From 79eb717ec3408192ea07f0851084f60702f3a412 Mon Sep 17 00:00:00 2001 From: "cattle-ops-releaser[bot]" <126345536+cattle-ops-releaser[bot]@users.noreply.github.com> Date: Thu, 2 Mar 2023 16:46:41 +0100 Subject: [PATCH] chore(main): release 6.1.0 (#727) * chore(main): release 6.1.0 Signed-off-by: Niek Palm * chore: Add permission content write * docs: auto update terraform docs --------- Signed-off-by: Niek Palm Co-authored-by: cattle-ops-releaser[bot] <126345536+cattle-ops-releaser[bot]@users.noreply.github.com> Co-authored-by: Niek Palm Co-authored-by: github-actions[bot] --- .github/workflows/update_docs.yml | 2 ++ CHANGELOG.md | 14 +++++++++ README.md | 4 ++- examples/runner-certificates/README.md | 43 ++++++++++++++++++++++++++ examples/runner-default/README.md | 10 +++--- examples/runner-docker/README.md | 8 ++--- examples/runner-multi-region/README.md | 2 +- examples/runner-public/README.md | 8 ++--- modules/terminate-agent-hook/README.md | 4 +++ 9 files changed, 80 insertions(+), 15 deletions(-) diff --git a/.github/workflows/update_docs.yml b/.github/workflows/update_docs.yml index 68b6a8e7e..ee4cb4137 100644 --- a/.github/workflows/update_docs.yml +++ b/.github/workflows/update_docs.yml @@ -9,6 +9,8 @@ jobs: # update docs after merge back to develop name: Auto update terraform docs runs-on: ubuntu-latest + permissions: + contents: write steps: - name: Checkout branch uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3 diff --git a/CHANGELOG.md b/CHANGELOG.md index 3145ab9a6..ca2a450bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,19 @@ # Changelog +## [6.1.0](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/6.0.0...6.1.0) (2023-03-02) + + +### Features + +* cancel spot requests ([#653](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/653)) ([f1b4f4a](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/f1b4f4a227e9a02103225433aeb4a7b5ac261e4d)), closes [#493](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/493) +* remove unused SSH keys ([#652](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/652)) ([3151807](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/31518079674cc6195e18a5bfe7641a1e50087a30)), closes [#592](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/592) +* support self-signed certificates ([#584](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/584)) ([6c1180e](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/6c1180e8645bc3685727e25f2a2e64ab8f65c2df)) + + +### Bug Fixes + +* always add policy to maintain SSM parameters ([#510](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/510)) ([59e2d6e](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/59e2d6e1a168bd5077978de7afaca50b1c49b9bf)) + ## [6.0.0](https://github.com/npalm/terraform-aws-gitlab-runner/compare/5.9.1...6.0.0) (2023-02-26) diff --git a/README.md b/README.md index 8ad89fd90..59902a01c 100644 --- a/README.md +++ b/README.md @@ -478,7 +478,7 @@ Made with [contributors-img](https://contrib.rocks). | [enable\_docker\_machine\_ssm\_access](#input\_enable\_docker\_machine\_ssm\_access) | Add IAM policies to the docker-machine instances to connect via the Session Manager. | `bool` | `false` | no | | [enable\_eip](#input\_enable\_eip) | Enable the assignment of an EIP to the gitlab runner instance | `bool` | `false` | no | | [enable\_kms](#input\_enable\_kms) | Let the module manage a KMS key, logs will be encrypted via KMS. Be-aware of the costs of an custom key. | `bool` | `false` | no | -| [enable\_manage\_gitlab\_token](#input\_enable\_manage\_gitlab\_token) | (Deprecated and ignored) Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | `bool` | `true` | no | +| [enable\_manage\_gitlab\_token](#input\_enable\_manage\_gitlab\_token) | (Deprecated) Boolean to enable the management of the GitLab token in SSM. If `true` the token will be stored in SSM, which means the SSM property is a terraform managed resource. If `false` the Gitlab token will be stored in the SSM by the user-data script during creation of the the instance. However the SSM parameter is not managed by terraform and will remain in SSM after a `terraform destroy`. | `bool` | `null` | no | | [enable\_ping](#input\_enable\_ping) | Allow ICMP Ping to the ec2 instances. | `bool` | `false` | no | | [enable\_runner\_ssm\_access](#input\_enable\_runner\_ssm\_access) | Add