UNPKG

@cloudsnorkel/cdk-github-runners

Version:

CDK construct to create GitHub Actions self-hosted runners. Creates ephemeral runners on demand. Easy to deploy and highly customizable.

github.com/CloudSnorkel/cdk-github-runners

CloudSnorkel/cdk-github-runners

45 lines 11.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.GithubWebhookHandler = void 0; const cdk = require("aws-cdk-lib"); const aws_cdk_lib_1 = require("aws-cdk-lib"); const constructs_1 = require("constructs"); const access_1 = require("./access"); const utils_1 = require("./utils"); const webhook_handler_function_1 = require("./webhook-handler-function"); /** * Create a Lambda with a public URL to handle GitHub webhook events. After validating the event with the given secret, the orchestrator step function is called with information about the workflow job. * * @internal */ class GithubWebhookHandler extends constructs_1.Construct { constructor(scope, id, props) { super(scope, id); this.handler = new webhook_handler_function_1.WebhookHandlerFunction(this, 'webhook-handler', { description: 'Handle GitHub webhook and start runner orchestrator', environment: { STEP_FUNCTION_ARN: props.orchestrator.stateMachineArn, WEBHOOK_SECRET_ARN: props.secrets.webhook.secretArn, GITHUB_SECRET_ARN: props.secrets.github.secretArn, GITHUB_PRIVATE_KEY_SECRET_ARN: props.secrets.githubPrivateKey.secretArn, PROVIDERS: JSON.stringify(props.providers), REQUIRE_SELF_HOSTED_LABEL: props.requireSelfHostedLabel ? '1' : '0', PROVIDER_SELECTOR_ARN: props.providerSelector?.functionArn ?? '', ...props.extraLambdaEnv, }, timeout: cdk.Duration.seconds(31), logGroup: (0, utils_1.singletonLogGroup)(this, utils_1.SingletonLogType.ORCHESTRATOR), loggingFormat: aws_cdk_lib_1.aws_lambda.LoggingFormat.JSON, ...props.extraLambdaProps, }); const access = props?.access ?? access_1.LambdaAccess.lambdaUrl(); this.url = access.bind(this, 'access', this.handler); props.secrets.webhook.grantRead(this.handler); props.secrets.github.grantRead(this.handler); props.secrets.githubPrivateKey.grantRead(this.handler); props.orchestrator.grantStartExecution(this.handler); props.providerSelector?.grantInvoke(this.handler); } } exports.GithubWebhookHandler = GithubWebhookHandler; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoid2ViaG9vay5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy93ZWJob29rLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLG1DQUFtQztBQUNuQyw2Q0FBdUY7QUFDdkYsMkNBQXVDO0FBQ3ZDLHFDQUF3QztBQUV4QyxtQ0FBOEQ7QUFDOUQseUVBQW9FO0FBdUdwRTs7OztHQUlHO0FBQ0gsTUFBYSxvQkFBcUIsU0FBUSxzQkFBUztJQVlqRCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQWdDO1FBQ3hFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsSUFBSSxDQUFDLE9BQU8sR0FBRyxJQUFJLGlEQUFzQixDQUN2QyxJQUFJLEVBQ0osaUJBQWlCLEVBQ2pCO1lBQ0UsV0FBVyxFQUFFLHFEQUFxRDtZQUNsRSxXQUFXLEVBQUU7Z0JBQ1gsaUJBQWlCLEVBQUUsS0FBSyxDQUFDLFlBQVksQ0FBQyxlQUFlO2dCQUNyRCxrQkFBa0IsRUFBRSxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTO2dCQUNuRCxpQkFBaUIsRUFBRSxLQUFLLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxTQUFTO2dCQUNqRCw2QkFBNkIsRUFBRSxLQUFLLENBQUMsT0FBTyxDQUFDLGdCQUFnQixDQUFDLFNBQVM7Z0JBQ3ZFLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUM7Z0JBQzFDLHlCQUF5QixFQUFFLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxHQUFHO2dCQUNuRSxxQkFBcUIsRUFBRSxLQUFLLENBQUMsZ0JBQWdCLEVBQUUsV0FBVyxJQUFJLEVBQUU7Z0JBQ2hFLEdBQUcsS0FBSyxDQUFDLGNBQWM7YUFDeEI7WUFDRCxPQUFPLEVBQUUsR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ2pDLFFBQVEsRUFBRSxJQUFBLHlCQUFpQixFQUFDLElBQUksRUFBRSx3QkFBZ0IsQ0FBQyxZQUFZLENBQUM7WUFDaEUsYUFBYSxFQUFFLHdCQUFNLENBQUMsYUFBYSxDQUFDLElBQUk7WUFDeEMsR0FBRyxLQUFLLENBQUMsZ0JBQWdCO1NBQzFCLENBQ0YsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLEtBQUssRUFBRSxNQUFNLElBQUkscUJBQVksQ0FBQyxTQUFTLEVBQUUsQ0FBQztRQUN6RCxJQUFJLENBQUMsR0FBRyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLFFBQVEsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFckQsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUM5QyxLQUFLLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzdDLEtBQUssQ0FBQyxPQUFPLENBQUMsZ0JBQWdCLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN2RCxLQUFLLENBQUMsWUFBWSxDQUFDLG1CQUFtQixDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNyRCxLQUFLLENBQUMsZ0JBQWdCLEVBQUUsV0FBVyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNwRCxDQUFDO0NBQ0Y7QUE5Q0Qsb0RBOENDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY2RrIGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCB7IGF3c19sYW1iZGEgYXMgbGFtYmRhLCBhd3Nfc3RlcGZ1bmN0aW9ucyBhcyBzdGVwZnVuY3Rpb25zIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgeyBMYW1iZGFBY2Nlc3MgfSBmcm9tICcuL2FjY2Vzcyc7XG5pbXBvcnQgeyBTZWNyZXRzIH