewContainerImageBuilder_Override(c ContainerImageBuilder, scope constructs.Construct, id *string, props *ContainerImageBuilderProps)

Deprecated: use RunnerImageBuilder.

func NewEc2RunnerProvider_Override added in v0.8.2 

func NewEc2RunnerProvider_Override(e Ec2RunnerProvider, scope constructs.Construct, id *string, props *Ec2RunnerProviderProps)

Experimental.

func NewEc2Runner_Override deprecated added in v0.6.1 

func NewEc2Runner_Override(e Ec2Runner, scope constructs.Construct, id *string, props *Ec2RunnerProviderProps)

Deprecated: use {@link Ec2RunnerProvider }.

func NewEcsRunnerProvider_Override added in v0.9.3 

func NewEcsRunnerProvider_Override(e EcsRunnerProvider, scope constructs.Construct, id *string, props *EcsRunnerProviderProps)

Experimental.

func NewFargateRunnerProvider_Override added in v0.8.2 

func NewFargateRunnerProvider_Override(f FargateRunnerProvider, scope constructs.Construct, id *string, props *FargateRunnerProviderProps)

Experimental.

func NewFargateRunner_Override deprecated 

func NewFargateRunner_Override(f FargateRunner, scope constructs.Construct, id *string, props *FargateRunnerProviderProps)

Deprecated: use {@link FargateRunnerProvider }.

func NewGitHubRunners_Override 

func NewGitHubRunners_Override(g GitHubRunners, scope constructs.Construct, id *string, props *GitHubRunnersProps)

Experimental.

func NewImageBuilderComponent_Override deprecated added in v0.4.0 

func NewImageBuilderComponent_Override(i ImageBuilderComponent, scope constructs.Construct, id *string, props *ImageBuilderComponentProperties)

Deprecated: Use `RunnerImageComponent` instead as this be internal soon.

func NewLambdaAccess_Override added in v0.9.2 

func NewLambdaAccess_Override(l LambdaAccess)

Experimental.

func NewLambdaRunnerProvider_Override added in v0.8.2 

func NewLambdaRunnerProvider_Override(l LambdaRunnerProvider, scope constructs.Construct, id *string, props *LambdaRunnerProviderProps)

Experimental.

func NewLambdaRunner_Override deprecated 

func NewLambdaRunner_Override(l LambdaRunner, scope constructs.Construct, id *string, props *LambdaRunnerProviderProps)

Deprecated: use {@link LambdaRunnerProvider }.

func NewLinuxUbuntuComponents_Override deprecated added in v0.6.0 

func NewLinuxUbuntuComponents_Override(l LinuxUbuntuComponents)

Deprecated: Use `RunnerImageComponent` instead.

func NewRunnerImageBuilder_Override added in v0.9.0 

func NewRunnerImageBuilder_Override(r RunnerImageBuilder, scope constructs.Construct, id *string, props *RunnerImageBuilderProps)

Experimental.

func NewRunnerImageComponent_Override added in v0.9.0 

func NewRunnerImageComponent_Override(r RunnerImageComponent)

Experimental.

func NewRunnerVersion_Override 

func NewRunnerVersion_Override(r RunnerVersion, version *string)

Experimental.

func NewSecrets_Override 

func NewSecrets_Override(s Secrets, scope constructs.Construct, id *string)

Experimental.

func NewStaticRunnerImage_Override added in v0.3.0 

func NewStaticRunnerImage_Override(s StaticRunnerImage)

Experimental.

func NewWindowsComponents_Override deprecated added in v0.6.0 

func NewWindowsComponents_Override(w WindowsComponents)

Deprecated: Use `RunnerImageComponent` instead.

func RunnerImageBuilder_IsConstruct added in v0.9.0 

func RunnerImageBuilder_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func Secrets_IsConstruct 

func Secrets_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

Types

type AmiBuilder added in v0.7.2 

type AmiBuilder interface {
	constructs.Construct
	IRunnerImageBuilder
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	Architecture() Architecture
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	Components() *[]ImageBuilderComponent
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	SetComponents(val *[]ImageBuilderComponent)
	// The network connections associated with this resource.
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	Connections() awsec2.Connections
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	Description() *string
	// The tree node.
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	Node() constructs.Node
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	Os() Os
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	Platform() *string
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	RunnerVersion() RunnerVersion
	// Add a component to be installed.
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	AddComponent(component ImageBuilderComponent)
	// Add extra trusted certificates.
	//
	// This helps deal with self-signed certificates for GitHub Enterprise Server.
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	AddExtraCertificates(path *string)
	// Called by IRunnerProvider to finalize settings and create the AMI builder.
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	BindAmi() *RunnerAmi
	// Build and return a Docker image with GitHub Runner installed in it.
	//
	// Anything that ends up with an ECR repository containing a Docker image that runs GitHub self-hosted runners can be used. A simple implementation could even point to an existing image and nothing else.
	//
	// It's important that the specified image tag be available at the time the repository is available. Providers usually assume the image is ready and will fail if it's not.
	//
	// The image can be further updated over time manually or using a schedule as long as it is always written to the same tag.
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	BindDockerImage() *RunnerImage
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	CreateImage(infra awsimagebuilder.CfnInfrastructureConfiguration, dist awsimagebuilder.CfnDistributionConfiguration, log awslogs.LogGroup, imageRecipeArn *string, containerRecipeArn *string) awsimagebuilder.CfnImage
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	CreateInfrastructure(managedPolicies *[]awsiam.IManagedPolicy) awsimagebuilder.CfnInfrastructureConfiguration
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	CreateLog(recipeName *string) awslogs.LogGroup
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	CreatePipeline(infra awsimagebuilder.CfnInfrastructureConfiguration, dist awsimagebuilder.CfnDistributionConfiguration, log awslogs.LogGroup, imageRecipeArn *string, containerRecipeArn *string) awsimagebuilder.CfnImagePipeline
	// Add a component to be installed before any other components.
	//
	// Useful for required system settings like certificates or proxy settings.
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	PrependComponent(component ImageBuilderComponent)
	// Returns a string representation of this construct.
	// Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()
	ToString() *string
}

An AMI builder that uses AWS Image Builder to build AMIs pre-baked with all the GitHub Actions runner requirements.

Builders can be used with {@link Ec2RunnerProvider }.

Each builder re-runs automatically at a set interval to make sure the AMIs contain the latest versions of everything.

You can create an instance of this construct to customize the AMI used to spin-up runners. Some runner providers may require custom components. Check the runner provider documentation.

For example, to set a specific runner version, rebuild the image every 2 weeks, and add a few packages for the EC2 provider, use:

``` 

const builder = new AmiBuilder(this, 'Builder', {
    runnerVersion: RunnerVersion.specific('2.293.0'),
    rebuildInterval: Duration.days(14),
});

builder.addComponent(new ImageBuilderComponent(scope, id, {
  platform: 'Linux',
  displayName: 'p7zip',
  description: 'Install some more packages',
  commands: [
    'apt-get install p7zip',
  ],
}));

new Ec2RunnerProvider(this, 'EC2 provider', {
    labels: ['custom-ec2'],
    amiBuilder: builder,
});

```. Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()

func NewAmiBuilder deprecated added in v0.7.2 

func NewAmiBuilder(scope constructs.Construct, id *string, props *AmiBuilderProps) AmiBuilder

Deprecated: use RunnerImageBuilder, e.g. with Ec2RunnerProvider.imageBuilder()

type AmiBuilderProps added in v0.7.2 

type AmiBuilderProps struct {
	// Image architecture.
	// Default: Architecture.X86_64
	//
	// Experimental.
	Architecture Architecture `field:"optional" json:"architecture" yaml:"architecture"`
	// Install Docker inside the image, so it can be used by the runner.
	// Default: true.
	//
	// Experimental.
	InstallDocker *bool `field:"optional" json:"installDocker" yaml:"installDocker"`
	// The instance type used to build the image.
	// Default: m6i.large
	//
	// Experimental.
	InstanceType awsec2.InstanceType `field:"optional" json:"instanceType" yaml:"instanceType"`
	// Removal policy for logs of image builds.
	//
	// If deployment fails on the custom resource, try setting this to `RemovalPolicy.RETAIN`. This way the logs can still be viewed, and you can see why the build failed.
	//
	// We try to not leave anything behind when removed. But sometimes a log staying behind is useful.
	// Default: RemovalPolicy.DESTROY
	//
	// Experimental.
	LogRemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"logRemovalPolicy" yaml:"logRemovalPolicy"`
	// The number of days log events are kept in CloudWatch Logs.
	//
	// When updating
	// this property, unsetting it doesn't remove the log retention policy. To
	// remove the retention policy, set the value to `INFINITE`.
	// Default: logs.RetentionDays.ONE_MONTH
	//
	// Experimental.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
	// Image OS.
	// Default: OS.LINUX
	//
	// Experimental.
	Os Os `field:"optional" json:"os" yaml:"os"`
	// Schedule the AMI to be rebuilt every given interval.
	//
	// Useful for keeping the AMI up-do-date with the latest GitHub runner version and latest OS updates.
	//
	// Set to zero to disable.
	// Default: Duration.days(7)
	//
	// Experimental.
	RebuildInterval awscdk.Duration `field:"optional" json:"rebuildInterval" yaml:"rebuildInterval"`
	// Version of GitHub Runners to install.
	// Default: latest version available.
	//
	// Experimental.
	RunnerVersion RunnerVersion `field:"optional" json:"runnerVersion" yaml:"runnerVersion"`
	// Security group to assign to launched builder instances.
	// Default: new security group.
	//
	// Deprecated: use {@link securityGroups }.
	SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"`
	// Security groups to assign to launched builder instances.
	// Default: new security group.
	//
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// Where to place the network interfaces within the VPC.
	//
	// Only the first matched subnet will be used.
	// Default: default VPC subnet.
	//
	// Experimental.
	SubnetSelection *awsec2.SubnetSelection `field:"optional" json:"subnetSelection" yaml:"subnetSelection"`
	// VPC where builder instances will be launched.
	// Default: default account VPC.
	//
	// Experimental.
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
}

Properties for {@link AmiBuilder} construct. Experimental.

type ApiGatewayAccessProps added in v0.9.2 

type ApiGatewayAccessProps struct {
	// List of IP addresses in CIDR notation that are allowed to access the API Gateway.
	//
	// If not specified on public API Gateway, all IP addresses are allowed.
	//
	// If not specified on private API Gateway, no IP addresses are allowed (but specified security groups are).
	// Experimental.
	AllowedIps *[]*string `field:"optional" json:"allowedIps" yaml:"allowedIps"`
	// List of security groups that are allowed to access the API Gateway.
	//
	// Only works for private API Gateways with {@link allowedVpc}.
	// Experimental.
	AllowedSecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"allowedSecurityGroups" yaml:"allowedSecurityGroups"`
	// Create a private API Gateway and allow access from the specified VPC.
	// Experimental.
	AllowedVpc awsec2.IVpc `field:"optional" json:"allowedVpc" yaml:"allowedVpc"`
	// Create a private API Gateway and allow access from the specified VPC endpoints.
	//
	// Use this to make use of existing VPC endpoints or to share an endpoint between multiple functions. The VPC endpoint must point to `ec2.InterfaceVpcEndpointAwsService.APIGATEWAY`.
	//
	// No other settings are supported when using this option.
	//
	// All endpoints will be allowed access, but only the first one will be used as the URL by the runner system for setting up the webhook, and as setup URL.
	// Experimental.
	AllowedVpcEndpoints *[]awsec2.IVpcEndpoint `field:"optional" json:"allowedVpcEndpoints" yaml:"allowedVpcEndpoints"`
}

Experimental.

type Architecture added in v0.3.0 

type Architecture interface {
	// Experimental.
	Name() *string
	// Checks if a given EC2 instance type matches this architecture.
	// Experimental.
	InstanceTypeMatch(instanceType awsec2.InstanceType) *bool
	// Checks if the given architecture is the same as this one.
	// Experimental.
	Is(arch Architecture) *bool
	// Checks if this architecture is in a given list.
	// Experimental.
	IsIn(arches *[]Architecture) *bool
}

CPU architecture enum for an image. Experimental.

func Architecture_ARM64 added in v0.3.0 

func Architecture_ARM64() Architecture

func Architecture_X86_64 added in v0.3.0 

func Architecture_X86_64() Architecture

type AwsImageBuilderRunnerImageBuilderProps added in v0.9.0 

type AwsImageBuilderRunnerImageBuilderProps struct {
	// Options for fast launch.
	//
	// This is only supported for Windows AMIs.
	// Default: disabled.
	//
	// Experimental.
	FastLaunchOptions *FastLaunchOptions `field:"optional" json:"fastLaunchOptions" yaml:"fastLaunchOptions"`
	// The instance type used to build the image.
	// Default: m6i.large
	//
	// Experimental.
	InstanceType awsec2.InstanceType `field:"optional" json:"instanceType" yaml:"instanceType"`
	// Size of volume available for builder instances. This modifies the boot volume size and doesn't add any additional volumes.
	//
	// Use this if you're building images with big components and need more space.
	// Default: default size for AMI (usually 30GB for Linux and 50GB for Windows).
	//
	// Experimental.
	StorageSize awscdk.Size `field:"optional" json:"storageSize" yaml:"storageSize"`
}

Experimental.

type CodeBuildImageBuilder added in v0.3.0 

type CodeBuildImageBuilder interface {
	constructs.Construct
	IRunnerImageBuilder
	// Deprecated: use RunnerImageBuilder.
	Connections() awsec2.Connections
	// The tree node.
	// Deprecated: use RunnerImageBuilder.
	Node() constructs.Node
	// Deprecated: use RunnerImageBuilder.
	Props() *CodeBuildImageBuilderProps
	// Add extra trusted certificates. This helps deal with self-signed certificates for GitHub Enterprise Server.
	//
	// All first party Dockerfiles support this. Others may not.
	// Deprecated: use RunnerImageBuilder.
	AddExtraCertificates(path *string)
	// Uploads a folder to the build server at a given folder name.
	// Deprecated: use RunnerImageBuilder.
	AddFiles(sourcePath *string, destName *string)
	// Add a policy statement to the builder to access resources required to the image build.
	// Deprecated: use RunnerImageBuilder.
	AddPolicyStatement(statement awsiam.PolicyStatement)
	// Adds a command that runs after `docker build` and `docker push`.
	// Deprecated: use RunnerImageBuilder.
	AddPostBuildCommand(command *string)
	// Adds a command that runs before `docker build`.
	// Deprecated: use RunnerImageBuilder.
	AddPreBuildCommand(command *string)
	// Build and return an AMI with GitHub Runner installed in it.
	//
	// Anything that ends up with a launch template pointing to an AMI that runs GitHub self-hosted runners can be used. A simple implementation could even point to an existing AMI and nothing else.
	//
	// The AMI can be further updated over time manually or using a schedule as long as it is always written to the same launch template.
	// Deprecated: use RunnerImageBuilder.
	BindAmi() *RunnerAmi
	// Called by IRunnerProvider to finalize settings and create the image builder.
	// Deprecated: use RunnerImageBuilder.
	BindDockerImage() *RunnerImage
	// Adds a build argument for Docker.
	//
	// See the documentation for the Dockerfile you're using for a list of supported build arguments.
	// Deprecated: use RunnerImageBuilder.
	SetBuildArg(name *string, value *string)
	// Returns a string representation of this construct.
	// Deprecated: use RunnerImageBuilder.
	ToString() *string
}

An image builder that uses CodeBuild to build Docker images pre-baked with all the GitHub Actions runner requirements.

Builders can be used with runner providers.

Each builder re-runs automatically at a set interval to make sure the images contain the latest versions of everything.

You can create an instance of this construct to customize the image used to spin-up runners. Each provider has its own requirements for what an image should do. That's why they each provide their own Dockerfile.

