cattle-ops · kayman-mk · May 1, 2024 · May 1, 2024 · May 1, 2024
@@ -1,3 +1,3 @@
 {
-  ".": "7.5.0"
+  ".": "7.6.0"
 }
@@ -1,5 +1,12 @@
 # Changelog
 
+## [7.6.0](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/7.5.0...7.6.0) (2024-05-01)
+
+
+### Features
+
+* add option to use a pre-registered Runner ([#1115](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/1115)) ([9153a3a](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/9153a3ac74b6b83e5ef408ff81696eb1d8b88a4d))
+
 ## [7.5.0](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/7.4.0...7.5.0) (2024-04-11)
 
 

@@ -85,7 +85,7 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.44.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.47.0 |
 | <a name="provider_local"></a> [local](#provider\_local) | 2.5.1 |
 | <a name="provider_tls"></a> [tls](#provider\_tls) | 4.0.5 |
 
@@ -170,9 +170,9 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
 | <a name="input_runner_ami_owners"></a> [runner\_ami\_owners](#input\_runner\_ami\_owners) | The list of owners used to select the AMI of the Runner instance. | `list(string)` | <pre>[<br>  "amazon"<br>]</pre> | no |
 | <a name="input_runner_cloudwatch"></a> [runner\_cloudwatch](#input\_runner\_cloudwatch) | enable = Boolean used to enable or disable the CloudWatch logging.<br>log\_group\_name = Option to override the default name (`environment`) of the log group. Requires `enable = true`.<br>retention\_days = Retention for cloudwatch logs. Defaults to unlimited. Requires `enable = true`. | <pre>object({<br>    enable         = optional(bool, true)<br>    log_group_name = optional(string, null)<br>    retention_days = optional(number, 0)<br>  })</pre> | `{}` | no |
 | <a name="input_runner_enable_asg_recreation"></a> [runner\_enable\_asg\_recreation](#input\_runner\_enable\_asg\_recreation) | Enable automatic redeployment of the Runner's ASG when the Launch Configs change. | `bool` | `true` | no |
-| <a name="input_runner_gitlab"></a> [runner\_gitlab](#input\_runner\_gitlab) | ca\_certificate = Trusted CA certificate bundle (PEM format).<br>certificate = Certificate of the GitLab instance to connect to (PEM format).<br>registration\_token = Registration token to use to register the Runner. Do not use. This is replaced by the `registration_token` in `runner_gitlab_registration_config`.<br>runner\_version = Version of the [GitLab Runner](https://gitlab.com/gitlab-org/gitlab-runner/-/releases).<br>url = URL of the GitLab instance to connect to.<br>url\_clone = URL of the GitLab instance to clone from. Use only if the agent can’t connect to the GitLab URL.<br>access\_token\_secure\_parameter\_store\_name = The name of the SSM parameter to read the GitLab access token from. It must have the `api` scope and be pre created. | <pre>object({<br>    ca_certificate                           = optional(string, "")<br>    certificate                              = optional(string, "")<br>    registration_token                       = optional(string, "__REPLACED_BY_USER_DATA__")<br>    runner_version                           = optional(string, "15.8.2")<br>    url                                      = optional(string, "")<br>    url_clone                                = optional(string, "")<br>    access_token_secure_parameter_store_name = optional(string, "gitlab-runner-access-token")<br>  })</pre> | n/a | yes |
-| <a name="input_runner_gitlab_registration_config"></a> [runner\_gitlab\_registration\_config](#input\_runner\_gitlab\_registration\_config) | Configuration used to register the Runner. See the README for an example, or reference the examples in the examples directory of this repo. There is also a good GitLab documentation available at: https://docs.gitlab.com/ee/ci/runners/configure_runners.html | <pre>object({<br>    registration_token = optional(string, "__GITLAB_REGISTRATION_TOKEN_FROM_SSM__")<br>    tag_list           = optional(string, "")<br>    description        = optional(string, "")<br>    type               = optional(string, "") # mandatory if gitlab_runner_version >= 16.0.0<br>    group_id           = optional(string, "") # mandatory if type is group<br>    project_id         = optional(string, "") # mandatory if type is project<br>    locked_to_project  = optional(string, "")<br>    run_untagged       = optional(string, "")<br>    maximum_timeout    = optional(string, "")<br>    access_level       = optional(string, "not_protected") # this is the only mandatory field calling the GitLab get token for executor operation<br>  })</pre> | `{}` | no |