0gZnJvbSAnLi9zZWNyZXRzJztcbmltcG9ydCB7IHNpbmdsZXRvbkxvZ0dyb3VwLCBTaW5nbGV0b25Mb2dUeXBlIH0gZnJvbSAnLi91dGlscyc7XG5pbXBvcnQgeyBXZWJob29rSGFuZGxlckZ1bmN0aW9uIH0gZnJvbSAnLi93ZWJob29rLWhhbmRsZXItZnVuY3Rpb24nO1xuXG4vKipcbiAqIElucHV0IHRvIHRoZSBwcm92aWRlciBzZWxlY3RvciBMYW1iZGEgZnVuY3Rpb24uXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgUHJvdmlkZXJTZWxlY3RvcklucHV0IHtcbiAgLyoqXG4gICAqIEZ1bGwgR2l0SHViIHdlYmhvb2sgcGF5bG9hZCAod29ya2Zsb3dfam9iIGV2ZW50IHN0cnVjdHVyZSB3aXRoIGFjdGlvbj1cInF1ZXVlZFwiKS5cbiAgICpcbiAgICogKiBPcmlnaW5hbCBsYWJlbHMgcmVxdWVzdGVkIGJ5IHRoZSB3b3JrZmxvdyBqb2IgY2FuIGJlIGZvdW5kIGF0IGBwYXlsb2FkLndvcmtmbG93X2pvYi5sYWJlbHNgLlxuICAgKiAqIFJlcG9zaXRvcnkgcGF0aCAoZS5nLiBDbG91ZFNub3JrZWwvY2RrLWdpdGh1Yi1ydW5uZXJzKSBpcyBhdCBgcGF5bG9hZC5yZXBvc2l0b3J5LmZ1bGxfbmFtZWAuXG4gICAqICogQ29tbWl0IGhhc2ggaXMgYXQgYHBheWxvYWQud29ya2Zsb3dfam9iLmhlYWRfc2hhYC5cbiAgICpcbiAgICogQHNlZSBodHRwczovL2RvY3MuZ2l0aHViLmNvbS9lbi93ZWJob29rcy93ZWJob29rLWV2ZW50cy1hbmQtcGF5bG9hZHM/YWN0aW9uVHlwZT1xdWV1ZWQjd29ya2Zsb3dfam9iXG4gICAqL1xuICByZWFkb25seSBwYXlsb2FkOiBhbnk7XG5cbiAgLyoqXG4gICAqIE1hcCBvZiBhdmFpbGFibGUgcHJvdmlkZXIgbm9kZSBwYXRocyB0byB0aGVpciBjb25maWd1cmVkIGxhYmVscy5cbiAgICogRXhhbXBsZTogeyBcIk15U3RhY2svU21hbGxcIjogW1wibGludXhcIiwgXCJzbWFsbFwiXSwgXCJNeVN0YWNrL0xhcmdlXCI6IFtcImxpbnV4XCIsIFwibGFyZ2VcIl0gfVxuICAgKi9cbiAgcmVhZG9ubHkgcHJvdmlkZXJzOiBSZWNvcmQ8c3RyaW5nLCBzdHJpbmdbXT47XG5cbiAgLyoqXG4gICAqIFByb3ZpZGVyIG5vZGUgcGF0aCB0aGF0IHdvdWxkIGhhdmUgYmVlbiBzZWxlY3RlZCBieSBkZWZhdWx0IGxhYmVsIG1hdGNoaW5nLlxuICAgKiBVc2UgdGhpcyB0byBlYXNpbHkgcmV0dXJuIHRoZSBkZWZhdWx0IHNlbGVjdGlvbjogYHsgcHJvdmlkZXI6IGlucHV0LmRlZmF1bHRQcm92aWRlciwgbGFiZWxzOiBpbnB1dC5kZWZhdWx0TGFiZWxzIH1gXG4gICAqIE1heSBiZSB1bmRlZmluZWQgaWYgbm8gcHJvdmlkZXIgbWF0Y2hlZCBieSBkZWZhdWx0LlxuICAgKi9cbiAgcmVhZG9ubHkgZGVmYXVsdFByb3ZpZGVyPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBMYWJlbHMgdGhhdCB3b3VsZCBoYXZlIGJlZW4gdXNlZCBieSBkZWZhdWx0ICh0aGUgc2VsZWN0ZWQgcHJvdmlkZXIncyBsYWJlbHMpLlxuICAgKiBNYXkgYmUgdW5kZWZpbmVkIGlmIG5vIHByb3ZpZGVyIG1hdGNoZWQgYnkgZGVmYXVsdC5cbiAgICovXG4gIHJlYWRvbmx5IGRlZmF1bHRMYWJlbHM/OiBzdHJpbmdbXTtcbn1cblxuLyoqXG4gKiBSZXN1bHQgZnJvbSB0aGUgcHJvdmlkZXIgc2VsZWN0b3IgTGFtYmRhIGZ1bmN0aW9uLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIFByb3ZpZGVyU2VsZWN0b3JSZXN1bHQge1xuICAvKipcbiAgICogTm9kZSBwYXRoIG9mIHRoZSBwcm92aWRlciB0byB1c2UgKGUuZy4sIFwiTXlTdGFjay9NeVByb3ZpZGVyXCIpLlxuICAgKiBNdXN0IG1hdGNoIG9uZSBvZiB0aGUgY29uZmlndXJlZCBwcm92aWRlciBub2RlIHBhdGhzIGZyb20gdGhlIGlucHV0LlxuICAgKiBJZiBub3QgcHJvdmlkZWQsIHRoZSBqb2Igd2lsbCBiZSBza2lwcGVkIChubyBydW5uZXIgY3JlYXRlZCkuXG4gICAqL1xuICByZWFkb25seSBwcm92aWRlcj86IHN0cmluZztcblxuICAvKipcbiAgICogTGFiZWxzIHRvIHVzZSB3aGVuIHJlZ2lzdGVyaW5nIHRoZSBydW5uZXIuXG4gICAqIE11c3QgYmUgcmV0dXJuZWQgd2hlbiBhIHByb3ZpZGVyIGlzIHNlbGVjdGVkLlxuICAgKiBDYW4gYmUgdXNlZCB0byBhZGQsIHJlbW92ZSwgb3IgbW9kaWZ5IGxhYmVscy5cbiAgICovXG4gIHJlYWRvbmx5IGxhYmVscz86IHN0cmluZ1tdO1xufVxuXG4vKipcbiAqIFByb3BlcnRpZXMgZm9yIEdpdGh1YldlYmhvb2tIYW5kbGVyXG4gKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgR2l0aHViV2ViaG9va0hhbmRsZXJQcm9wcyB7XG4gIC8qKlxuICAgKiBTdGVwIGZ1bmN0aW9uIGluIGNoYXJnZSBvZiBoYW5kbGluZyB0aGUgd29ya2Zsb3cgam9iIGV2ZW50cyBhbmQgc3RhcnQgdGhlIHJ1bm5lcnMuXG4gICAqL1xuICByZWFkb25seSBvcmNoZXN0cmF0b3I6IHN0ZXBmdW5jdGlvbnMuU3RhdGVNYWNoaW5lO1xuXG4gIC8qKlxuICAgKiBTZWNyZXRzIHVzZWQgdG8gY29tbXVuaWNhdGUgd2l0aCBHaXRIdWIuXG4gICAqL1xuICByZWFkb25seSBzZWNyZXRzOiBTZWNyZXRzO1xuXG4gIC8qKlxuICAgKiBDb25maWd1cmUgYWNjZXNzIHRvIHdlYmhvb2sgZnVuY3Rpb24uXG4gICAqL1xuICByZWFkb25seSBhY2Nlc3M/OiBMYW1iZGFBY2Nlc3M7XG5cbiAgLyoqXG4gICAqIE1hcHBpbmcgb2YgcHJvdmlkZXIgbm9kZSBwYXRocyB0byB0aGVpciBzdXBwb3J0ZWQgbGFiZWxzLlxuICAgKi9cbiAgcmVhZG9ubHkgcHJvdmlkZXJzOiBSZWNvcmQ8c3RyaW5nLCBzdHJpbmdbXT47XG5cbiAgLyoqXG4gICAqIE9wdGlvbmFsIExhbWJkYSBmdW5jdGlvbiB0byBjdXN0b21pemUgcHJvdmlkZXIgc2VsZWN0aW9uLlxuICAgKi9cbiAgcmVhZG9ubHkgcHJvdmlkZXJTZWxlY3Rvcj86IGxhbWJkYS5JRnVuY3Rpb247XG5cbiAgLyoqXG4gICAqIFdoZXRoZXIgdG8gcmVxdWlyZSB0aGUgXCJzZWxmLWhvc3RlZFwiIGxhYmVsLlxuICAgKi9cbiAgcmVhZG9ubHkgcmVxdWlyZVNlbGZIb3N0ZWRMYWJlbDogYm9vbGVhbjtcblxuICAvKipcbiAgICogQWRkaXRpb25hbCBMYW1iZGEgZnVuY3Rpb24gb3B0aW9ucyAoVlBDLCBzZWN1cml0eSBncm91cHMsIGxheWVycywgZXRjLikuXG4gICAqL1xuICByZWFkb25seSBleHRyYUxhbWJkYVByb3BzPzogbGFtYmRhLkZ1bmN0aW9uT3B0aW9ucztcblxuICAvKipcbiAgICogQWRkaXRpb25hbCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgZm9yIHRoZSBMYW1iZGEgZnVuY3Rpb24uXG4gICAqL1xuICByZWFkb25seSBleHRyYUxhbWJkYUVudj86IHsgW2tleTogc3RyaW5nXTogc3RyaW5nIH07XG59XG5cbi8qKlxuICogQ3JlYXRlIGEgTGFtYmRhIHdpdGggYSBwdWJsaWMgVVJMIHRvIGhhbmRsZSBHaXRIdWIgd2ViaG9vayBldmVudHMuIEFmdGVyIHZhbGlkYXRpbmcgdGhlIGV2ZW50IHdpdGggdGhlIGdpdmVuIHNlY3JldCwgdGhlIG9yY2hlc3RyYXRvciBzdGVwIGZ1bmN0aW9uIGlzIGNhbGxlZCB3aXRoIGluZm9ybWF0aW9uIGFib3V0IHRoZSB3b3JrZmxvdyBqb2IuXG4gKlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBjbGFzcyBHaXRodWJXZWJob29rSGFuZGxlciBleHRlbmRzIENvbnN0cnVjdCB7XG5cbiAgLyoqXG4gICAqIFB1YmxpYyBVUkwgb2Ygd2ViaG9vayB0byBiZSB1c2VkIHdpdGggR2l0SHViLlxuICAgKi9cbiAgcmVhZG9ubHkgdXJsOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFdlYmhvb2sgZXZlbnQgaGFuZGxlci5cbiAgICovXG4gIHJlYWRvbmx5IGhhbmRsZXI6IFdlYmhvb2tIYW5kbGVyRnVuY3Rpb247XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IEdpdGh1YldlYmhvb2tIYW5kbGVyUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuXG4gICAgdGhpcy5oYW5kbGVyID0gbmV3IFdlYmhvb2tIYW5kbGVyRnVuY3Rpb24oXG4gICAgICB0aGlzLFxuICAgICAgJ3dlYmhvb2staGFuZGxlcicsXG4gICAgICB7XG4gICAgICAgIGRlc2NyaXB0aW9uOiAnSGFuZGxlIEdpdEh1YiB3ZWJob29rIGFuZCBzdGFydCBydW5uZXIgb3JjaGVzdHJhdG9yJyxcbiAgICAgICAgZW52aXJvbm1lbnQ6IHtcbiAgICAgICAgICBTVEVQX0ZVTkNUSU9OX0FSTjogcHJvcHMub3JjaGVzdHJhdG9yLnN0YXRlTWFjaGluZUFybixcbiAgICAgICAgICBXRUJIT09LX1NFQ1JFVF9BUk46IHByb3BzLnNlY3JldHMud2ViaG9vay5zZWNyZXRBcm4sXG4gICAgICAgICAgR0lUSFVCX1NFQ1JFVF9BUk46IHByb3BzLnNlY3JldHMuZ2l0aHViLnNlY3JldEFybixcbiAgICAgICAgICBHSVRIVUJfUFJJVkFURV9LRVlfU0VDUkVUX0FSTjogcHJvcHMuc2VjcmV0cy5naXRodWJQcml2YXRlS2V5LnNlY3JldEFybixcbiAgICAgICAgICBQUk9WSURFUlM6IEpTT04uc3RyaW5naWZ5KHByb3BzLnByb3ZpZGVycyksXG4gICAgICAgICAgUkVRVUlSRV9TRUxGX0hPU1RFRF9MQUJFTDogcHJvcHMucmVxdWlyZVNlbGZIb3N0ZWRMYWJlbCA/ICcxJyA6ICcwJyxcbiAgICAgICAgICBQUk9WSURFUl9TRUxFQ1RPUl9BUk46IHByb3BzLnByb3ZpZGVyU2VsZWN0b3I/LmZ1bmN0aW9uQXJuID8/ICcnLFxuICAgICAgICAgIC4uLnByb3BzLmV4dHJhTGFtYmRhRW52LFxuICAgICAgICB9LFxuICAgICAgICB0aW1lb3V0OiBjZGsuRHVyYXRpb24uc2Vjb25kcygzMSksXG4gICAgICAgIGxvZ0dyb3VwOiBzaW5nbGV0b25Mb2dHcm91cCh0aGlzLCBTaW5nbGV0b25Mb2dUeXBlLk9SQ0hFU1RSQVRPUiksXG4gICAgICAgIGxvZ2dpbmdGb3JtYXQ6IGxhbWJkYS5Mb2dnaW5nRm9ybWF0LkpTT04sXG4gICAgICAgIC4uLnByb3BzLmV4dHJhTGFtYmRhUHJvcHMsXG4gICAgICB9LFxuICAgICk7XG5cbiAgICBjb25zdCBhY2Nlc3MgPSBwcm9wcz8uYWNjZXNzID8/IExhbWJkYUFjY2Vzcy5sYW1iZGFVcmwoKTtcbiAgICB0aGlzLnVybCA9IGFjY2Vzcy5iaW5kKHRoaXMsICdhY2Nlc3MnLCB0aGlzLmhhbmRsZXIpO1xuXG4gICAgcHJvcHMuc2VjcmV0cy53ZWJob29rLmdyYW50UmVhZCh0aGlzLmhhbmRsZXIpO1xuICAgIHByb3BzLnNlY3JldHMuZ2l0aHViLmdyYW50UmVhZCh0aGlzLmhhbmRsZXIpO1xuICAgIHByb3BzLnNlY3JldHMuZ2l0aHViUHJpdmF0ZUtleS5ncmFudFJlYWQodGhpcy5oYW5kbGVyKTtcbiAgICBwcm9wcy5vcmNoZXN0cmF0b3IuZ3JhbnRTdGFydEV4ZWN1dGlvbih0aGlzLmhhbmRsZXIpO1xuICAgIHByb3BzLnByb3ZpZGVyU2VsZWN0b3I/LmdyYW50SW52b2tlKHRoaXMuaGFuZGxlcik7XG4gIH1cbn1cbiJdfQ==