diff --git a/src/image-builders/aws-image-builder/deprecated/container.ts b/src/image-builders/aws-image-builder/deprecated/container.ts index 8b445031..0b3dc83a 100644 --- a/src/image-builders/aws-image-builder/deprecated/container.ts +++ b/src/image-builders/aws-image-builder/deprecated/container.ts @@ -18,6 +18,7 @@ import { WindowsComponents } from './windows-components'; import { Architecture, Os, RunnerAmi, RunnerImage, RunnerVersion } from '../../../providers'; import { singletonLambda } from '../../../utils'; import { BuildImageFunction } from '../../build-image-function'; +import { BuildImageFunctionProperties } from '../../build-image.lambda'; import { uniqueImageBuilderName } from '../../common'; import { ImageBuilderComponent } from '../builder'; import { ContainerRecipe } from '../container'; @@ -323,7 +324,7 @@ export class ContainerImageBuilder extends ImageBuilderBase { const cr = new CustomResource(this, 'Deleter', { serviceToken: crHandler.functionArn, resourceType: 'Custom::ImageDeleter', - properties: { + properties: { RepoName: this.repository.repositoryName, ImageBuilderName: recipeName, // we don't use image.name because CloudFormation complains if it was deleted already DeleteOnly: true, diff --git a/src/image-builders/build-image.lambda.ts b/src/image-builders/build-image.lambda.ts index 878081dc..6736ec1c 100644 --- a/src/image-builders/build-image.lambda.ts +++ b/src/image-builders/build-image.lambda.ts @@ -11,55 +11,48 @@ import { customResourceRespond } from '../lambda-helpers'; const codebuild = new CodeBuildClient(); const ib = new ImagebuilderClient(); +/** + * @internal + */ +export interface BuildImageFunctionProperties { + ServiceToken: string; + DeleteOnly?: boolean; + RepoName: string; + ProjectName: string; + ImageBuilderName?: string; + WaitHandle?: string; +} + export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent, context: AWSLambda.Context) { try { console.log(JSON.stringify({ ...event, ResponseURL: '...' })); - const deleteOnly = event.ResourceProperties.DeleteOnly as boolean | undefined; - const projectName = event.ResourceProperties.ProjectName; - const ibName = event.ResourceProperties.ImageBuilderName as string | undefined; - - // let physicalResourceId: string; - // let data: { [key: string]: string } = {}; + const props = event.ResourceProperties as BuildImageFunctionProperties; switch (event.RequestType) { case 'Create': case 'Update': - if (deleteOnly) { + if (props.DeleteOnly) { await customResourceRespond(event, 'SUCCESS', 'OK', 'Deleter', {}); break; } - console.log(`Starting CodeBuild project ${projectName}`); - await codebuild.send(new StartBuildCommand({ - projectName, + console.log(`Starting CodeBuild project ${props.ProjectName}`); + const cbRes = await codebuild.send(new StartBuildCommand({ + projectName: props.ProjectName, environmentVariablesOverride: [ { type: 'PLAINTEXT', - name: 'STACK_ID', - value: event.StackId, - }, - { - type: 'PLAINTEXT', - name: 'REQUEST_ID', - value: event.RequestId, - }, - { - type: 'PLAINTEXT', - name: 'LOGICAL_RESOURCE_ID', - value: event.LogicalResourceId, - }, - { - type: 'PLAINTEXT', - name: 'RESPONSE_URL', - value: event.ResponseURL, + name: 'WAIT_HANDLE', + value: props.WaitHandle!, }, ], })); + await customResourceRespond(event, 'SUCCESS', 'OK', cbRes.build?.id ?? 'build', {}); break; case 'Delete': - if (ibName) { - const ibImages = await ib.send(new ListIbImagesCommand({ filters: [{ name: 'name', values: [ibName] }] })); + if (props.ImageBuilderName) { + const ibImages = await ib.send(new ListIbImagesCommand({ filters: [{ name: 'name', values: [props.ImageBuilderName] }] })); if (ibImages.imageVersionList) { for (const v of ibImages.imageVersionList) { if (v.arn) { diff --git a/src/image-builders/codebuild.ts b/src/image-builders/codebuild.ts index 827ccc94..9cac62e4 100644 --- a/src/image-builders/codebuild.ts +++ b/src/image-builders/codebuild.ts @@ -1,6 +1,8 @@ +import * as crypto from 'node:crypto'; import * as cdk from 'aws-cdk-lib'; import { Annotations, + aws_cloudformation as cloudformation, aws_codebuild as codebuild, aws_ec2 as ec2, aws_ecr as ecr, @@ -20,6 +22,7 @@ import { RetentionDays } from 'aws-cdk-lib/aws-logs'; import { Construct, IConstruct } from 'constructs'; import { defaultBaseDockerImage } from './aws-image-builder'; import { BuildImageFunction } from './build-image-function'; +import { BuildImageFunctionProperties } from './build-image.lambda'; import { RunnerImageBuilderBase, RunnerImageBuilderProps } from './common'; import { Architecture, Os, RunnerAmi, RunnerImage, RunnerVersion } from '../providers'; import { singletonLambda } from '../utils'; @@ -99,6 +102,11 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { 'See https://github.com/aws/containers-roadmap/issues/1160'); } + // check timeout + if (this.timeout.toSeconds() > Duration.hours(8).toSeconds()) { + Annotations.of(this).addError('CodeBuild runner image builder timeout must 8 hours or less.'); + } + // create service role for CodeBuild this.role = new iam.Role(this, 'Role', { assumedBy: new iam.ServicePrincipal('codebuild.amazonaws.com'), @@ -146,7 +154,7 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { ); // generate buildSpec - const buildSpec = this.getBuildSpec(this.repository); + const [buildSpec, buildSpecHash] = this.getBuildSpec(this.repository); // create CodeBuild project that builds Dockerfile and pushes to repository const project = new codebuild.Project(this, 'CodeBuild', { @@ -173,7 +181,7 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { this.repository.grantPullPush(project); // call CodeBuild during deployment - const cr = this.customResource(project, buildSpec.toBuildSpec()); + const completedImage = this.customResource(project, buildSpecHash); // rebuild image on a schedule this.rebuildImageOnSchedule(project, this.rebuildInterval); @@ -186,7 +194,7 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { os: this.os, logGroup, runnerVersion: RunnerVersion.specific('unknown'), - _dependable: cr.getAttString('Random'), + _dependable: completedImage, }; return this.boundDockerImage; } @@ -253,7 +261,7 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { return commands; } - private getBuildSpec(repository: ecr.Repository): codebuild.BuildSpec { + private getBuildSpec(repository: ecr.Repository): [codebuild.BuildSpec, string] { const thisStack = cdk.Stack.of(this); let archUrl; @@ -265,16 +273,19 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { throw new Error(`Unsupported architecture for required CodeBuild: ${this.architecture.name}`); } - return codebuild.BuildSpec.fromObject({ + const commands = this.getDockerfileGenerationCommands(); + + const buildSpecVersion = 'v1'; // change this every time the build spec changes + const hashedComponents = commands.concat(buildSpecVersion, this.architecture.name, this.baseImage, this.os.name); + const hash = crypto.createHash('md5').update(hashedComponents.join('\n')).digest('hex').slice(0, 10); + + const buildSpec = codebuild.BuildSpec.fromObject({ version: '0.2', env: { variables: { REPO_ARN: repository.repositoryArn, REPO_URI: repository.repositoryUri, - STACK_ID: 'unspecified', - REQUEST_ID: 'unspecified', - LOGICAL_RESOURCE_ID: 'unspecified', - RESPONSE_URL: 'unspecified', + WAIT_HANDLE: 'unspecified', BASH_ENV: 'codebuild-log.sh', }, shell: 'bash', @@ -287,7 +298,7 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { ], }, build: { - commands: this.getDockerfileGenerationCommands().concat( + commands: commands.concat( 'docker build --progress plain . -t "$REPO_URI"', 'docker push "$REPO_URI"', ), @@ -295,22 +306,19 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { post_build: { commands: [ 'rm -f codebuild-log.sh && STATUS="SUCCESS"', - 'if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS="FAILED"; fi', + 'if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS="FAILURE"; fi', 'cat < /tmp/payload.json\n' + '{\n' + - ' "StackId": "$STACK_ID",\n' + - ' "RequestId": "$REQUEST_ID",\n' + - ' "LogicalResourceId": "$LOGICAL_RESOURCE_ID",\n' + - ' "PhysicalResourceId": "$REPO_ARN",\n' + ' "Status": "$STATUS",\n' + + ' "UniqueId": "build",\n' + // we remove non-printable characters from the log because CloudFormation doesn't like them // https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/1601 ' "Reason": `sed \'s/[^[:print:]]//g\' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\n' + // for lambda always get a new value because there is always a new image hash - ' "Data": {"Random": "$RANDOM"}\n' + + ' "Data": "$RANDOM"\n' + '}\n' + 'EOF', - 'if [ "$RESPONSE_URL" != "unspecified" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H "Content-Type:" -d "@/tmp/payload.json" "$RESPONSE_URL"; fi', + 'if [ "$WAIT_HANDLE" != "unspecified" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H "Content-Type:" -d "@/tmp/payload.json" "$WAIT_HANDLE"; fi', // generate and push soci index // we do this after finishing the build, so we don't have to wait. it's also not required, so it's ok if it fails 'docker rmi "$REPO_URI"', // it downloads the image again to /tmp, so save on space @@ -321,9 +329,11 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { }, }, }); + + return [buildSpec, hash]; } - private customResource(project: codebuild.Project, buildSpec: string) { + private customResource(project: codebuild.Project, buildSpecHash: string) { const crHandler = singletonLambda(BuildImageFunction, this, 'build-image', { description: 'Custom resource handler that triggers CodeBuild to build runner images, and cleans-up images on deletion', timeout: cdk.Duration.minutes(3), @@ -340,15 +350,24 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { }); crHandler.role!.attachInlinePolicy(policy); + // Wait handle lets us wait for longer than an hour for the image build to complete. + // We generate a new wait handle for build spec changes to guarantee a new image is built. + // This also helps make sure the changes are good. If they have a bug, the deployment will fail instead of just the scheduled build. + // Finally, it's recommended by CloudFormation docs to not reuse wait handles or old responses may interfere in some cases. + const handle = new cloudformation.CfnWaitConditionHandle(this, `Build Wait Handle ${buildSpecHash}`); + const wait = new cloudformation.CfnWaitCondition(this, `Build Wait ${buildSpecHash}`, { + handle: handle.ref, + timeout: this.timeout.toSeconds().toString(), // don't wait longer than the build timeout + count: 1, + }); + const cr = new CustomResource(this, 'Builder', { serviceToken: crHandler.functionArn, resourceType: 