For example, to set a specific runner version, rebuild the image every 2 weeks, and add a few packages for the Fargate provider, use:

``` 

const builder = new CodeBuildImageBuilder(this, 'Builder', {
    dockerfilePath: FargateRunnerProvider.LINUX_X64_DOCKERFILE_PATH,
    runnerVersion: RunnerVersion.specific('2.293.0'),
    rebuildInterval: Duration.days(14),
});

builder.setBuildArg('EXTRA_PACKAGES', 'nginx xz-utils'); 

new FargateRunnerProvider(this, 'Fargate provider', {
    labels: ['customized-fargate'],
    imageBuilder: builder,
});

```. Deprecated: use RunnerImageBuilder.

func NewCodeBuildImageBuilder deprecated added in v0.3.0 

func NewCodeBuildImageBuilder(scope constructs.Construct, id *string, props *CodeBuildImageBuilderProps) CodeBuildImageBuilder

Deprecated: use RunnerImageBuilder.

type CodeBuildImageBuilderProps added in v0.3.0 

type CodeBuildImageBuilderProps struct {
	// Path to Dockerfile to be built.
	//
	// It can be a path to a Dockerfile, a folder containing a Dockerfile, or a zip file containing a Dockerfile.
	// Experimental.
	DockerfilePath *string `field:"required" json:"dockerfilePath" yaml:"dockerfilePath"`
	// Image architecture.
	// Default: Architecture.X86_64
	//
	// Experimental.
	Architecture Architecture `field:"optional" json:"architecture" yaml:"architecture"`
	// Build image to use in CodeBuild.
	//
	// This is the image that's going to run the code that builds the runner image.
	//
	// The only action taken in CodeBuild is running `docker build`. You would therefore not need to change this setting often.
	// Default: Ubuntu 22.04 for x64 and Amazon Linux 2 for ARM64
	//
	// Experimental.
	BuildImage awscodebuild.IBuildImage `field:"optional" json:"buildImage" yaml:"buildImage"`
	// The type of compute to use for this build.
	//
	// See the {@link ComputeType} enum for the possible values.
	// Default: {@link ComputeType#SMALL }.
	//
	// Experimental.
	ComputeType awscodebuild.ComputeType `field:"optional" json:"computeType" yaml:"computeType"`
	// Removal policy for logs of image builds.
	//
	// If deployment fails on the custom resource, try setting this to `RemovalPolicy.RETAIN`. This way the CodeBuild logs can still be viewed, and you can see why the build failed.
	//
	// We try to not leave anything behind when removed. But sometimes a log staying behind is useful.
	// Default: RemovalPolicy.DESTROY
	//
	// Experimental.
	LogRemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"logRemovalPolicy" yaml:"logRemovalPolicy"`
	// The number of days log events are kept in CloudWatch Logs.
	//
	// When updating
	// this property, unsetting it doesn't remove the log retention policy. To
	// remove the retention policy, set the value to `INFINITE`.
	// Default: logs.RetentionDays.ONE_MONTH
	//
	// Experimental.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
	// Image OS.
	// Default: OS.LINUX
	//
	// Experimental.
	Os Os `field:"optional" json:"os" yaml:"os"`
	// Schedule the image to be rebuilt every given interval.
	//
	// Useful for keeping the image up-do-date with the latest GitHub runner version and latest OS updates.
	//
	// Set to zero to disable.
	// Default: Duration.days(7)
	//
	// Experimental.
	RebuildInterval awscdk.Duration `field:"optional" json:"rebuildInterval" yaml:"rebuildInterval"`
	// Version of GitHub Runners to install.
	// Default: latest version available.
	//
	// Experimental.
	RunnerVersion RunnerVersion `field:"optional" json:"runnerVersion" yaml:"runnerVersion"`
	// Security Group to assign to this instance.
	// Default: public project with no security group.
	//
	// Experimental.
	SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"`
	// Where to place the network interfaces within the VPC.
	// Default: no subnet.
	//
	// Experimental.
	SubnetSelection *awsec2.SubnetSelection `field:"optional" json:"subnetSelection" yaml:"subnetSelection"`
	// The number of minutes after which AWS CodeBuild stops the build if it's not complete.
	//
	// For valid values, see the timeoutInMinutes field in the AWS
	// CodeBuild User Guide.
	// Default: Duration.hours(1)
	//
	// Experimental.
	Timeout awscdk.Duration `field:"optional" json:"timeout" yaml:"timeout"`
	// VPC to build the image in.
	// Default: no VPC.
	//
	// Experimental.
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
}

Properties for CodeBuildImageBuilder construct. Experimental.

type CodeBuildRunner deprecated 

type CodeBuildRunner interface {
	CodeBuildRunnerProvider
	// The network connections associated with this resource.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	Connections() awsec2.Connections
	// Grant principal used to add permissions to the runner role.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	GrantPrincipal() awsiam.IPrincipal
	// Docker image loaded with GitHub Actions Runner and its prerequisites.
	//
	// The image is built by an image builder and is specific to CodeBuild.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	Image() *RunnerImage
	// Labels associated with this provider.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	Labels() *[]*string
	// Log group where provided runners will save their logs.
	//
	// Note that this is not the job log, but the runner itself. It will not contain output from the GitHub Action but only metadata on its execution.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	LogGroup() awslogs.ILogGroup
	// The tree node.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	Node() constructs.Node
	// CodeBuild project hosting the runner.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	Project() awscodebuild.Project
	// List of step functions errors that should be retried.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	RetryableErrors() *[]*string
	// Generate step function task(s) to start a new runner.
	//
	// Called by GithubRunners and shouldn't be called manually.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	GetStepFunctionTask(parameters *RunnerRuntimeParameters) awsstepfunctions.IChainable
	// An optional method that modifies the role of the state machine after all the tasks have been generated.
	//
	// This can be used to add additional policy
	// statements to the state machine role that are not automatically added by the task returned from {@link getStepFunctionTask}.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	GrantStateMachine(_arg awsiam.IGrantable)
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	LabelsFromProperties(defaultLabel *string, propsLabel *string, propsLabels *[]*string) *[]*string
	// Return status of the runner provider to be used in the main status function.
	//
	// Also gives the status function any needed permissions to query the Docker image or AMI.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	Status(statusFunctionRole awsiam.IGrantable) IRunnerProviderStatus
	// Returns a string representation of this construct.
	// Deprecated: use {@link CodeBuildRunnerProvider }.
	ToString() *string
}

Deprecated: use {@link CodeBuildRunnerProvider }.

func NewCodeBuildRunner deprecated 

func NewCodeBuildRunner(scope constructs.Construct, id *string, props *CodeBuildRunnerProviderProps) CodeBuildRunner

Deprecated: use {@link CodeBuildRunnerProvider }.

type CodeBuildRunnerImageBuilderProps added in v0.9.0 

type CodeBuildRunnerImageBuilderProps struct {
	// Build image to use in CodeBuild.
	//
	// This is the image that's going to run the code that builds the runner image.
	//
	// The only action taken in CodeBuild is running `docker build`. You would therefore not need to change this setting often.
	// Default: Amazon Linux 2023.
	//
	// Experimental.
	BuildImage awscodebuild.IBuildImage `field:"optional" json:"buildImage" yaml:"buildImage"`
	// The type of compute to use for this build.
	//
	// See the {@link ComputeType} enum for the possible values.
	// Default: {@link ComputeType#SMALL }.
	//
	// Experimental.
	ComputeType awscodebuild.ComputeType `field:"optional" json:"computeType" yaml:"computeType"`
	// The number of minutes after which AWS CodeBuild stops the build if it's not complete.
	//
	// For valid values, see the timeoutInMinutes field in the AWS
	// CodeBuild User Guide.
	// Default: Duration.hours(1)
	//
	// Experimental.
	Timeout awscdk.Duration `field:"optional" json:"timeout" yaml:"timeout"`
}

Experimental.

type CodeBuildRunnerProvider added in v0.8.2 

type CodeBuildRunnerProvider interface {
	constructs.Construct
	IRunnerProvider
	// The network connections associated with this resource.
	// Experimental.
	Connections() awsec2.Connections
	// Grant principal used to add permissions to the runner role.
	// Experimental.
	GrantPrincipal() awsiam.IPrincipal
	// Docker image loaded with GitHub Actions Runner and its prerequisites.
	//
	// The image is built by an image builder and is specific to CodeBuild.
	// Experimental.
	Image() *RunnerImage
	// Labels associated with this provider.
	// Experimental.
	Labels() *[]*string
	// Log group where provided runners will save their logs.
	//
	// Note that this is not the job log, but the runner itself. It will not contain output from the GitHub Action but only metadata on its execution.
	// Experimental.
	LogGroup() awslogs.ILogGroup
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// CodeBuild project hosting the runner.
	// Experimental.
	Project() awscodebuild.Project
	// List of step functions errors that should be retried.
	// Experimental.
	RetryableErrors() *[]*string
	// Generate step function task(s) to start a new runner.
	//
	// Called by GithubRunners and shouldn't be called manually.
	// Experimental.
	GetStepFunctionTask(parameters *RunnerRuntimeParameters) awsstepfunctions.IChainable
	// An optional method that modifies the role of the state machine after all the tasks have been generated.
	//
	// This can be used to add additional policy
	// statements to the state machine role that are not automatically added by the task returned from {@link getStepFunctionTask}.
	// Experimental.
	GrantStateMachine(_arg awsiam.IGrantable)
	// Experimental.
	LabelsFromProperties(defaultLabel *string, propsLabel *string, propsLabels *[]*string) *[]*string
	// Return status of the runner provider to be used in the main status function.
	//
	// Also gives the status function any needed permissions to query the Docker image or AMI.
	// Experimental.
	Status(statusFunctionRole awsiam.IGrantable) IRunnerProviderStatus
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

GitHub Actions runner provider using CodeBuild to execute jobs.

Creates a project that gets started for each job.

This construct is not meant to be used by itself. It should be passed in the providers property for GitHubRunners. Experimental.

func NewCodeBuildRunnerProvider added in v0.8.2 

func NewCodeBuildRunnerProvider(scope constructs.Construct, id *string, props *CodeBuildRunnerProviderProps) CodeBuildRunnerProvider

Experimental.

type CodeBuildRunnerProviderProps added in v0.8.2 

type CodeBuildRunnerProviderProps struct {
	// The number of days log events are kept in CloudWatch Logs.
	//
	// When updating
	// this property, unsetting it doesn't remove the log retention policy. To
	// remove the retention policy, set the value to `INFINITE`.
	// Default: logs.RetentionDays.ONE_MONTH
	//
	// Experimental.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
	// Deprecated: use {@link retryOptions } on {@link GitHubRunners } instead.
	RetryOptions *ProviderRetryOptions `field:"optional" json:"retryOptions" yaml:"retryOptions"`
	// The type of compute to use for this build.
	//
	// See the {@link ComputeType} enum for the possible values.
	// Default: {@link ComputeType#SMALL }.
	//
	// Experimental.
	ComputeType awscodebuild.ComputeType `field:"optional" json:"computeType" yaml:"computeType"`
	// Support building and running Docker images by enabling Docker-in-Docker (dind) and the required CodeBuild privileged mode.
	//
	// Disabling this can
	// speed up provisioning of CodeBuild runners. If you don't intend on running or building Docker images, disable this for faster start-up times.
	// Default: true.
	//
	// Experimental.
	DockerInDocker *bool `field:"optional" json:"dockerInDocker" yaml:"dockerInDocker"`
	// GitHub Actions runner group name.
	//
	// If specified, the runner will be registered with this group name. Setting a runner group can help managing access to self-hosted runners. It
	// requires a paid GitHub account.
	//
	// The group must exist or the runner will not start.
	//
	// Users will still be able to trigger this runner with the correct labels. But the runner will only be able to run jobs from repos allowed to use the group.
	// Default: undefined.
	//
	// Experimental.
	Group *string `field:"optional" json:"group" yaml:"group"`
	// Runner image builder used to build Docker images containing GitHub Runner and all requirements.
	//
	// The image builder must contain the {@link RunnerImageComponent.docker} component unless `dockerInDocker` is set to false.
	//
	// The image builder determines the OS and architecture of the runner.
	// Default: CodeBuildRunnerProvider.imageBuilder()
	//
	// Experimental.
	ImageBuilder IRunnerImageBuilder `field:"optional" json:"imageBuilder" yaml:"imageBuilder"`
	// GitHub Actions label used for this provider.
	// Default: undefined.
	//
	// Deprecated: use {@link labels } instead.
	Label *string `field:"optional" json:"label" yaml:"label"`
	// GitHub Actions labels used for this provider.
	//
	// These labels are used to identify which provider should spawn a new on-demand runner. Every job sends a webhook with the labels it's looking for
	// based on runs-on. We match the labels from the webhook with the labels specified here. If all the labels specified here are present in the
	// job's labels, this provider will be chosen and spawn a new runner.
	// Default: ['codebuild'].
	//
	// Experimental.
	Labels *[]*string `field:"optional" json:"labels" yaml:"labels"`
	// Security group to assign to this instance.
	// Default: public project with no security group.
	//
	// Deprecated: use {@link securityGroups }.
	SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"`
	// Security groups to assign to this instance.
	// Default: a new security group, if {@link vpc } is used.
	//
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// Where to place the network interfaces within the VPC.
	// Default: no subnet.
	//
	// Experimental.
	SubnetSelection *awsec2.SubnetSelection `field:"optional" json:"subnetSelection" yaml:"subnetSelection"`
	// The number of minutes after which AWS CodeBuild stops the build if it's not complete.
	//
	// For valid values, see the timeoutInMinutes field in the AWS
	// CodeBuild User Guide.
	// Default: Duration.hours(1)
	//
	// Experimental.
	Timeout awscdk.Duration `field:"optional" json:"timeout" yaml:"timeout"`
	// VPC to launch the runners in.
	// Default: no VPC.
	//
	// Experimental.
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
}

Experimental.

type ContainerImageBuilder added in v0.4.0 

type ContainerImageBuilder interface {
	constructs.Construct
	IRunnerImageBuilder
	// Deprecated: use RunnerImageBuilder.
	Architecture() Architecture
	// Deprecated: use RunnerImageBuilder.
	Components() *[]ImageBuilderComponent
	// Deprecated: use RunnerImageBuilder.
	SetComponents(val *[]ImageBuilderComponent)
	// The network connections associated with this resource.
	// Deprecated: use RunnerImageBuilder.
	Connections() awsec2.Connections
	// Deprecated: use RunnerImageBuilder.
	Description() *string
	// The tree node.
	// Deprecated: use RunnerImageBuilder.
	Node() constructs.Node
	// Deprecated: use RunnerImageBuilder.
	Os() Os
	// Deprecated: use RunnerImageBuilder.
	Platform() *string
	// Deprecated: use RunnerImageBuilder.
	Repository() awsecr.IRepository
	// Deprecated: use RunnerImageBuilder.
	RunnerVersion() RunnerVersion
	// Add a component to be installed.
	// Deprecated: use RunnerImageBuilder.
	AddComponent(component ImageBuilderComponent)
	// Add extra trusted certificates. This helps deal with self-signed certificates for GitHub Enterprise Server.
	//
	// All first party Dockerfiles support this. Others may not.
	// Deprecated: use RunnerImageBuilder.
	AddExtraCertificates(path *string)
	// Build and return an AMI with GitHub Runner installed in it.
	//
	// Anything that ends up with a launch template pointing to an AMI that runs GitHub self-hosted runners can be used. A simple implementation could even point to an existing AMI and nothing else.
	//
	// The AMI can be further updated over time manually or using a schedule as long as it is always written to the same launch template.
	// Deprecated: use RunnerImageBuilder.
	BindAmi() *RunnerAmi
	// Called by IRunnerProvider to finalize settings and create the image builder.
	// Deprecated: use RunnerImageBuilder.
	BindDockerImage() *RunnerImage
	// Deprecated: use RunnerImageBuilder.
	CreateImage(infra awsimagebuilder.CfnInfrastructureConfiguration, dist awsimagebuilder.CfnDistributionConfiguration, log awslogs.LogGroup, imageRecipeArn *string, containerRecipeArn *string) awsimagebuilder.CfnImage
	// Deprecated: use RunnerImageBuilder.
	CreateInfrastructure(managedPolicies *[]awsiam.IManagedPolicy) awsimagebuilder.CfnInfrastructureConfiguration
	// Deprecated: use RunnerImageBuilder.
	CreateLog(recipeName *string) awslogs.LogGroup
	// Deprecated: use RunnerImageBuilder.
	CreatePipeline(infra awsimagebuilder.CfnInfrastructureConfiguration, dist awsimagebuilder.CfnDistributionConfiguration, log awslogs.LogGroup, imageRecipeArn *string, containerRecipeArn *string) awsimagebuilder.CfnImagePipeline
	// Add a component to be installed before any other components.
	//
	// Useful for required system settings like certificates or proxy settings.
	// Deprecated: use RunnerImageBuilder.
	PrependComponent(component ImageBuilderComponent)
	// Returns a string representation of this construct.
	// Deprecated: use RunnerImageBuilder.
	ToString() *string
}

An image builder that uses AWS Image Builder to build Docker images pre-baked with all the GitHub Actions runner requirements.

