diff --git a/.projen/tasks.json b/.projen/tasks.json
index 7105f39..3d5b1e8 100644
--- a/.projen/tasks.json
+++ b/.projen/tasks.json
@@ -84,6 +84,9 @@
{
"exec": "cp -r src/providers/docker-images assets"
},
+ {
+ "exec": "cp -r src/providers/lambda-*.sh assets/providers"
+ },
{
"exec": "vite build setup"
},
diff --git a/.projenrc.js b/.projenrc.js
index 4a4debb..da927ae 100644
--- a/.projenrc.js
+++ b/.projenrc.js
@@ -119,6 +119,7 @@ releaseWorkflow.file.addDeletionOverride('on.push');
// bundle docker images
project.bundler.bundleTask.exec('cp -r src/providers/docker-images assets');
+project.bundler.bundleTask.exec('cp -r src/providers/lambda-*.sh assets/providers');
// set proper line endings
project.gitattributes.addAttributes('*.js', 'eol=lf');
diff --git a/API.md b/API.md
index f744879..7cb1b1a 100644
--- a/API.md
+++ b/API.md
@@ -3876,7 +3876,7 @@ You can customize the OS, architecture, VPC, subnet, security groups, etc. by pa
You can add components to the image builder by calling `imageBuilder.addComponent()`.
-The default OS is Amazon Linux 2 running on x64 architecture.
+The default OS is Amazon Linux 2023 running on x64 architecture.
Included components:
* `RunnerImageComponent.requiredPackages()`
@@ -3887,8 +3887,6 @@ Included components:
* `RunnerImageComponent.githubRunner()`
* `RunnerImageComponent.lambdaEntrypoint()`
- Base Docker image: `public.ecr.aws/lambda/nodejs:20-x86_64` or `public.ecr.aws/lambda/nodejs:20-arm64`
-
###### `scope`Required
- *Type:* constructs.Construct
@@ -4242,7 +4240,7 @@ You can customize the OS, architecture, VPC, subnet, security groups, etc. by pa
You can add components to the image builder by calling `imageBuilder.addComponent()`.
-The default OS is Amazon Linux 2 running on x64 architecture.
+The default OS is Amazon Linux 2023 running on x64 architecture.
Included components:
* `RunnerImageComponent.requiredPackages()`
@@ -4253,8 +4251,6 @@ Included components:
* `RunnerImageComponent.githubRunner()`
* `RunnerImageComponent.lambdaEntrypoint()`
- Base Docker image: `public.ecr.aws/lambda/nodejs:20-x86_64` or `public.ecr.aws/lambda/nodejs:20-arm64`
-
###### `scope`Required
- *Type:* constructs.Construct
diff --git a/src/image-builders/components.ts b/src/image-builders/components.ts
index 2317cde..d37ed3f 100644
--- a/src/image-builders/components.ts
+++ b/src/image-builders/components.ts
@@ -509,7 +509,7 @@ export abstract class RunnerImageComponent {
name = 'Lambda-Entrypoint';
getCommands(os: Os, _architecture: Architecture) {
- if (!os.is(Os.LINUX_AMAZON_2) && !os.is(Os.LINUX_AMAZON_2023) && !os.is(Os.LINUX_UBUNTU)) {
+ if (!os.isIn(Os._ALL_LINUX_VERSIONS)) {
throw new Error(`Unsupported OS for Lambda entrypoint: ${os.name}`);
}
@@ -519,20 +519,19 @@ export abstract class RunnerImageComponent {
getAssets(_os: Os, _architecture: Architecture): RunnerImageAsset[] {
return [
{
- source: path.join(__dirname, '..', '..', 'assets', 'docker-images', 'lambda', 'linux-x64', 'runner.js'),
- target: '${LAMBDA_TASK_ROOT}/runner.js',
+ source: path.join(__dirname, '..', '..', 'assets', 'providers', 'lambda-bootstrap.sh'),
+ target: '/bootstrap.sh',
},
{
- source: path.join(__dirname, '..', '..', 'assets', 'docker-images', 'lambda', 'linux-x64', 'runner.sh'),
