feat: Option to not require self-hosted label

src/runner.ts

@@ -43,6 +43,15 @@ export interface GitHubRunnersProps {
    */
   readonly providers?: IRunnerProvider[];
 
+  /**
+   * Whether to require the `self-hosted` label. If `true`, the runner will only start if the workflow job explicitly requests the `self-hosted` label.
+   *
+   * Be careful when setting this to `false`. Avoid setting up providers with generic label requirements like `linux` as they may match workflows that are not meant to run on self-hosted runners.
+   *
+   * @default true
+   */
+  readonly requireSelfHostedLabel?: boolean;
+
   /**
    * VPC used for all management functions. Use this with GitHub Enterprise Server hosted that's inaccessible from outside the VPC.
    *
@@ -303,6 +312,7 @@ export class GitHubRunners extends Construct implements ec2.IConnectable {
           labels: p.labels,
         };
       }),
+      requireSelfHostedLabel: this.props?.requireSelfHostedLabel ?? true,
     });
 
     this.setupUrl = this.setupFunction();

src/webhook-handler.lambda.ts

@@ -84,7 +84,7 @@ function matchLabelsToProvider(labels: string[]) {
 }
 
 export async function handler(event: AWSLambda.APIGatewayProxyEventV2): Promise<AWSLambda.APIGatewayProxyResultV2> {
-  if (!process.env.WEBHOOK_SECRET_ARN || !process.env.STEP_FUNCTION_ARN || !process.env.SUPPORTED_LABELS) {
+  if (!process.env.WEBHOOK_SECRET_ARN || !process.env.STEP_FUNCTION_ARN || !process.env.SUPPORTED_LABELS || !process.env.REQUIRE_SELF_HOSTED_LABEL) {
     throw new Error('Missing environment variables');
   }
 
@@ -136,22 +136,14 @@ export async function handler(event: AWSLambda.APIGatewayProxyEventV2): Promise<
     };
   }
 
-  if (!payload.workflow_job.labels.includes('self-hosted')) {
+  if (process.env.REQUIRE_SELF_HOSTED_LABEL === '1' && !payload.workflow_job.labels.includes('self-hosted')) {
     console.log(`Ignoring labels "${payload.workflow_job.labels}", expecting "self-hosted"`);
     return {
       statusCode: 200,
       body: 'OK. No runner started (no "self-hosted" label).',
     };
   }
 
-  if (await isDeploymentPending(payload)) {
-    console.log('Ignoring job as its deployment is still pending');
-    return {
-      statusCode: 200,
-      body: 'OK. No runner started (deployment pending).',
-    };
-  }
-
   // don't start step function unless labels match a runner provider
   const provider = matchLabelsToProvider(payload.workflow_job.labels);
   if (!provider) {
@@ -162,6 +154,15 @@ export async function handler(event: AWSLambda.APIGatewayProxyEventV2): Promise<
     };
   }
 
+  // don't start runners for a deployment that's still pending as GitHub will send another event when it's ready
+  if (await isDeploymentPending(payload)) {
+    console.log('Ignoring job as its deployment is still pending');
+    return {
+      statusCode: 200,
+      body: 'OK. No runner started (deployment pending).',
+    };
+  }
+
   // set execution name which is also used as runner name which are limited to 64 characters
   let executionName = `${payload.repository.full_name.replace('/', '-')}-${getHeader(event, 'x-github-delivery')}`.slice(0, 64);
   // start execution

src/webhook.ts

@@ -38,6 +38,11 @@ export interface GithubWebhookHandlerProps {
    * List of supported label combinations.
    */
   readonly supportedLabels: SupportedLabels[];
+
+  /**
+   * Whether to require the "self-hosted" label.
+   */
+  readonly requireSelfHostedLabel: boolean;
 }
 
 /**
@@ -71,6 +76,7 @@ export class GithubWebhookHandler extends Construct {
           GITHUB_SECRET_ARN: props.secrets.github.secretArn,
           GITHUB_PRIVATE_KEY_SECRET_ARN: props.secrets.githubPrivateKey.secretArn,
           SUPPORTED_LABELS: JSON.stringify(props.supportedLabels),
+          REQUIRE_SELF_HOSTED_LABEL: props.requireSelfHostedLabel ? '1' : '0',
         },
         timeout: cdk.Duration.seconds(30),
         logRetention: logs.RetentionDays.ONE_MONTH,

