Skip to content

Commit

Permalink
Merge branch 'release/4.12.0'
Browse files Browse the repository at this point in the history
  • Loading branch information
npalm committed Mar 16, 2020
2 parents 4650a95 + 82ff83e commit 3195005
Show file tree
Hide file tree
Showing 7 changed files with 40 additions and 11 deletions.
8 changes: 7 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/).

## Unreleased

## 4.12.0 - 2020-03-16
- Add: Option for permissions boundary (#195) @mhulscher
- Bugfix: Fix cancel spot instance script from destroy provisioners are deprecate
- Change: Update default GitLab runner version to 12.8.0

## 4.11.1 - 2020-02-27
- Bugfix: #187 - fix double comma in tag list for docker machine

Expand Down Expand Up @@ -279,7 +284,8 @@ Module is available as Terraform 0.11 module, pin module to version 3.x. Please
- Update default AMI's to The latest Amazon Linux AMI 2017.09.1 - released on 2018-01-17.
- Minor updates in the example

[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.11.1...HEAD
[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.12.0...HEAD
[4.12.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.12.0...4.11.1
[4.11.1]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.11.1...4.11.0
[4.11.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.11.0...4.10.0
[4.10.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.10.0...4.9.0
Expand Down
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -274,12 +274,13 @@ terraform destroy
| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes |
| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | <pre>{<br> "access_level": "",<br> "description": "",<br> "locked_to_project": "",<br> "maximum_timeout": "",<br> "registration_token": "",<br> "run_untagged": "",<br> "tag_list": ""<br>}</pre> | no |
| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | <pre>[<br> "0.0.0.0/0"<br>]</pre> | no |
| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"12.7.1"` | no |
| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"12.8.0"` | no |
| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no |
| instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no |
| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | `number` | `7` | no |
| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | `""` | no |
| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | <pre>{<br> "name_docker_machine_runners": "",<br> "name_runner_agent_instance": "",<br> "name_sg": ""<br>}</pre> | no |
| permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no |
| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | <pre>{<br> "name": [<br> "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"<br> ]<br>}</pre> | no |
| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | <pre>[<br> "099720109477"<br>]</pre> | no |
| runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no |
Expand Down
3 changes: 2 additions & 1 deletion _docs/TF_MODULE.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,13 @@
| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes |
| gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | <pre>{<br> "access_level": "",<br> "description": "",<br> "locked_to_project": "",<br> "maximum_timeout": "",<br> "registration_token": "",<br> "run_untagged": "",<br> "tag_list": ""<br>}</pre> | no |
| gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | `list(string)` | <pre>[<br> "0.0.0.0/0"<br>]</pre> | no |
| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"12.7.1"` | no |
| gitlab\_runner\_version | Version of the GitLab runner. | `string` | `"12.8.0"` | no |
| instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no |
| instance\_type | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no |
| kms\_deletion\_window\_in\_days | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | `number` | `7` | no |
| kms\_key\_id | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | `""` | no |
| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | `map(string)` | <pre>{<br> "name_docker_machine_runners": "",<br> "name_runner_agent_instance": "",<br> "name_sg": ""<br>}</pre> | no |
| permissions\_boundary | Name of permissions boundary policy to attach to AWS IAM roles | `string` | `""` | no |
| runner\_ami\_filter | List of maps used to create the AMI filter for the Gitlab runner docker-machine AMI. | `map(list(string))` | <pre>{<br> "name": [<br> "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"<br> ]<br>}</pre> | no |
| runner\_ami\_owners | The list of owners used to select the AMI of Gitlab runner docker-machine instances. | `list(string)` | <pre>[<br> "099720109477"<br>]</pre> | no |
| runner\_instance\_ebs\_optimized | Enable the GitLab runner instance to be EBS-optimized. | `bool` | `true` | no |
Expand Down
7 changes: 5 additions & 2 deletions ci/bin/cancel-spot-instances.sh
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
#!/usr/bin/env sh

hash jq aws &>/dev/null || { echo >&2 "I require jq and AWS CLI but one or both is not installed. Aborting."; exit 1; }
hash jq aws &>/dev/null || {
echo >&2 "I require jq and AWS CLI but one or both is not installed. Aborting."
exit 1
}