- target: '${LAMBDA_TASK_ROOT}/runner.sh',
+ source: path.join(__dirname, '..', '..', 'assets', 'providers', 'lambda-runner.sh'),
+ target: '/runner.sh',
},
];
}
getDockerCommands(_os: Os, _architecture: Architecture): string[] {
return [
- 'WORKDIR ${LAMBDA_TASK_ROOT}',
- 'CMD ["runner.handler"]',
+ 'ENTRYPOINT ["bash", "/bootstrap.sh"]',
];
}
};
diff --git a/src/providers/lambda-bootstrap.sh b/src/providers/lambda-bootstrap.sh
new file mode 100644
index 0000000..c5fbf02
--- /dev/null
+++ b/src/providers/lambda-bootstrap.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -euo pipefail
+
+while true
+do
+ # get data from lambda
+ HEADERS="$(mktemp)"
+ EVENT_DATA=$(curl -sS -LD "$HEADERS" "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/next")
+ REQUEST_ID=$(grep -Fi Lambda-Runtime-Aws-Request-Id "$HEADERS" | tr -d '[:space:]' | cut -d: -f2)
+
+ # execute runner and respond
+ if bash /runner.sh "$EVENT_DATA"; then
+ curl "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/$REQUEST_ID/response" -d ""
+ else
+ curl "http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/$REQUEST_ID/error" -d "{\"errorMessage\": \"Runner failed with exit code $?\", \"errorType\": \"Error\", \"stackTrace\": []}"
+ fi
+
+ # cleanup
+ find /tmp -mindepth 1 -maxdepth 1 -exec rm -rf '{}' \;
+done
diff --git a/src/providers/lambda-runner.sh b/src/providers/lambda-runner.sh
new file mode 100644
index 0000000..56b5989
--- /dev/null
+++ b/src/providers/lambda-runner.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# workaround for "Cannot get required symbol EVP_rc2_cbc from libssl"
+# lambda docker image for node.js comes with stripped down libssl.so pushed in LD_LIBRARY_PATH
+if [ -f /var/lang/lib/libssl.so ]; then
+ export LD_LIBRARY_PATH=/usr/lib64:$LD_LIBRARY_PATH
+fi
+
+# extract parameters
+OWNER=$(echo "$1" | jq -r .owner)
+REPO=$(echo "$1" | jq -r .repo)
+GITHUB_DOMAIN=$(echo "$1" | jq -r .githubDomain)
+RUNNER_TOKEN=$(echo "$1" | jq -r .token)
+RUNNER_NAME=$(echo "$1" | jq -r .runnerName)
+RUNNER_LABEL=$(echo "$1" | jq -r .label)
+REGISTRATION_URL=$(echo "$1" | jq -r .registrationUrl)
+
+# copy runner code (it needs a writable directory)
+cp -r /home/runner /tmp/
+cd /tmp/runner
+
+# setup home directory
+mkdir /tmp/home
+export HOME=/tmp/home
+
+# start runner
+if [ "${RUNNER_VERSION}" = "latest" ]; then RUNNER_FLAGS=""; else RUNNER_FLAGS="--disableupdate"; fi
+./config.sh --unattended --url "${REGISTRATION_URL}" --token "${RUNNER_TOKEN}" --ephemeral --work _work --labels "${RUNNER_LABEL},cdkghr:started:`date +%s`" --name "${RUNNER_NAME}" ${RUNNER_FLAGS}
+echo Config done
+./run.sh
+echo Run done
+
+# print status for metrics
+STATUS=$(grep -Phors "finish job request for job [0-9a-f\-]+ with result: \K.*" _diag/ | tail -n1)
+[ -n "$STATUS" ] && echo CDKGHA JOB DONE "$RUNNER_LABEL" "$STATUS"
diff --git a/src/providers/lambda.ts b/src/providers/lambda.ts
index 687e525..b15effc 100644
--- a/src/providers/lambda.ts
+++ b/src/providers/lambda.ts
@@ -153,7 +153,7 @@ export class LambdaRunnerProvider extends BaseProvider implements IRunnerProvide
*
* You can add components to the image builder by calling `imageBuilder.addComponent()`.