test/default.integ.snapshot/github-runners-test.assets.json

@@ -183,15 +183,15 @@
         }
       }
     },
-    "83c34056f7ca98a7a7401c127f51561df0e313e9211eee11806198ac48bb44bb": {
+    "1ae421d770fc3b9cd562495f1b16de0bb1ab09455ed34d8ad0a79d50b6ecc5e9": {
       "source": {
-        "path": "asset.83c34056f7ca98a7a7401c127f51561df0e313e9211eee11806198ac48bb44bb.lambda",
+        "path": "asset.1ae421d770fc3b9cd562495f1b16de0bb1ab09455ed34d8ad0a79d50b6ecc5e9.lambda",
         "packaging": "zip"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "83c34056f7ca98a7a7401c127f51561df0e313e9211eee11806198ac48bb44bb.zip",
+          "objectKey": "1ae421d770fc3b9cd562495f1b16de0bb1ab09455ed34d8ad0a79d50b6ecc5e9.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
@@ -235,15 +235,15 @@
         }
       }
     },
-    "d27eeceaa249ff973f9aaebc9e29e0cdfa2e83723d945f6c5df450a5f9f0ba38": {
+    "60f75aaeb256f1ca492c55108e3e461890a49867f87d12d7bced2a4e9ff056d2": {
       "source": {
         "path": "github-runners-test.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "d27eeceaa249ff973f9aaebc9e29e0cdfa2e83723d945f6c5df450a5f9f0ba38.json",
+          "objectKey": "60f75aaeb256f1ca492c55108e3e461890a49867f87d12d7bced2a4e9ff056d2.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

test/default.integ.snapshot/github-runners-test.template.json

@@ -16745,7 +16745,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "83c34056f7ca98a7a7401c127f51561df0e313e9211eee11806198ac48bb44bb.zip"
+     "S3Key": "1ae421d770fc3b9cd562495f1b16de0bb1ab09455ed34d8ad0a79d50b6ecc5e9.zip"
     },
     "Role": {
      "Fn::GetAtt": [
@@ -16769,6 +16769,7 @@
        "Ref": "runnersSecretsGitHubPrivateKey79498F91"
       },
       "SUPPORTED_LABELS": "[{\"provider\":\"github-runners-test/CodeBuildx64\",\"labels\":[\"codebuild-x64\"]},{\"provider\":\"github-runners-test/CodeBuildARM\",\"labels\":[\"codebuild\",\"linux\",\"arm64\"]},{\"provider\":\"github-runners-test/CodeBuildWindows\",\"labels\":[\"codebuild\",\"windows\",\"x64\"]},{\"provider\":\"github-runners-test/ECS\",\"labels\":[\"ecs\",\"linux\",\"x64\"]},{\"provider\":\"github-runners-test/ECS ARM64\",\"labels\":[\"ecs\",\"linux\",\"arm64\"]},{\"provider\":\"github-runners-test/ECS Windows\",\"labels\":[\"ecs\",\"windows\",\"x64\"]},{\"provider\":\"github-runners-test/Lambda\",\"labels\":[\"lambda\",\"x64\"]},{\"provider\":\"github-runners-test/LambdaARM\",\"labels\":[\"lambda\",\"arm64\"]},{\"provider\":\"github-runners-test/Fargate\",\"labels\":[\"fargate\",\"linux\",\"x64\"]},{\"provider\":\"github-runners-test/Fargate-x64-spot\",\"labels\":[\"fargate-spot\",\"linux\",\"x64\"]},{\"provider\":\"github-runners-test/Fargate-arm64\",\"labels\":[\"fargate\",\"linux\",\"arm64\"]},{\"provider\":\"github-runners-test/Fargate-arm64-spot\",\"labels\":[\"fargate-spot\",\"linux\",\"arm64\"]},{\"provider\":\"github-runners-test/Fargate-Windows\",\"labels\":[\"fargate\",\"windows\",\"x64\"]},{\"provider\":\"github-runners-test/EC2 Linux\",\"labels\":[\"ec2\",\"linux\",\"x64\"]},{\"provider\":\"github-runners-test/EC2 Spot Linux\",\"labels\":[\"ec2-spot\",\"linux\",\"x64\"]},{\"provider\":\"github-runners-test/EC2 Linux arm64\",\"labels\":[\"ec2\",\"linux\",\"arm64\"]},{\"provider\":\"github-runners-test/EC2 Windows\",\"labels\":[\"ec2\",\"windows\",\"x64\"]}]",
+      "REQUIRE_SELF_HOSTED_LABEL": "1",
       "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1"
      }
     },