SPOT_REQUESTS=$(aws ec2 describe-spot-instance-requests --filters "Name=state,Values=active,open" | jq -r '[ .SpotInstanceRequests[] | select( .LaunchSpecification.IamInstanceProfile.Name | contains("'$1'")) ]')

# It's possible there's no spot requests to cancel, so be safe.
if ["$SPOT_REQUESTS" != "[]"]
if ["$SPOT_REQUESTS" != "[]"]; then
echo $SPOT_REQUESTS | jq -r '.[].InstanceId' | xargs aws ec2 terminate-instances --instance-ids
echo $SPOT_REQUESTS | jq -r '.[].SpotInstanceRequestId' | xargs aws ec2 cancel-spot-instance-requests --spot-instance-request-ids
else
Expand Down
2 changes: 2 additions & 0 deletions examples/runner-docker/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ module "runner" {
aws_region = var.aws_region
environment = var.environment

ssh_public_key = local_file.public_ssh_key.content

runners_use_private_address = false
enable_eip = true

Expand Down
20 changes: 15 additions & 5 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -114,13 +114,21 @@ resource "aws_ssm_parameter" "runner_registration_token" {

resource "null_resource" "remove_runner" {
depends_on = [aws_ssm_parameter.runner_registration_token]
triggers = {
script = "${path.module}/bin/remove-runner.sh"
aws_region = var.aws_region
runners_gitlab_url = var.runners_gitlab_url
secure_parameter_store_runner_token_key = local.secure_parameter_store_runner_token_key
}

provisioner "local-exec" {
when = destroy
on_failure = continue
command = "${path.module}/bin/remove-runner.sh ${var.aws_region} ${var.runners_gitlab_url} ${local.secure_parameter_store_runner_token_key}"
command = "${self.triggers.script} ${self.triggers.aws_region} ${self.triggers.runners_gitlab_url} ${self.triggers.secure_parameter_store_runner_token_key}"
}
}


data "template_file" "user_data" {
template = file("${path.module}/template/user-data.tpl")

Expand Down Expand Up @@ -397,8 +405,9 @@ data "template_file" "instance_role_trust_policy" {
}

resource "aws_iam_role" "instance" {
name = "${var.environment}-instance-role"
assume_role_policy = data.template_file.instance_role_trust_policy.rendered
name = "${var.environment}-instance-role"
assume_role_policy = data.template_file.instance_role_trust_policy.rendered
permissions_boundary = var.permissions_boundary == "" ? null : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/${var.permissions_boundary}"
}

################################################################################
Expand Down Expand Up @@ -478,8 +487,9 @@ data "template_file" "dockermachine_role_trust_policy" {
}

resource "aws_iam_role" "docker_machine" {
name = "${var.environment}-docker-machine-role"
assume_role_policy = data.template_file.dockermachine_role_trust_policy.rendered
name = "${var.environment}-docker-machine-role"
assume_role_policy = data.template_file.dockermachine_role_trust_policy.rendered
permissions_boundary = var.permissions_boundary == "" ? null : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/${var.permissions_boundary}"
}

resource "aws_iam_instance_profile" "docker_machine" {
Expand Down
8 changes: 7 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,7 @@ variable "cache_shared" {
variable "gitlab_runner_version" {
description = "Version of the GitLab runner."
type = string
default = "12.7.1"
default = "12.8.0"
}

variable "enable_gitlab_runner_ssh_access" {
Expand Down Expand Up @@ -526,3 +526,9 @@ variable "enable_forced_updates" {
default = false
type = bool
}

variable "permissions_boundary" {
description = "Name of permissions boundary policy to attach to AWS IAM roles"
default = ""
type = string
}

0 comments on commit 3195005

Please sign in to comment.