fix: Amazon Linux 2/2023 support (#532)

- Fix EC2 provider support for Amazon Linux 2 and 2023 (missing CloudWatch agent)
- Add missing support for Amazon Linux 2023 all around
- Upgrade ECS cluster nodes to Amazon Linux 2023

Fix #530
Fix #531

src/image-builders/api.ts

@@ -28,7 +28,7 @@ export abstract class RunnerImageBuilder extends RunnerImageBuilderBase {
     }
 
     const os = props?.os ?? Os.LINUX_UBUNTU;
-    if (os.is(Os.LINUX_UBUNTU) || os.is(Os.LINUX_AMAZON_2) || os.is(Os.LINUX_AMAZON_2023)) {
+    if (os.isIn(Os._ALL_LINUX_VERSIONS)) {
       return new CodeBuildRunnerImageBuilder(scope, id, props);
     } else if (os.is(Os.WINDOWS)) {
       return new AwsImageBuilderRunnerImageBuilder(scope, id, props);

src/image-builders/aws-image-builder/ami.ts

@@ -113,6 +113,15 @@ export function defaultBaseAmi(scope: Construct, os: Os, architecture: Architect
     });
   }
 
+  if (os.is(Os.LINUX_AMAZON_2023)) {
+    return stack.formatArn({
+      service: 'imagebuilder',
+      resource: 'image',
+      account: 'aws',
+      resourceName: `amazon-linux-2023-${arch}/x.x.x`,
+    });
+  }
+
   if (os.is(Os.WINDOWS)) {
     return stack.formatArn({
       service: 'imagebuilder',

src/image-builders/aws-image-builder/builder.ts

@@ -351,7 +351,7 @@ export class AwsImageBuilderRunnerImageBuilder extends RunnerImageBuilderBase {
     if (this.os.is(Os.WINDOWS)) {
       return 'Windows';
     }
-    if (this.os.is(Os.LINUX_AMAZON_2) || this.os.is(Os.LINUX_UBUNTU)) {
+    if (this.os.isIn(Os._ALL_LINUX_VERSIONS)) {
       return 'Linux';
     }
     throw new Error(`OS ${this.os.name} is not supported by AWS Image Builder`);

src/image-builders/aws-image-builder/container.ts

@@ -102,6 +102,8 @@ export function defaultBaseDockerImage(os: Os) {
     return 'public.ecr.aws/lts/ubuntu:22.04';
   } else if (os.is(Os.LINUX_AMAZON_2)) {
     return 'public.ecr.aws/amazonlinux/amazonlinux:2';
+  } else if (os.is(Os.LINUX_AMAZON_2023)) {
+    return 'public.ecr.aws/amazonlinux/amazonlinux:2023';
   } else {
     throw new Error(`OS ${os.name} not supported for Docker runner image`);
   }

src/image-builders/aws-image-builder/deprecated/common.ts

@@ -46,7 +46,7 @@ export abstract class ImageBuilderBase extends Construct implements IRunnerImage
     // platform
     if (this.os.is(Os.WINDOWS)) {
       this.platform = 'Windows';
-    } else if (this.os.is(Os.LINUX) || this.os.is(Os.LINUX_UBUNTU) || this.os.is(Os.LINUX_UBUNTU)) {
+    } else if (this.os.isIn(Os._ALL_LINUX_VERSIONS)) {
       this.platform = 'Linux';
     } else {
       throw new Error(`Unsupported OS: ${this.os.name}.`);

src/image-builders/codebuild.ts

@@ -192,7 +192,7 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase {
   }
 
   private getDefaultBuildImage(): codebuild.IBuildImage {
-    if (this.os.is(Os.LINUX_UBUNTU) || this.os.is(Os.LINUX_AMAZON_2) || this.os.is(Os.LINUX_AMAZON_2023) || this.os.is(Os.LINUX)) {
+    if (this.os.isIn(Os._ALL_LINUX_VERSIONS)) {
       // CodeBuild just runs `docker build` so its OS doesn't really matter
       if (this.architecture.is(Architecture.X86_64)) {
         return codebuild.LinuxBuildImage.AMAZON_LINUX_2_5;