IAM policies to the runner agent instance to connect via the Session Manager. | `bool` | `false` | no | | [enable\_runner\_user\_data\_trace\_log](#input\_enable\_runner\_user\_data\_trace\_log) | Enable bash xtrace for the user data script that creates the EC2 instance for the runner agent. Be aware this could log sensitive data such as you GitLab runner token. | `bool` | `true` | no | @@ -516,6 +516,7 @@ Made with [contributors-img](https://contrib.rocks). | [runner\_yum\_update](#input\_runner\_yum\_update) | Run a yum update as part of starting the runner | `bool` | `true` | no | | [runners\_add\_dind\_volumes](#input\_runners\_add\_dind\_volumes) | Add certificates and docker.sock to the volumes to support docker-in-docker (dind) | `bool` | `false` | no | | [runners\_additional\_volumes](#input\_runners\_additional\_volumes) | Additional volumes that will be used in the runner config.toml, e.g Docker socket | `list(any)` | `[]` | no | +| [runners\_ca\_certificate](#input\_runners\_ca\_certificate) | Trusted CA certificate bundle. Example: `file("${path.module}/ca.crt")` | `string` | `""` | no | | [runners\_check\_interval](#input\_runners\_check\_interval) | defines the interval length, in seconds, between new jobs check. | `number` | `3` | no | | [runners\_clone\_url](#input\_runners\_clone\_url) | Overwrites the URL for the GitLab instance. Use only if the runner can’t connect to the GitLab URL. | `string` | `""` | no | | [runners\_concurrent](#input\_runners\_concurrent) | Concurrent value for the runners, will be used in the runner config.toml. | `number` | `10` | no | @@ -527,6 +528,7 @@ Made with [contributors-img](https://contrib.rocks). | [runners\_environment\_vars](#input\_runners\_environment\_vars) | Environment variables during build execution, e.g. KEY=Value, see runner-public example. Will be used in the runner config.toml | `list(string)` | `[]` | no | | [runners\_executor](#input\_runners\_executor) | The executor to use. Currently supports `docker+machine` or `docker`. | `string` | `"docker+machine"` | no | | [runners\_extra\_hosts](#input\_runners\_extra\_hosts) | Extra hosts that will be used in the runner config.toml, e.g other-host:127.0.0.1 | `list(any)` | `[]` | no | +| [runners\_gitlab\_certificate](#input\_runners\_gitlab\_certificate) | Certificate of the GitLab instance to connect to. Example: `file("${path.module}/my-gitlab.crt")` | `string` | `""` | no | | [runners\_gitlab\_url](#input\_runners\_gitlab\_url) | URL of the GitLab instance to connect to. | `string` | n/a | yes | | [runners\_helper\_image](#input\_runners\_helper\_image) | Overrides the default helper image used to clone repos and upload artifacts, will be used in the runner config.toml | `string` | `""` | no | | [runners\_iam\_instance\_profile\_name](#input\_runners\_iam\_instance\_profile\_name) | IAM instance profile name of the runners, will be used in the runner config.toml | `string` | `""` | no | diff --git a/examples/runner-certificates/README.md b/examples/runner-certificates/README.md index a0f2ea03b..9e8ddd2e0 100644 --- a/examples/runner-certificates/README.md +++ b/examples/runner-certificates/README.md @@ -117,4 +117,47 @@ module { ``` +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1 | +| [aws](#requirement\_aws) | ~> 4.7 | +| [local](#requirement\_local) | ~> 2 | +| [null](#requirement\_null) | ~> 3.0 | +| [random](#requirement\_random) | ~> 3.0 | +| [tls](#requirement\_tls) | ~> 3 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | ~> 4.7 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [runner](#module\_runner) | ../../ | n/a | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 2.70 | + +## Resources + +| Name | Type | +|------|------| +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [aws\_region](#input\_aws\_region) | AWS region. | `string` | `"eu-west-1"` | no | +| [environment](#input\_environment) | A name that identifies the environment, will used as prefix and for tagging. | `string` | `"runners-docker"` | no | +| [gitlab\_url](#input\_gitlab\_url) | URL of the gitlab instance to connect to. | `string` | `"https://gitlab.com"` | no | +| [registration\_token](#input\_registration\_token) | Gitlab runner registration token | `string` | `"something"` | no | +| [runner\_name](#input\_runner\_name) | Name of the runner, will be used in the runner config.toml | `string` | `"docker"` | no | + +## Outputs + +No outputs. \ No newline at end of file diff --git a/examples/runner-default/README.md b/examples/runner-default/README.md index 04cd1e9ec..dbbc224b3 100644 --- a/examples/runner-default/README.md +++ b/examples/runner-default/README.md @@ -45,7 +45,7 @@ No output. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1 | -| [aws](#requirement\_aws) | 4.55.0 | +| [aws](#requirement\_aws) | 4.56.0 | | [local](#requirement\_local) | 2.3.0 | | [null](#requirement\_null) | 3.2.1 | | [random](#requirement\_random) | 3.4.3 | @@ -55,7 +55,7 @@ No output. | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.55.0 | +| [aws](#provider\_aws) | 4.56.0 | ## Modules @@ -69,8 +69,8 @@ No output. | Name | Type | |------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/data-sources/availability_zones) | data source | -| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/data-sources/security_group) | data source | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/data-sources/availability_zones) | data source | +| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/data-sources/security_group) | data source | ## Inputs @@ -79,7 +79,7 @@ No output. | [aws\_region](#input\_aws\_region) | AWS region. | `string` | `"eu-west-1"` | no | | [environment](#input\_environment) | A name that identifies the environment, will used as prefix and for tagging. | `string` | `"runners-default"` | no | | [gitlab\_url](#input\_gitlab\_url) | URL of the gitlab instance to connect to. | `string` | `"https://gitlab.com"` | no | -| [registration\_token](#input\_registration\_token) | n/a | `any` | n/a | yes | +| [registration\_token](#input\_registration\_token) | Registration token for the runner. | `string` | n/a | yes | | [runner\_name](#input\_runner\_name) | Name of the runner, will be used in the runner config.toml | `string` | `"default-auto"` | no | | [timezone](#input\_timezone) | Name of the timezone that the runner will be used in. | `string` | `"Europe/Amsterdam"` | no | diff --git a/examples/runner-docker/README.md b/examples/runner-docker/README.md index 79d58b147..f2d627d0a 100644 --- a/examples/runner-docker/README.md +++ b/examples/runner-docker/README.md @@ -47,7 +47,7 @@ No output. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1 | -| [aws](#requirement\_aws) | 4.55.0 | +| [aws](#requirement\_aws) | 4.56.0 | | [local](#requirement\_local) | 2.3.0 | | [null](#requirement\_null) | 3.2.1 | | [random](#requirement\_random) | 3.4.3 | @@ -57,7 +57,7 @@ No output. | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.55.0 | +| [aws](#provider\_aws) | 4.56.0 | ## Modules @@ -71,7 +71,7 @@ No output. | Name | Type | |------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/data-sources/availability_zones) | data source | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/data-sources/availability_zones) | data source | ## Inputs @@ -80,7 +80,7 @@ No output. | [aws\_region](#input\_aws\_region) | AWS region. | `string` | `"eu-west-1"` | no | | [environment](#input\_environment) | A name that identifies the environment, will used as prefix and for tagging. | `string` | `"runners-docker"` | no | | [gitlab\_url](#input\_gitlab\_url) | URL of the gitlab instance to connect to. | `string` | `"https://gitlab.com"` | no | -| [registration\_token](#input\_registration\_token) | n/a | `any` | n/a | yes | +| [registration\_token](#input\_registration\_token) | Registration token for the runner. | `string` | n/a | yes | | [runner\_name](#input\_runner\_name) | Name of the runner, will be used in the runner config.toml | `string` | `"docker"` | no | ## Outputs diff --git a/examples/runner-multi-region/README.md b/examples/runner-multi-region/README.md index 9395c05ac..6a804244a 100644 --- a/examples/runner-multi-region/README.md +++ b/examples/runner-multi-region/README.md @@ -124,7 +124,7 @@ No output. | [aws\_main\_region](#input\_aws\_main\_region) | Main AWS region to deploy to. | `string` | `"eu-west-1"` | no | | [environment](#input\_environment) | A name that identifies the environment, will used as prefix and for tagging. | `string` | `"runner-public"` | no | | [gitlab\_url](#input\_gitlab\_url) | URL of the gitlab instance to connect