From 2927297ab432f3a84c1c2ba7cc45096dd43f01b6 Mon Sep 17 00:00:00 2001 From: Amir Szekely Date: Wed, 10 Apr 2024 13:58:27 -0400 Subject: [PATCH] fix: Amazon Linux 2/2023 support (#532) - Fix EC2 provider support for Amazon Linux 2 and 2023 (missing CloudWatch agent) - Add missing support for Amazon Linux 2023 all around - Upgrade ECS cluster nodes to Amazon Linux 2023 Fix #530 Fix #531 --- API.md | 2 +- src/image-builders/api.ts | 2 +- src/image-builders/aws-image-builder/ami.ts | 9 +++++++++ src/image-builders/aws-image-builder/builder.ts | 2 +- src/image-builders/aws-image-builder/container.ts | 2 ++ .../aws-image-builder/deprecated/common.ts | 2 +- src/image-builders/codebuild.ts | 2 +- src/image-builders/components.ts | 12 ++++++++++-- src/providers/codebuild.ts | 2 +- src/providers/common.ts | 7 ++++++- src/providers/ecs.ts | 8 ++++---- src/providers/fargate.ts | 6 +++--- src/providers/lambda.ts | 2 +- .../github-runners-test.assets.json | 4 ++-- .../github-runners-test.template.json | 12 ++++++------ 15 files changed, 49 insertions(+), 25 deletions(-) diff --git a/API.md b/API.md index befcccde..3ed289bb 100644 --- a/API.md +++ b/API.md @@ -8824,7 +8824,7 @@ public readonly name: string; ##### ~~`LINUX`~~Required -- *Deprecated:* use {@link LINUX_UBUNTU } or {@link LINUX_AMAZON_2 } +- *Deprecated:* use {@link LINUX_UBUNTU } or {@link LINUX_AMAZON_2 } or {@link LINUX_AMAZON_2023 } ```typescript public readonly LINUX: Os; diff --git a/src/image-builders/api.ts b/src/image-builders/api.ts index 597235ee..41c4531b 100644 --- a/src/image-builders/api.ts +++ b/src/image-builders/api.ts @@ -28,7 +28,7 @@ export abstract class RunnerImageBuilder extends RunnerImageBuilderBase { } const os = props?.os ?? Os.LINUX_UBUNTU; - if (os.is(Os.LINUX_UBUNTU) || os.is(Os.LINUX_AMAZON_2) || os.is(Os.LINUX_AMAZON_2023)) { + if (os.isIn(Os._ALL_LINUX_VERSIONS)) { return new CodeBuildRunnerImageBuilder(scope, id, props); } else if (os.is(Os.WINDOWS)) { return new AwsImageBuilderRunnerImageBuilder(scope, id, props); diff --git a/src/image-builders/aws-image-builder/ami.ts b/src/image-builders/aws-image-builder/ami.ts index 0f62fa1e..f61395e8 100644 --- a/src/image-builders/aws-image-builder/ami.ts +++ b/src/image-builders/aws-image-builder/ami.ts @@ -113,6 +113,15 @@ export function defaultBaseAmi(scope: Construct, os: Os, architecture: Architect }); } + if (os.is(Os.LINUX_AMAZON_2023)) { + return stack.formatArn({ + service: 'imagebuilder', + resource: 'image', + account: 'aws', + resourceName: `amazon-linux-2023-${arch}/x.x.x`, + }); + } + if (os.is(Os.WINDOWS)) { return stack.formatArn({ service: 'imagebuilder', diff --git a/src/image-builders/aws-image-builder/builder.ts b/src/image-builders/aws-image-builder/builder.ts index 40050dcb..c1c69b66 100644 --- a/src/image-builders/aws-image-builder/builder.ts +++ b/src/image-builders/aws-image-builder/builder.ts @@ -351,7 +351,7 @@ export class AwsImageBuilderRunnerImageBuilder extends RunnerImageBuilderBase { if (this.os.is(Os.WINDOWS)) { return 'Windows'; } - if (this.os.is(Os.LINUX_AMAZON_2) || this.os.is(Os.LINUX_UBUNTU)) { + if (this.os.isIn(Os._ALL_LINUX_VERSIONS)) { return 'Linux'; } throw new Error(`OS ${this.os.name} is not supported by AWS Image Builder`); diff --git a/src/image-builders/aws-image-builder/container.ts b/src/image-builders/aws-image-builder/container.ts index 1a007e99..0ca7ad6d 100644 --- a/src/image-builders/aws-image-builder/container.ts +++ b/src/image-builders/aws-image-builder/container.ts @@ -102,6 +102,8 @@ export function defaultBaseDockerImage(os: Os) { return 'public.ecr.aws/lts/ubuntu:22.04'; } else if (os.is(Os.LINUX_AMAZON_2)) { return 'public.ecr.aws/amazonlinux/amazonlinux:2'; + } else if (os.is(Os.LINUX_AMAZON_2023)) { + return 