Builders can be used with runner providers.

The CodeBuild builder is better and faster. Only use this one if you have no choice. For example, if you need Windows containers.

Each builder re-runs automatically at a set interval to make sure the images contain the latest versions of everything.

You can create an instance of this construct to customize the image used to spin-up runners. Some runner providers may require custom components. Check the runner provider documentation. The default components work with CodeBuild and Fargate.

For example, to set a specific runner version, rebuild the image every 2 weeks, and add a few packages for the Fargate provider, use:

``` 

const builder = new ContainerImageBuilder(this, 'Builder', {
    runnerVersion: RunnerVersion.specific('2.293.0'),
    rebuildInterval: Duration.days(14),
});

new CodeBuildRunnerProvider(this, 'CodeBuild provider', {
    labels: ['custom-codebuild'],
    imageBuilder: builder,
});

```. Deprecated: use RunnerImageBuilder.

func NewContainerImageBuilder deprecated added in v0.4.0 

func NewContainerImageBuilder(scope constructs.Construct, id *string, props *ContainerImageBuilderProps) ContainerImageBuilder

Deprecated: use RunnerImageBuilder.

type ContainerImageBuilderProps added in v0.4.0 

type ContainerImageBuilderProps struct {
	// Image architecture.
	// Default: Architecture.X86_64
	//
	// Experimental.
	Architecture Architecture `field:"optional" json:"architecture" yaml:"architecture"`
	// The instance type used to build the image.
	// Default: m6i.large
	//
	// Experimental.
	InstanceType awsec2.InstanceType `field:"optional" json:"instanceType" yaml:"instanceType"`
	// Removal policy for logs of image builds.
	//
	// If deployment fails on the custom resource, try setting this to `RemovalPolicy.RETAIN`. This way the CodeBuild logs can still be viewed, and you can see why the build failed.
	//
	// We try to not leave anything behind when removed. But sometimes a log staying behind is useful.
	// Default: RemovalPolicy.DESTROY
	//
	// Experimental.
	LogRemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"logRemovalPolicy" yaml:"logRemovalPolicy"`
	// The number of days log events are kept in CloudWatch Logs.
	//
	// When updating
	// this property, unsetting it doesn't remove the log retention policy. To
	// remove the retention policy, set the value to `INFINITE`.
	// Default: logs.RetentionDays.ONE_MONTH
	//
	// Experimental.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
	// Image OS.
	// Default: OS.LINUX
	//
	// Experimental.
	Os Os `field:"optional" json:"os" yaml:"os"`
	// Parent image for the new Docker Image.
	//
	// You can use either Image Builder image ARN or public registry image.
	// Default: 'mcr.microsoft.com/windows/servercore:ltsc2019-amd64'
	//
	// Experimental.
	ParentImage *string `field:"optional" json:"parentImage" yaml:"parentImage"`
	// Schedule the image to be rebuilt every given interval.
	//
	// Useful for keeping the image up-do-date with the latest GitHub runner version and latest OS updates.
	//
	// Set to zero to disable.
	// Default: Duration.days(7)
	//
	// Experimental.
	RebuildInterval awscdk.Duration `field:"optional" json:"rebuildInterval" yaml:"rebuildInterval"`
	// Version of GitHub Runners to install.
	// Default: latest version available.
	//
	// Experimental.
	RunnerVersion RunnerVersion `field:"optional" json:"runnerVersion" yaml:"runnerVersion"`
	// Security group to assign to launched builder instances.
	// Default: new security group.
	//
	// Deprecated: use {@link securityGroups }.
	SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"`
	// Security groups to assign to launched builder instances.
	// Default: new security group.
	//
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// Where to place the network interfaces within the VPC.
	// Default: default VPC subnet.
	//
	// Experimental.
	SubnetSelection *awsec2.SubnetSelection `field:"optional" json:"subnetSelection" yaml:"subnetSelection"`
	// VPC to launch the runners in.
	// Default: default account VPC.
	//
	// Experimental.
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
}

Properties for ContainerImageBuilder construct. Experimental.

type Ec2Runner deprecated added in v0.6.1 

type Ec2Runner interface {
	Ec2RunnerProvider
	// The network connections associated with this resource.
	// Deprecated: use {@link Ec2RunnerProvider }.
	Connections() awsec2.Connections
	// Grant principal used to add permissions to the runner role.
	// Deprecated: use {@link Ec2RunnerProvider }.
	GrantPrincipal() awsiam.IPrincipal
	// Labels associated with this provider.
	// Deprecated: use {@link Ec2RunnerProvider }.
	Labels() *[]*string
	// Log group where provided runners will save their logs.
	//
	// Note that this is not the job log, but the runner itself. It will not contain output from the GitHub Action but only metadata on its execution.
	// Deprecated: use {@link Ec2RunnerProvider }.
	LogGroup() awslogs.ILogGroup
	// The tree node.
	// Deprecated: use {@link Ec2RunnerProvider }.
	Node() constructs.Node
	// List of step functions errors that should be retried.
	// Deprecated: use {@link Ec2RunnerProvider }.
	RetryableErrors() *[]*string
	// Generate step function task(s) to start a new runner.
	//
	// Called by GithubRunners and shouldn't be called manually.
	// Deprecated: use {@link Ec2RunnerProvider }.
	GetStepFunctionTask(parameters *RunnerRuntimeParameters) awsstepfunctions.IChainable
	// An optional method that modifies the role of the state machine after all the tasks have been generated.
	//
	// This can be used to add additional policy
	// statements to the state machine role that are not automatically added by the task returned from {@link getStepFunctionTask}.
	// Deprecated: use {@link Ec2RunnerProvider }.
	GrantStateMachine(stateMachineRole awsiam.IGrantable)
	// Deprecated: use {@link Ec2RunnerProvider }.
	LabelsFromProperties(defaultLabel *string, propsLabel *string, propsLabels *[]*string) *[]*string
	// Return status of the runner provider to be used in the main status function.
	//
	// Also gives the status function any needed permissions to query the Docker image or AMI.
	// Deprecated: use {@link Ec2RunnerProvider }.
	Status(statusFunctionRole awsiam.IGrantable) IRunnerProviderStatus
	// Returns a string representation of this construct.
	// Deprecated: use {@link Ec2RunnerProvider }.
	ToString() *string
}

Deprecated: use {@link Ec2RunnerProvider }.

func NewEc2Runner deprecated added in v0.6.1 

func NewEc2Runner(scope constructs.Construct, id *string, props *Ec2RunnerProviderProps) Ec2Runner

Deprecated: use {@link Ec2RunnerProvider }.

type Ec2RunnerProvider added in v0.8.2 

type Ec2RunnerProvider interface {
	constructs.Construct
	IRunnerProvider
	// The network connections associated with this resource.
	// Experimental.
	Connections() awsec2.Connections
	// Grant principal used to add permissions to the runner role.
	// Experimental.
	GrantPrincipal() awsiam.IPrincipal
	// Labels associated with this provider.
	// Experimental.
	Labels() *[]*string
	// Log group where provided runners will save their logs.
	//
	// Note that this is not the job log, but the runner itself. It will not contain output from the GitHub Action but only metadata on its execution.
	// Experimental.
	LogGroup() awslogs.ILogGroup
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// List of step functions errors that should be retried.
	// Experimental.
	RetryableErrors() *[]*string
	// Generate step function task(s) to start a new runner.
	//
	// Called by GithubRunners and shouldn't be called manually.
	// Experimental.
	GetStepFunctionTask(parameters *RunnerRuntimeParameters) awsstepfunctions.IChainable
	// An optional method that modifies the role of the state machine after all the tasks have been generated.
	//
	// This can be used to add additional policy
	// statements to the state machine role that are not automatically added by the task returned from {@link getStepFunctionTask}.
	// Experimental.
	GrantStateMachine(stateMachineRole awsiam.IGrantable)
	// Experimental.
	LabelsFromProperties(defaultLabel *string, propsLabel *string, propsLabels *[]*string) *[]*string
	// Return status of the runner provider to be used in the main status function.
	//
	// Also gives the status function any needed permissions to query the Docker image or AMI.
	// Experimental.
	Status(statusFunctionRole awsiam.IGrantable) IRunnerProviderStatus
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

GitHub Actions runner provider using EC2 to execute jobs.

This construct is not meant to be used by itself. It should be passed in the providers property for GitHubRunners. Experimental.

func NewEc2RunnerProvider added in v0.8.2 

func NewEc2RunnerProvider(scope constructs.Construct, id *string, props *Ec2RunnerProviderProps) Ec2RunnerProvider

Experimental.

type Ec2RunnerProviderProps added in v0.8.2 

type Ec2RunnerProviderProps struct {
	// The number of days log events are kept in CloudWatch Logs.
	//
	// When updating
	// this property, unsetting it doesn't remove the log retention policy. To
	// remove the retention policy, set the value to `INFINITE`.
	// Default: logs.RetentionDays.ONE_MONTH
	//
	// Experimental.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
	// Deprecated: use {@link retryOptions } on {@link GitHubRunners } instead.
	RetryOptions *ProviderRetryOptions `field:"optional" json:"retryOptions" yaml:"retryOptions"`
	// Deprecated: use imageBuilder.
	AmiBuilder IRunnerImageBuilder `field:"optional" json:"amiBuilder" yaml:"amiBuilder"`
	// GitHub Actions runner group name.
	//
	// If specified, the runner will be registered with this group name. Setting a runner group can help managing access to self-hosted runners. It
	// requires a paid GitHub account.
	//
	// The group must exist or the runner will not start.
	//
	// Users will still be able to trigger this runner with the correct labels. But the runner will only be able to run jobs from repos allowed to use the group.
	// Default: undefined.
	//
	// Experimental.
	Group *string `field:"optional" json:"group" yaml:"group"`
	// Runner image builder used to build AMI containing GitHub Runner and all requirements.
	//
	// The image builder determines the OS and architecture of the runner.
	// Default: Ec2RunnerProvider.imageBuilder()
	//
	// Experimental.
	ImageBuilder IRunnerImageBuilder `field:"optional" json:"imageBuilder" yaml:"imageBuilder"`
	// Instance type for launched runner instances.
	// Default: m6i.large
	//
	// Experimental.
	InstanceType awsec2.InstanceType `field:"optional" json:"instanceType" yaml:"instanceType"`
	// GitHub Actions labels used for this provider.
	//
	// These labels are used to identify which provider should spawn a new on-demand runner. Every job sends a webhook with the labels it's looking for
	// based on runs-on. We match the labels from the webhook with the labels specified here. If all the labels specified here are present in the
	// job's labels, this provider will be chosen and spawn a new runner.
	// Default: ['ec2'].
	//
	// Experimental.
	Labels *[]*string `field:"optional" json:"labels" yaml:"labels"`
	// Security Group to assign to launched runner instances.
	// Default: a new security group.
	//
	// Deprecated: use {@link securityGroups }.
	SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"`
	// Security groups to assign to launched runner instances.
	// Default: a new security group.
	//
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// Use spot instances to save money.
	//
	// Spot instances are cheaper but not always available and can be stopped prematurely.
	// Default: false.
	//
	// Experimental.
	Spot *bool `field:"optional" json:"spot" yaml:"spot"`
	// Set a maximum price for spot instances.
	// Default: no max price (you will pay current spot price).
	//
	// Experimental.
	SpotMaxPrice *string `field:"optional" json:"spotMaxPrice" yaml:"spotMaxPrice"`
	// Options for runner instance storage volume.
	// Experimental.
	StorageOptions *StorageOptions `field:"optional" json:"storageOptions" yaml:"storageOptions"`
	// Size of volume available for launched runner instances.
	//
	// This modifies the boot volume size and doesn't add any additional volumes.
	// Default: 30GB.
	//
	// Experimental.
	StorageSize awscdk.Size `field:"optional" json:"storageSize" yaml:"storageSize"`
	// Subnet where the runner instances will be launched.
	// Default: default subnet of account's default VPC.
	//
	// Deprecated: use {@link vpc } and {@link subnetSelection }.
	Subnet awsec2.ISubnet `field:"optional" json:"subnet" yaml:"subnet"`
	// Where to place the network interfaces within the VPC.
	//
	// Only the first matched subnet will be used.
	// Default: default VPC subnet.
	//
	// Experimental.
	SubnetSelection *awsec2.SubnetSelection `field:"optional" json:"subnetSelection" yaml:"subnetSelection"`
	// VPC where runner instances will be launched.
	// Default: default account VPC.
	//
	// Experimental.
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
}

Properties for {@link Ec2RunnerProvider} construct. Experimental.

type EcsRunnerProvider added in v0.9.3 

type EcsRunnerProvider interface {
	constructs.Construct
	IRunnerProvider
	// The network connections associated with this resource.
	// Experimental.
	Connections() awsec2.Connections
	// Grant principal used to add permissions to the runner role.
	// Experimental.
	GrantPrincipal() awsiam.IPrincipal
	// Labels associated with this provider.
	// Experimental.
	Labels() *[]*string
	// Log group where provided runners will save their logs.
	//
	// Note that this is not the job log, but the runner itself. It will not contain output from the GitHub Action but only metadata on its execution.
	// Experimental.
	LogGroup() awslogs.ILogGroup
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// List of step functions errors that should be retried.
	// Experimental.
	RetryableErrors() *[]*string
	// Generate step function task(s) to start a new runner.
	//
	// Called by GithubRunners and shouldn't be called manually.
	// Experimental.
	GetStepFunctionTask(parameters *RunnerRuntimeParameters) awsstepfunctions.IChainable
	// An optional method that modifies the role of the state machine after all the tasks have been generated.
	//
	// This can be used to add additional policy
	// statements to the state machine role that are not automatically added by the task returned from {@link getStepFunctionTask}.
	// Experimental.
	GrantStateMachine(_arg awsiam.IGrantable)
	// Experimental.
	LabelsFromProperties(defaultLabel *string, propsLabel *string, propsLabels *[]*string) *[]*string
	// Return status of the runner provider to be used in the main status function.
	//
	// Also gives the status function any needed permissions to query the Docker image or AMI.
	// Experimental.
	Status(statusFunctionRole awsiam.IGrantable) IRunnerProviderStatus
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

GitHub Actions runner provider using ECS on EC2 to execute jobs.

ECS can be useful when you want more control of the infrastructure running the GitHub Actions Docker containers. You can control the autoscaling group to scale down to zero during the night and scale up during work hours. This way you can still save money, but have to wait less for infrastructure to spin up.