-| <a name="input_runner_gitlab_registration_token_secure_parameter_store_name"></a> [runner\_gitlab\_registration\_token\_secure\_parameter\_store\_name](#input\_runner\_gitlab\_registration\_token\_secure\_parameter\_store\_name) | The name of the SSM parameter to read the GitLab Runner registration token from. | `string` | `"gitlab-runner-registration-token"` | no |
+| <a name="input_runner_gitlab"></a> [runner\_gitlab](#input\_runner\_gitlab) | ca\_certificate = Trusted CA certificate bundle (PEM format).<br>certificate = Certificate of the GitLab instance to connect to (PEM format).<br>registration\_token = (deprecated, This is replaced by the `registration_token` in `runner_gitlab_registration_config`.) Registration token to use to register the Runner.<br>runner\_version = Version of the [GitLab Runner](https://gitlab.com/gitlab-org/gitlab-runner/-/releases).<br>url = URL of the GitLab instance to connect to.<br>url\_clone = URL of the GitLab instance to clone from. Use only if the agent can’t connect to the GitLab URL.<br>access\_token\_secure\_parameter\_store\_name = (deprecated) The name of the SSM parameter to read the GitLab access token from. It must have the `api` scope and be pre created.<br>preregistered\_runner\_token\_ssm\_parameter\_name = The name of the SSM parameter to read the preregistered GitLab Runner token from. | <pre>object({<br>    ca_certificate                                = optional(string, "")<br>    certificate                                   = optional(string, "")<br>    registration_token                            = optional(string, "__REPLACED_BY_USER_DATA__") # deprecated, removed in 8.0.0<br>    runner_version                                = optional(string, "15.8.2")<br>    url                                           = optional(string, "")<br>    url_clone                                     = optional(string, "")<br>    access_token_secure_parameter_store_name      = optional(string, "gitlab-runner-access-token") # deprecated, removed in 8.0.0<br>    preregistered_runner_token_ssm_parameter_name = optional(string, "")<br>  })</pre> | n/a | yes |
+| <a name="input_runner_gitlab_registration_config"></a> [runner\_gitlab\_registration\_config](#input\_runner\_gitlab\_registration\_config) | (deprecated, replaced by runner\_gitlab.preregistered\_runner\_token\_ssm\_parameter\_name) Configuration used to register the Runner. See the README for an example, or reference the examples in the examples directory of this repo. There is also a good GitLab documentation available at: https://docs.gitlab.com/ee/ci/runners/configure_runners.html | <pre>object({<br>    registration_token = optional(string, "__GITLAB_REGISTRATION_TOKEN_FROM_SSM__") # deprecated, removed in 8.0.0<br>    tag_list           = optional(string, "")                                       # deprecated, removed in 8.0.0<br>    description        = optional(string, "")                                       # deprecated, removed in 8.0.0<br>    type               = optional(string, "")                                       # mandatory if gitlab_runner_version >= 16.0.0 # deprecated, removed in 8.0.0<br>    group_id           = optional(string, "")                                       # mandatory if type is group # deprecated, removed in 8.0.0<br>    project_id         = optional(string, "")                                       # mandatory if type is project # deprecated, removed in 8.0.0<br>    locked_to_project  = optional(string, "")                                       # deprecated, removed in 8.0.0<br>    run_untagged       = optional(string, "")                                       # deprecated, removed in 8.0.0<br>    maximum_timeout    = optional(string, "")                                       # deprecated, removed in 8.0.0<br>    access_level       = optional(string, "not_protected")                          # this is the only mandatory field calling the GitLab get token for executor operation # deprecated, removed in 8.0.0<br>  })</pre> | `{}` | no |