'Custom::ImageBuilder', - properties: { + properties: { RepoName: this.repository.repositoryName, ProjectName: project.projectName, - // We include the full buildSpec so the image is built immediately on changes, and we don't have to wait for its scheduled build. - // This also helps make sure the changes are good. If they have a bug, the deployment will fail instead of just the scheduled build. - BuildSpec: buildSpec, + WaitHandle: handle.ref, }, }); @@ -359,7 +378,7 @@ export class CodeBuildRunnerImageBuilder extends RunnerImageBuilderBase { cr.node.addDependency(crHandler.role!); cr.node.addDependency(crHandler); - return cr; + return wait.ref; // user needs to wait on wait handle which is triggered when the image is built } private rebuildImageOnSchedule(project: codebuild.Project, rebuildInterval?: Duration) { diff --git a/test/default.integ.snapshot/github-runners-test.assets.json b/test/default.integ.snapshot/github-runners-test.assets.json index 24fb3502..402e2493 100644 --- a/test/default.integ.snapshot/github-runners-test.assets.json +++ b/test/default.integ.snapshot/github-runners-test.assets.json @@ -27,15 +27,15 @@ } } }, - "2dd30d0564f58d0d86550d44455883dabdababcb520c404817cd9193ac0a5161": { + "5d536d3909907c631aa15996d7eee0e12247f88312d888640b63f34a352c5fa4": { "source": { - "path": "asset.2dd30d0564f58d0d86550d44455883dabdababcb520c404817cd9193ac0a5161.lambda", + "path": "asset.5d536d3909907c631aa15996d7eee0e12247f88312d888640b63f34a352c5fa4.lambda", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "2dd30d0564f58d0d86550d44455883dabdababcb520c404817cd9193ac0a5161.zip", + "objectKey": "5d536d3909907c631aa15996d7eee0e12247f88312d888640b63f34a352c5fa4.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -235,7 +235,7 @@ } } }, - "e0a2b1d424418d59ce339e3fc6ec13297efe609e1c74984a369f871a521ac8ad": { + "9c5b39955d7bbbb61208adf216865db8d7012ef357025a8c6afbcbfcd02d8609": { "source": { "path": "github-runners-test.template.json", "packaging": "file" @@ -243,7 +243,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e0a2b1d424418d59ce339e3fc6ec13297efe609e1c74984a369f871a521ac8ad.json", + "objectKey": "9c5b39955d7bbbb61208adf216865db8d7012ef357025a8c6afbcbfcd02d8609.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/test/default.integ.snapshot/github-runners-test.template.json b/test/default.integ.snapshot/github-runners-test.template.json index b01c21fd..77901312 100644 --- a/test/default.integ.snapshot/github-runners-test.template.json +++ b/test/default.integ.snapshot/github-runners-test.template.json @@ -531,7 +531,7 @@ { "Ref": "FargatebuilderRepository8F7BA13C" }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", + "\",\n \"WAIT_HANDLE\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", { "Ref": "AWS::AccountId" }, @@ -543,7 +543,7 @@ { "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" }, - " asset6-Custom-Undefined-0\",\n \"cat > component6-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Custom-Undefined-0 FUNDING.yml\\nCOPY component6-Custom-Undefined.sh /tmp\\nRUN /tmp/component6-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_x86_64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" + " asset6-Custom-Undefined-0\",\n \"cat > component6-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Custom-Undefined-0 FUNDING.yml\\nCOPY component6-Custom-Undefined.sh /tmp\\nRUN /tmp/component6-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILURE\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"UniqueId\\\": \\\"build\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": \\\"$RANDOM\\\"\\n}\\nEOF\",\n \"if [ \\\"$WAIT_HANDLE\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$WAIT_HANDLE\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_x86_64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" ] ] }, @@ -645,6 +645,19 @@ ] } }, + "FargatebuilderBuildWaitHandle0780380d65E2D81803": { + "Type": "AWS::CloudFormation::WaitConditionHandle" + }, + "FargatebuilderBuildWait0780380d659413C463": { + "Type": "AWS::CloudFormation::WaitCondition", + "Properties": { + "Count": 1, + "Handle": { + "Ref": "FargatebuilderBuildWaitHandle0780380d65E2D81803" + }, + "Timeout": "3600" + } + }, "FargatebuilderBuilder0834CD0B": { "Type": "Custom::ImageBuilder", "Properties": { @@ -660,74 +673,8 @@ "ProjectName": { "Ref": "FargatebuilderCodeBuild4F182743" }, - "BuildSpec": { - "Fn::Join": [ - "", - [ - "{\n \"version\": \"0.2\",\n \"env\": {\n \"variables\": {\n \"REPO_ARN\": \"", - { - "Fn::GetAtt": [ - "FargatebuilderRepository8F7BA13C", - "Arn" - ] - }, - "\",\n \"REPO_URI\": \"", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "FargatebuilderRepository8F7BA13C", - "Arn" - ] - } - ] - } - ] - }, - ".dkr.ecr.", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "FargatebuilderRepository8F7BA13C", - "Arn" - ] - } - ] - } - ] - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "FargatebuilderRepository8F7BA13C" - }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", - { - "Ref": "AWS::AccountId" - }, - ".dkr.ecr.