This construct is not meant to be used by itself. It should be passed in the providers property for GitHubRunners. Experimental.

func NewEcsRunnerProvider added in v0.9.3 

func NewEcsRunnerProvider(scope constructs.Construct, id *string, props *EcsRunnerProviderProps) EcsRunnerProvider

Experimental.

type EcsRunnerProviderProps added in v0.9.3 

type EcsRunnerProviderProps struct {
	// The number of days log events are kept in CloudWatch Logs.
	//
	// When updating
	// this property, unsetting it doesn't remove the log retention policy. To
	// remove the retention policy, set the value to `INFINITE`.
	// Default: logs.RetentionDays.ONE_MONTH
	//
	// Experimental.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
	// Deprecated: use {@link retryOptions } on {@link GitHubRunners } instead.
	RetryOptions *ProviderRetryOptions `field:"optional" json:"retryOptions" yaml:"retryOptions"`
	// Assign public IP to the runner task.
	//
	// Make sure the task will have access to GitHub. A public IP might be required unless you have NAT gateway.
	// Default: true.
	//
	// Experimental.
	AssignPublicIp *bool `field:"optional" json:"assignPublicIp" yaml:"assignPublicIp"`
	// Existing capacity provider to use.
	//
	// Make sure the AMI used by the capacity provider is compatible with ECS.
	// Default: new capacity provider.
	//
	// Experimental.
	CapacityProvider awsecs.AsgCapacityProvider `field:"optional" json:"capacityProvider" yaml:"capacityProvider"`
	// Existing ECS cluster to use.
	// Default: a new cluster.
	//
	// Experimental.
	Cluster awsecs.Cluster `field:"optional" json:"cluster" yaml:"cluster"`
	// The number of cpu units used by the task.
	//
	// 1024 units is 1 vCPU. Fractions of a vCPU are supported.
	// Default: 1024.
	//
	// Experimental.
	Cpu *float64 `field:"optional" json:"cpu" yaml:"cpu"`
	// Support building and running Docker images by enabling Docker-in-Docker (dind) and the required CodeBuild privileged mode.
	//
	// Disabling this can
	// speed up provisioning of CodeBuild runners. If you don't intend on running or building Docker images, disable this for faster start-up times.
	// Default: true.
	//
	// Experimental.
	DockerInDocker *bool `field:"optional" json:"dockerInDocker" yaml:"dockerInDocker"`
	// GitHub Actions runner group name.
	//
	// If specified, the runner will be registered with this group name. Setting a runner group can help managing access to self-hosted runners. It
	// requires a paid GitHub account.
	//
	// The group must exist or the runner will not start.
	//
	// Users will still be able to trigger this runner with the correct labels. But the runner will only be able to run jobs from repos allowed to use the group.
	// Default: undefined.
	//
	// Experimental.
	Group *string `field:"optional" json:"group" yaml:"group"`
	// Runner image builder used to build Docker images containing GitHub Runner and all requirements.
	//
	// The image builder determines the OS and architecture of the runner.
	// Default: EcsRunnerProvider.imageBuilder()
	//
	// Experimental.
	ImageBuilder IRunnerImageBuilder `field:"optional" json:"imageBuilder" yaml:"imageBuilder"`
	// Instance type of ECS cluster instances.
	//
	// Only used when creating a new cluster.
	// Default: m6i.large or m6g.large
	//
	// Experimental.
	InstanceType awsec2.InstanceType `field:"optional" json:"instanceType" yaml:"instanceType"`
	// GitHub Actions labels used for this provider.
	//
	// These labels are used to identify which provider should spawn a new on-demand runner. Every job sends a webhook with the labels it's looking for
	// based on runs-on. We match the labels from the webhook with the labels specified here. If all the labels specified here are present in the
	// job's labels, this provider will be chosen and spawn a new runner.
	// Default: ['ecs'].
	//
	// Experimental.
	Labels *[]*string `field:"optional" json:"labels" yaml:"labels"`
	// The maximum number of instances to run in the cluster.
	//
	// Only used when creating a new cluster.
	// Default: 5.
	//
	// Experimental.
	MaxInstances *float64 `field:"optional" json:"maxInstances" yaml:"maxInstances"`
	// The amount (in MiB) of memory used by the task.
	// Default: 3500, unless `memoryReservationMiB` is used and then it's undefined.
	//
	// Experimental.
	MemoryLimitMiB *float64 `field:"optional" json:"memoryLimitMiB" yaml:"memoryLimitMiB"`
	// The soft limit (in MiB) of memory to reserve for the container.
	// Default: undefined.
	//
	// Experimental.
	MemoryReservationMiB *float64 `field:"optional" json:"memoryReservationMiB" yaml:"memoryReservationMiB"`
	// The minimum number of instances to run in the cluster.
	//
	// Only used when creating a new cluster.
	// Default: 0.
	//
	// Experimental.
	MinInstances *float64 `field:"optional" json:"minInstances" yaml:"minInstances"`
	// Security groups to assign to the task.
	// Default: a new security group.
	//
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// Use spot capacity.
	// Default: false (true if spotMaxPrice is specified).
	//
	// Experimental.
	Spot *bool `field:"optional" json:"spot" yaml:"spot"`
	// Maximum price for spot instances.
	// Experimental.
	SpotMaxPrice *string `field:"optional" json:"spotMaxPrice" yaml:"spotMaxPrice"`
	// Options for runner instance storage volume.
	// Experimental.
	StorageOptions *StorageOptions `field:"optional" json:"storageOptions" yaml:"storageOptions"`
	// Size of volume available for launched cluster instances.
	//
	// This modifies the boot volume size and doesn't add any additional volumes.
	//
	// Each instance can be used by multiple runners, so make sure there is enough space for all of them.
	// Default: default size for AMI (usually 30GB for Linux and 50GB for Windows).
	//
	// Experimental.
	StorageSize awscdk.Size `field:"optional" json:"storageSize" yaml:"storageSize"`
	// Subnets to run the runners in.
	// Default: ECS default.
	//
	// Experimental.
	SubnetSelection *awsec2.SubnetSelection `field:"optional" json:"subnetSelection" yaml:"subnetSelection"`
	// VPC to launch the runners in.
	// Default: default account VPC.
	//
	// Experimental.
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
}

Properties for EcsRunnerProvider. Experimental.

type FargateRunner deprecated 

type FargateRunner interface {
	FargateRunnerProvider
	// Whether runner task will have a public IP.
	// Deprecated: use {@link FargateRunnerProvider }.
	AssignPublicIp() *bool
	// Cluster hosting the task hosting the runner.
	// Deprecated: use {@link FargateRunnerProvider }.
	Cluster() awsecs.Cluster
	// The network connections associated with this resource.
	// Deprecated: use {@link FargateRunnerProvider }.
	Connections() awsec2.Connections
	// Container definition hosting the runner.
	// Deprecated: use {@link FargateRunnerProvider }.
	Container() awsecs.ContainerDefinition
	// Grant principal used to add permissions to the runner role.
	// Deprecated: use {@link FargateRunnerProvider }.
	GrantPrincipal() awsiam.IPrincipal
	// Docker image loaded with GitHub Actions Runner and its prerequisites.
	//
	// The image is built by an image builder and is specific to Fargate tasks.
	// Deprecated: use {@link FargateRunnerProvider }.
	Image() *RunnerImage
	// Labels associated with this provider.
	// Deprecated: use {@link FargateRunnerProvider }.
	Labels() *[]*string
	// Log group where provided runners will save their logs.
	//
	// Note that this is not the job log, but the runner itself. It will not contain output from the GitHub Action but only metadata on its execution.
	// Deprecated: use {@link FargateRunnerProvider }.
	LogGroup() awslogs.ILogGroup
	// The tree node.
	// Deprecated: use {@link FargateRunnerProvider }.
	Node() constructs.Node
	// List of step functions errors that should be retried.
	// Deprecated: use {@link FargateRunnerProvider }.
	RetryableErrors() *[]*string
	// Use spot pricing for Fargate tasks.
	// Deprecated: use {@link FargateRunnerProvider }.
	Spot() *bool
	// Subnets used for hosting the runner task.
	// Deprecated: use {@link FargateRunnerProvider }.
	SubnetSelection() *awsec2.SubnetSelection
	// Fargate task hosting the runner.
	// Deprecated: use {@link FargateRunnerProvider }.
	Task() awsecs.FargateTaskDefinition
	// VPC used for hosting the runner task.
	// Deprecated: use {@link FargateRunnerProvider }.
	Vpc() awsec2.IVpc
	// Generate step function task(s) to start a new runner.
	//
	// Called by GithubRunners and shouldn't be called manually.
	// Deprecated: use {@link FargateRunnerProvider }.
	GetStepFunctionTask(parameters *RunnerRuntimeParameters) awsstepfunctions.IChainable
	// An optional method that modifies the role of the state machine after all the tasks have been generated.
	//
	// This can be used to add additional policy
	// statements to the state machine role that are not automatically added by the task returned from {@link getStepFunctionTask}.
	// Deprecated: use {@link FargateRunnerProvider }.
	GrantStateMachine(_arg awsiam.IGrantable)
	// Deprecated: use {@link FargateRunnerProvider }.
	LabelsFromProperties(defaultLabel *string, propsLabel *string, propsLabels *[]*string) *[]*string
	// Return status of the runner provider to be used in the main status function.
	//
	// Also gives the status function any needed permissions to query the Docker image or AMI.
	// Deprecated: use {@link FargateRunnerProvider }.
	Status(statusFunctionRole awsiam.IGrantable) IRunnerProviderStatus
	// Returns a string representation of this construct.
	// Deprecated: use {@link FargateRunnerProvider }.
	ToString() *string
}

Deprecated: use {@link FargateRunnerProvider }.

func NewFargateRunner deprecated 

func NewFargateRunner(scope constructs.Construct, id *string, props *FargateRunnerProviderProps) FargateRunner

Deprecated: use {@link FargateRunnerProvider }.

type FargateRunnerProvider added in v0.8.2 

type FargateRunnerProvider interface {
	constructs.Construct
	IRunnerProvider
	// Whether runner task will have a public IP.
	// Experimental.
	AssignPublicIp() *bool
	// Cluster hosting the task hosting the runner.
	// Experimental.
	Cluster() awsecs.Cluster
	// The network connections associated with this resource.
	// Experimental.
	Connections() awsec2.Connections
	// Container definition hosting the runner.
	// Experimental.
	Container() awsecs.ContainerDefinition
	// Grant principal used to add permissions to the runner role.
	// Experimental.
	GrantPrincipal() awsiam.IPrincipal
	// Docker image loaded with GitHub Actions Runner and its prerequisites.
	//
	// The image is built by an image builder and is specific to Fargate tasks.
	// Experimental.
	Image() *RunnerImage
	// Labels associated with this provider.
	// Experimental.
	Labels() *[]*string
	// Log group where provided runners will save their logs.
	//
	// Note that this is not the job log, but the runner itself. It will not contain output from the GitHub Action but only metadata on its execution.
	// Experimental.
	LogGroup() awslogs.ILogGroup
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// List of step functions errors that should be retried.
	// Experimental.
	RetryableErrors() *[]*string
	// Use spot pricing for Fargate tasks.
	// Experimental.
	Spot() *bool
	// Subnets used for hosting the runner task.
	// Experimental.
	SubnetSelection() *awsec2.SubnetSelection
	// Fargate task hosting the runner.
	// Experimental.
	Task() awsecs.FargateTaskDefinition
	// VPC used for hosting the runner task.
	// Experimental.
	Vpc() awsec2.IVpc
	// Generate step function task(s) to start a new runner.
	//
	// Called by GithubRunners and shouldn't be called manually.
	// Experimental.
	GetStepFunctionTask(parameters *RunnerRuntimeParameters) awsstepfunctions.IChainable
	// An optional method that modifies the role of the state machine after all the tasks have been generated.
	//
	// This can be used to add additional policy
	// statements to the state machine role that are not automatically added by the task returned from {@link getStepFunctionTask}.
	// Experimental.
	GrantStateMachine(_arg awsiam.IGrantable)
	// Experimental.
	LabelsFromProperties(defaultLabel *string, propsLabel *string, propsLabels *[]*string) *[]*string
	// Return status of the runner provider to be used in the main status function.
	//
	// Also gives the status function any needed permissions to query the Docker image or AMI.
	// Experimental.
	Status(statusFunctionRole awsiam.IGrantable) IRunnerProviderStatus
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

GitHub Actions runner provider using Fargate to execute jobs.

Creates a task definition with a single container that gets started for each job.

This construct is not meant to be used by itself. It should be passed in the providers property for GitHubRunners. Experimental.

func NewFargateRunnerProvider added in v0.8.2 

func NewFargateRunnerProvider(scope constructs.Construct, id *string, props *FargateRunnerProviderProps) FargateRunnerProvider

Experimental.

type FargateRunnerProviderProps added in v0.8.2 

type FargateRunnerProviderProps struct {
	// The number of days log events are kept in CloudWatch Logs.
	//
	// When updating
	// this property, unsetting it doesn't remove the log retention policy. To
	// remove the retention policy, set the value to `INFINITE`.
	// Default: logs.RetentionDays.ONE_MONTH
	//
	// Experimental.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
	// Deprecated: use {@link retryOptions } on {@link GitHubRunners } instead.
	RetryOptions *ProviderRetryOptions `field:"optional" json:"retryOptions" yaml:"retryOptions"`
	// Assign public IP to the runner task.
	//
	// Make sure the task will have access to GitHub. A public IP might be required unless you have NAT gateway.
	// Default: true.
	//
	// Experimental.
	AssignPublicIp *bool `field:"optional" json:"assignPublicIp" yaml:"assignPublicIp"`
	// Existing Fargate cluster to use.
	// Default: a new cluster.
	//
	// Experimental.
	Cluster awsecs.Cluster `field:"optional" json:"cluster" yaml:"cluster"`
	// The number of cpu units used by the task.
	//
	// For tasks using the Fargate launch type,
	// this field is required and you must use one of the following values,
	// which determines your range of valid values for the memory parameter:
	//
	// 256 (.25 vCPU) - Available memory values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)
	//
	// 512 (.5 vCPU) - Available memory values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)
	//
	// 1024 (1 vCPU) - Available memory values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)
	//
	// 2048 (2 vCPU) - Available memory values: Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)
	//
	// 4096 (4 vCPU) - Available memory values: Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB).
	// Default: 1024.
	//
	// Experimental.
	Cpu *float64 `field:"optional" json:"cpu" yaml:"cpu"`
	// The amount (in GiB) of ephemeral storage to be allocated to the task.
	//
	// The maximum supported value is 200 GiB.
	//
	// NOTE: This parameter is only supported for tasks hosted on AWS Fargate using platform version 1.4.0 or later.
	// Default: 20.
	//
	// Experimental.
	EphemeralStorageGiB *float64 `field:"optional" json:"ephemeralStorageGiB" yaml:"ephemeralStorageGiB"`
	// GitHub Actions runner group name.
	//
	// If specified, the runner will be registered with this group name. Setting a runner group can help managing access to self-hosted runners. It
	// requires a paid GitHub account.
	//
	// The group must exist or the runner will not start.
	//
	// Users will still be able to trigger this runner with the correct labels. But the runner will only be able to run jobs from repos allowed to use the group.
	// Default: undefined.
	//
	// Experimental.
	Group *string `field:"optional" json:"group" yaml:"group"`
	// Runner image builder used to build Docker images containing GitHub Runner and all requirements.
	//
	// The image builder determines the OS and architecture of the runner.
	// Default: FargateRunnerProvider.imageBuilder()
	//
	// Experimental.
	ImageBuilder IRunnerImageBuilder `field:"optional" json:"imageBuilder" yaml:"imageBuilder"`
	// GitHub Actions label used for this provider.
	// Default: undefined.
	//
	// Deprecated: use {@link labels } instead.
	Label *string `field:"optional" json:"label" yaml:"label"`
	// GitHub Actions labels used for this provider.
	//
	// These labels are used to identify which provider should spawn a new on-demand runner. Every job sends a webhook with the labels it's looking for
	// based on runs-on. We match the labels from the webhook with the labels specified here. If all the labels specified here are present in the
	// job's labels, this provider will be chosen and spawn a new runner.
	// Default: ['fargate'].
	//
	// Experimental.
	Labels *[]*string `field:"optional" json:"labels" yaml:"labels"`
	// The amount (in MiB) of memory used by the task.
	//
	// For tasks using the Fargate launch type,
	// this field is required and you must use one of the following values, which determines your range of valid values for the cpu parameter:
	//
	// 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU)
	//
	// 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU)
	//
	// 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU)
	//
	// Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU)
	//
	// Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU).
	// Default: 2048.
	//
	// Experimental.
	MemoryLimitMiB *float64 `field:"optional" json:"memoryLimitMiB" yaml:"memoryLimitMiB"`
	// Security group to assign to the task.
	// Default: a new security group.
	//
	// Deprecated: use {@link securityGroups }.
	SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"`
	// Security groups to assign to the task.
	// Default: a new security group.
	//
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// Use Fargate spot capacity provider to save money.
	//
	// * Runners may fail to start due to missing capacity.
	// * Runners might be stopped prematurely with spot pricing.
	// Default: false.
	//
	// Experimental.
	Spot *bool `field:"optional" json:"spot" yaml:"spot"`
	// Subnets to run the runners in.
	// Default: Fargate default.
	//
	// Experimental.
	SubnetSelection *awsec2.SubnetSelection `field:"optional" json:"subnetSelection" yaml:"subnetSelection"`
	// VPC to launch the runners in.
	// Default: default account VPC.
	//
	// Experimental.
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
}

Properties for FargateRunnerProvider. Experimental.

type FastLaunchOptions added in v0.12.4 

type FastLaunchOptions struct {
	// Enable fast launch for AMIs generated by this builder.
	//
	// It creates a snapshot of the root volume and uses it to launch new instances faster.
	//
	// This is only supported for Windows AMIs.
	// Default: false.
	//
	// Experimental.
	Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
	// The maximum number of parallel instances that are launched for creating resources.
	//
	// Must be at least 6.
	// Default: 6.
	//
	// Experimental.
	MaxParallelLaunches *float64 `field:"optional" json:"maxParallelLaunches" yaml:"maxParallelLaunches"`
	// The number of pre-provisioned snapshots to keep on hand for a fast-launch enabled Windows AMI.
	// Default: 1.
	//
	// Experimental.
	TargetResourceCount *float64 `field:"optional" json:"targetResourceCount" yaml:"targetResourceCount"`
}