src/image-builders/components.ts

@@ -97,12 +97,12 @@ export abstract class RunnerImageComponent {
         } else if (os.is(Os.LINUX_AMAZON_2)) {
           return [
             'yum update -y',
-            'yum install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils',
+            'yum install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils amazon-cloudwatch-agent',
           ];
         } else if (os.is(Os.LINUX_AMAZON_2023)) {
           return [
             'dnf upgrade -y',
-            'dnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils',
+            'dnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils amazon-cloudwatch-agent',
           ];
         } else if (os.is(Os.WINDOWS)) {
           return [
@@ -371,10 +371,18 @@ export abstract class RunnerImageComponent {
         } else if (os.is(Os.LINUX_AMAZON_2)) {
           return [
             'yum install -y docker',
+            'sudo usermod -a -G docker runner',
+            'curl -sfLo /usr/bin/docker-compose https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s | tr \'[:upper:]\' \'[:lower:]\')-$(uname -m)',
+            'chmod +x /usr/bin/docker-compose',
+            'ln -s /usr/bin/docker-compose /usr/libexec/docker/cli-plugins/docker-compose',
           ];
         } else if (os.is(Os.LINUX_AMAZON_2023)) {
           return [
             'dnf install -y docker',
+            'sudo usermod -a -G docker runner',
+            'curl -sfLo /usr/bin/docker-compose https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s | tr \'[:upper:]\' \'[:lower:]\')-$(uname -m)',
+            'chmod +x /usr/bin/docker-compose',
+            'ln -s /usr/bin/docker-compose /usr/libexec/docker/cli-plugins/docker-compose',
           ];
         } else if (os.is(Os.WINDOWS)) {
           return [

src/providers/codebuild.ts

@@ -293,7 +293,7 @@ export class CodeBuildRunnerProvider extends BaseProvider implements IRunnerProv
 
     // choose build image
     let buildImage: codebuild.IBuildImage | undefined;
-    if (image.os.is(Os.LINUX) || image.os.is(Os.LINUX_UBUNTU) || image.os.is(Os.LINUX_AMAZON_2)) {
+    if (image.os.isIn(Os._ALL_LINUX_VERSIONS)) {
       if (image.architecture.is(Architecture.X86_64)) {
         buildImage = codebuild.LinuxBuildImage.fromEcrRepository(image.imageRepository, image.imageTag);
       } else if (image.architecture.is(Architecture.ARM64)) {

src/providers/common.ts

@@ -114,7 +114,7 @@ export class Os {
   /**
   * Linux
   *
-  * @deprecated use {@link LINUX_UBUNTU} or {@link LINUX_AMAZON_2}
+  * @deprecated use {@link LINUX_UBUNTU} or {@link LINUX_AMAZON_2} or {@link LINUX_AMAZON_2023}
   */
   public static readonly LINUX = Os.of('Linux');
 
@@ -133,6 +133,11 @@ export class Os {
    */
   public static readonly LINUX_AMAZON_2023 = Os.of('Amazon Linux 2023');
 
+  /**
+   * @internal
+   */
+  public static readonly _ALL_LINUX_VERSIONS = [Os.LINUX, Os.LINUX_UBUNTU, Os.LINUX_AMAZON_2, Os.LINUX_AMAZON_2023];
+
   /**
   * Windows
   */

src/providers/ecs.ts

@@ -459,15 +459,15 @@ export class EcsRunnerProvider extends BaseProvider implements IRunnerProvider {
     let ssmPath: string;
     let found = false;
 
