feat: Add option to enable logging on state machine

src/lambdas/status/index.ts

@@ -134,6 +134,7 @@ exports.handler = async function () {
       webhookHandlerUrl: lambdaArnToUrl(process.env.WEBHOOK_HANDLER_ARN),
       stepFunctionArn: process.env.STEP_FUNCTION_ARN,
       stepFunctionUrl: stepFunctionArnToUrl(process.env.STEP_FUNCTION_ARN),
+      stepFunctionLogGroup: process.env.STEP_FUNCTION_LOG_GROUP,
       recentRuns: [] as RecentRun[],
     },
   };

src/runner.ts

@@ -3,8 +3,10 @@ import {
   aws_ec2 as ec2,
   aws_iam as iam,
   aws_lambda as lambda,
+  aws_logs as logs,
   aws_stepfunctions as stepfunctions,
   aws_stepfunctions_tasks as stepfunctions_tasks,
+  RemovalPolicy,
 } from 'aws-cdk-lib';
 import { FunctionUrlAuthType } from 'aws-cdk-lib/aws-lambda';
 import { Construct } from 'constructs';
@@ -82,6 +84,46 @@ export interface GitHubRunnersProps {
    * @default 10 minutes
    */
   readonly idleTimeout?: cdk.Duration;
+
+  /**
+   * Logging options for the state machine that manages the runners.
+   *
+   * @default no logs
+   */
+  readonly logOptions?: LogOptions;
+}
+
+/**
+ * Defines what execution history events are logged and where they are logged.
+ */
+export interface LogOptions {
+  /**
+   * The log group where the execution history events will be logged.
+   */
+  readonly logGroupName?: string;
+
+  /**
+   * Determines whether execution data is included in your log.
+   *
+   * @default false
+   */
+  readonly includeExecutionData?: boolean;
+
+  /**
+   * Defines which category of execution history events are logged.
+   *
+   * @default ERROR
+   */
+  readonly level?: stepfunctions.LogLevel;
+
+  /**
+   * The number of days log events are kept in CloudWatch Logs. When updating
+   * this property, unsetting it doesn't remove the log retention policy. To
+   * remove the retention policy, set the value to `INFINITE`.
+   *
+   * @default logs.RetentionDays.ONE_MONTH
+   */
+  readonly logRetention?: logs.RetentionDays;
 }
 
 /**
@@ -140,6 +182,7 @@ export class GitHubRunners extends Construct {
   private readonly setupUrl: string;
   private readonly extraLambdaEnv: {[p: string]: string} = {};
   private readonly extraLambdaProps: lambda.FunctionOptions;
+  private stateMachineLogGroup?: logs.LogGroup;
 
   constructor(scope: Construct, id: string, readonly props?: GitHubRunnersProps) {
     super(scope, id);
@@ -278,11 +321,27 @@ export class GitHubRunners extends Construct {
       .when(stepfunctions.Condition.isNotPresent('$.labels.self-hosted'), new stepfunctions.Succeed(this, 'No'))
       .otherwise(work);
 
+    let logOptions: cdk.aws_stepfunctions.LogOptions | undefined;
+    if (this.props?.logOptions) {
+      this.stateMachineLogGroup = new logs.LogGroup(this, 'Logs', {
+        logGroupName: props?.logOptions?.logGroupName,
+        retention: props?.logOptions?.logRetention ?? logs.RetentionDays.ONE_MONTH,
+        removalPolicy: RemovalPolicy.DESTROY,
+      });
+
+      logOptions = {
+        destination: this.stateMachineLogGroup,
+        includeExecutionData: props?.logOptions?.includeExecutionData ?? true,
+        level: props?.logOptions?.level ?? stepfunctions.LogLevel.ALL,
+      };
+    }
+
     const stateMachine = new stepfunctions.StateMachine(
       this,
       'Runner Orchestrator',
       {
         definition: check,
+        logs: logOptions,
       },
     );
 