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get upgrade -y\\nDEBIAN_FRONTEND=noninteractive apt-get install -y curl sudo jq bash zip unzip iptables software-properties-common ca-certificates\\ncurl -sfLo /tmp/amazon-cloudwatch-agent.deb https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb\\ndpkg -i -E /tmp/amazon-cloudwatch-agent.deb\\nrm /tmp/amazon-cloudwatch-agent.deb\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\naddgroup runner\\nadduser --system --disabled-password --home /home/runner --ingroup runner runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nadd-apt-repository ppa:git-core/ppa\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg\\necho \\\"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main\\\" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\n/home/runner/bin/installdependencies.sh\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", - { - "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" - }, - " asset6-Custom-Undefined-0\",\n \"cat > component6-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Custom-Undefined-0 FUNDING.yml\\nCOPY component6-Custom-Undefined.sh /tmp\\nRUN /tmp/component6-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_x86_64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" - ] - ] + "WaitHandle": { + "Ref": "FargatebuilderBuildWaitHandle0780380d65E2D81803" } }, "DependsOn": [ @@ -1218,7 +1165,7 @@ { "Ref": "FargatebuilderarmRepository77DCC132" }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", + "\",\n \"WAIT_HANDLE\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", { "Ref": "AWS::AccountId" }, @@ -1230,7 +1177,7 @@ { "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" }, - " asset6-Custom-Undefined-0\",\n \"cat > component6-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Custom-Undefined-0 FUNDING.yml\\nCOPY component6-Custom-Undefined.sh /tmp\\nRUN /tmp/component6-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_arm64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" + " asset6-Custom-Undefined-0\",\n \"cat > component6-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Custom-Undefined-0 FUNDING.yml\\nCOPY component6-Custom-Undefined.sh /tmp\\nRUN /tmp/component6-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILURE\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"UniqueId\\\": \\\"build\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": \\\"$RANDOM\\\"\\n}\\nEOF\",\n \"if [ \\\"$WAIT_HANDLE\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$WAIT_HANDLE\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_arm64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" ] ] }, @@ -1332,6 +1279,19 @@ ] } }, + "FargatebuilderarmBuildWaitHandle7c08978ae76D768214": { + "Type": "AWS::CloudFormation::WaitConditionHandle" + }, + "FargatebuilderarmBuildWait7c08978ae76DC9C89F": { + "Type": "AWS::CloudFormation::WaitCondition", + "Properties": { + "Count": 1, + "Handle": { + "Ref": "FargatebuilderarmBuildWaitHandle7c08978ae76D768214" + }, + "Timeout": "3600" + } + }, "FargatebuilderarmBuilder48D1AF5A": { "Type": "Custom::ImageBuilder", "Properties": { @@ -1347,74 +1307,8 @@ "ProjectName": { "Ref": "FargatebuilderarmCodeBuild0D30679A" }, - "BuildSpec": { - "Fn::Join": [ - "", - [ - "{\n \"version\": \"0.2\",\n \"env\": {\n \"variables\": {\n \"REPO_ARN\": \"", - { - "Fn::GetAtt": [ - "FargatebuilderarmRepository77DCC132", - "Arn" - ] - }, - "\",\n \"REPO_URI\": \"", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "FargatebuilderarmRepository77DCC132", - "Arn" - ] - } - ] - } - ] - }, - ".dkr.ecr.", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "FargatebuilderarmRepository77DCC132", - "Arn" - ] - } - ] - } - ] - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "FargatebuilderarmRepository77DCC132" - }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", - { - "Ref": "AWS::AccountId" - }, - ".dkr.ecr.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get upgrade -y\\nDEBIAN_FRONTEND=noninteractive apt-get install -y curl sudo jq bash zip unzip iptables software-properties-common ca-certificates\\ncurl -sfLo /tmp/amazon-cloudwatch-agent.deb https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/arm64/latest/amazon-cloudwatch-agent.deb\\ndpkg -i -E /tmp/amazon-cloudwatch-agent.deb\\nrm /tmp/amazon-cloudwatch-agent.deb\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\naddgroup runner\\nadduser --system --disabled-password --home /home/runner --ingroup runner runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nadd-apt-repository ppa:git-core/ppa\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg\\necho \\\"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main\\\" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\n/home/runner/bin/installdependencies.sh\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", - { - "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" - }, - " asset6-Custom-Undefined-0\",\n \"cat > component6-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Custom-Undefined-0 FUNDING.yml\\nCOPY component6-Custom-Undefined.sh /tmp\\nRUN /tmp/component6-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_arm64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" - ] - ] + "WaitHandle": { + "Ref": "FargatebuilderarmBuildWaitHandle7c08978ae76D768214" } }, "DependsOn": [ @@ -1934,7 +1828,7 @@ { "Ref": "LambdaImageBuilderx64Repository57F632F1" }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", + "\",\n \"WAIT_HANDLE\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", { "Ref": "AWS::AccountId" }, @@ -1954,7 +1848,7 @@ { "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" }, - " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lambda/nodejs:20-x86_64\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Lambda-Entrypoint-0 ${LAMBDA_TASK_ROOT}/runner.js\\nCOPY asset6-Lambda-Entrypoint-1 ${LAMBDA_TASK_ROOT}/runner.sh\\nCOPY component6-Lambda-Entrypoint.sh /tmp\\nRUN /tmp/component6-Lambda-Entrypoint.sh\\nWORKDIR ${LAMBDA_TASK_ROOT}\\nCMD [\\\"runner.handler\\\"]\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_x86_64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" + " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lambda/nodejs:20-x86_64\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Lambda-Entrypoint-0 ${LAMBDA_TASK_ROOT}/runner.js\\nCOPY asset6-Lambda-Entrypoint-1 ${LAMBDA_TASK_ROOT}/runner.sh\\nCOPY component6-Lambda-Entrypoint.sh /tmp\\nRUN /tmp/component6-Lambda-Entrypoint.sh\\nWORKDIR ${LAMBDA_TASK_ROOT}\\nCMD [\\\"runner.handler\\\"]\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILURE\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"UniqueId\\\": \\\"build\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": \\\"$RANDOM\\\"\\n}\\nEOF\",\n \"if [ \\\"$WAIT_HANDLE\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$WAIT_HANDLE\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_x86_64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" ] ] }, @@ -2056,6 +1950,19 @@ ] } }, + "LambdaImageBuilderx64BuildWaitHandle2f63c7d6a2A2457637": { + "Type": "AWS::CloudFormation::WaitConditionHandle" + }, + "LambdaImageBuilderx64BuildWait2f63c7d6a24C1963D9": { + "Type": "AWS::CloudFormation::WaitCondition", + "Properties": { + "Count": 1, + "Handle": { + "Ref": "LambdaImageBuilderx64BuildWaitHandle2f63c7d6a2A2457637" + }, + "Timeout": "3600" + } + }, "LambdaImageBuilderx64Builder42F384AF": { "Type": "Custom::ImageBuilder", "Properties": { @@ -2071,82 +1978,8 @@ "ProjectName": { "Ref": "LambdaImageBuilderx64CodeBuild67DE14C8" }, - "BuildSpec": { - "Fn::Join": [ - "", - [ - "{\n \"version\": \"0.2\",\n \"env\": {\n \"variables\": {\n \"REPO_ARN\": \"", - { - "Fn::GetAtt": [ - "LambdaImageBuilderx64Repository57F632F1", - "Arn" - ] - }, - "\",\n \"REPO_URI\": \"", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "LambdaImageBuilderx64Repository57F632F1", - "Arn" - ] - } - ] - } - ] - }, - ".dkr.ecr.", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "LambdaImageBuilderx64Repository57F632F1", - "Arn" - ] - } - ] - } - ] - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "LambdaImageBuilderx64Repository57F632F1" - }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", - { - "Ref": "AWS::AccountId" - }, - ".dkr.ecr.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils amazon-cloudwatch-agent\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", - { - "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/68628bab8c925c01632702a86513d4b22840e7fbb138f290bab11c2c2d54c489.js" - }, - " asset6-Lambda-Entrypoint-0\",\n \"aws s3 cp ", - { - "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/66540a3450c33faeefad87df9de8684f624030603c76336933c519972d85a072.sh" - }, - " asset6-Lambda-Entrypoint-1\",\n \"cat > component6-Lambda-Entrypoint.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-Lambda-Entrypoint.sh\",\n \"aws s3 cp ", - { - "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" - }, - " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lambda/nodejs:20-x86_64\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Lambda-Entrypoint-0 ${LAMBDA_TASK_ROOT}/runner.js\\nCOPY asset6-Lambda-Entrypoint-1 ${LAMBDA_TASK_ROOT}/runner.sh\\nCOPY component6-Lambda-Entrypoint.sh /tmp\\nRUN /tmp/component6-Lambda-Entrypoint.sh\\nWORKDIR ${LAMBDA_TASK_ROOT}\\nCMD [\\\"runner.handler\\\"]\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_x86_64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" - ] - ] + "WaitHandle": { + "Ref": "LambdaImageBuilderx64BuildWaitHandle2f63c7d6a2A2457637" } }, "DependsOn": [ @@ -4679,7 +4512,7 @@ { "Ref": "CodeBuildImageBuilderRepository9DE3B6F0" }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", + "\",\n \"WAIT_HANDLE\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", { "Ref": "AWS::AccountId" }, @@ -4691,7 +4524,7 @@ { "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" }, - " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-Docker.sh /tmp\\nRUN /tmp/component5-Docker.sh\\n\\nCOPY component6-GithubRunner.sh /tmp\\nRUN /tmp/component6-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_x86_64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" + " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-Docker.sh /tmp\\nRUN /tmp/component5-Docker.sh\\n\\nCOPY component6-GithubRunner.sh /tmp\\nRUN /tmp/component6-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILURE\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"UniqueId\\\": \\\"build\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": \\\"$RANDOM\\\"\\n}\\nEOF\",\n \"if [ \\\"$WAIT_HANDLE\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$WAIT_HANDLE\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_x86_64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" ] ] }, @@ -4793,6 +4626,19 @@ ] } }, + "CodeBuildImageBuilderBuildWaitHandleb5a5a851799EDD3CCB": { + "Type": "AWS::CloudFormation::WaitConditionHandle" + }, + "CodeBuildImageBuilderBuildWaitb5a5a85179378E476B": { + "Type": "AWS::CloudFormation::WaitCondition", + "Properties": { + "Count": 1, + "Handle": { + "Ref": "CodeBuildImageBuilderBuildWaitHandleb5a5a851799EDD3CCB" + }, + "Timeout": "3600" + } + }, "CodeBuildImageBuilderB8638EC8": { "Type": "Custom::ImageBuilder", "Properties": { @@ -4808,74 +4654,8 @@ "ProjectName": { "Ref": "CodeBuildImageBuilderCodeBuild38ECAA44" }, - "BuildSpec": { - "Fn::Join": [ - "", - [ - "{\n \"version\": \"0.2\",\n \"env\": {\n \"variables\": {\n \"REPO_ARN\": \"", - { - "Fn::GetAtt": [ - "CodeBuildImageBuilderRepository9DE3B6F0", - "Arn" - ] - }, - "\",\n \"REPO_URI\": \"", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "CodeBuildImageBuilderRepository9DE3B6F0", - "Arn" - ] - } - ] - } - ] - }, - ".dkr.ecr.", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "CodeBuildImageBuilderRepository9DE3B6F0", - "Arn" - ] - } - ] - } - ] - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "CodeBuildImageBuilderRepository9DE3B6F0" - }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", - { - "Ref": "AWS::AccountId" - }, - ".dkr.ecr.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get upgrade -y\\nDEBIAN_FRONTEND=noninteractive apt-get install -y curl sudo jq bash zip unzip iptables software-properties-common ca-certificates\\ncurl -sfLo /tmp/amazon-cloudwatch-agent.deb https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb\\ndpkg -i -E /tmp/amazon-cloudwatch-agent.deb\\nrm /tmp/amazon-cloudwatch-agent.deb\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\naddgroup runner\\nadduser --system --disabled-password --home /home/runner --ingroup runner runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nadd-apt-repository ppa:git-core/ppa\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg\\necho \\\"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main\\\" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-Docker.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker.gpg\\necho \\\"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\\\" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin\\nusermod -aG docker runner\\nln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/bin/docker-compose\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-Docker.sh\",\n \"cat > component6-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\n/home/runner/bin/installdependencies.sh\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-GithubRunner.sh\",\n \"aws s3 cp ", - { - "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" - }, - " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-Docker.sh /tmp\\nRUN /tmp/component5-Docker.sh\\n\\nCOPY component6-GithubRunner.sh /tmp\\nRUN /tmp/component6-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_x86_64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" - ] - ] + "WaitHandle": { + "Ref": "CodeBuildImageBuilderBuildWaitHandleb5a5a851799EDD3CCB" } }, "DependsOn": [ @@ -5262,7 +5042,7 @@ { "Ref": "CodeBuildImageBuilderarmRepositoryE967421B" }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", + "\",\n \"WAIT_HANDLE\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", { "Ref": "AWS::AccountId" }, @@ -5274,7 +5054,7 @@ { "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" }, - " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-Docker.sh /tmp\\nRUN /tmp/component5-Docker.sh\\n\\nCOPY component6-GithubRunner.sh /tmp\\nRUN /tmp/component6-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_arm64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" + " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-Docker.sh /tmp\\nRUN /tmp/component5-Docker.sh\\n\\nCOPY component6-GithubRunner.sh /tmp\\nRUN /tmp/component6-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILURE\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"UniqueId\\\": \\\"build\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": \\\"$RANDOM\\\"\\n}\\nEOF\",\n \"if [ \\\"$WAIT_HANDLE\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$WAIT_HANDLE\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_arm64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" ] ] }, @@ -5376,6 +5156,19 @@ ] } }, + "CodeBuildImageBuilderarmBuildWaitHandle9b5ea99fd5DE72167F": { + "Type": "AWS::CloudFormation::WaitConditionHandle" + }, + "CodeBuildImageBuilderarmBuildWait9b5ea99fd53C340B08": { + "Type": "AWS::CloudFormation::WaitCondition", + "Properties": { + "Count": 1, + "Handle": { + "Ref": "CodeBuildImageBuilderarmBuildWaitHandle9b5ea99fd5DE72167F" + }, + "Timeout": "3600" + } + }, "CodeBuildImageBuilderarmBuilder755EB37D": { "Type": "Custom::ImageBuilder", "Properties": { @@ -5391,74 +5184,8 @@ "ProjectName": { "Ref": "CodeBuildImageBuilderarmCodeBuildBFF1CF57" }, - "BuildSpec": { - "Fn::Join": [ - "", - [ - "{\n \"version\": \"0.2\",\n \"env\": {\n \"variables\": {\n \"REPO_ARN\": \"", - { - "Fn::GetAtt": [ - "CodeBuildImageBuilderarmRepositoryE967421B", - "Arn" - ] - }, - "\",\n \"REPO_URI\": \"", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "CodeBuildImageBuilderarmRepositoryE967421B", - "Arn" - ] - } - ] - } - ] - }, - ".dkr.ecr.", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "CodeBuildImageBuilderarmRepositoryE967421B", - "Arn" - ] - } - ] - } - ] - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "CodeBuildImageBuilderarmRepositoryE967421B" - }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", - { - "Ref": "AWS::AccountId" - }, - ".dkr.ecr.