to. | `string` | `"https://gitlab.com"` | no | -| [registration\_token](#input\_registration\_token) | n/a | `any` | n/a | yes | +| [registration\_token](#input\_registration\_token) | Registration token for the runner. | `string` | n/a | yes | | [runner\_name](#input\_runner\_name) | Name of the runner, will be used in the runner config.toml | `string` | `"public-auto"` | no | ## Outputs diff --git a/examples/runner-public/README.md b/examples/runner-public/README.md index 0b6241661..0e04fbc23 100644 --- a/examples/runner-public/README.md +++ b/examples/runner-public/README.md @@ -46,7 +46,7 @@ No output. | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1 | -| [aws](#requirement\_aws) | 4.55.0 | +| [aws](#requirement\_aws) | 4.56.0 | | [local](#requirement\_local) | 2.3.0 | | [null](#requirement\_null) | 3.2.1 | | [random](#requirement\_random) | 3.4.3 | @@ -56,7 +56,7 @@ No output. | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.55.0 | +| [aws](#provider\_aws) | 4.56.0 | ## Modules @@ -71,7 +71,7 @@ No output. | Name | Type | |------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.55.0/docs/data-sources/availability_zones) | data source | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.56.0/docs/data-sources/availability_zones) | data source | ## Inputs @@ -80,7 +80,7 @@ No output. | [aws\_region](#input\_aws\_region) | AWS region. | `string` | `"eu-west-1"` | no | | [environment](#input\_environment) | A name that identifies the environment, will used as prefix and for tagging. | `string` | `"runner-public"` | no | | [gitlab\_url](#input\_gitlab\_url) | URL of the gitlab instance to connect to. | `string` | `"https://gitlab.com"` | no | -| [registration\_token](#input\_registration\_token) | n/a | `any` | n/a | yes | +| [registration\_token](#input\_registration\_token) | Registration token for the runner. | `string` | n/a | yes | | [runner\_name](#input\_runner\_name) | Name of the runner, will be used in the runner config.toml | `string` | `"public-auto"` | no | ## Outputs diff --git a/modules/terminate-agent-hook/README.md b/modules/terminate-agent-hook/README.md index 43383c4e8..01dcf05b1 100644 --- a/modules/terminate-agent-hook/README.md +++ b/modules/terminate-agent-hook/README.md @@ -127,8 +127,10 @@ No modules. | [aws_cloudwatch_event_target.terminate_instances](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource | | [aws_cloudwatch_log_group.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource | | [aws_iam_policy.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.spot_request_housekeeping](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy_attachment.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.spot_request_housekeeping](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_lambda_function.terminate_runner_instances](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource | | [aws_lambda_permission.current_version_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | | [aws_lambda_permission.unqualified_alias_triggers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | @@ -136,6 +138,7 @@ No modules. | [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.spot_request_housekeeping](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | | [aws_region.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | @@ -151,6 +154,7 @@ No modules. | [environment](#input\_environment) | A name that identifies the environment, used as a name prefix and for tagging. | `string` | n/a | yes | | [kms\_key\_id](#input\_kms\_key\_id) | KMS key id to encrypted the CloudWatch logs. Ensure CloudWatch has access to the provided KMS key. | `string` | n/a | yes | | [name](#input\_name) | The name of the Lambda function to create. The 'environment' will be prefixed to this. | `string` | n/a | yes | +| [name\_docker\_machine\_runners](#input\_name\_docker\_machine\_runners) | The `Name` tag of EC2 instances created by the runner agent. | `string` | n/a | yes | | [name\_iam\_objects](#input\_name\_iam\_objects) | The name to use for IAM resources - roles and policies. | `string` | `""` | no | | [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | An optional IAM permissions boundary to use when creating IAM roles. | `string` | `null` | no | | [tags](#input\_tags) | Map of tags to apply to resources. | `map(any)` | `{}` | no |