@@ -351,6 +410,7 @@ export class GitHubRunners extends Construct {
           WEBHOOK_URL: this.webhook.url,
           WEBHOOK_HANDLER_ARN: this.webhook.handler.latestVersion.functionArn,
           STEP_FUNCTION_ARN: this.orchestrator.stateMachineArn,
+          STEP_FUNCTION_LOG_GROUP: this.stateMachineLogGroup?.logGroupName ?? '',
           SETUP_FUNCTION_URL: this.setupUrl,
           ...this.extraLambdaEnv,
         },

test/default.integ.snapshot/github-runners-test.assets.json

@@ -209,28 +209,28 @@
         }
       }
     },
-    "1d1f025a6abc03af735a1d9f680134d3b9c44baf6899b8734486d8527d4f1a5b": {
+    "165e1c4dfb9c46dd1e0d52c192374a9a1c16c01851d1aee4b48b5dc58bf31df0": {
       "source": {
-        "path": "asset.1d1f025a6abc03af735a1d9f680134d3b9c44baf6899b8734486d8527d4f1a5b",
+        "path": "asset.165e1c4dfb9c46dd1e0d52c192374a9a1c16c01851d1aee4b48b5dc58bf31df0",
         "packaging": "zip"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "1d1f025a6abc03af735a1d9f680134d3b9c44baf6899b8734486d8527d4f1a5b.zip",
+          "objectKey": "165e1c4dfb9c46dd1e0d52c192374a9a1c16c01851d1aee4b48b5dc58bf31df0.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
     },
-    "5bdb97545990fafb65ad252cd2694d12749d3d887cfd0327feb65c50a3ec1d0d": {
+    "c2822ff75b10806b106028ef401bbed464a897b608e8597bc0b2e409e00756ca": {
       "source": {
         "path": "github-runners-test.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "5bdb97545990fafb65ad252cd2694d12749d3d887cfd0327feb65c50a3ec1d0d.json",
+          "objectKey": "c2822ff75b10806b106028ef401bbed464a897b608e8597bc0b2e409e00756ca.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

test/default.integ.snapshot/github-runners-test.template.json

@@ -12063,7 +12063,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "1d1f025a6abc03af735a1d9f680134d3b9c44baf6899b8734486d8527d4f1a5b.zip"
+     "S3Key": "165e1c4dfb9c46dd1e0d52c192374a9a1c16c01851d1aee4b48b5dc58bf31df0.zip"
     },
     "Role": {
      "Fn::GetAtt": [
@@ -12109,6 +12109,7 @@
       "STEP_FUNCTION_ARN": {
        "Ref": "runnersRunnerOrchestratorF9B66EBA"
       },
+      "STEP_FUNCTION_LOG_GROUP": "",
       "SETUP_FUNCTION_URL": {
        "Fn::GetAtt": [
         "runnerssetupFunctionUrlB8BC43E8",

test/default.integ.snapshot/manifest.json

@@ -23,7 +23,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5bdb97545990fafb65ad252cd2694d12749d3d887cfd0327feb65c50a3ec1d0d.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c2822ff75b10806b106028ef401bbed464a897b608e8597bc0b2e409e00756ca.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [

test/default.integ.snapshot/tree.json

@@ -16247,7 +16247,7 @@
                           "s3Bucket": {
                             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
                           },
-                          "s3Key": "1d1f025a6abc03af735a1d9f680134d3b9c44baf6899b8734486d8527d4f1a5b.zip"
+                          "s3Key": "165e1c4dfb9c46dd1e0d52c192374a9a1c16c01851d1aee4b48b5dc58bf31df0.zip"
                         },
                         "role": {
                           "Fn::GetAtt": [
@@ -16293,6 +16293,7 @@
                             "STEP_FUNCTION_ARN": {
                               "Ref": "runnersRunnerOrchestratorF9B66EBA"
                             },
+                            "STEP_FUNCTION_LOG_GROUP": "",
                             "SETUP_FUNCTION_URL": {
                               "Fn::GetAtt": [
                                 "runnerssetupFunctionUrlB8BC43E8",

test/runner.test.ts

@@ -0,0 +1,33 @@
+import * as cdk from 'aws-cdk-lib';
+import { Match, Template } from 'aws-cdk-lib/assertions';
+import { GitHubRunners } from '../src';
+
+let app: cdk.App;
+let stack: cdk.Stack;
+
+describe('GitHubRunners', () => {
+  beforeEach(() => {
+    app = new cdk.App();
+    stack = new cdk.Stack(app, 'test');
+  });
+
+  test('Create GithubRunners with state machine logging enabled', () => {
+    new GitHubRunners(stack, 'runners', {
+      providers: [],
+      logOptions: {
+        logRetention: 1,
+        logGroupName: 'test',
+      },
+    });
+
+    const template = Template.fromStack(stack);
+
+    template.hasResourceProperties(
+      'AWS::Logs::LogGroup',
+      Match.objectLike({
+        LogGroupName: 'test',
+        RetentionInDays: 1,
+      }),
+    );
+  });
+});