+| <a name="input_runner_gitlab_registration_token_secure_parameter_store_name"></a> [runner\_gitlab\_registration\_token\_secure\_parameter\_store\_name](#input\_runner\_gitlab\_registration\_token\_secure\_parameter\_store\_name) | (deprecated, replaced by runner\_gitlab.preregistered\_runner\_token\_ssm\_parameter\_name) The name of the SSM parameter to read the GitLab Runner registration token from. | `string` | `"gitlab-runner-registration-token"` | no |
 | <a name="input_runner_gitlab_token_secure_parameter_store"></a> [runner\_gitlab\_token\_secure\_parameter\_store](#input\_runner\_gitlab\_token\_secure\_parameter\_store) | Name of the Secure Parameter Store entry to hold the GitLab Runner token. | `string` | `"runner-token"` | no |
 | <a name="input_runner_install"></a> [runner\_install](#input\_runner\_install) | amazon\_ecr\_credentials\_helper = Install amazon-ecr-credential-helper inside `userdata_pre_install` script<br>docker\_machine\_download\_url = URL to download docker machine binary. If not set, the docker machine version will be used to download the binary.<br>docker\_machine\_version = By default docker\_machine\_download\_url is used to set the docker machine version. This version will be ignored once `docker_machine_download_url` is set. The version number is maintained by the CKI project. Check out at https://gitlab.com/cki-project/docker-machine/-/releases<br>pre\_install\_script = Script to run before installing the Runner<br>post\_install\_script = Script to run after installing the Runner<br>start\_script = Script to run after starting the Runner<br>yum\_update = Update the yum packages before installing the Runner | <pre>object({<br>    amazon_ecr_credential_helper = optional(bool, false)<br>    docker_machine_download_url  = optional(string, "")<br>    docker_machine_version       = optional(string, "0.16.2-gitlab.19-cki.2")<br>    pre_install_script           = optional(string, "")<br>    post_install_script          = optional(string, "")<br>    start_script                 = optional(string, "")<br>    yum_update                   = optional(bool, true)<br>  })</pre> | `{}` | no |
 | <a name="input_runner_instance"></a> [runner\_instance](#input\_runner\_instance) | additional\_tags = Map of tags that will be added to the Runner instance.<br>collect\_autoscaling\_metrics = A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances.<br>ebs\_optimized = Enable EBS optimization for the Runner instance.<br>max\_lifetime\_seconds = The maximum time a Runner should live before it is killed.<br>monitoring = Enable the detailed monitoring on the Runner instance.<br>name = Name of the Runner instance.<br>name\_prefix = Set the name prefix and override the `Name` tag for the Runner instance.<br>private\_address\_only = Restrict the Runner to use private IP addresses only. If this is set to `true` the Runner will use a private IP address only in case the Runner Workers use private addresses only.<br>root\_device\_config = The Runner's root block device configuration. Takes the following keys: `device_name`, `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops`, `throughput`, `kms_key_id`<br>spot\_price = By setting a spot price bid price the Runner is created via a spot request. Be aware that spot instances can be stopped by AWS. Choose \"on-demand-price\" to pay up to the current on demand price for the instance type chosen.<br>ssm\_access = Allows to connect to the Runner via SSM.<br>type = EC2 instance type used.<br>use\_eip = Assigns an EIP to the Runner. | <pre>object({<br>    additional_tags             = optional(map(string))<br>    collect_autoscaling_metrics = optional(list(string), null)<br>    ebs_optimized               = optional(bool, true)<br>    max_lifetime_seconds        = optional(number, null)<br>    monitoring                  = optional(bool, true)<br>    name                        = string<br>    name_prefix                 = optional(string)<br>    private_address_only        = optional(bool, true)<br>    root_device_config          = optional(map(string), {})<br>    spot_price                  = optional(string, null)<br>    ssm_access                  = optional(bool, false)<br>    type                        = optional(string, "t3.micro")<br>    use_eip                     = optional(bool, false)<br>  })</pre> | <pre>{<br>  "name": "gitlab-runner"<br>}</pre> | no |