Options for fast launch. Experimental.

type GitHubRunners 

type GitHubRunners interface {
	constructs.Construct
	awsec2.IConnectable
	// Manage the connections of all management functions.
	//
	// Use this to enable connections to your GitHub Enterprise Server in a VPC.
	//
	// This cannot be used to manage connections of the runners. Use the `connections` property of each runner provider to manage runner connections.
	// Experimental.
	Connections() awsec2.Connections
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Experimental.
	Props() *GitHubRunnersProps
	// Configured runner providers.
	// Experimental.
	Providers() *[]IRunnerProvider
	// Secrets for GitHub communication including webhook secret and runner authentication.
	// Experimental.
	Secrets() Secrets
	// Creates CloudWatch Logs Insights saved queries that can be used to debug issues with the runners.
	//
	// * "Webhook errors" helps diagnose configuration issues with GitHub integration
	// * "Ignored webhook" helps understand why runners aren't started
	// * "Ignored jobs based on labels" helps debug label matching issues
	// * "Webhook started runners" helps understand which runners were started.
	// Experimental.
	CreateLogsInsightsQueries()
	// Creates a topic for notifications when a runner image build fails.
	//
	// Runner images are rebuilt every week by default. This provides the latest GitHub Runner version and software updates.
	//
	// If you want to be sure you are using the latest runner version, you can use this topic to be notified when a build fails.
	// Experimental.
	FailedImageBuildsTopic() awssns.Topic
	// Metric for failed runner executions.
	//
	// A failed runner usually means the runner failed to start and so a job was never executed. It doesn't necessarily mean the job was executed and failed. For that, see {@link metricJobCompleted}.
	// Experimental.
	MetricFailed(props *awscloudwatch.MetricProps) awscloudwatch.Metric
	// Metric for the number of GitHub Actions jobs completed.
	//
	// It has `ProviderLabels` and `Status` dimensions. The status can be one of "Succeeded", "SucceededWithIssues", "Failed", "Canceled", "Skipped", or "Abandoned".
	//
	// **WARNING:** this method creates a metric filter for each provider. Each metric has a status dimension with six possible values. These resources may incur cost.
	// Experimental.
	MetricJobCompleted(props *awscloudwatch.MetricProps) awscloudwatch.Metric
	// Metric for successful executions.
	//
	// A successful execution doesn't always mean a runner was started. It can be successful even without any label matches.
	//
	// A successful runner doesn't mean the job it executed was successful. For that, see {@link metricJobCompleted}.
	// Experimental.
	MetricSucceeded(props *awscloudwatch.MetricProps) awscloudwatch.Metric
	// Metric for the interval, in milliseconds, between the time the execution starts and the time it closes.
	//
	// This time may be longer than the time the runner took.
	// Experimental.
	MetricTime(props *awscloudwatch.MetricProps) awscloudwatch.Metric
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

Create all the required infrastructure to provide self-hosted GitHub runners.

It creates a webhook, secrets, and a step function to orchestrate all runs. Secrets are not automatically filled. See README.md for instructions on how to setup GitHub integration.

By default, this will create a runner provider of each available type with the defaults. This is good enough for the initial setup stage when you just want to get GitHub integration working.

```typescript new GitHubRunners(this, 'runners'); ```

Usually you'd want to configure the runner providers so the runners can run in a certain VPC or have certain permissions.

```typescript const vpc = ec2.Vpc.fromLookup(this, 'vpc', { vpcId: 'vpc-1234567' }); const runnerSg = new ec2.SecurityGroup(this, 'runner security group', { vpc: vpc }); const dbSg = ec2.SecurityGroup.fromSecurityGroupId(this, 'database security group', 'sg-1234567'); const bucket = new s3.Bucket(this, 'runner bucket');

// create a custom CodeBuild provider const myProvider = new CodeBuildRunnerProvider( 

this, 'codebuild runner',
{
   labels: ['my-codebuild'],
   vpc: vpc,
   securityGroups: [runnerSg],
},

); // grant some permissions to the provider bucket.grantReadWrite(myProvider); dbSg.connections.allowFrom(runnerSg, ec2.Port.tcp(3306), 'allow runners to connect to MySQL database');

// create the runner infrastructure new GitHubRunners( 

this,
'runners',
{
  providers: [myProvider],
}

); ```. Experimental.

func NewGitHubRunners 

func NewGitHubRunners(scope constructs.Construct, id *string, props *GitHubRunnersProps) GitHubRunners

Experimental.

type GitHubRunnersProps 

type GitHubRunnersProps struct {
	// Allow management functions to run in public subnets.
	//
	// Lambda Functions in a public subnet can NOT access the internet.
	// Default: false.
	//
	// Experimental.
	AllowPublicSubnet *bool `field:"optional" json:"allowPublicSubnet" yaml:"allowPublicSubnet"`
	// Path to a directory containing a file named certs.pem containing any additional certificates required to trust GitHub Enterprise Server. Use this when GitHub Enterprise Server certificates are self-signed.
	//
	// You may also want to use custom images for your runner providers that contain the same certificates. See {@link CodeBuildImageBuilder.addCertificates }.
	//
	// “`typescript
	// const imageBuilder = CodeBuildRunnerProvider.imageBuilder(this, 'Image Builder with Certs');
	// imageBuilder.addComponent(RunnerImageComponent.extraCertificates('path-to-my-extra-certs-folder/certs.pem', 'private-ca');
	//
	// const provider = new CodeBuildRunnerProvider(this, 'CodeBuild', {
	//     imageBuilder: imageBuilder,
	// });
	//
	// new GitHubRunners(
	//   this,
	//   'runners',
	//   {
	//     providers: [provider],
	//     extraCertificates: 'path-to-my-extra-certs-folder',
	//   }
	// );
	// “`.
	// Experimental.
	ExtraCertificates *string `field:"optional" json:"extraCertificates" yaml:"extraCertificates"`
	// Time to wait before stopping a runner that remains idle.
	//
	// If the user cancelled the job, or if another runner stole it, this stops the runner to avoid wasting resources.
	// Default: 5 minutes.
	//
	// Experimental.
	IdleTimeout awscdk.Duration `field:"optional" json:"idleTimeout" yaml:"idleTimeout"`
	// Logging options for the state machine that manages the runners.
	// Default: no logs.
	//
	// Experimental.
	LogOptions *LogOptions `field:"optional" json:"logOptions" yaml:"logOptions"`
	// List of runner providers to use.
	//
	// At least one provider is required. Provider will be selected when its label matches the labels requested by the workflow job.
	// Default: CodeBuild, Lambda and Fargate runners with all the defaults (no VPC or default account VPC).
	//
	// Experimental.
	Providers *[]IRunnerProvider `field:"optional" json:"providers" yaml:"providers"`
	// Whether to require the `self-hosted` label.
	//
	// If `true`, the runner will only start if the workflow job explicitly requests the `self-hosted` label.
	//
	// Be careful when setting this to `false`. Avoid setting up providers with generic label requirements like `linux` as they may match workflows that are not meant to run on self-hosted runners.
	// Default: true.
	//
	// Experimental.
	RequireSelfHostedLabel *bool `field:"optional" json:"requireSelfHostedLabel" yaml:"requireSelfHostedLabel"`
	// Options to retry operation in case of failure like missing capacity, or API quota issues.
	//
	// GitHub jobs time out after not being able to get a runner for 24 hours. You should not retry for more than 24 hours.
	//
	// Total time spent waiting can be calculated with interval * (backoffRate ^ maxAttempts) / (backoffRate - 1).
	// Default: retry 23 times up to about 24 hours.
	//
	// Experimental.
	RetryOptions *ProviderRetryOptions `field:"optional" json:"retryOptions" yaml:"retryOptions"`
	// Security group attached to all management functions.
	//
	// Use this with to provide access to GitHub Enterprise Server hosted inside a VPC.
	// Deprecated: use {@link securityGroups } instead.
	SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"`
	// Security groups attached to all management functions.
	//
	// Use this with to provide access to GitHub Enterprise Server hosted inside a VPC.
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// Access configuration for the setup function.
	//
	// Once you finish the setup process, you can set this to `LambdaAccess.noAccess()` to remove access to the setup function. You can also use `LambdaAccess.apiGateway({ allowedIps: ['my-ip/0']})` to limit access to your IP only.
	// Default: LambdaAccess.lambdaUrl()
	//
	// Experimental.
	SetupAccess LambdaAccess `field:"optional" json:"setupAccess" yaml:"setupAccess"`
	// Access configuration for the status function.
	//
	// This function returns a lot of sensitive information about the runner, so you should only allow access to it from trusted IPs, if at all.
	// Default: LambdaAccess.noAccess()
	//
	// Experimental.
	StatusAccess LambdaAccess `field:"optional" json:"statusAccess" yaml:"statusAccess"`
	// VPC used for all management functions. Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.
	//
	// Make sure the selected VPC and subnets have access to the following with either NAT Gateway or VPC Endpoints:
	// * GitHub Enterprise Server
	// * Secrets Manager
	// * SQS
	// * Step Functions
	// * CloudFormation (status function only)
	// * EC2 (status function only)
	// * ECR (status function only).
	// Experimental.
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
	// VPC subnets used for all management functions.
	//
	// Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.
	// Experimental.
	VpcSubnets *awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
	// Access configuration for the webhook function.
	//
	// This function is called by GitHub when a new workflow job is scheduled. For an extra layer of security, you can set this to `LambdaAccess.apiGateway({ allowedIps: LambdaAccess.githubWebhookIps() })`.
	//
	// You can also set this to `LambdaAccess.apiGateway({allowedVpc: vpc, allowedIps: ['GHES.IP.ADDRESS/32']})` if your GitHub Enterprise Server is hosted in a VPC. This will create an API Gateway endpoint that's only accessible from within the VPC.
	//
	// *WARNING*: changing access type may change the URL. When the URL changes, you must update GitHub as well.
	// Default: LambdaAccess.lambdaUrl()
	//
	// Experimental.
	WebhookAccess LambdaAccess `field:"optional" json:"webhookAccess" yaml:"webhookAccess"`
}

Properties for GitHubRunners. Experimental.

type IConfigurableRunnerImageBuilder added in v0.12.0 

type IConfigurableRunnerImageBuilder interface {
	awsec2.IConnectable
	awsiam.IGrantable
	IRunnerImageBuilder
	// Add a component to the image builder.
	//
	// The component will be added to the end of the list of components.
	// Experimental.
	AddComponent(component RunnerImageComponent)
	// Remove a component from the image builder.
	//
	// Removal is done by component name. Multiple components with the same name will all be removed.
	// Experimental.
	RemoveComponent(component RunnerImageComponent)
}

Interface for constructs that build an image that can be used in {@link IRunnerProvider }.

The image can be configured by adding or removing components. The image builder can be configured by adding grants or allowing connections.

An image can be a Docker image or AMI. Experimental.

func CodeBuildRunnerProvider_ImageBuilder added in v0.9.0 

func CodeBuildRunnerProvider_ImageBuilder(scope constructs.Construct, id *string, props *RunnerImageBuilderProps) IConfigurableRunnerImageBuilder

Create new image builder that builds CodeBuild specific runner images.

You can customize the OS, architecture, VPC, subnet, security groups, etc. by passing in props.

You can add components to the image builder by calling `imageBuilder.addComponent()`.

The default OS is Ubuntu running on x64 architecture.

Included components:

  • `RunnerImageComponent.requiredPackages()`
  • `RunnerImageComponent.runnerUser()`
  • `RunnerImageComponent.git()`
  • `RunnerImageComponent.githubCli()`
  • `RunnerImageComponent.awsCli()`
  • `RunnerImageComponent.docker()`
  • `RunnerImageComponent.githubRunner()`

Experimental.

func CodeBuildRunner_ImageBuilder added in v0.9.0 

func CodeBuildRunner_ImageBuilder(scope constructs.Construct, id *string, props *RunnerImageBuilderProps) IConfigurableRunnerImageBuilder

Create new image builder that builds CodeBuild specific runner images.

You can customize the OS, architecture, VPC, subnet, security groups, etc. by passing in props.

You can add components to the image builder by calling `imageBuilder.addComponent()`.

The default OS is Ubuntu running on x64 architecture.

Included components:

  • `RunnerImageComponent.requiredPackages()`
  • `RunnerImageComponent.runnerUser()`
  • `RunnerImageComponent.git()`
  • `RunnerImageComponent.githubCli()`
  • `RunnerImageComponent.awsCli()`
  • `RunnerImageComponent.docker()`
  • `RunnerImageComponent.githubRunner()`

Deprecated: use {@link CodeBuildRunnerProvider }.

func Ec2RunnerProvider_ImageBuilder added in v0.9.0 

func Ec2RunnerProvider_ImageBuilder(scope constructs.Construct, id *string, props *RunnerImageBuilderProps) IConfigurableRunnerImageBuilder

Create new image builder that builds EC2 specific runner images.

You can customize the OS, architecture, VPC, subnet, security groups, etc. by passing in props.

You can add components to the image builder by calling `imageBuilder.addComponent()`.

The default OS is Ubuntu running on x64 architecture.

Included components:

  • `RunnerImageComponent.requiredPackages()`
  • `RunnerImageComponent.runnerUser()`
  • `RunnerImageComponent.git()`
  • `RunnerImageComponent.githubCli()`
  • `RunnerImageComponent.awsCli()`
  • `RunnerImageComponent.docker()`
  • `RunnerImageComponent.githubRunner()`

Experimental.

func Ec2Runner_ImageBuilder added in v0.9.0 

func Ec2Runner_ImageBuilder(scope constructs.Construct, id *string, props *RunnerImageBuilderProps) IConfigurableRunnerImageBuilder

Create new image builder that builds EC2 specific runner images.

You can customize the OS, architecture, VPC, subnet, security groups, etc. by passing in props.

You can add components to the image builder by calling `imageBuilder.addComponent()`.

The default OS is Ubuntu running on x64 architecture.

Included components:

  • `RunnerImageComponent.requiredPackages()`
  • `RunnerImageComponent.runnerUser()`
  • `RunnerImageComponent.git()`
  • `RunnerImageComponent.githubCli()`
  • `RunnerImageComponent.awsCli()`
  • `RunnerImageComponent.docker()`
  • `RunnerImageComponent.githubRunner()`

Deprecated: use {@link Ec2RunnerProvider }.

func EcsRunnerProvider_ImageBuilder added in v0.9.3 

func EcsRunnerProvider_ImageBuilder(scope constructs.Construct, id *string, props *RunnerImageBuilderProps) IConfigurableRunnerImageBuilder

Create new image builder that builds ECS specific runner images.

You can customize the OS, architecture, VPC, subnet, security groups, etc. by passing in props.

You can add components to the image builder by calling `imageBuilder.addComponent()`.

The default OS is Ubuntu running on x64 architecture.

Included components:

  • `RunnerImageComponent.requiredPackages()`
  • `RunnerImageComponent.runnerUser()`
  • `RunnerImageComponent.git()`
  • `RunnerImageComponent.githubCli()`
  • `RunnerImageComponent.awsCli()`
  • `RunnerImageComponent.docker()`
  • `RunnerImageComponent.githubRunner()`

Experimental.

func FargateRunnerProvider_ImageBuilder added in v0.9.0 

func FargateRunnerProvider_ImageBuilder(scope constructs.Construct, id *string, props *RunnerImageBuilderProps) IConfigurableRunnerImageBuilder

Create new image builder that builds Fargate specific runner images.

You can customize the OS, architecture, VPC, subnet, security groups, etc. by passing in props.

You can add components to the image builder by calling `imageBuilder.addComponent()`.

The default OS is Ubuntu running on x64 architecture.

Included components:

  • `RunnerImageComponent.requiredPackages()`
  • `RunnerImageComponent.runnerUser()`
  • `RunnerImageComponent.git()`
  • `RunnerImageComponent.githubCli()`
  • `RunnerImageComponent.awsCli()`
  • `RunnerImageComponent.githubRunner()`

Experimental.

func FargateRunner_ImageBuilder added in v0.9.0 

func FargateRunner_ImageBuilder(scope constructs.Construct, id *string, props *RunnerImageBuilderProps) IConfigurableRunnerImageBuilder

Create new image builder that builds Fargate specific runner images.

