You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jan 16, 2025. It is now read-only.
Copy file name to clipboardExpand all lines: README.md
+6-3
Original file line number
Diff line number
Diff line change
@@ -325,7 +325,7 @@ You can configure runners to be ephemeral, runners will be used only for one job
325
325
- The scale down lambda is still active, and should only remove orphan instances. But there is no strict check in place. So ensure you configure the `minimum_running_time_in_minutes` to a value that is high enough to got your runner booted and connected to avoid it got terminated before executing a job.
326
326
- The messages sent from the webhook lambda to scale-up lambda are by default delayed delayed by SQS, to give available runners to option to start the job before the decision is made to scale more runners. For ephemeral runners there is no need to wait. Set `delay_webhook_event` to `0`.
327
327
- All events on the queue will lead to a new runner crated by the lambda. By setting `enable_job_queued_check` to `true` you can enforce only create a runner if the event has a correlated queued job. Setting this can avoid creating useless runners, for example whn jobs got cancelled before a runner is created. We suggest to use this in combination with a pool.
328
-
- To ensure runners are created in the same order GitHub sends the events we use by default a FIFO queue, this is mainly relevant for repo level runners. For ephemeral runners you can set `fifo_build_queue` to `false`.
328
+
- To ensure runners are created in the same order GitHub sends the events we use by default a FIFO queue, this is mainly relevant for repo level runners. For ephemeral runners you can set `enable_enable_fifo_build_queue` to `false`.
329
329
- Error related to scaling should be retried via SQS. You can configure `job_queue_retention_in_seconds``redrive_build_queue` to tune the behavior. We have no mechanism to avoid events will never processed, which means potential no runner could be created and the job in GitHub can time out in 6 hours.
330
330
331
331
The example for [ephemeral runners](./examples/ephemeral) is based on the [default example](./examples/default). Have look on the diff to see the major configuration differences.
@@ -455,18 +455,21 @@ We welcome any improvement to the standard module to make the default as secure
455
455
| <aname="input_delay_webhook_event"></a> [delay\_webhook\_event](#input\_delay\_webhook\_event)| The number of seconds the event accepted by the webhook is invisible on the queue before the scale up lambda will receive the event. |`number`|`30`| no |
456
456
| <aname="input_disable_runner_autoupdate"></a> [disable\_runner\_autoupdate](#input\_disable\_runner\_autoupdate)| Disable the auto update of the github runner agent. Be-aware there is a grace period of 30 days, see also the [GitHub article](https://github.blog/changelog/2022-02-01-github-actions-self-hosted-runners-can-now-disable-automatic-updates/)|`bool`|`false`| no |
457
457
| <aname="input_enable_cloudwatch_agent"></a> [enable\_cloudwatch\_agent](#input\_enable\_cloudwatch\_agent)| Enabling the cloudwatch agent on the ec2 runner instances, the runner contains default config. Configuration can be overridden via `cloudwatch_config`. |`bool`|`true`| no |
458
+
| <aname="input_enable_enable_fifo_build_queue"></a> [enable\_enable\_fifo\_build\_queue](#input\_enable\_enable\_fifo\_build\_queue)| Enable a FIFO queue to remain the order of events received by the webhook. Suggest to set to true for repo level runners. |`bool`|`false`| no |
458
459
| <aname="input_enable_ephemeral_runners"></a> [enable\_ephemeral\_runners](#input\_enable\_ephemeral\_runners)| Enable ephemeral runners, runners will only be used once. |`bool`|`false`| no |
459
460
| <aname="input_enable_job_queued_check"></a> [enable\_job\_queued\_check](#input\_enable\_job\_queued\_check)| Only scale if the job event received by the scale up lambda is is in the state queued. By default enabled for non ephemeral runners and disabled for ephemeral. Set this variable to overwrite the default behavior. |`bool`|`null`| no |
460
461
| <aname="input_enable_managed_runner_security_group"></a> [enable\_managed\_runner\_security\_group](#input\_enable\_managed\_runner\_security\_group)| Enabling the default managed security group creation. Unmanaged security groups can be specified via `runner_additional_security_group_ids`. |`bool`|`true`| no |
461
462
| <aname="input_enable_organization_runners"></a> [enable\_organization\_runners](#input\_enable\_organization\_runners)| Register runners to organization, instead of repo level |`bool`|`false`| no |
462
463
| <aname="input_enable_runner_binaries_syncer"></a> [enable\_runner\_binaries\_syncer](#input\_enable\_runner\_binaries\_syncer)| Option to disable the lambda to sync GitHub runner distribution, useful when using a pre-build AMI. |`bool`|`true`| no |
463
464
| <aname="input_enable_runner_detailed_monitoring"></a> [enable\_runner\_detailed\_monitoring](#input\_enable\_runner\_detailed\_monitoring)| Should detailed monitoring be enabled for the runner. Set this to true if you want to use detailed monitoring. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch-new.html for details. |`bool`|`false`| no |
465
+
