From 0eb28a5127a624501e81d4150973b889aacb2e46 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Mon, 9 Sep 2019 22:38:05 +0200 Subject: [PATCH 01/10] Fix type --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12c85baa6..4b4ef8c6f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - Set docker machine version by default to 0.16.2 #131 @npalm - Add SSM session manager support #121 #126 @npalm - Move to github actions #130 @npalm -- Enable s3 encryption #129 @hendrixra +- Enable s3 encryption #129 @hendrixroa - Bump gitlab-runner to 12.2.0 #128 @mpsq ## 4.4.0 - 2019-08-21 From f0e0ce2c054ba9fbf49e0cc4b608fc3219e876fc Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Mon, 9 Sep 2019 22:47:24 +0200 Subject: [PATCH 02/10] Fix github action badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ce5807069..024677b16 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Build Status](https://travis-ci.com/npalm/terraform-aws-gitlab-runner.svg?branch=master)](https://travis-ci.com/npalm/terraform-aws-gitlab-runner) [![Gitter](https://badges.gitter.im/terraform-aws-gitlab-runner/Lobby.svg)](https://gitter.im/terraform-aws-gitlab-runner/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) +![https://github.com/npalm/terraform-aws-gitlab-runner/workflows/Verify/badge.svg](https://github.com/npalm/terraform-aws-gitlab-runner/workflows/Verify/badge.svg)[![Gitter](https://badges.gitter.im/terraform-aws-gitlab-runner/Lobby.svg)](https://gitter.im/terraform-aws-gitlab-runner/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) # Terraform module for GitLab auto scaling runners on AWS spot instances From b9f9495e603a11422cf9721c28c9760df522d6fa Mon Sep 17 00:00:00 2001 From: Will Chen Date: Mon, 23 Sep 2019 11:00:46 -0500 Subject: [PATCH 03/10] Add access_level option to registration call in runner template --- README.md | 2 ++ _docs/README.md | 2 ++ examples/runner-default/main.tf | 1 + examples/runner-docker/main.tf | 1 + examples/runner-public/main.tf | 2 ++ main.tf | 1 + template/gitlab-runner.tpl | 1 + variables.tf | 1 + 8 files changed, 11 insertions(+) diff --git a/README.md b/README.md index ce5807069..d7375aebf 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,7 @@ gitlab_runner_registration_config = { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" + access_level = "" } ``` @@ -181,6 +182,7 @@ module "runner" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" + access_level = "not_protected" } } diff --git a/_docs/README.md b/_docs/README.md index 0dda80ff2..8d066fcdb 100644 --- a/_docs/README.md +++ b/_docs/README.md @@ -105,6 +105,7 @@ gitlab_runner_registration_config = { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" + access_level = "" } ``` @@ -180,6 +181,7 @@ module "runner" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" + access_level = "not_protected" } } diff --git a/examples/runner-default/main.tf b/examples/runner-default/main.tf index a4660b0f0..5af9cad65 100644 --- a/examples/runner-default/main.tf +++ b/examples/runner-default/main.tf @@ -45,6 +45,7 @@ module "runner" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" + access_level = "not_protected" } tags = { diff --git a/examples/runner-docker/main.tf b/examples/runner-docker/main.tf index fd9637546..5bb2f89eb 100644 --- a/examples/runner-docker/main.tf +++ b/examples/runner-docker/main.tf @@ -43,6 +43,7 @@ module "runner" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" + access_level = "not_protected" } } diff --git a/examples/runner-public/main.tf b/examples/runner-public/main.tf index 4772cbbd6..03b3e9e42 100644 --- a/examples/runner-public/main.tf +++ b/examples/runner-public/main.tf @@ -53,6 +53,7 @@ module "runner" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" + access_level = "not_protected" } overrides = { @@ -95,6 +96,7 @@ module "runner2" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" + access_level = "not_protected" } cache_shared = "true" diff --git a/main.tf b/main.tf index 89b78f96d..f3f8d6503 100644 --- a/main.tf +++ b/main.tf @@ -128,6 +128,7 @@ data "template_file" "gitlab_runner" { gitlab_runner_locked_to_project = var.gitlab_runner_registration_config["locked_to_project"] gitlab_runner_run_untagged = var.gitlab_runner_registration_config["run_untagged"] gitlab_runner_maximum_timeout = var.gitlab_runner_registration_config["maximum_timeout"] + gitlab_runner_access_level = var.gitlab_runner_registration_config["access_level"] } } diff --git a/template/gitlab-runner.tpl b/template/gitlab-runner.tpl index 4bc434f64..05960cb46 100644 --- a/template/gitlab-runner.tpl +++ b/template/gitlab-runner.tpl @@ -40,6 +40,7 @@ then --form "locked=${gitlab_runner_locked_to_project}" \ --form "run_untagged=${gitlab_runner_run_untagged}" \ --form "maximum_timeout=${gitlab_runner_maximum_timeout}" \ + --form "access_level=${gitlab_runner_access_level}" \ | jq -r .token) aws ssm put-parameter --overwrite --type SecureString --name "${secure_parameter_store_runner_token_key}" --value $token --region "${secure_parameter_store_region}" fi diff --git a/variables.tf b/variables.tf index b64691493..f1e0769c7 100644 --- a/variables.tf +++ b/variables.tf @@ -394,6 +394,7 @@ variable "gitlab_runner_registration_config" { locked_to_project = "" run_untagged = "" maximum_timeout = "" + access_level = "" } } From 2a3c0d068095b192340a233913cf60435057d9ea Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Thu, 26 Sep 2019 21:50:03 +0200 Subject: [PATCH 04/10] Trigger actions on PR --- .github/workflows/verify.yml | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 944ed41d5..91e0d726f 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -1,24 +1,23 @@ name: Verify -on: [push] +on: [push, pull_request] jobs: verify: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - - name: verify - run: | - ./ci/bin/install.sh - ./ci/bin/verify.sh + - uses: actions/checkout@v1 + - name: verify + run: | + ./ci/bin/install.sh + ./ci/bin/verify.sh verify-examples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - - name: verify-examples - run: | - ./ci/bin/install.sh - ./ci/bin/verify-examples.sh - + - uses: actions/checkout@v1 + - name: verify-examples + run: | + ./ci/bin/install.sh + ./ci/bin/verify-examples.sh From 3cbefaa7917328a14fda00404507c4fb717bdc77 Mon Sep 17 00:00:00 2001 From: DONGYEON LEE Date: Fri, 27 Sep 2019 04:51:09 +0900 Subject: [PATCH 05/10] Bump gitlab-runner to 12.3.0 (#135) @loustler thanks --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index b64691493..27046f6e6 100644 --- a/variables.tf +++ b/variables.tf @@ -294,7 +294,7 @@ variable "cache_shared" { variable "gitlab_runner_version" { description = "Version of the GitLab runner." type = string - default = "12.2.0" + default = "12.3.0" } variable "enable_gitlab_runner_ssh_access" { From 40c443d3118b79f09e1f76881eb2f1d9c1acf1e2 Mon Sep 17 00:00:00 2001 From: Will Chen Date: Mon, 30 Sep 2019 10:21:18 -0500 Subject: [PATCH 06/10] Refactor for backwards compatibility --- _docs/README.md | 3 +-- examples/runner-default/main.tf | 1 - examples/runner-docker/main.tf | 1 - examples/runner-public/README.md | 1 + examples/runner-public/main.tf | 3 +-- main.tf | 2 +- 6 files changed, 4 insertions(+), 7 deletions(-) diff --git a/_docs/README.md b/_docs/README.md index 8d066fcdb..5b463fdd1 100644 --- a/_docs/README.md +++ b/_docs/README.md @@ -105,7 +105,7 @@ gitlab_runner_registration_config = { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" - access_level = "" + access_level = "" } ``` @@ -181,7 +181,6 @@ module "runner" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" - access_level = "not_protected" } } diff --git a/examples/runner-default/main.tf b/examples/runner-default/main.tf index 5af9cad65..a4660b0f0 100644 --- a/examples/runner-default/main.tf +++ b/examples/runner-default/main.tf @@ -45,7 +45,6 @@ module "runner" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" - access_level = "not_protected" } tags = { diff --git a/examples/runner-docker/main.tf b/examples/runner-docker/main.tf index 5bb2f89eb..fd9637546 100644 --- a/examples/runner-docker/main.tf +++ b/examples/runner-docker/main.tf @@ -43,7 +43,6 @@ module "runner" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" - access_level = "not_protected" } } diff --git a/examples/runner-public/README.md b/examples/runner-public/README.md index 44017fe64..9ef09a01f 100644 --- a/examples/runner-public/README.md +++ b/examples/runner-public/README.md @@ -11,6 +11,7 @@ This examples shows: - Overrides for tag naming. - Registration via GitLab token. - Auto scaling using `docker+machine` executor. + - Register runner as [protected](https://docs.gitlab.com/ee/ci/runners/#protected-runners). ## Prerequisite diff --git a/examples/runner-public/main.tf b/examples/runner-public/main.tf index 03b3e9e42..a1726e932 100644 --- a/examples/runner-public/main.tf +++ b/examples/runner-public/main.tf @@ -53,7 +53,7 @@ module "runner" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" - access_level = "not_protected" + access_level = "ref_protected" } overrides = { @@ -96,7 +96,6 @@ module "runner2" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" - access_level = "not_protected" } cache_shared = "true" diff --git a/main.tf b/main.tf index f3f8d6503..ee7896025 100644 --- a/main.tf +++ b/main.tf @@ -128,7 +128,7 @@ data "template_file" "gitlab_runner" { gitlab_runner_locked_to_project = var.gitlab_runner_registration_config["locked_to_project"] gitlab_runner_run_untagged = var.gitlab_runner_registration_config["run_untagged"] gitlab_runner_maximum_timeout = var.gitlab_runner_registration_config["maximum_timeout"] - gitlab_runner_access_level = var.gitlab_runner_registration_config["access_level"] + gitlab_runner_access_level = lookup(var.gitlab_runner_registration_config, "access_level", "not_protected") } } From 6e6b8454f1ce023f9d59ce96e5ca55e035a0bce6 Mon Sep 17 00:00:00 2001 From: Will Chen Date: Mon, 30 Sep 2019 10:37:45 -0500 Subject: [PATCH 07/10] Update docs correctly and run autodocs.sh --- README.md | 3 +-- examples/runner-public/README.md | 2 +- examples/runner-public/_docs/README.md | 1 + 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d7375aebf..acfbf6e16 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ gitlab_runner_registration_config = { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" - access_level = "" + access_level = "" } ``` @@ -182,7 +182,6 @@ module "runner" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" - access_level = "not_protected" } } diff --git a/examples/runner-public/README.md b/examples/runner-public/README.md index 9ef09a01f..82f41fbd9 100644 --- a/examples/runner-public/README.md +++ b/examples/runner-public/README.md @@ -11,7 +11,7 @@ This examples shows: - Overrides for tag naming. - Registration via GitLab token. - Auto scaling using `docker+machine` executor. - - Register runner as [protected](https://docs.gitlab.com/ee/ci/runners/#protected-runners). + - Register runner as [protected](https://docs.gitlab.com/ee/ci/runners/#protected-runners). ## Prerequisite diff --git a/examples/runner-public/_docs/README.md b/examples/runner-public/_docs/README.md index 74f978636..455acea6a 100644 --- a/examples/runner-public/_docs/README.md +++ b/examples/runner-public/_docs/README.md @@ -10,6 +10,7 @@ This examples shows: - Overrides for tag naming. - Registration via GitLab token. - Auto scaling using `docker+machine` executor. +- Register runner as [protected](https://docs.gitlab.com/ee/ci/runners/#protected-runners). ## Prerequisite From 5df34aacb0de155426dcd821aedfe5c6256462e1 Mon Sep 17 00:00:00 