You can customize the OS, architecture, VPC, subnet, security groups, etc. by passing in props.

You can add components to the image builder by calling `imageBuilder.addComponent()`.

The default OS is Ubuntu running on x64 architecture.

Included components:

  • `RunnerImageComponent.requiredPackages()`
  • `RunnerImageComponent.runnerUser()`
  • `RunnerImageComponent.git()`
  • `RunnerImageComponent.githubCli()`
  • `RunnerImageComponent.awsCli()`
  • `RunnerImageComponent.githubRunner()`

Deprecated: use {@link FargateRunnerProvider }.

func LambdaRunnerProvider_ImageBuilder added in v0.9.0 

func LambdaRunnerProvider_ImageBuilder(scope constructs.Construct, id *string, props *RunnerImageBuilderProps) IConfigurableRunnerImageBuilder

Create new image builder that builds Lambda specific runner images.

You can customize the OS, architecture, VPC, subnet, security groups, etc. by passing in props.

You can add components to the image builder by calling `imageBuilder.addComponent()`.

The default OS is Amazon Linux 2023 running on x64 architecture.

Included components:

  • `RunnerImageComponent.requiredPackages()`
  • `RunnerImageComponent.runnerUser()`
  • `RunnerImageComponent.git()`
  • `RunnerImageComponent.githubCli()`
  • `RunnerImageComponent.awsCli()`
  • `RunnerImageComponent.githubRunner()`
  • `RunnerImageComponent.lambdaEntrypoint()`

Experimental.

func LambdaRunner_ImageBuilder added in v0.9.0 

func LambdaRunner_ImageBuilder(scope constructs.Construct, id *string, props *RunnerImageBuilderProps) IConfigurableRunnerImageBuilder

Create new image builder that builds Lambda specific runner images.

You can customize the OS, architecture, VPC, subnet, security groups, etc. by passing in props.

You can add components to the image builder by calling `imageBuilder.addComponent()`.

The default OS is Amazon Linux 2023 running on x64 architecture.

Included components:

  • `RunnerImageComponent.requiredPackages()`
  • `RunnerImageComponent.runnerUser()`
  • `RunnerImageComponent.git()`
  • `RunnerImageComponent.githubCli()`
  • `RunnerImageComponent.awsCli()`
  • `RunnerImageComponent.githubRunner()`
  • `RunnerImageComponent.lambdaEntrypoint()`

Deprecated: use {@link LambdaRunnerProvider }.

func RunnerImageBuilder_New added in v0.9.0 

func RunnerImageBuilder_New(scope constructs.Construct, id *string, props *RunnerImageBuilderProps) IConfigurableRunnerImageBuilder

Create a new image builder based on the provided properties.

The implementation will differ based on the OS, architecture, and requested builder type. Experimental.

type IRunnerAmiStatus added in v0.6.0 

type IRunnerAmiStatus interface {
	// Log group name for the AMI builder where history of builds can be analyzed.
	// Experimental.
	AmiBuilderLogGroup() *string
	// Id of launch template pointing to the latest AMI built by the AMI builder.
	// Experimental.
	LaunchTemplate() *string
}

AMI status returned from runner providers to be displayed as output of status function. Experimental.

type IRunnerImageBuilder added in v0.9.0 

type IRunnerImageBuilder interface {
	// Build and return an AMI with GitHub Runner installed in it.
	//
	// Anything that ends up with a launch template pointing to an AMI that runs GitHub self-hosted runners can be used. A simple implementation could even point to an existing AMI and nothing else.
	//
	// The AMI can be further updated over time manually or using a schedule as long as it is always written to the same launch template.
	// Experimental.
	BindAmi() *RunnerAmi
	// Build and return a Docker image with GitHub Runner installed in it.
	//
	// Anything that ends up with an ECR repository containing a Docker image that runs GitHub self-hosted runners can be used. A simple implementation could even point to an existing image and nothing else.
	//
	// It's important that the specified image tag be available at the time the repository is available. Providers usually assume the image is ready and will fail if it's not.
	//
	// The image can be further updated over time manually or using a schedule as long as it is always written to the same tag.
	// Experimental.
	BindDockerImage() *RunnerImage
}

Interface for constructs that build an image that can be used in {@link IRunnerProvider }.

An image can be a Docker image or AMI. Experimental.

func StaticRunnerImage_FromDockerHub added in v0.3.0 

func StaticRunnerImage_FromDockerHub(scope constructs.Construct, id *string, image *string, architecture Architecture, os Os) IRunnerImageBuilder

Create a builder from an existing Docker Hub image.

The image must already have GitHub Actions runner installed. You are responsible to update it and remove it when done.

We create a CodeBuild image builder behind the scenes to copy the image over to ECR. This helps avoid Docker Hub rate limits and prevent failures. Experimental.

func StaticRunnerImage_FromEcrRepository added in v0.3.0 

func StaticRunnerImage_FromEcrRepository(repository awsecr.IRepository, tag *string, architecture Architecture, os Os) IRunnerImageBuilder

Create a builder (that doesn't actually build anything) from an existing image in an existing repository.

The image must already have GitHub Actions runner installed. You are responsible to update it and remove it when done. Experimental.

type IRunnerImageStatus added in v0.4.0 

type IRunnerImageStatus interface {
	// Log group name for the image builder where history of image builds can be analyzed.
	// Experimental.
	ImageBuilderLogGroup() *string
	// Image repository where image builder pushes runner images.
	// Experimental.
	ImageRepository() *string
	// Tag of image that should be used.
	// Experimental.
	ImageTag() *string
}

Image status returned from runner providers to be displayed in status.json. Experimental.

type IRunnerProvider 

type IRunnerProvider interface {
	awsec2.IConnectable
	constructs.IConstruct
	awsiam.IGrantable
	// Generate step function tasks that execute the runner.
	//
	// Called by GithubRunners and shouldn't be called manually.
	// Experimental.
	GetStepFunctionTask(parameters *RunnerRuntimeParameters) awsstepfunctions.IChainable
	// An optional method that modifies the role of the state machine after all the tasks have been generated.
	//
	// This can be used to add additional policy
	// statements to the state machine role that are not automatically added by the task returned from {@link getStepFunctionTask}.
	// Experimental.
	GrantStateMachine(stateMachineRole awsiam.IGrantable)
	// Return status of the runner provider to be used in the main status function.
	//
	// Also gives the status function any needed permissions to query the Docker image or AMI.
	// Experimental.
	Status(statusFunctionRole awsiam.IGrantable) IRunnerProviderStatus
	// GitHub Actions labels used for this provider.
	//
	// These labels are used to identify which provider should spawn a new on-demand runner. Every job sends a webhook with the labels it's looking for
	// based on runs-on. We use match the labels from the webhook with the labels specified here. If all the labels specified here are present in the
	// job's labels, this provider will be chosen and spawn a new runner.
	// Experimental.
	Labels() *[]*string
	// Log group where provided runners will save their logs.
	//
	// Note that this is not the job log, but the runner itself. It will not contain output from the GitHub Action but only metadata on its execution.
	// Experimental.
	LogGroup() awslogs.ILogGroup
	// List of step functions errors that should be retried.
	// Deprecated: do not use.
	RetryableErrors() *[]*string
}

Interface for all runner providers.

Implementations create all required resources and return a step function task that starts those resources from {@link getStepFunctionTask}. Experimental.

type IRunnerProviderStatus added in v0.6.0 

type IRunnerProviderStatus interface {
	// Details about AMI used by this runner provider.
	// Experimental.
	Ami() IRunnerAmiStatus
	// Details about Docker image used by this runner provider.
	// Experimental.
	Image() IRunnerImageStatus
	// Labels associated with provider.
	// Experimental.
	Labels() *[]*string
	// Log group for runners.
	// Experimental.
	LogGroup() *string
	// Role attached to runners.
	// Experimental.
	RoleArn() *string
	// Security groups attached to runners.
	// Experimental.
	SecurityGroups() *[]*string
	// Runner provider type.
	// Experimental.
	Type() *string
	// VPC where runners will be launched.
	// Experimental.
	VpcArn() *string
}

Interface for runner image status used by status.json. Experimental.

type ImageBuilderAsset added in v0.4.0 

type ImageBuilderAsset struct {
	// Asset to place in the image.
	// Experimental.
	Asset awss3assets.Asset `field:"required" json:"asset" yaml:"asset"`
	// Path to place asset in the image.
	// Experimental.
	Path *string `field:"required" json:"path" yaml:"path"`
}

An asset including file or directory to place inside the built image. Experimental.

type ImageBuilderComponent added in v0.4.0 

type ImageBuilderComponent interface {
	awscdk.Resource
	// Component ARN.
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	Arn() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	PhysicalName() *string
	// Supported platform for the component.
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	Platform() *string
	// The stack in which this resource is defined.
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	GeneratePhysicalName() *string
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	GenerateVersion(type_ *string, name *string, data interface{}) *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	GetResourceNameAttribute(nameAttr *string) *string
	// Grants read permissions to the principal on the assets buckets.
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	GrantAssetsRead(grantee awsiam.IGrantable)
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	PrefixCommandsWithErrorHandling(platform *string, commands *[]*string) *[]*string
	// Returns a string representation of this construct.
	// Deprecated: Use `RunnerImageComponent` instead as this be internal soon.
	ToString() *string
}

Components are a set of commands to run and optional files to add to an image.

Components are the building blocks of images built by Image Builder.

Example:

``` 

new ImageBuilderComponent(this, 'AWS CLI', {
  platform: 'Windows',
  displayName: 'AWS CLI',
  description: 'Install latest version of AWS CLI',
  commands: [
    '$p = Start-Process msiexec.exe -PassThru -Wait -ArgumentList \'/i https://awscli.amazonaws.com/AWSCLIV2.msi /qn\'',
    'if ($p.ExitCode -ne 0) { throw "Exit code is $p.ExitCode" }',
  ],
}

```. Deprecated: Use `RunnerImageComponent` instead as this be internal soon.

func LinuxUbuntuComponents_AwsCli deprecated added in v0.6.0 

func LinuxUbuntuComponents_AwsCli(scope constructs.Construct, id *string, architecture Architecture) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func LinuxUbuntuComponents_Docker deprecated added in v0.6.0 

func LinuxUbuntuComponents_Docker(scope constructs.Construct, id *string, _architecture Architecture) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func LinuxUbuntuComponents_ExtraCertificates deprecated added in v0.7.1 

func LinuxUbuntuComponents_ExtraCertificates(scope constructs.Construct, id *string, path *string) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func LinuxUbuntuComponents_Git deprecated added in v0.6.0 

func LinuxUbuntuComponents_Git(scope constructs.Construct, id *string, _architecture Architecture) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func LinuxUbuntuComponents_GithubCli deprecated added in v0.6.0 

func LinuxUbuntuComponents_GithubCli(scope constructs.Construct, id *string, _architecture Architecture) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func LinuxUbuntuComponents_GithubRunner deprecated added in v0.6.0 

func LinuxUbuntuComponents_GithubRunner(scope constructs.Construct, id *string, runnerVersion RunnerVersion, architecture Architecture) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func LinuxUbuntuComponents_RequiredPackages deprecated added in v0.6.0 

func LinuxUbuntuComponents_RequiredPackages(scope constructs.Construct, id *string, architecture Architecture) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func LinuxUbuntuComponents_RunnerUser deprecated added in v0.6.0 

func LinuxUbuntuComponents_RunnerUser(scope constructs.Construct, id *string, _architecture Architecture) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func NewImageBuilderComponent deprecated added in v0.4.0 

func NewImageBuilderComponent(scope constructs.Construct, id *string, props *ImageBuilderComponentProperties) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead as this be internal soon.

func WindowsComponents_AwsCli deprecated added in v0.6.0 

func WindowsComponents_AwsCli(scope constructs.Construct, id *string) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func WindowsComponents_CloudwatchAgent deprecated added in v0.6.0 

func WindowsComponents_CloudwatchAgent(scope constructs.Construct, id *string) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func WindowsComponents_Docker deprecated added in v0.6.0 

func WindowsComponents_Docker(scope constructs.Construct, id *string) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func WindowsComponents_ExtraCertificates deprecated added in v0.7.1 

func WindowsComponents_ExtraCertificates(scope constructs.Construct, id *string, path *string) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func WindowsComponents_Git deprecated added in v0.6.0 

func WindowsComponents_Git(scope constructs.Construct, id *string) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func WindowsComponents_GithubCli deprecated added in v0.6.0 

func WindowsComponents_GithubCli(scope constructs.Construct, id *string) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

func WindowsComponents_GithubRunner deprecated added in v0.6.0 

func WindowsComponents_GithubRunner(scope constructs.Construct, id *string, runnerVersion RunnerVersion) ImageBuilderComponent

Deprecated: Use `RunnerImageComponent` instead.

type ImageBuilderComponentProperties added in v0.4.0 

type ImageBuilderComponentProperties struct {
	// Shell commands to run when adding this component to the image.
	//
	// On Linux, these are bash commands. On Windows, there are PowerShell commands.
	// Experimental.
	Commands *[]*string `field:"required" json:"commands" yaml:"commands"`
	// Component description.
	// Experimental.
	Description *string `field:"required" json:"description" yaml:"description"`
	// Component display name.
	// Experimental.
	DisplayName *string `field:"required" json:"displayName" yaml:"displayName"`
	// Component platform.
	//
	// Must match the builder platform.
	// Experimental.
	Platform *string `field:"required" json:"platform" yaml:"platform"`
	// Optional assets to add to the built image.
	// Experimental.
	Assets *[]*ImageBuilderAsset `field:"optional" json:"assets" yaml:"assets"`
	// Require a reboot after installing this component.
	// Default: false.
	//
	// Experimental.
	Reboot *bool `field:"optional" json:"reboot" yaml:"reboot"`
}

Properties for ImageBuilderComponent construct. Experimental.

type LambdaAccess added in v0.9.2 

type LambdaAccess interface {
	// Creates all required resources and returns access URL or empty string if disabled.
	//
	// Returns: access URL or empty string if disabled.
	// Experimental.
	Bind(scope constructs.Construct, id *string, lambdaFunction awslambda.Function) *string
}

Access configuration options for Lambda functions like setup and webhook function. Use this to limit access to these functions.

If you need a custom access point, you can implement this abstract class yourself. Note that the Lambda functions expect API Gateway v1 or v2 input. They also expect every URL under the constructed URL to point to the function. Experimental.

func LambdaAccess_ApiGateway added in v0.9.2 

func LambdaAccess_ApiGateway(props *ApiGatewayAccessProps) LambdaAccess

Provide access using API Gateway.

This is the most secure option, but requires additional configuration. It allows you to limit access to specific IP addresses and even to a specific VPC.