*
- * The default OS is Amazon Linux 2 running on x64 architecture.
+ * The default OS is Amazon Linux 2023 running on x64 architecture.
*
* Included components:
* * `RunnerImageComponent.requiredPackages()`
@@ -163,24 +163,11 @@ export class LambdaRunnerProvider extends BaseProvider implements IRunnerProvide
* * `RunnerImageComponent.awsCli()`
* * `RunnerImageComponent.githubRunner()`
* * `RunnerImageComponent.lambdaEntrypoint()`
- *
- * Base Docker image: `public.ecr.aws/lambda/nodejs:20-x86_64` or `public.ecr.aws/lambda/nodejs:20-arm64`
*/
public static imageBuilder(scope: Construct, id: string, props?: RunnerImageBuilderProps) {
- if (props?.os && !Os.LINUX_AMAZON_2.is(props.os) && !props?.baseDockerImage) {
- // TODO we can support Ubuntu by building our own image https://docs.aws.amazon.com/lambda/latest/dg/nodejs-image.html#nodejs-image-clients
- throw new Error('Lambda runner provider only supports Amazon Linux 2. Use a different provider or specify a custom `baseDockerImage` that supports your desired OS.');
- }
-
- let baseDockerImage = 'public.ecr.aws/lambda/nodejs:20-x86_64';
- if (props?.architecture === Architecture.ARM64) {
- baseDockerImage = 'public.ecr.aws/lambda/nodejs:20-arm64';
- }
-
return RunnerImageBuilder.new(scope, id, {
os: Os.LINUX_AMAZON_2023,
- architecture: props?.architecture ?? Architecture.X86_64,
- baseDockerImage,
+ architecture: Architecture.X86_64,
components: [
RunnerImageComponent.requiredPackages(),
RunnerImageComponent.runnerUser(),
diff --git a/test/default.integ.snapshot/github-runners-test.assets.json b/test/default.integ.snapshot/github-runners-test.assets.json
index b30f712..2bf1b2c 100644
--- a/test/default.integ.snapshot/github-runners-test.assets.json
+++ b/test/default.integ.snapshot/github-runners-test.assets.json
@@ -40,28 +40,28 @@
}
}
},
- "68628bab8c925c01632702a86513d4b22840e7fbb138f290bab11c2c2d54c489": {
+ "2fc3b84da69dcc5adb6dc4721b50c1166474fa7e5fd5f242e833d12ac28e09d9": {
"source": {
- "path": "asset.68628bab8c925c01632702a86513d4b22840e7fbb138f290bab11c2c2d54c489.js",
+ "path": "asset.2fc3b84da69dcc5adb6dc4721b50c1166474fa7e5fd5f242e833d12ac28e09d9.sh",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "68628bab8c925c01632702a86513d4b22840e7fbb138f290bab11c2c2d54c489.js",
+ "objectKey": "2fc3b84da69dcc5adb6dc4721b50c1166474fa7e5fd5f242e833d12ac28e09d9.sh",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
},
- "66540a3450c33faeefad87df9de8684f624030603c76336933c519972d85a072": {
+ "7be6b27ef13a5bba7f44b1d9c6e50fc2c68fdb40d51cef42cee01f27c38842a9": {
"source": {
- "path": "asset.66540a3450c33faeefad87df9de8684f624030603c76336933c519972d85a072.sh",
+ "path": "asset.7be6b27ef13a5bba7f44b1d9c6e50fc2c68fdb40d51cef42cee01f27c38842a9.sh",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "66540a3450c33faeefad87df9de8684f624030603c76336933c519972d85a072.sh",
+ "objectKey": "7be6b27ef13a5bba7f44b1d9c6e50fc2c68fdb40d51cef42cee01f27c38842a9.sh",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
@@ -209,7 +209,7 @@
}
}
},
- "54ea0c28666f3fa077b83dbc9a02d3d6d3304dbd52deb343fc69e6a7ca821b0e": {
+ "8368627222f528d1ca1bdcdde41640c2fe68400d3d98ed2e5699e5ff524c02f3": {
"source": {
"path": "github-runners-test.template.json",
"packaging": "file"
@@ -217,7 +217,7 @@
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
- "objectKey": "54ea0c28666f3fa077b83dbc9a02d3d6d3304dbd52deb343fc69e6a7ca821b0e.json",