'public.ecr.aws/amazonlinux/amazonlinux:2023'; } else { throw new Error(`OS ${os.name} not supported for Docker runner image`); } diff --git a/src/image-builders/aws-image-builder/deprecated/common.ts b/src/image-builders/aws-image-builder/deprecated/common.ts index 9c370b88..3b210786 100644 --- a/src/image-builders/aws-image-builder/deprecated/common.ts +++ b/src/image-builders/aws-image-builder/deprecated/common.ts @@ -46,7 +46,7 @@ export abstract class ImageBuilderBase extends Construct implements IRunnerImage // platform if (this.os.is(Os.WINDOWS)) { this.platform = 'Windows'; - } else if (this.os.is(Os.LINUX) || this.os.is(Os.LINUX_UBUNTU) || this.os.is(Os.LINUX_UBUNTU)) { + } else if (this.os.isIn(Os._ALL_LINUX_VERSIONS)) { this.platform = 'Linux'; } else { throw new Error(`Unsupported OS: ${this.os.name}.`); diff --git a/src/image-builders/codebuild.ts b/src/image-builders/codebuild.ts index 5f0ad325..827ccc94 100644 --- a/src/image-builders/codebuild.ts +++ b/src/image-builders/codebuild.ts @@ -192,7 +192,7 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { } private getDefaultBuildImage(): codebuild.IBuildImage { - if (this.os.is(Os.LINUX_UBUNTU) || this.os.is(Os.LINUX_AMAZON_2) || this.os.is(Os.LINUX_AMAZON_2023) || this.os.is(Os.LINUX)) { + if (this.os.isIn(Os._ALL_LINUX_VERSIONS)) { // CodeBuild just runs `docker build` so its OS doesn't really matter if (this.architecture.is(Architecture.X86_64)) { return codebuild.LinuxBuildImage.AMAZON_LINUX_2_5; diff --git a/src/image-builders/components.ts b/src/image-builders/components.ts index 1081eb34..98d3964f 100644 --- a/src/image-builders/components.ts +++ b/src/image-builders/components.ts @@ -97,12 +97,12 @@ export abstract class RunnerImageComponent { } else if (os.is(Os.LINUX_AMAZON_2)) { return [ 'yum update -y', - 'yum install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils', + 'yum install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils amazon-cloudwatch-agent', ]; } else if (os.is(Os.LINUX_AMAZON_2023)) { return [ 'dnf upgrade -y', - 'dnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils', + 'dnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils amazon-cloudwatch-agent', ]; } else if (os.is(Os.WINDOWS)) { return [ @@ -371,10 +371,18 @@ export abstract class RunnerImageComponent { } else if (os.is(Os.LINUX_AMAZON_2)) { return [ 'yum install -y docker', + 'sudo usermod -a -G docker runner', + 'curl -sfLo /usr/bin/docker-compose https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s | tr \'[:upper:]\' \'[:lower:]\')-$(uname -m)', + 'chmod +x /usr/bin/docker-compose', + 'ln -s /usr/bin/docker-compose /usr/libexec/docker/cli-plugins/docker-compose', ]; } else if (os.is(Os.LINUX_AMAZON_2023)) { return [ 'dnf install -y docker', + 'sudo usermod -a -G docker runner', + 'curl -sfLo /usr/bin/docker-compose https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s | tr \'[:upper:]\' \'[:lower:]\')-$(uname -m)', + 'chmod +x /usr/bin/docker-compose', + 'ln -s /usr/bin/docker-compose /usr/libexec/docker/cli-plugins/docker-compose', ]; } else if (os.is(Os.WINDOWS)) { return [ diff --git a/src/providers/codebuild.ts b/src/providers/codebuild.ts index 7e29303f..e5b943a7 100644 --- a/src/providers/codebuild.ts +++ b/src/providers/codebuild.ts @@ -293,7 +293,7 @@ export class CodeBuildRunnerProvider extends BaseProvider implements IRunnerProv // choose build image let buildImage: codebuild.IBuildImage | undefined; - if (image.os.is(Os.LINUX) || image.os.is(Os.LINUX_UBUNTU) || image.os.is(Os.LINUX_AMAZON_2)) { + if (image.os.isIn(Os._ALL_LINUX_VERSIONS)) { if (image.architecture.is(Architecture.X86_64)) { buildImage = codebuild.LinuxBuildImage.fromEcrRepository(image.imageRepository, image.imageTag); } else if (image.architecture.is(Architecture.ARM64)) { diff --git a/src/providers/common.ts b/src/providers/common.ts index 618e5543..e74d8699 100644 --- a/src/providers/common.ts +++ b/src/providers/common.ts @@ -114,7 +114,7 @@ export class Os { /** * Linux * - * @deprecated use {@link LINUX_UBUNTU} or {@link LINUX_AMAZON_2} + * @deprecated use {@link LINUX_UBUNTU} or {@link LINUX_AMAZON_2} or {@link LINUX_AMAZON_2023} */ public static readonly LINUX = Os.of('Linux'); @@ -133,6 +133,11 @@ export class Os { */ public static readonly LINUX_AMAZON_2023 = Os.of('Amazon Linux 2023'); + /** + * @internal + */ + public static readonly _ALL_LINUX_VERSIONS = [Os.LINUX, Os.LINUX_UBUNTU, Os.LINUX_AMAZON_2, Os.LINUX_AMAZON_2023]; + /** * Windows */ diff --git a/src/providers/ecs.ts b/src/providers/ecs.ts index 383943c0..98d9f129 100644 --- a/src/providers/ecs.ts +++ b/src/providers/ecs.ts @@ -459,15 +459,15 @@ export class EcsRunnerProvider extends BaseProvider implements IRunnerProvider { let ssmPath: string; let found = false; - if (this.image.os.is(Os.LINUX) || this.image.os.is(Os.LINUX_UBUNTU) || this.image.os.is(Os.LINUX_AMAZON_2)) { + if (this.image.os.isIn(Os._ALL_LINUX_VERSIONS)) { if (this.image.architecture.is(Architecture.X86_64)) { baseImage = ecs.EcsOptimizedImage.amazonLinux2(ecs.AmiHardwareType.STANDARD); - ssmPath = '/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id'; + ssmPath = '/aws/service/ecs/optimized-ami/amazon-linux-2023/recommended/image_id'; found = true; } if (this.image.architecture.is(Architecture.ARM64)) { baseImage = ecs.EcsOptimizedImage.amazonLinux2(ecs.AmiHardwareType.ARM); - ssmPath = '/aws/service/ecs/optimized-ami/amazon-linux-2/arm64/recommended/image_id'; + ssmPath = '/aws/service/ecs/optimized-ami/amazon-linux-2023/arm64/recommended/image_id'; found = true; } } @@ -547,7 +547,7 @@ export class EcsRunnerProvider extends BaseProvider implements IRunnerProvider { cluster: this.cluster, launchTarget: new EcsEc2LaunchTarget({ capacityProvider: this.capacityProvider.capacityProviderName, - enableExecute: this.image.os.is(Os.LINUX) || this.image.os.is(Os.LINUX_UBUNTU) || this.image.os.is(Os.LINUX_AMAZON_2), + enableExecute: this.image.os.isIn(Os._ALL_LINUX_VERSIONS), }), assignPublicIp: this.assignPublicIp, containerOverrides: [ diff --git a/src/providers/fargate.ts b/src/providers/fargate.ts index 1ac50ad7..caeb95ee 100644 --- a/src/providers/fargate.ts +++ b/src/providers/fargate.ts @@ -202,7 +202,7 @@ class EcsFargateLaunchTarget implements stepfunctions_tasks.IEcsLaunchTarget { * @internal */ export function ecsRunCommand(os: Os, dind: boolean): string[] { - if (os.is(Os.LINUX) || os.is(Os.LINUX_UBUNTU) || os.is(Os.LINUX_AMAZON_2)) { + if (os.isIn(Os._ALL_LINUX_VERSIONS)) { let dindCommand = ''; if (dind) { dindCommand = 'nohup sudo dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2 & ' + @@ -399,7 +399,7 @@ export class FargateRunnerProvider extends BaseProvider implements IRunnerProvid } let os: ecs.OperatingSystemFamily; - if (image.os.is(Os.LINUX) || image.os.is(Os.LINUX_UBUNTU) || image.os.is(Os.LINUX_AMAZON_2)) { + if (image.os.isIn(Os._ALL_LINUX_VERSIONS)) { os = ecs.OperatingSystemFamily.LINUX; } else if (image.os.is(Os.WINDOWS)) { os = ecs.OperatingSystemFamily.WINDOWS_SERVER_2019_CORE; @@ -464,7 +464,7 @@ export class FargateRunnerProvider extends BaseProvider implements IRunnerProvid cluster: this.cluster, launchTarget: new EcsFargateLaunchTarget({ spot: this.spot, - enableExecute: this.image.os.is(Os.LINUX) || this.image.os.is(Os.LINUX_UBUNTU) || this.image.os.is(Os.LINUX_AMAZON_2), + enableExecute: this.image.os.isIn(Os._ALL_LINUX_VERSIONS), }), subnets: this.subnetSelection, assignPublicIp: this.assignPublicIp, diff --git a/src/providers/lambda.ts