To limit access to GitHub.com use:

``` 

LambdaAccess.apiGateway({
  allowedIps: LambdaAccess.githubWebhookIps(),
});

```

Alternatively, get and manually update the list manually with:

``` curl https://api.github.com/meta | jq .hooks ```. Experimental.

func LambdaAccess_LambdaUrl added in v0.9.2 

func LambdaAccess_LambdaUrl() LambdaAccess

Provide access using Lambda URL.

This is the default and simplest option. It puts no limits on the requester, but the Lambda functions themselves authenticate every request. Experimental.

func LambdaAccess_NoAccess added in v0.9.2 

func LambdaAccess_NoAccess() LambdaAccess

Disables access to the configured Lambda function.

This is useful for the setup function after setup is done. Experimental.

type LambdaRunner deprecated 

type LambdaRunner interface {
	LambdaRunnerProvider
	// The network connections associated with this resource.
	// Deprecated: use {@link LambdaRunnerProvider }.
	Connections() awsec2.Connections
	// The function hosting the GitHub runner.
	// Deprecated: use {@link LambdaRunnerProvider }.
	Function() awslambda.Function
	// Grant principal used to add permissions to the runner role.
	// Deprecated: use {@link LambdaRunnerProvider }.
	GrantPrincipal() awsiam.IPrincipal
	// Docker image loaded with GitHub Actions Runner and its prerequisites.
	//
	// The image is built by an image builder and is specific to Lambda.
	// Deprecated: use {@link LambdaRunnerProvider }.
	Image() *RunnerImage
	// Labels associated with this provider.
	// Deprecated: use {@link LambdaRunnerProvider }.
	Labels() *[]*string
	// Log group where provided runners will save their logs.
	//
	// Note that this is not the job log, but the runner itself. It will not contain output from the GitHub Action but only metadata on its execution.
	// Deprecated: use {@link LambdaRunnerProvider }.
	LogGroup() awslogs.ILogGroup
	// The tree node.
	// Deprecated: use {@link LambdaRunnerProvider }.
	Node() constructs.Node
	// List of step functions errors that should be retried.
	// Deprecated: use {@link LambdaRunnerProvider }.
	RetryableErrors() *[]*string
	// Generate step function task(s) to start a new runner.
	//
	// Called by GithubRunners and shouldn't be called manually.
	// Deprecated: use {@link LambdaRunnerProvider }.
	GetStepFunctionTask(parameters *RunnerRuntimeParameters) awsstepfunctions.IChainable
	// An optional method that modifies the role of the state machine after all the tasks have been generated.
	//
	// This can be used to add additional policy
	// statements to the state machine role that are not automatically added by the task returned from {@link getStepFunctionTask}.
	// Deprecated: use {@link LambdaRunnerProvider }.
	GrantStateMachine(_arg awsiam.IGrantable)
	// Deprecated: use {@link LambdaRunnerProvider }.
	LabelsFromProperties(defaultLabel *string, propsLabel *string, propsLabels *[]*string) *[]*string
	// Return status of the runner provider to be used in the main status function.
	//
	// Also gives the status function any needed permissions to query the Docker image or AMI.
	// Deprecated: use {@link LambdaRunnerProvider }.
	Status(statusFunctionRole awsiam.IGrantable) IRunnerProviderStatus
	// Returns a string representation of this construct.
	// Deprecated: use {@link LambdaRunnerProvider }.
	ToString() *string
}

Deprecated: use {@link LambdaRunnerProvider }.

func NewLambdaRunner deprecated 

func NewLambdaRunner(scope constructs.Construct, id *string, props *LambdaRunnerProviderProps) LambdaRunner

Deprecated: use {@link LambdaRunnerProvider }.

type LambdaRunnerProvider added in v0.8.2 

type LambdaRunnerProvider interface {
	constructs.Construct
	IRunnerProvider
	// The network connections associated with this resource.
	// Experimental.
	Connections() awsec2.Connections
	// The function hosting the GitHub runner.
	// Experimental.
	Function() awslambda.Function
	// Grant principal used to add permissions to the runner role.
	// Experimental.
	GrantPrincipal() awsiam.IPrincipal
	// Docker image loaded with GitHub Actions Runner and its prerequisites.
	//
	// The image is built by an image builder and is specific to Lambda.
	// Experimental.
	Image() *RunnerImage
	// Labels associated with this provider.
	// Experimental.
	Labels() *[]*string
	// Log group where provided runners will save their logs.
	//
	// Note that this is not the job log, but the runner itself. It will not contain output from the GitHub Action but only metadata on its execution.
	// Experimental.
	LogGroup() awslogs.ILogGroup
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// List of step functions errors that should be retried.
	// Experimental.
	RetryableErrors() *[]*string
	// Generate step function task(s) to start a new runner.
	//
	// Called by GithubRunners and shouldn't be called manually.
	// Experimental.
	GetStepFunctionTask(parameters *RunnerRuntimeParameters) awsstepfunctions.IChainable
	// An optional method that modifies the role of the state machine after all the tasks have been generated.
	//
	// This can be used to add additional policy
	// statements to the state machine role that are not automatically added by the task returned from {@link getStepFunctionTask}.
	// Experimental.
	GrantStateMachine(_arg awsiam.IGrantable)
	// Experimental.
	LabelsFromProperties(defaultLabel *string, propsLabel *string, propsLabels *[]*string) *[]*string
	// Return status of the runner provider to be used in the main status function.
	//
	// Also gives the status function any needed permissions to query the Docker image or AMI.
	// Experimental.
	Status(statusFunctionRole awsiam.IGrantable) IRunnerProviderStatus
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

GitHub Actions runner provider using Lambda to execute jobs.

Creates a Docker-based function that gets executed for each job.

This construct is not meant to be used by itself. It should be passed in the providers property for GitHubRunners. Experimental.

func NewLambdaRunnerProvider added in v0.8.2 

func NewLambdaRunnerProvider(scope constructs.Construct, id *string, props *LambdaRunnerProviderProps) LambdaRunnerProvider

Experimental.

type LambdaRunnerProviderProps added in v0.8.2 

type LambdaRunnerProviderProps struct {
	// The number of days log events are kept in CloudWatch Logs.
	//
	// When updating
	// this property, unsetting it doesn't remove the log retention policy. To
	// remove the retention policy, set the value to `INFINITE`.
	// Default: logs.RetentionDays.ONE_MONTH
	//
	// Experimental.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
	// Deprecated: use {@link retryOptions } on {@link GitHubRunners } instead.
	RetryOptions *ProviderRetryOptions `field:"optional" json:"retryOptions" yaml:"retryOptions"`
	// The size of the function’s /tmp directory in MiB.
	// Default: 10 GiB.
	//
	// Experimental.
	EphemeralStorageSize awscdk.Size `field:"optional" json:"ephemeralStorageSize" yaml:"ephemeralStorageSize"`
	// GitHub Actions runner group name.
	//
	// If specified, the runner will be registered with this group name. Setting a runner group can help managing access to self-hosted runners. It
	// requires a paid GitHub account.
	//
	// The group must exist or the runner will not start.
	//
	// Users will still be able to trigger this runner with the correct labels. But the runner will only be able to run jobs from repos allowed to use the group.
	// Default: undefined.
	//
	// Experimental.
	Group *string `field:"optional" json:"group" yaml:"group"`
	// Runner image builder used to build Docker images containing GitHub Runner and all requirements.
	//
	// The image builder must contain the {@link RunnerImageComponent.lambdaEntrypoint} component.
	//
	// The image builder determines the OS and architecture of the runner.
	// Default: LambdaRunnerProvider.imageBuilder()
	//
	// Experimental.
	ImageBuilder IRunnerImageBuilder `field:"optional" json:"imageBuilder" yaml:"imageBuilder"`
	// GitHub Actions label used for this provider.
	// Default: undefined.
	//
	// Deprecated: use {@link labels } instead.
	Label *string `field:"optional" json:"label" yaml:"label"`
	// GitHub Actions labels used for this provider.
	//
	// These labels are used to identify which provider should spawn a new on-demand runner. Every job sends a webhook with the labels it's looking for
	// based on runs-on. We match the labels from the webhook with the labels specified here. If all the labels specified here are present in the
	// job's labels, this provider will be chosen and spawn a new runner.
	// Default: ['lambda'].
	//
	// Experimental.
	Labels *[]*string `field:"optional" json:"labels" yaml:"labels"`
	// The amount of memory, in MB, that is allocated to your Lambda function.
	//
	// Lambda uses this value to proportionally allocate the amount of CPU
	// power. For more information, see Resource Model in the AWS Lambda
	// Developer Guide.
	// Default: 2048.
	//
	// Experimental.
	MemorySize *float64 `field:"optional" json:"memorySize" yaml:"memorySize"`
	// Security group to assign to this instance.
	// Default: public lambda with no security group.
	//
	// Deprecated: use {@link securityGroups }.
	SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"`
	// Security groups to assign to this instance.
	// Default: public lambda with no security group.
	//
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// Where to place the network interfaces within the VPC.
	// Default: no subnet.
	//
	// Experimental.
	SubnetSelection *awsec2.SubnetSelection `field:"optional" json:"subnetSelection" yaml:"subnetSelection"`
	// The function execution time (in seconds) after which Lambda terminates the function.
	//
	// Because the execution time affects cost, set this value
	// based on the function's expected execution time.
	// Default: Duration.minutes(15)
	//
	// Experimental.
	Timeout awscdk.Duration `field:"optional" json:"timeout" yaml:"timeout"`
	// VPC to launch the runners in.
	// Default: no VPC.
	//
	// Experimental.
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
}

Experimental.

type LinuxUbuntuComponents added in v0.6.0 

type LinuxUbuntuComponents interface {
}

Components for Ubuntu Linux that can be used with AWS Image Builder based builders.

These cannot be used by {@link CodeBuildImageBuilder }. Deprecated: Use `RunnerImageComponent` instead.

func NewLinuxUbuntuComponents deprecated added in v0.6.0 

func NewLinuxUbuntuComponents() LinuxUbuntuComponents

Deprecated: Use `RunnerImageComponent` instead.

type LogOptions added in v0.7.4 

type LogOptions struct {
	// Determines whether execution data is included in your log.
	// Default: false.
	//
	// Experimental.
	IncludeExecutionData *bool `field:"optional" json:"includeExecutionData" yaml:"includeExecutionData"`
	// Defines which category of execution history events are logged.
	// Default: ERROR.
	//
	// Experimental.
	Level awsstepfunctions.LogLevel `field:"optional" json:"level" yaml:"level"`
	// The log group where the execution history events will be logged.
	// Experimental.
	LogGroupName *string `field:"optional" json:"logGroupName" yaml:"logGroupName"`
	// The number of days log events are kept in CloudWatch Logs.
	//
	// When updating
	// this property, unsetting it doesn't remove the log retention policy. To
	// remove the retention policy, set the value to `INFINITE`.
	// Default: logs.RetentionDays.ONE_MONTH
	//
	// Experimental.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
}

Defines what execution history events are logged and where they are logged. Experimental.

type Os added in v0.3.0 

type Os interface {
	// Experimental.
	Name() *string
	// Checks if the given OS is the same as this one.
	// Experimental.
	Is(os Os) *bool
	// Checks if this OS is in a given list.
	// Experimental.
	IsIn(oses *[]Os) *bool
}

OS enum for an image. Experimental.

func Os_LINUX added in v0.3.0 

func Os_LINUX() Os

func Os_LINUX_AMAZON_2 added in v0.9.0 

func Os_LINUX_AMAZON_2() Os

func Os_LINUX_AMAZON_2023 added in v0.12.1 

func Os_LINUX_AMAZON_2023() Os

func Os_LINUX_UBUNTU added in v0.9.0 

func Os_LINUX_UBUNTU() Os

func Os_WINDOWS added in v0.3.0 

func Os_WINDOWS() Os

type ProviderRetryOptions added in v0.7.4 

type ProviderRetryOptions struct {
	// Multiplication for how much longer the wait interval gets on every retry.
	// Default: 1.3
	//
	// Experimental.
	BackoffRate *float64 `field:"optional" json:"backoffRate" yaml:"backoffRate"`
	// How much time to wait after first retryable failure.
	//
	// This interval will be multiplied by {@link backoffRate} each retry.
	// Default: 1 minute.
	//
	// Experimental.
	Interval awscdk.Duration `field:"optional" json:"interval" yaml:"interval"`
	// How many times to retry.
	// Default: 23.
	//
	// Experimental.
	MaxAttempts *float64 `field:"optional" json:"maxAttempts" yaml:"maxAttempts"`
	// Set to true to retry provider on supported failures.
	//
	// Which failures generate a retry depends on the specific provider.
	// Default: true.
	//
	// Experimental.
	Retry *bool `field:"optional" json:"retry" yaml:"retry"`
}

Retry options for providers.

The default is to retry 23 times for about 24 hours with increasing interval. Experimental.

type RunnerAmi added in v0.6.1 

type RunnerAmi struct {
	// Architecture of the image.
	// Experimental.
	Architecture Architecture `field:"required" json:"architecture" yaml:"architecture"`
	// Launch template pointing to the latest AMI.
	// Experimental.
	LaunchTemplate awsec2.ILaunchTemplate `field:"required" json:"launchTemplate" yaml:"launchTemplate"`
	// OS type of the image.
	// Experimental.
	Os Os `field:"required" json:"os" yaml:"os"`
	// Installed runner version.
	// Deprecated: open a ticket if you need this.
	RunnerVersion RunnerVersion `field:"required" json:"runnerVersion" yaml:"runnerVersion"`
	// Log group where image builds are logged.
	// Experimental.
	LogGroup awslogs.LogGroup `field:"optional" json:"logGroup" yaml:"logGroup"`
}

Description of a AMI built by {@link RunnerImageBuilder }. Experimental.

type RunnerImage added in v0.3.0 

type RunnerImage struct {
	// Architecture of the image.
	// Experimental.
	Architecture Architecture `field:"required" json:"architecture" yaml:"architecture"`
	// ECR repository containing the image.
	// Experimental.
	ImageRepository awsecr.IRepository `field:"required" json:"imageRepository" yaml:"imageRepository"`
	// Static image tag where the image will be pushed.
	// Experimental.
	ImageTag *string `field:"required" json:"imageTag" yaml:"imageTag"`
	// OS type of the image.
	// Experimental.
	Os Os `field:"required" json:"os" yaml:"os"`
	// Installed runner version.
	// Deprecated: open a ticket if you need this.
	RunnerVersion RunnerVersion `field:"required" json:"runnerVersion" yaml:"runnerVersion"`
	// Log group where image builds are logged.
	// Experimental.
	LogGroup awslogs.LogGroup `field:"optional" json:"logGroup" yaml:"logGroup"`
}

Description of a Docker image built by {@link RunnerImageBuilder }. Experimental.

type RunnerImageAsset added in v0.9.0 

type RunnerImageAsset struct {
	// Path on local system to copy into the image.
	//
	// Can be a file or a directory.
	// Experimental.
	Source *string `field:"required" json:"source" yaml:"source"`
	// Target path in the built image.
	// Experimental.
	Target *string `field:"required" json:"target" yaml:"target"`
}

Asset to copy into a built image. Experimental.

type RunnerImageBuilder added in v0.9.0 

type RunnerImageBuilder interface {
	constructs.Construct
	IConfigurableRunnerImageBuilder
	// Experimental.
	Components() *[]RunnerImageComponent
	// Experimental.
	SetComponents(val *[]RunnerImageComponent)
	// The network connections associated with this resource.
	// Experimental.
	Connections() awsec2.Connections
	// The principal to grant permissions to.
	// Experimental.
	GrantPrincipal() awsiam.IPrincipal
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Add a component to the image builder.
	//
	// The component will be added to the end of the list of components.
	// Experimental.
	AddComponent(component RunnerImageComponent)
	// Build and return an AMI with GitHub Runner installed in it.
	//
	// Anything that ends up with a launch template pointing to an AMI that runs GitHub self-hosted runners can be used. A simple implementation could even point to an existing AMI and nothing else.
	//
	// The AMI can be further updated over time manually or using a schedule as long as it is always written to the same launch template.
	// Experimental.
	BindAmi() *RunnerAmi
	// Build and return a Docker image with GitHub Runner installed in it.
	//
	// Anything that ends up with an ECR repository containing a Docker image that runs GitHub self-hosted runners can be used. A simple implementation could even point to an existing image and nothing else.
	//
	// It's important that the specified image tag be available at the time the repository is available. Providers usually assume the image is ready and will fail if it's not.
	//
	// The image can be further updated over time manually or using a schedule as long as it is always written to the same tag.
	// Experimental.
	BindDockerImage() *RunnerImage
	// Remove a component from the image builder.
	//
	// Removal is done by component name. Multiple components with the same name will all be removed.
	// Experimental.
	RemoveComponent(component RunnerImageComponent)
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

GitHub Runner image builder. Builds a Docker image or AMI with GitHub Runner and other requirements installed.

Images can be customized before passed into the provider by adding or removing components to be installed.

Images are rebuilt every week by default to ensure that the latest security patches are applied. Experimental.

type RunnerImageBuilderProps added in v0.9.0 

type RunnerImageBuilderProps struct {
	// Image architecture.
	// Default: Architecture.X86_64
	//
	// Experimental.
	Architecture Architecture `field:"optional" json:"architecture" yaml:"architecture"`
	// Options specific to AWS Image Builder.
	//
	// Only used when builderType is RunnerImageBuilderType.AWS_IMAGE_BUILDER.
	// Experimental.
	AwsImageBuilderOptions *AwsImageBuilderRunnerImageBuilderProps `field:"optional" json:"awsImageBuilderOptions" yaml:"awsImageBuilderOptions"`
	// Base AMI from which runner AMIs will be built.
	//
	// This can be an actual AMI or an AWS Image Builder ARN that points to the latest AMI. For example `arn:aws:imagebuilder:us-east-1:aws:image/ubuntu-server-22-lts-x86/x.x.x` would always use the latest version of Ubuntu 22.04 in each build. If you want a specific version, you can replace `x.x.x` with that version.
	// Default: latest Ubuntu 22.04 AMI for Os.LINUX_UBUNTU, latest Amazon Linux 2 AMI for Os.LINUX_AMAZON_2, latest Windows Server 2022 AMI for Os.WINDOWS
	//
	// Experimental.
	BaseAmi *string `field:"optional" json:"baseAmi" yaml:"baseAmi"`
	// Base image from which Docker runner images will be built.
	//
	// When using private images from a different account or not on ECR, you may need to include additional setup commands with {@link dockerSetupCommands}.
	// Default: public.ecr.aws/lts/ubuntu:22.04 for Os.LINUX_UBUNTU, public.ecr.aws/amazonlinux/amazonlinux:2 for Os.LINUX_AMAZON_2, mcr.microsoft.com/windows/servercore:ltsc2019-amd64 for Os.WINDOWS
	//
	// Experimental.
	BaseDockerImage *string `field:"optional" json:"baseDockerImage" yaml:"baseDockerImage"`
	// Default: CodeBuild for Linux Docker image, AWS Image Builder for Windows Docker image and any AMI.
	//
	// Experimental.
	BuilderType RunnerImageBuilderType `field:"optional" json:"builderType" yaml:"builderType"`
	// Options specific to CodeBuild image builder.
	//
	// Only used when builderType is RunnerImageBuilderType.CODE_BUILD.
	// Experimental.
	CodeBuildOptions *CodeBuildRunnerImageBuilderProps `field:"optional" json:"codeBuildOptions" yaml:"codeBuildOptions"`
	// Components to install on the image.
	// Default: none.
	//
	// Experimental.
	Components *[]RunnerImageComponent `field:"optional" json:"components" yaml:"components"`
	// Additional commands to run on the build host before starting the Docker runner image build.
	//
	// Use this to execute commands such as `docker login` or `aws ecr get-login-password` to pull private base images.
	// Default: [].
	//
	// Experimental.
	DockerSetupCommands *[]*string `field:"optional" json:"dockerSetupCommands" yaml:"dockerSetupCommands"`
	// Removal policy for logs of image builds.
	//
	// If deployment fails on the custom resource, try setting this to `RemovalPolicy.RETAIN`. This way the CodeBuild logs can still be viewed, and you can see why the build failed.
	//
	// We try to not leave anything behind when removed. But sometimes a log staying behind is useful.
	// Default: RemovalPolicy.DESTROY
	//
	// Experimental.
	LogRemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"logRemovalPolicy" yaml:"logRemovalPolicy"`
	// The number of days log events are kept in CloudWatch Logs.
	//
	// When updating
	// this property, unsetting it doesn't remove the log retention policy. To
	// remove the retention policy, set the value to `INFINITE`.
	// Default: logs.RetentionDays.ONE_MONTH
	//
	// Experimental.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
	// Image OS.
	// Default: OS.LINUX_UBUNTU
	//
	// Experimental.
	Os Os `field:"optional" json:"os" yaml:"os"`
	// Schedule the image to be rebuilt every given interval.
	//
	// Useful for keeping the image up-do-date with the latest GitHub runner version and latest OS updates.
	//
	// Set to zero to disable.
	// Default: Duration.days(7)
	//
	// Experimental.
	RebuildInterval awscdk.Duration `field:"optional" json:"rebuildInterval" yaml:"rebuildInterval"`
	// Version of GitHub Runners to install.
	// Default: latest version available.
	//
	// Experimental.
	RunnerVersion RunnerVersion `field:"optional" json:"runnerVersion" yaml:"runnerVersion"`
	// Security Groups to assign to this instance.
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// Where to place the network interfaces within the VPC.
	// Default: no subnet.
	//
	// Experimental.
	SubnetSelection *awsec2.SubnetSelection `field:"optional" json:"subnetSelection" yaml:"subnetSelection"`
	// VPC to build the image in.
	// Default: no VPC.
	//
	// Experimental.
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
	// Wait for image to finish building during deployment.
	//
	// It's usually best to leave this enabled to ensure everything is ready once deployment is done. However, it can be disabled to speed up deployment in case where you have a lot of image components that can take a long time to build.
	//
	// Disabling this option means a finished deployment is not ready to be used. You will have to wait for the image to finish building before the system can be used.
	//
	// Disabling this option may also mean any changes to settings or components can take up to a week (default rebuild interval) to take effect.
	// Default: true.
	//
	// Experimental.
	WaitOnDeploy *bool `field:"optional" json:"waitOnDeploy" yaml:"waitOnDeploy"`
}

Experimental.

type RunnerImageBuilderType added in v0.9.0 

type RunnerImageBuilderType string

Experimental. 

const (
	// Build runner images using AWS CodeBuild.
	//
	// Faster than AWS Image Builder, but can only be used to build Linux Docker images.
	// Experimental.
	RunnerImageBuilderType_CODE_BUILD RunnerImageBuilderType = "CODE_BUILD"
	// Build runner images using AWS Image Builder.
	//
	// Slower than CodeBuild, but can be used to build any type of image including AMIs and Windows images.
	// Experimental.
	RunnerImageBuilderType_AWS_IMAGE_BUILDER RunnerImageBuilderType = "AWS_IMAGE_BUILDER"
)

type RunnerImageComponent added in v0.9.0 

type RunnerImageComponent interface {
	// Component name.
	//
	// Used to identify component in image build logs, and for {@link IConfigurableRunnerImageBuilder.removeComponent }
	// Experimental.
	Name() *string
	// Returns assets to copy into the built image.
	//
	// Can be used to copy files into the image.
	// Experimental.
	GetAssets(_os Os, _architecture Architecture) *[]*RunnerImageAsset
	// Returns commands to run to in built image.
	//
	// Can be used to install packages, setup build prerequisites, etc.
	// Experimental.
	GetCommands(_os Os, _architecture Architecture) *[]*string
	// Returns Docker commands to run to in built image.
	//
	// Can be used to add commands like `VOLUME`, `ENTRYPOINT`, `CMD`, etc.
	//
	// Docker commands are added after assets and normal commands.
	// Experimental.
	GetDockerCommands(_os Os, _architecture Architecture) *[]*string
	// Returns true if the image builder should be rebooted after this component is installed.
	// Experimental.
	ShouldReboot(_os Os, _architecture Architecture) *bool
}

Components are used to build runner images.

They can run commands in the image, copy files into the image, and run some Docker commands. Experimental.

func RunnerImageComponent_AwsCli added in v0.9.0 

func RunnerImageComponent_AwsCli() RunnerImageComponent

A component to install the AWS CLI. Experimental.

func RunnerImageComponent_Custom added in v0.9.0 

func RunnerImageComponent_Custom(props *RunnerImageComponentCustomProps) RunnerImageComponent

Define a custom component that can run commands in the image, copy files into the image, and run some Docker commands.

The order of operations is (1) assets (2) commands (3) docker commands.

Use this to customize the image for the runner.

**WARNING:** Docker commands are not guaranteed to be included before the next component. Experimental.

func RunnerImageComponent_Docker added in v0.9.0 

func RunnerImageComponent_Docker() RunnerImageComponent

A component to install Docker.

On Windows this sets up dockerd for Windows containers without Docker Desktop. If you need Linux containers on Windows, you'll need to install Docker Desktop which doesn't seem to play well with servers (PRs welcome). Experimental.

func RunnerImageComponent_DockerInDocker added in v0.9.0 

func RunnerImageComponent_DockerInDocker() RunnerImageComponent

A component to install Docker-in-Docker. Deprecated: use `docker()`.

func RunnerImageComponent_EnvironmentVariables added in v0.13.2 

func RunnerImageComponent_EnvironmentVariables(vars *map[string]*string) RunnerImageComponent

A component to add environment variables for jobs the runner executes.

These variables only affect the jobs ran by the runner. They are not global. They do not affect other components.

It is not recommended to use this component to pass secrets. Instead, use GitHub Secrets or AWS Secrets Manager.

Must be used after the {@link githubRunner} component. Experimental.

func RunnerImageComponent_ExtraCertificates added in v0.9.0 

func RunnerImageComponent_ExtraCertificates(source *string, name *string) RunnerImageComponent

A component to add a trusted certificate authority.

This can be used to support GitHub Enterprise Server with self-signed certificate. Experimental.

func RunnerImageComponent_Git added in v0.9.0 

func RunnerImageComponent_Git() RunnerImageComponent

A component to install the GitHub CLI. Experimental.

func RunnerImageComponent_GithubCli added in v0.9.0 

func RunnerImageComponent_GithubCli() RunnerImageComponent

A component to install the GitHub CLI. Experimental.

func RunnerImageComponent_GithubRunner added in v0.9.0 

func RunnerImageComponent_GithubRunner(runnerVersion RunnerVersion) RunnerImageComponent

A component to install the GitHub Actions Runner.

This is the actual executable that connects to GitHub to ask for jobs and then execute them. Experimental.

func RunnerImageComponent_LambdaEntrypoint added in v0.9.0 

func RunnerImageComponent_LambdaEntrypoint() RunnerImageComponent

A component to set up the required Lambda entrypoint for Lambda runners. Experimental.

func RunnerImageComponent_RequiredPackages added in v0.9.0 

func RunnerImageComponent_RequiredPackages() RunnerImageComponent

A component to install the required packages for the runner. Experimental.

func RunnerImageComponent_RunnerUser added in v0.9.0 

func RunnerImageComponent_RunnerUser() RunnerImageComponent

A component to prepare the required runner user. Experimental.

type RunnerImageComponentCustomProps added in v0.9.0 

type RunnerImageComponentCustomProps struct {
	// Assets to copy into the built image.
	// Experimental.
	Assets *[]*RunnerImageAsset `field:"optional" json:"assets" yaml:"assets"`
	// Commands to run in the built image.
	// Experimental.
	Commands *[]*string `field:"optional" json:"commands" yaml:"commands"`
	// Docker commands to run in the built image.
	//
	// For example: `['ENV foo=bar', 'RUN echo $foo']`
	//
	// These commands are ignored when building AMIs.
	// Experimental.
	DockerCommands *[]*string `field:"optional" json:"dockerCommands" yaml:"dockerCommands"`
	// Component name used for (1) image build logging and (2) identifier for {@link IConfigurableRunnerImageBuilder.removeComponent }.
	//
	// Name must only contain alphanumeric characters and dashes.
	// Experimental.
	Name *string `field:"optional" json:"name" yaml:"name"`
}

Experimental.

type RunnerProviderProps 

type RunnerProviderProps struct {
	// The number of days log events are kept in CloudWatch Logs.
	//
	// When updating
	// this property, unsetting it doesn't remove the log retention policy. To
	// remove the retention policy, set the value to `INFINITE`.
	// Default: logs.RetentionDays.ONE_MONTH
	//
	// Experimental.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
	// Deprecated: use {@link retryOptions } on {@link GitHubRunners } instead.
	RetryOptions *ProviderRetryOptions `field:"optional" json:"retryOptions" yaml:"retryOptions"`
}

Common properties for all runner providers. Experimental.

type RunnerRuntimeParameters 

type RunnerRuntimeParameters struct {
	// Path to GitHub domain.
	//
	// Most of the time this will be github.com but for self-hosted GitHub instances, this will be different.
	// Experimental.
	GithubDomainPath *string `field:"required" json:"githubDomainPath" yaml:"githubDomainPath"`
	// Path to repository owner name.
	// Experimental.
	OwnerPath *string `field:"required" json:"ownerPath" yaml:"ownerPath"`
	// Repository or organization URL to register runner at.
	// Experimental.
	RegistrationUrl *string `field:"required" json:"registrationUrl" yaml:"registrationUrl"`
	// Path to repository name.
	// Experimental.
	RepoPath *string `field:"required" json:"repoPath" yaml:"repoPath"`
	// Path to desired runner name.
	//
	// We specifically set the name to make troubleshooting easier.
	// Experimental.
	RunnerNamePath *string `field:"required" json:"runnerNamePath" yaml:"runnerNamePath"`
	// Path to runner token used to register token.
	// Experimental.
	RunnerTokenPath *string `field:"required" json:"runnerTokenPath" yaml:"runnerTokenPath"`
}

Workflow job parameters as parsed from the webhook event. Pass these into your runner executor and run something like:.