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get upgrade -y\\nDEBIAN_FRONTEND=noninteractive apt-get install -y curl sudo jq bash zip unzip iptables software-properties-common ca-certificates\\ncurl -sfLo /tmp/amazon-cloudwatch-agent.deb https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/arm64/latest/amazon-cloudwatch-agent.deb\\ndpkg -i -E /tmp/amazon-cloudwatch-agent.deb\\nrm /tmp/amazon-cloudwatch-agent.deb\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\naddgroup runner\\nadduser --system --disabled-password --home /home/runner --ingroup runner runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nadd-apt-repository ppa:git-core/ppa\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg\\necho \\\"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main\\\" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-Docker.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker.gpg\\necho \\\"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\\\" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null\\napt-get update\\nDEBIAN_FRONTEND=noninteractive apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin\\nusermod -aG docker runner\\nln -s /usr/libexec/docker/cli-plugins/docker-compose /usr/bin/docker-compose\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-Docker.sh\",\n \"cat > component6-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\n/home/runner/bin/installdependencies.sh\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-GithubRunner.sh\",\n \"aws s3 cp ", - { - "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" - }, - " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lts/ubuntu:22.04\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-Docker.sh /tmp\\nRUN /tmp/component5-Docker.sh\\n\\nCOPY component6-GithubRunner.sh /tmp\\nRUN /tmp/component6-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_arm64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" - ] - ] + "WaitHandle": { + "Ref": "CodeBuildImageBuilderarmBuildWaitHandle9b5ea99fd5DE72167F" } }, "DependsOn": [ @@ -5978,7 +5705,7 @@ { "Ref": "LambdaImageBuilderzRepository7C7AD146" }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", + "\",\n \"WAIT_HANDLE\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", { "Ref": "AWS::AccountId" }, @@ -5998,7 +5725,7 @@ { "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" }, - " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lambda/nodejs:20-arm64\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Lambda-Entrypoint-0 ${LAMBDA_TASK_ROOT}/runner.js\\nCOPY asset6-Lambda-Entrypoint-1 ${LAMBDA_TASK_ROOT}/runner.sh\\nCOPY component6-Lambda-Entrypoint.sh /tmp\\nRUN /tmp/component6-Lambda-Entrypoint.sh\\nWORKDIR ${LAMBDA_TASK_ROOT}\\nCMD [\\\"runner.handler\\\"]\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_arm64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" + " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lambda/nodejs:20-arm64\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Lambda-Entrypoint-0 ${LAMBDA_TASK_ROOT}/runner.js\\nCOPY asset6-Lambda-Entrypoint-1 ${LAMBDA_TASK_ROOT}/runner.sh\\nCOPY component6-Lambda-Entrypoint.sh /tmp\\nRUN /tmp/component6-Lambda-Entrypoint.sh\\nWORKDIR ${LAMBDA_TASK_ROOT}\\nCMD [\\\"runner.handler\\\"]\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILURE\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"UniqueId\\\": \\\"build\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": \\\"$RANDOM\\\"\\n}\\nEOF\",\n \"if [ \\\"$WAIT_HANDLE\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$WAIT_HANDLE\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_arm64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" ] ] }, @@ -6100,6 +5827,19 @@ ] } }, + "LambdaImageBuilderzBuildWaitHandle169e3bd7e10B7BEF57": { + "Type": "AWS::CloudFormation::WaitConditionHandle" + }, + "LambdaImageBuilderzBuildWait169e3bd7e14C086212": { + "Type": "AWS::CloudFormation::WaitCondition", + "Properties": { + "Count": 1, + "Handle": { + "Ref": "LambdaImageBuilderzBuildWaitHandle169e3bd7e10B7BEF57" + }, + "Timeout": "3600" + } + }, "LambdaImageBuilderzBuilder235DD147": { "Type": "Custom::ImageBuilder", "Properties": { @@ -6115,82 +5855,8 @@ "ProjectName": { "Ref": "LambdaImageBuilderzCodeBuild73AB6718" }, - "BuildSpec": { - "Fn::Join": [ - "", - [ - "{\n \"version\": \"0.2\",\n \"env\": {\n \"variables\": {\n \"REPO_ARN\": \"", - { - "Fn::GetAtt": [ - "LambdaImageBuilderzRepository7C7AD146", - "Arn" - ] - }, - "\",\n \"REPO_URI\": \"", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "LambdaImageBuilderzRepository7C7AD146", - "Arn" - ] - } - ] - } - ] - }, - ".dkr.ecr.", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Fn::GetAtt": [ - "LambdaImageBuilderzRepository7C7AD146", - "Arn" - ] - } - ] - } - ] - }, - ".", - { - "Ref": "AWS::URLSuffix" - }, - "/", - { - "Ref": "LambdaImageBuilderzRepository7C7AD146" - }, - "\",\n \"STACK_ID\": \"unspecified\",\n \"REQUEST_ID\": \"unspecified\",\n \"LOGICAL_RESOURCE_ID\": \"unspecified\",\n \"RESPONSE_URL\": \"unspecified\",\n \"BASH_ENV\": \"codebuild-log.sh\"\n },\n \"shell\": \"bash\"\n },\n \"phases\": {\n \"pre_build\": {\n \"commands\": [\n \"echo \\\"exec > >(tee -a /tmp/codebuild.log) 2>&1\\\" > codebuild-log.sh\",\n \"aws ecr get-login-password --region \\\"$AWS_DEFAULT_REGION\\\" | docker login --username AWS --password-stdin ", - { - "Ref": "AWS::AccountId" - }, - ".dkr.ecr.