@@ -139,31 +139,31 @@ For **user images**, you must:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.44.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.47.0 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | 2.5.1 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | 3.2.2 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | 3.6.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | 3.6.1 |
 | <a name="requirement_tls"></a> [tls](#requirement\_tls) | 4.0.5 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.44.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.47.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_runner"></a> [runner](#module\_runner) | ../../ | n/a |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.7.1 |
-| <a name="module_vpc_endpoints"></a> [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.7.1 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.8.1 |
+| <a name="module_vpc_endpoints"></a> [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.8.1 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.44.0/docs/data-sources/availability_zones) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.47.0/docs/data-sources/availability_zones) | data source |
 
 ## Inputs
 
@@ -172,7 +172,7 @@ For **user images**, you must:
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region. | `string` | `"eu-west-1"` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | A name that identifies the environment, will used as prefix and for tagging. | `string` | `"runners-docker"` | no |
 | <a name="input_gitlab_url"></a> [gitlab\_url](#input\_gitlab\_url) | URL of the gitlab instance to connect to. | `string` | `"https://gitlab.com"` | no |
-| <a name="input_registration_token"></a> [registration\_token](#input\_registration\_token) | Gitlab runner registration token | `string` | `"something"` | no |
+| <a name="input_preregistered_runner_token_ssm_parameter_name"></a> [preregistered\_runner\_token\_ssm\_parameter\_name](#input\_preregistered\_runner\_token\_ssm\_parameter\_name) | The name of the SSM parameter to read the preregistered GitLab Runner token from. | `string` | n/a | yes |
 | <a name="input_runner_name"></a> [runner\_name](#input\_runner\_name) | Name of the runner, will be used in the runner config.toml | `string` | `"docker"` | no |
 
 ## Outputs

@@ -33,32 +33,32 @@ check `.terraform-version` for the tested version.
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.44.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.47.0 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | 2.5.1 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | 3.2.2 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | 3.6.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | 3.6.1 |
 | <a name="requirement_tls"></a> [tls](#requirement\_tls) | 4.0.5 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.44.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.47.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_runner"></a> [runner](#module\_runner) | ../../ | n/a |
-| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.7.1 |
-| <a name="module_vpc_endpoints"></a> [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.7.1 |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.8.1 |
+| <a name="module_vpc_endpoints"></a> [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.8.1 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.44.0/docs/data-sources/availability_zones) | data source |
-| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/5.44.0/docs/data-sources/security_group) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.47.0/docs/data-sources/availability_zones) | data source |
+| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/5.47.0/docs/data-sources/security_group) | data source |
 
 ## Inputs
 
@@ -67,7 +67,7 @@ check `.terraform-version` for the tested version.
 | <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region. | `string` | `"eu-west-1"` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | A name that identifies the environment, will used as prefix and for tagging. | `string` | `"runners-default"` | no |
 | <a name="input_gitlab_url"></a> [gitlab\_url](#input\_gitlab\_url) | URL of the gitlab instance to connect to. | `string` | `"https://gitlab.com"` | no |
-| <a name="input_registration_token"></a> [registration\_token](#input\_registration\_token) | Registration token for the runner. | `string` | n/a | yes |
+| <a name="input_preregistered_runner_token_ssm_parameter_name"></a> [preregistered\_runner\_token\_ssm\_parameter\_name](#input\_preregistered\_runner\_token\_ssm\_parameter\_name) | The name of the SSM parameter to read the preregistered GitLab Runner token from. | `string` | n/a | yes |
 | <a name="input_runner_name"></a> [runner\_name](#input\_runner\_name) | Name of the runner, will be used in the runner config.toml | `string` | `"default-auto"` | no |
 | <a name="input_timezone"></a> [timezone](#input\_timezone) | Name of the timezone that the runner will be used in. | `string` | `"Europe/Amsterdam"` | no |