+ "objectKey": "8368627222f528d1ca1bdcdde41640c2fe68400d3d98ed2e5699e5ff524c02f3.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
diff --git a/test/default.integ.snapshot/github-runners-test.template.json b/test/default.integ.snapshot/github-runners-test.template.json
index db7f71d..dcda394 100644
--- a/test/default.integ.snapshot/github-runners-test.template.json
+++ b/test/default.integ.snapshot/github-runners-test.template.json
@@ -1658,17 +1658,17 @@
},
".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils amazon-cloudwatch-agent\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ",
{
- "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/68628bab8c925c01632702a86513d4b22840e7fbb138f290bab11c2c2d54c489.js"
+ "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2fc3b84da69dcc5adb6dc4721b50c1166474fa7e5fd5f242e833d12ac28e09d9.sh"
},
" asset6-Lambda-Entrypoint-0\",\n \"aws s3 cp ",
{
- "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/66540a3450c33faeefad87df9de8684f624030603c76336933c519972d85a072.sh"
+ "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7be6b27ef13a5bba7f44b1d9c6e50fc2c68fdb40d51cef42cee01f27c38842a9.sh"
},
" asset6-Lambda-Entrypoint-1\",\n \"cat > component6-Lambda-Entrypoint.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-Lambda-Entrypoint.sh\",\n \"aws s3 cp ",
{
"Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml"
},
- " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > component8-EnvironmentVariables.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\necho 'HELLO=world' >> /home/runner/.env\\necho 'FOO=bar' >> /home/runner/.env\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component8-EnvironmentVariables.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lambda/nodejs:20-x86_64\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Lambda-Entrypoint-0 ${LAMBDA_TASK_ROOT}/runner.js\\nCOPY asset6-Lambda-Entrypoint-1 ${LAMBDA_TASK_ROOT}/runner.sh\\nCOPY component6-Lambda-Entrypoint.sh /tmp\\nRUN /tmp/component6-Lambda-Entrypoint.sh\\nWORKDIR ${LAMBDA_TASK_ROOT}\\nCMD [\\\"runner.handler\\\"]\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\nCOPY component8-EnvironmentVariables.sh /tmp\\nRUN /tmp/component8-EnvironmentVariables.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILURE\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"UniqueId\\\": \\\"build\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": \\\"$RANDOM\\\"\\n}\\nEOF\",\n \"if [ \\\"$WAIT_HANDLE\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$WAIT_HANDLE\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_x86_64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}"
+ " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > component8-EnvironmentVariables.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\necho 'HELLO=world' >> /home/runner/.env\\necho 'FOO=bar' >> /home/runner/.env\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component8-EnvironmentVariables.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/amazonlinux/amazonlinux:2023\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Lambda-Entrypoint-0 /bootstrap.sh\\nCOPY asset6-Lambda-Entrypoint-1 /runner.sh\\nCOPY component6-Lambda-Entrypoint.sh /tmp\\nRUN /tmp/component6-Lambda-Entrypoint.sh\\nENTRYPOINT [\\\"bash\\\", \\\"/bootstrap.sh\\\"]\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\nCOPY component8-EnvironmentVariables.sh /tmp\\nRUN /tmp/component8-EnvironmentVariables.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILURE\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"UniqueId\\\": \\\"build\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": \\\"$RANDOM\\\"\\n}\\nEOF\",\n \"if [ \\\"$WAIT_HANDLE\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$WAIT_HANDLE\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_x86_64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}"