```sh ./config.sh --unattended --url "{REGISTRATION_URL}" --token "${RUNNER_TOKEN}" --ephemeral --work _work --labels "${RUNNER_LABEL}" --name "${RUNNER_NAME}" --disableupdate ```

All parameters are specified as step function paths and therefore must be used only in step function task parameters. Experimental.

type RunnerVersion 

type RunnerVersion interface {
	// Experimental.
	Version() *string
	// Check if two versions are the same.
	// Experimental.
	Is(other RunnerVersion) *bool
}

Defines desired GitHub Actions runner version. Experimental.

func NewRunnerVersion 

func NewRunnerVersion(version *string) RunnerVersion

Experimental.

func RunnerVersion_Latest 

func RunnerVersion_Latest() RunnerVersion

Use the latest version available at the time the runner provider image is built. Experimental.

func RunnerVersion_Specific 

func RunnerVersion_Specific(version *string) RunnerVersion

Use a specific version. See: https://github.com/actions/runner/releases

Experimental.

type Secrets 

type Secrets interface {
	constructs.Construct
	// Authentication secret for GitHub containing either app details or personal access token.
	//
	// This secret is used to register runners and
	// cancel jobs when the runner fails to start.
	//
	// This secret is meant to be edited by the user after being created.
	// Experimental.
	Github() awssecretsmanager.Secret
	// GitHub app private key. Not needed when using personal access tokens.
	//
	// This secret is meant to be edited by the user after being created. It is separate than the main GitHub secret because inserting private keys into JSON is hard.
	// Experimental.
	GithubPrivateKey() awssecretsmanager.Secret
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Setup secret used to authenticate user for our setup wizard.
	//
	// Should be empty after setup has been completed.
	// Experimental.
	Setup() awssecretsmanager.Secret
	// Webhook secret used to confirm events are coming from GitHub and nowhere else.
	// Experimental.
	Webhook() awssecretsmanager.Secret
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

Secrets required for GitHub runners operation. Experimental.

func NewSecrets 

func NewSecrets(scope constructs.Construct, id *string) Secrets

Experimental.

type StaticRunnerImage added in v0.3.0 

type StaticRunnerImage interface {
}

Helper class with methods to use static images that are built outside the context of this project. Experimental.

func NewStaticRunnerImage added in v0.3.0 

func NewStaticRunnerImage() StaticRunnerImage

Experimental.

type StorageOptions added in v0.14.4 

type StorageOptions struct {
	// The number of I/O operations per second (IOPS) to provision for the volume.
	//
	// Must only be set for `volumeType`: `EbsDeviceVolumeType.IO1`
	//
	// The maximum ratio of IOPS to volume size (in GiB) is 50:1, so for 5,000 provisioned IOPS,
	// you need at least 100 GiB storage on the volume.
	// See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
	//
	// Default: - none, required for `EbsDeviceVolumeType.IO1`
	//
	// Experimental.
	Iops *float64 `field:"optional" json:"iops" yaml:"iops"`
	// The throughput that the volume supports, in MiB/s Takes a minimum of 125 and maximum of 1000.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-volume.html#cfn-ec2-volume-throughput
	//
	// Default: - 125 MiB/s. Only valid on gp3 volumes.
	//
	// Experimental.
	Throughput *float64 `field:"optional" json:"throughput" yaml:"throughput"`
	// The EBS volume type.
	// See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
	//
	// Default: `EbsDeviceVolumeType.GP2`
	//
	// Experimental.
	VolumeType awsec2.EbsDeviceVolumeType `field:"optional" json:"volumeType" yaml:"volumeType"`
}

Storage options for the runner instance. Experimental.

type WindowsComponents added in v0.6.0 

type WindowsComponents interface {
}

Components for Windows that can be used with AWS Image Builder based builders.

These cannot be used by {@link CodeBuildImageBuilder }. Deprecated: Use `RunnerImageComponent` instead.

func NewWindowsComponents deprecated added in v0.6.0 

func NewWindowsComponents() WindowsComponents

Deprecated: Use `RunnerImageComponent` instead.

Source Files

View all Source files

Directories

Path Synopsis
Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.
 Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.