b/src/providers/lambda.ts index d79c9c39..06b28509 100644 --- a/src/providers/lambda.ts +++ b/src/providers/lambda.ts @@ -243,7 +243,7 @@ export class LambdaRunnerProvider extends BaseProvider implements IRunnerProvide const image = this.image = imageBuilder.bindDockerImage(); let architecture: lambda.Architecture | undefined; - if (image.os.is(Os.LINUX_AMAZON_2) || image.os.is(Os.LINUX_AMAZON_2023) || image.os.is(Os.LINUX_UBUNTU)) { + if (image.os.isIn(Os._ALL_LINUX_VERSIONS)) { if (image.architecture.is(Architecture.X86_64)) { architecture = lambda.Architecture.X86_64; } diff --git a/test/default.integ.snapshot/github-runners-test.assets.json b/test/default.integ.snapshot/github-runners-test.assets.json index 3ab56015..24fb3502 100644 --- a/test/default.integ.snapshot/github-runners-test.assets.json +++ b/test/default.integ.snapshot/github-runners-test.assets.json @@ -235,7 +235,7 @@ } } }, - "c778a1355556a7931c74bf18556e58cfff5dd5111b4157913931d869afcf4877": { + "e0a2b1d424418d59ce339e3fc6ec13297efe609e1c74984a369f871a521ac8ad": { "source": { "path": "github-runners-test.template.json", "packaging": "file" @@ -243,7 +243,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c778a1355556a7931c74bf18556e58cfff5dd5111b4157913931d869afcf4877.json", + "objectKey": "e0a2b1d424418d59ce339e3fc6ec13297efe609e1c74984a369f871a521ac8ad.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/test/default.integ.snapshot/github-runners-test.template.json b/test/default.integ.snapshot/github-runners-test.template.json index 427e3995..b01c21fd 100644 --- a/test/default.integ.snapshot/github-runners-test.template.json +++ b/test/default.integ.snapshot/github-runners-test.template.json @@ -1942,7 +1942,7 @@ { "Ref": "AWS::Region" }, - ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", + ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils amazon-cloudwatch-agent\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", { "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/68628bab8c925c01632702a86513d4b22840e7fbb138f290bab11c2c2d54c489.js" }, @@ -2132,7 +2132,7 @@ { "Ref": "AWS::Region" }, - ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", + ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils amazon-cloudwatch-agent\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", { "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/68628bab8c925c01632702a86513d4b22840e7fbb138f290bab11c2c2d54c489.js" }, @@ -5986,7 +5986,7 @@ { "Ref": "AWS::Region" }, - ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", + ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils amazon-cloudwatch-agent\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", { "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/68628bab8c925c01632702a86513d4b22840e7fbb138f290bab11c2c2d54c489.js" }, @@ -6176,7 +6176,7 @@ { "Ref": "AWS::Region" }, - ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", + ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils amazon-cloudwatch-agent\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", { "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/68628bab8c925c01632702a86513d4b22840e7fbb138f290bab11c2c2d54c489.js" }, @@ -9760,7 +9760,7 @@ ] } }, - "ImageId": "resolve:ssm:/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id", + "ImageId": "resolve:ssm:/aws/service/ecs/optimized-ami/amazon-linux-2023/recommended/image_id", "InstanceMarketOptions": { "MarketType": "spot", "SpotOptions": { @@ -10335,7 +10335,7 @@ ] } }, - "ImageId": "resolve:ssm:/aws/service/ecs/optimized-ami/amazon-linux-2/arm64/recommended/image_id", + "ImageId": "resolve:ssm:/aws/service/ecs/optimized-ami/amazon-linux-2023/arm64/recommended/image_id", "InstanceType": "m6g.large", "MetadataOptions": { "HttpTokens": "required"