-    if (this.image.os.is(Os.LINUX) || this.image.os.is(Os.LINUX_UBUNTU) || this.image.os.is(Os.LINUX_AMAZON_2)) {
+    if (this.image.os.isIn(Os._ALL_LINUX_VERSIONS)) {
       if (this.image.architecture.is(Architecture.X86_64)) {
         baseImage = ecs.EcsOptimizedImage.amazonLinux2(ecs.AmiHardwareType.STANDARD);
-        ssmPath = '/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id';
+        ssmPath = '/aws/service/ecs/optimized-ami/amazon-linux-2023/recommended/image_id';
         found = true;
       }
       if (this.image.architecture.is(Architecture.ARM64)) {
         baseImage = ecs.EcsOptimizedImage.amazonLinux2(ecs.AmiHardwareType.ARM);
-        ssmPath = '/aws/service/ecs/optimized-ami/amazon-linux-2/arm64/recommended/image_id';
+        ssmPath = '/aws/service/ecs/optimized-ami/amazon-linux-2023/arm64/recommended/image_id';
         found = true;
       }
     }
@@ -547,7 +547,7 @@ export class EcsRunnerProvider extends BaseProvider implements IRunnerProvider {
         cluster: this.cluster,
         launchTarget: new EcsEc2LaunchTarget({
           capacityProvider: this.capacityProvider.capacityProviderName,
-          enableExecute: this.image.os.is(Os.LINUX) || this.image.os.is(Os.LINUX_UBUNTU) || this.image.os.is(Os.LINUX_AMAZON_2),
+          enableExecute: this.image.os.isIn(Os._ALL_LINUX_VERSIONS),
         }),
         assignPublicIp: this.assignPublicIp,
         containerOverrides: [

src/providers/fargate.ts

@@ -202,7 +202,7 @@ class EcsFargateLaunchTarget implements stepfunctions_tasks.IEcsLaunchTarget {
  * @internal
  */
 export function ecsRunCommand(os: Os, dind: boolean): string[] {
-  if (os.is(Os.LINUX) || os.is(Os.LINUX_UBUNTU) || os.is(Os.LINUX_AMAZON_2)) {
+  if (os.isIn(Os._ALL_LINUX_VERSIONS)) {
     let dindCommand = '';
     if (dind) {
       dindCommand = 'nohup sudo dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2 & ' +
@@ -399,7 +399,7 @@ export class FargateRunnerProvider extends BaseProvider implements IRunnerProvid
     }
 
     let os: ecs.OperatingSystemFamily;
-    if (image.os.is(Os.LINUX) || image.os.is(Os.LINUX_UBUNTU) || image.os.is(Os.LINUX_AMAZON_2)) {
+    if (image.os.isIn(Os._ALL_LINUX_VERSIONS)) {
       os = ecs.OperatingSystemFamily.LINUX;
     } else if (image.os.is(Os.WINDOWS)) {
       os = ecs.OperatingSystemFamily.WINDOWS_SERVER_2019_CORE;
@@ -464,7 +464,7 @@ export class FargateRunnerProvider extends BaseProvider implements IRunnerProvid
         cluster: this.cluster,
         launchTarget: new EcsFargateLaunchTarget({
           spot: this.spot,
-          enableExecute: this.image.os.is(Os.LINUX) || this.image.os.is(Os.LINUX_UBUNTU) || this.image.os.is(Os.LINUX_AMAZON_2),
+          enableExecute: this.image.os.isIn(Os._ALL_LINUX_VERSIONS),
         }),
         subnets: this.subnetSelection,
         assignPublicIp: this.assignPublicIp,

src/providers/lambda.ts

@@ -243,7 +243,7 @@ export class LambdaRunnerProvider extends BaseProvider implements IRunnerProvide
     const image = this.image = imageBuilder.bindDockerImage();
 
     let architecture: lambda.Architecture | undefined;
-    if (image.os.is(Os.LINUX_AMAZON_2) || image.os.is(Os.LINUX_AMAZON_2023) || image.os.is(Os.LINUX_UBUNTU)) {
+    if (image.os.isIn(Os._ALL_LINUX_VERSIONS)) {
       if (image.architecture.is(Architecture.X86_64)) {
         architecture = lambda.Architecture.X86_64;
       }

test/default.integ.snapshot/github-runners-test.assets.json

@@ -235,15 +235,15 @@
         }
       }
     },
-    "c778a1355556a7931c74bf18556e58cfff5dd5111b4157913931d869afcf4877": {
+    "e0a2b1d424418d59ce339e3fc6ec13297efe609e1c74984a369f871a521ac8ad": {
       "source": {
         "path": "github-runners-test.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "c778a1355556a7931c74bf18556e58cfff5dd5111b4157913931d869afcf4877.json",
+          "objectKey": "e0a2b1d424418d59ce339e3fc6ec13297efe609e1c74984a369f871a521ac8ad.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }