refactor(runner): add runner registration level secret to setup function

CloudSnorkel · Oct 16, 2023 · 7c6f65f · 7c6f65f
1 parent 50de4cc
commit 7c6f65f
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 26 deletions.
diff --git a/src/lambda-github.ts b/src/lambda-github.ts
@@ -13,6 +13,7 @@ export interface GitHubSecrets {
   domain: string;
   appId: number;
   personalAuthToken: string;
+  runnerLevel: string;
 }
 
 const octokitCache: {

diff --git a/src/runner.ts b/src/runner.ts
@@ -252,7 +252,7 @@ export class GitHubRunners extends Construct implements ec2.IConnectable {
   private readonly webhook: GithubWebhookHandler;
   private readonly orchestrator: stepfunctions.StateMachine;
   private readonly setupUrl: string;
-  private readonly extraLambdaEnv: {[p: string]: string} = {};
+  private readonly extraLambdaEnv: { [p: string]: string } = {};
   private readonly extraLambdaProps: lambda.FunctionOptions;
   private stateMachineLogGroup?: logs.LogGroup;
   private jobsCompletedMetricFilters?: logs.MetricFilter[];

diff --git a/src/secrets.ts b/src/secrets.ts
@@ -26,16 +26,6 @@ export class Secrets extends Construct {
    */
   readonly githubPrivateKey: secretsmanager.Secret;
 
-
-  /**
- * GitHub runner registration level.
- *
- * This secret is used to determine if the runner should be registered as an organization runner or a repository runner.
- * @default "repo"
- */
-  readonly githubRunnerRegistrationLevel: secretsmanager.Secret;
-
-
   /**
    * Setup secret used to authenticate user for our setup wizard. Should be empty after setup has been completed.
    */
@@ -66,6 +56,7 @@ export class Secrets extends Construct {
             domain: 'github.com',
             appId: '',
             personalAuthToken: '',
+            runnerLevel: 'repo',
           }),
           generateStringKey: 'dummy',
           includeSpace: false,
@@ -83,14 +74,6 @@ export class Secrets extends Construct {
       },
     );
 
-    this.githubRunnerRegistrationLevel = new secretsmanager.Secret(
-      this,
-      'GitHub Runner Registration Level',
-      {
-        secretStringValue: cdk.SecretValue.unsafePlainText('repo'),
-      },
-    );
-
     this.setup = new secretsmanager.Secret(
       this,
       'Setup',

diff --git a/src/setup.lambda.ts b/src/setup.lambda.ts
@@ -55,11 +55,14 @@ async function handleDomain(event: ApiGatewayEvent): Promise<AWSLambda.APIGatewa
   if (!body.domain) {
     return response(400, 'Invalid domain');
   }
+  if (!body.runnerLevel) {
+    return response(400, 'Invalid runner regisration level');
+  }
 
   const githubSecrets: GitHubSecrets = await getSecretJsonValue(process.env.GITHUB_SECRET_ARN);
   githubSecrets.domain = body.domain;
+  githubSecrets.runnerLevel = body.runnerLevel;
   await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify(githubSecrets));
-
   return response(200, 'Domain set');
 }
 
@@ -76,18 +79,18 @@ async function handlePat(event: ApiGatewayEvent): Promise<AWSLambda.APIGatewayPr
   }));
   await updateSecretValue(process.env.SETUP_SECRET_ARN, JSON.stringify({ token: '' }));
 
-  return response( 200, 'Personal access token set');
+  return response(200, 'Personal access token set');
 }
 
 async function handleNewApp(event: ApiGatewayEvent): Promise<AWSLambda.APIGatewayProxyResultV2> {
   if (!event.queryStringParameters) {
-    return response( 400, 'Invalid code');
+    return response(400, 'Invalid code');
   }
 
   const code = event.queryStringParameters.code;
 
   if (!code) {
-    return response( 400, 'Invalid code');
+    return response(400, 'Invalid code');
   }
 
   const githubSecrets: GitHubSecrets = await getSecretJsonValue(process.env.GITHUB_SECRET_ARN);
@@ -105,14 +108,14 @@ async function handleNewApp(event: ApiGatewayEvent): Promise<AWSLambda.APIGatewa
   }));
   await updateSecretValue(process.env.SETUP_SECRET_ARN, JSON.stringify({ token: '' }));
 
-  return response( 200, `New app set. <a href="${newApp.data.html_url}/installations/new">Install it</a> for your repositories.`);
+  return response(200, `New app set. <a href="${newApp.data.html_url}/installations/new">Install it</a> for your repositories.`);
 }
 
 async function handleExistingApp(event: ApiGatewayEvent): Promise<AWSLambda.APIGatewayProxyResultV2> {
   const body = decodeBody(event);
 
   if (!body.appid || !body.pk || !body.domain) {
-    return response( 400, 'Missing fields');
+    return response(400, 'Missing fields');
   }
 
   await updateSecretValue(process.env.GITHUB_SECRET_ARN, JSON.stringify(<GitHubSecrets>{
@@ -123,7 +126,7 @@ async function handleExistingApp(event: ApiGatewayEvent): Promise<AWSLambda.APIG
   await updateSecretValue(process.env.GITHUB_PRIVATE_KEY_SECRET_ARN, body.pk as string);
   await updateSecretValue(process.env.SETUP_SECRET_ARN, JSON.stringify({ token: '' }));
 
-  return response( 200, 'Existing app set. Don\'t forget to set up the webhook.');
+  return response(200, 'Existing app set. Don\'t forget to set up the webhook.');
 }
 
 export async function handler(event: ApiGatewayEvent): Promise<AWSLambda.APIGatewayProxyResultV2> {