]
]
},
@@ -1770,15 +1770,15 @@
]
}
},
- "LambdaImageBuilderx64BuildWaitHandle04253047704421FD57": {
+ "LambdaImageBuilderx64BuildWaitHandleabc1a2cf4eBF42E433": {
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
- "LambdaImageBuilderx64BuildWait0425304770B101FFCC": {
+ "LambdaImageBuilderx64BuildWaitabc1a2cf4e6C943A34": {
"Type": "AWS::CloudFormation::WaitCondition",
"Properties": {
"Count": 1,
"Handle": {
- "Ref": "LambdaImageBuilderx64BuildWaitHandle04253047704421FD57"
+ "Ref": "LambdaImageBuilderx64BuildWaitHandleabc1a2cf4eBF42E433"
},
"Timeout": "3600"
}
@@ -1799,7 +1799,7 @@
"Ref": "LambdaImageBuilderx64CodeBuild67DE14C8"
},
"WaitHandle": {
- "Ref": "LambdaImageBuilderx64BuildWaitHandle04253047704421FD57"
+ "Ref": "LambdaImageBuilderx64BuildWaitHandleabc1a2cf4eBF42E433"
}
},
"DependsOn": [
@@ -5594,17 +5594,17 @@
},
".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils amazon-cloudwatch-agent\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ",
{
- "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/68628bab8c925c01632702a86513d4b22840e7fbb138f290bab11c2c2d54c489.js"
+ "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2fc3b84da69dcc5adb6dc4721b50c1166474fa7e5fd5f242e833d12ac28e09d9.sh"
},
" asset6-Lambda-Entrypoint-0\",\n \"aws s3 cp ",
{
- "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/66540a3450c33faeefad87df9de8684f624030603c76336933c519972d85a072.sh"
+ "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7be6b27ef13a5bba7f44b1d9c6e50fc2c68fdb40d51cef42cee01f27c38842a9.sh"
},
" asset6-Lambda-Entrypoint-1\",\n \"cat > component6-Lambda-Entrypoint.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-Lambda-Entrypoint.sh\",\n \"aws s3 cp ",
{
"Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml"
},
- " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > component8-EnvironmentVariables.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\necho 'HELLO=world' >> /home/runner/.env\\necho 'FOO=bar' >> /home/runner/.env\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component8-EnvironmentVariables.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lambda/nodejs:20-arm64\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Lambda-Entrypoint-0 ${LAMBDA_TASK_ROOT}/runner.js\\nCOPY asset6-Lambda-Entrypoint-1 ${LAMBDA_TASK_ROOT}/runner.sh\\nCOPY component6-Lambda-Entrypoint.sh /tmp\\nRUN /tmp/component6-Lambda-Entrypoint.sh\\nWORKDIR ${LAMBDA_TASK_ROOT}\\nCMD [\\\"runner.handler\\\"]\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\nCOPY component8-EnvironmentVariables.sh /tmp\\nRUN /tmp/component8-EnvironmentVariables.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILURE\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"UniqueId\\\": \\\"build\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": \\\"$RANDOM\\\"\\n}\\nEOF\",\n \"if [ \\\"$WAIT_HANDLE\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$WAIT_HANDLE\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_arm64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}"
+ " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > component8-EnvironmentVariables.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\necho 'HELLO=world' >> /home/runner/.env\\necho 'FOO=bar' >> /home/runner/.env\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component8-EnvironmentVariables.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/amazonlinux/amazonlinux:2023\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Lambda-Entrypoint-0 /bootstrap.sh\\nCOPY asset6-Lambda-Entrypoint-1 /runner.sh\\nCOPY component6-Lambda-Entrypoint.sh /tmp\\nRUN /tmp/component6-Lambda-Entrypoint.sh\\nENTRYPOINT [\\\"bash\\\", \\\"/bootstrap.sh\\\"]\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\nCOPY component8-EnvironmentVariables.sh /tmp\\nRUN /tmp/component8-EnvironmentVariables.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILURE\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"UniqueId\\\": \\\"build\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": \\\"$RANDOM\\\"\\n}\\nEOF\",\n \"if [ \\\"$WAIT_HANDLE\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$WAIT_HANDLE\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_arm64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}"
]
]
},
@@ -5706,15 +5706,15 @@
]
}
},
- "LambdaImageBuilderzBuildWaitHandle0a45e8282d494E5D62": {
+ "LambdaImageBuilderzBuildWaitHandlee9b9180134313DC046": {
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
- "LambdaImageBuilderzBuildWait0a45e8282dD494F5CD": {
+ "LambdaImageBuilderzBuildWaite9b918013451CEF311": {
"Type": "AWS::CloudFormation::WaitCondition",
"Properties": {
"Count": 1,
"Handle": {
- "Ref": "LambdaImageBuilderzBuildWaitHandle0a45e8282d494E5D62"
+ "Ref": "LambdaImageBuilderzBuildWaitHandlee9b9180134313DC046"
},
"Timeout": "3600"
}
@@ -5735,7 +5735,7 @@
"Ref": "LambdaImageBuilderzCodeBuild73AB6718"
},
"WaitHandle": {
- "Ref": "LambdaImageBuilderzBuildWaitHandle0a45e8282d494E5D62"
+ "Ref": "LambdaImageBuilderzBuildWaitHandlee9b9180134313DC046"
}
},
"DependsOn": [
@@ -11212,7 +11212,7 @@
[
"{\"service\":\"fake\",\"action\":\"fake\",\"parameters\":{\"version\":1,\"labels\":[\"lambda\",\"x64\"],\"architecture\":\"x86_64\",\"dependable\":\"",
{
- "Ref": "LambdaImageBuilderx64BuildWait0425304770B101FFCC"
+ "Ref": "LambdaImageBuilderx64BuildWaitabc1a2cf4e6C943A34"
},
"\"}}"
]
@@ -11643,7 +11643,7 @@
[
"{\"service\":\"fake\",\"action\":\"fake\",\"parameters\":{\"version\":1,\"labels\":[\"lambda\",\"arm64\"],\"architecture\":\"arm64\",\"dependable\":\"",
{
- "Ref": "LambdaImageBuilderzBuildWait0a45e8282dD494F5CD"
+ "Ref": "LambdaImageBuilderzBuildWaite9b918013451CEF311"
},
"\"}}"
]
diff --git a/test/imagebuilder.test.ts b/test/imagebuilder.test.ts
index d49e930..daaf7e2 100644
--- a/test/imagebuilder.test.ts
+++ b/test/imagebuilder.test.ts
@@ -307,22 +307,6 @@ test('Lambda default image builder has GitHub Runner and Lambda entry point', ()
});
});
-test('Lambda image builder only accepts AMZL2', () => {
- const app = new cdk.App();
- const stack = new cdk.Stack(app, 'test');
-
- expect(() => {
- LambdaRunnerProvider.imageBuilder(stack, 'builder', {
- os: Os.LINUX_UBUNTU,
- });
- }).toThrowError('Lambda runner provider only supports Amazon Linux 2');
-
- LambdaRunnerProvider.imageBuilder(stack, 'builder', {
- os: Os.LINUX_UBUNTU,
- baseDockerImage: 'some-fake-ubuntu-image',
- });
-});
-
test('Unused builder doesn\'t throw exceptions', () => {
const app = new cdk.App();
const stack = new cdk.Stack(app, 'test');