2001 From: willychenchen Date: Mon, 30 Sep 2019 15:02:48 -0500 Subject: [PATCH 08/10] Add access_level option to registration call in runner template (#134) * Add access_level option to registration call in runner template * Refactor for backwards compatibility * Update docs correctly and run autodocs.sh --- README.md | 1 + _docs/README.md | 1 + examples/runner-public/README.md | 1 + examples/runner-public/_docs/README.md | 1 + examples/runner-public/main.tf | 1 + main.tf | 1 + template/gitlab-runner.tpl | 1 + variables.tf | 1 + 8 files changed, 8 insertions(+) diff --git a/README.md b/README.md index 024677b16..c1f313263 100644 --- a/README.md +++ b/README.md @@ -106,6 +106,7 @@ gitlab_runner_registration_config = { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" + access_level = "" } ``` diff --git a/_docs/README.md b/_docs/README.md index 0dda80ff2..5b463fdd1 100644 --- a/_docs/README.md +++ b/_docs/README.md @@ -105,6 +105,7 @@ gitlab_runner_registration_config = { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" + access_level = "" } ``` diff --git a/examples/runner-public/README.md b/examples/runner-public/README.md index 44017fe64..82f41fbd9 100644 --- a/examples/runner-public/README.md +++ b/examples/runner-public/README.md @@ -11,6 +11,7 @@ This examples shows: - Overrides for tag naming. - Registration via GitLab token. - Auto scaling using `docker+machine` executor. + - Register runner as [protected](https://docs.gitlab.com/ee/ci/runners/#protected-runners). ## Prerequisite diff --git a/examples/runner-public/_docs/README.md b/examples/runner-public/_docs/README.md index 74f978636..455acea6a 100644 --- a/examples/runner-public/_docs/README.md +++ b/examples/runner-public/_docs/README.md @@ -10,6 +10,7 @@ This examples shows: - Overrides for tag naming. - Registration via GitLab token. - Auto scaling using `docker+machine` executor. +- Register runner as [protected](https://docs.gitlab.com/ee/ci/runners/#protected-runners). ## Prerequisite diff --git a/examples/runner-public/main.tf b/examples/runner-public/main.tf index 4772cbbd6..a1726e932 100644 --- a/examples/runner-public/main.tf +++ b/examples/runner-public/main.tf @@ -53,6 +53,7 @@ module "runner" { locked_to_project = "true" run_untagged = "false" maximum_timeout = "3600" + access_level = "ref_protected" } overrides = { diff --git a/main.tf b/main.tf index 89b78f96d..ee7896025 100644 --- a/main.tf +++ b/main.tf @@ -128,6 +128,7 @@ data "template_file" "gitlab_runner" { gitlab_runner_locked_to_project = var.gitlab_runner_registration_config["locked_to_project"] gitlab_runner_run_untagged = var.gitlab_runner_registration_config["run_untagged"] gitlab_runner_maximum_timeout = var.gitlab_runner_registration_config["maximum_timeout"] + gitlab_runner_access_level = lookup(var.gitlab_runner_registration_config, "access_level", "not_protected") } } diff --git a/template/gitlab-runner.tpl b/template/gitlab-runner.tpl index 4bc434f64..05960cb46 100644 --- a/template/gitlab-runner.tpl +++ b/template/gitlab-runner.tpl @@ -40,6 +40,7 @@ then --form "locked=${gitlab_runner_locked_to_project}" \ --form "run_untagged=${gitlab_runner_run_untagged}" \ --form "maximum_timeout=${gitlab_runner_maximum_timeout}" \ + --form "access_level=${gitlab_runner_access_level}" \ | jq -r .token) aws ssm put-parameter --overwrite --type SecureString --name "${secure_parameter_store_runner_token_key}" --value $token --region "${secure_parameter_store_region}" fi diff --git a/variables.tf b/variables.tf index 27046f6e6..4cee20690 100644 --- a/variables.tf +++ b/variables.tf @@ -394,6 +394,7 @@ variable "gitlab_runner_registration_config" { locked_to_project = "" run_untagged = "" maximum_timeout = "" + access_level = "" } } From e5d872e7323dcb10b85e1dd07a5ab3cf35455067 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Mon, 30 Sep 2019 22:12:44 +0200 Subject: [PATCH 09/10] Update docs --- README.md | 4 ++-- _docs/TF_MODULE.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c1f313263..57840a2ca 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![https://github.com/npalm/terraform-aws-gitlab-runner/workflows/Verify/badge.svg](https://github.com/npalm/terraform-aws-gitlab-runner/workflows/Verify/badge.svg)[![Gitter](https://badges.gitter.im/terraform-aws-gitlab-runner/Lobby.svg)](https://gitter.im/terraform-aws-gitlab-runner/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) +[![Build Status](https://travis-ci.com/npalm/terraform-aws-gitlab-runner.svg?branch=master)](https://travis-ci.com/npalm/terraform-aws-gitlab-runner) [![Gitter](https://badges.gitter.im/terraform-aws-gitlab-runner/Lobby.svg)](https://gitter.im/terraform-aws-gitlab-runner/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) # Terraform module for GitLab auto scaling runners on AWS spot instances @@ -253,7 +253,7 @@ terraform destroy | environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | | gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | map(string) | `` | no | | gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | list(string) | `` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.2.0"` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.3.0"` | no | | instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | string | `""` | no | | instance\_type | Instance type used for the GitLab runner. | string | `"t3.micro"` | no | | overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | map(string) | `` | no | diff --git a/_docs/TF_MODULE.md b/_docs/TF_MODULE.md index 3ca61edb8..d74961cbb 100644 --- a/_docs/TF_MODULE.md +++ b/_docs/TF_MODULE.md @@ -30,7 +30,7 @@ | environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes | | gitlab\_runner\_registration\_config | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | map(string) | `` | no | | gitlab\_runner\_ssh\_cidr\_blocks | List of CIDR blocks to allow SSH Access to the gitlab runner instance. | list(string) | `` | no | -| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.2.0"` | no | +| gitlab\_runner\_version | Version of the GitLab runner. | string | `"12.3.0"` | no | | instance\_role\_json | Default runner instance override policy, expected to be in JSON format. | string | `""` | no | | instance\_type | Instance type used for the GitLab runner. | string | `"t3.micro"` | no | | overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` ovverrid the `Name` tag spot instances created by the runner agent. | map(string) | `` | no | From bd43e4ddfa44a27b70fd3ae2069f4a9644dcc569 Mon Sep 17 00:00:00 2001 From: Niek Palm Date: Mon, 30 Sep 2019 22:15:20 +0200 Subject: [PATCH 10/10] Update Changelog for release 4.6.0 --- CHANGELOG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b4ef8c6f..17909fecb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## Unrelease +## 4.6.0 - 2019-09-30 +- Add access_level option to registration call in runner template #134 @willychenchen +- Bump gitlab-runner default version to 12.3.0 #135 @loustler + ## 4.5.0 - 2019-09-09 - Set docker machine version by default to 0.16.2 #131 @npalm - Add SSM session manager support #121 #126 @npalm @@ -231,7 +235,8 @@ Module is available as Terraform 0.11 module, pin module to version 3.x. Please - Update default AMI's to The latest Amazon Linux AMI 2017.09.1 - released on 2018-01-17. - Minor updates in the example -[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.5.0...HEAD +[Unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.6.0...HEAD +[4.6.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.5.0...4.6.0 [4.5.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.4.0...4.5.0 [4.4.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.3.0...4.4.0 [4.3.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.2.0...4.3.0