| <aname="input_enable_runner_workflow_job_labels_check_all"></a> [enable\_runner\_workflow\_job\_labels\_check\_all](#input\_enable\_runner\_workflow\_job\_labels\_check\_all)| If set to true all labels in the workflow job must match the GitHub labels (os, architecture and `self-hosted`). When false if __any__ label matches it will trigger the webhook. `runner_enable_workflow_job_labels_check` must be true for this to take effect. |`bool`|`true`| no |
464
466
| <aname="input_enable_ssm_on_runners"></a> [enable\_ssm\_on\_runners](#input\_enable\_ssm\_on\_runners)| Enable to allow access the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. |`bool`|`false`| no |
465
467
| <aname="input_enable_user_data_debug_logging_runner"></a> [enable\_user\_data\_debug\_logging\_runner](#input\_enable\_user\_data\_debug\_logging\_runner)| Option to enable debug logging for user-data, this logs all secrets as well. |`bool`|`false`| no |
466
468
| <aname="input_enable_userdata"></a> [enable\_userdata](#input\_enable\_userdata)| Should the userdata script be enabled for the runner. Set this to false if you are using your own prebuilt AMI. |`bool`|`true`| no |
467
469
| <aname="input_enable_workflow_job_events_queue"></a> [enable\_workflow\_job\_events\_queue](#input\_enable\_workflow\_job\_events\_queue)| Enabling this experimental feature will create a secondory sqs queue to wich a copy of the workflow\_job event will be delivered. |`bool`|`false`| no |
470
+
| <aname="input_enabled_userdata"></a> [enabled\_userdata](#input\_enabled\_userdata)| DEPCRECATED: Replaced by `enable_userdata`. |`string`|`null`| no |
468
471
| <aname="input_environment"></a> [environment](#input\_environment)| DEPRECATED, no longer used. See `prefix`|`string`|`null`| no |
469
-
| <aname="input_fifo_build_queue"></a> [fifo\_build\_queue](#input\_fifo\_build\_queue)|Enable a FIFO queue to remain the order of events received by the webhook. Suggest to set to true for repo level runners. |`bool`|`false`| no |
472
+
| <aname="input_fifo_build_queue"></a> [fifo\_build\_queue](#input\_fifo\_build\_queue)|DEPCRECATED: Replaced by `enable_fifo_build_queue`. |`string`|`null`| no |
470
473
| <aname="input_ghes_ssl_verify"></a> [ghes\_ssl\_verify](#input\_ghes\_ssl\_verify)| GitHub Enterprise SSL verification. Set to 'false' when custom certificate (chains) is used for GitHub Enterprise Server (insecure). |`bool`|`true`| no |
471
474
| <aname="input_ghes_url"></a> [ghes\_url](#input\_ghes\_url)| GitHub Enterprise Server URL. Example: https://github.internal.co - DO NOT SET IF USING PUBLIC GITHUB |`string`|`null`| no |
472
475
| <aname="input_github_app"></a> [github\_app](#input\_github\_app)| GitHub app parameters, see your github app. Ensure the key is the base64-encoded `.pem` file (the output of `base64 app.private-key.pem`, not the content of `private-key.pem`). | <pre>object({<br> key_base64 = string<br> id = string<br> webhook_secret = string<br> })</pre> | n/a | yes |
@@ -512,7 +515,7 @@ We welcome any improvement to the standard module to make the default as secure
512
515
| <aname="input_runner_boot_time_in_minutes"></a> [runner\_boot\_time\_in\_minutes](#input\_runner\_boot\_time\_in\_minutes)| The minimum time for an EC2 runner to boot and register as a runner. |`number`|`5`| no |
513
516
| <aname="input_runner_ec2_tags"></a> [runner\_ec2\_tags](#input\_runner\_ec2\_tags)| Map of tags that will be added to the launch template instance tag specifications. |`map(string)`|`{}`| no |
| <aname="input_runner_enable_workflow_job_labels_check_all"></a> [runner\_enable\_workflow\_job\_labels\_check\_all](#input\_runner\_enable\_workflow\_job\_labels\_check\_all)|If set to true all labels in the workflow job must match the GitHub labels (os, architecture and `self-hosted`). When false if __any__ label matches it will trigger the webhook. `runner_enable_workflow_job_labels_check` must be true for this to take effect. |`bool`|`true`| no |
518
+
| <aname="input_runner_enable_workflow_job_labels_check_all"></a> [runner\_enable\_workflow\_job\_labels\_check\_all](#input\_runner\_enable\_workflow\_job\_labels\_check\_all)|DEPCRECATED: Replaced by `enable_runner_workflow_job_labels_check_all`. |`string`|`null`| no |
516
519
| <aname="input_runner_extra_labels"></a> [runner\_extra\_labels](#input\_runner\_extra\_labels)| Extra (custom) labels for the runners (GitHub). Separate each label by a comma. Labels checks on the webhook can be enforced by setting `enable_workflow_job_labels_check`. GitHub read-only labels should not be provided. |`string`|`""`| no |
517
520
| <aname="input_runner_group_name"></a> [runner\_group\_name](#input\_runner\_group\_name)| Name of the runner group. |`string`|`"Default"`| no |
518
521
| <aname="input_runner_iam_role_managed_policy_arns"></a> [runner\_iam\_role\_managed\_policy\_arns](#input\_runner\_iam\_role\_managed\_policy\_arns)| Attach AWS or customer-managed IAM policies (by ARN) to the runner IAM role |`list(string)`|`[]`| no |
description="If set to true all labels in the workflow job must match the GitHub labels (os, architecture and `self-hosted`). When false if __any__ label matches it will trigger the webhook. `runner_enable_workflow_job_labels_check` must be true for this to take effect."
0 commit comments