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com\"\n ]\n },\n \"build\": {\n \"commands\": [\n \"cat > component0-RequiredPackages.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf upgrade -y\\ndnf install -y jq tar gzip bzip2 which binutils zip unzip sudo shadow-utils findutils amazon-cloudwatch-agent\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component0-RequiredPackages.sh\",\n \"cat > component1-RunnerUser.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n/usr/sbin/groupadd runner\\n/usr/sbin/useradd --system --shell /usr/sbin/nologin --home-dir /home/runner --gid runner runner\\nmkdir -p /home/runner\\nchown runner /home/runner\\necho \\\"%runner ALL=(ALL:ALL) NOPASSWD: ALL\\\" > /etc/sudoers.d/runner\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component1-RunnerUser.sh\",\n \"cat > component2-Git.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ndnf install -y git\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component2-Git.sh\",\n \"cat > component3-GithubCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSSL https://cli.github.com/packages/rpm/gh-cli.repo -o /etc/yum.repos.d/gh-cli.repo\\ndnf install -y gh\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component3-GithubCli.sh\",\n \"cat > component4-AwsCli.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ncurl -fsSL \\\"https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip\\\" -o awscliv2.zip\\nunzip -q awscliv2.zip\\n./aws/install\\nrm -rf awscliv2.zip aws\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component4-AwsCli.sh\",\n \"cat > component5-GithubRunner.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\nRUNNER_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/actions/runner/releases/latest | grep -oE \\\"[^/v]+$\\\"`\\ncurl -fsSLO \\\"https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\ntar -C /home/runner -xzf \\\"actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\\"\\nrm actions-runner-linux-arm64-${RUNNER_VERSION}.tar.gz\\necho -n latest > /home/runner/RUNNER_VERSION\\ndnf install -y openssl-libs krb5-libs zlib libicu-67.1\\nmkdir -p /opt/hostedtoolcache\\nchown runner /opt/hostedtoolcache\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component5-GithubRunner.sh\",\n \"aws s3 cp ", - { - "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/68628bab8c925c01632702a86513d4b22840e7fbb138f290bab11c2c2d54c489.js" - }, - " asset6-Lambda-Entrypoint-0\",\n \"aws s3 cp ", - { - "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/66540a3450c33faeefad87df9de8684f624030603c76336933c519972d85a072.sh" - }, - " asset6-Lambda-Entrypoint-1\",\n \"cat > component6-Lambda-Entrypoint.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component6-Lambda-Entrypoint.sh\",\n \"aws s3 cp ", - { - "Fn::Sub": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64f83fc47e69ce862669fca14d759c3034fdbed3686b66dcf7bf9ff166f65c68.yml" - }, - " asset7-Custom-Undefined-0\",\n \"cat > component7-Custom-Undefined.sh <<'EOFGITHUBRUNNERSDOCKERFILE'\\n#!/bin/bash\\nset -exuo pipefail\\ntouch /custom-file\\nmkdir /custom-dir\\nmv FUNDING.yml /custom-dir\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"chmod +x component7-Custom-Undefined.sh\",\n \"cat > Dockerfile <<'EOFGITHUBRUNNERSDOCKERFILE'\\nFROM public.ecr.aws/lambda/nodejs:20-arm64\\nVOLUME /var/lib/docker\\nCOPY component0-RequiredPackages.sh /tmp\\nRUN /tmp/component0-RequiredPackages.sh\\n\\nCOPY component1-RunnerUser.sh /tmp\\nRUN /tmp/component1-RunnerUser.sh\\n\\nCOPY component2-Git.sh /tmp\\nRUN /tmp/component2-Git.sh\\n\\nCOPY component3-GithubCli.sh /tmp\\nRUN /tmp/component3-GithubCli.sh\\n\\nCOPY component4-AwsCli.sh /tmp\\nRUN /tmp/component4-AwsCli.sh\\n\\nCOPY component5-GithubRunner.sh /tmp\\nRUN /tmp/component5-GithubRunner.sh\\nENV RUNNER_VERSION=latest\\nCOPY asset6-Lambda-Entrypoint-0 ${LAMBDA_TASK_ROOT}/runner.js\\nCOPY asset6-Lambda-Entrypoint-1 ${LAMBDA_TASK_ROOT}/runner.sh\\nCOPY component6-Lambda-Entrypoint.sh /tmp\\nRUN /tmp/component6-Lambda-Entrypoint.sh\\nWORKDIR ${LAMBDA_TASK_ROOT}\\nCMD [\\\"runner.handler\\\"]\\nCOPY asset7-Custom-Undefined-0 FUNDING.yml\\nCOPY component7-Custom-Undefined.sh /tmp\\nRUN /tmp/component7-Custom-Undefined.sh\\n\\n\\nEOFGITHUBRUNNERSDOCKERFILE\",\n \"docker build --progress plain . -t \\\"$REPO_URI\\\"\",\n \"docker push \\\"$REPO_URI\\\"\"\n ]\n },\n \"post_build\": {\n \"commands\": [\n \"rm -f codebuild-log.sh && STATUS=\\\"SUCCESS\\\"\",\n \"if [ $CODEBUILD_BUILD_SUCCEEDING -ne 1 ]; then STATUS=\\\"FAILED\\\"; fi\",\n \"cat < /tmp/payload.json\\n{\\n \\\"StackId\\\": \\\"$STACK_ID\\\",\\n \\\"RequestId\\\": \\\"$REQUEST_ID\\\",\\n \\\"LogicalResourceId\\\": \\\"$LOGICAL_RESOURCE_ID\\\",\\n \\\"PhysicalResourceId\\\": \\\"$REPO_ARN\\\",\\n \\\"Status\\\": \\\"$STATUS\\\",\\n \\\"Reason\\\": `sed 's/[^[:print:]]//g' /tmp/codebuild.log | tail -c 400 | jq -Rsa .`,\\n \\\"Data\\\": {\\\"Random\\\": \\\"$RANDOM\\\"}\\n}\\nEOF\",\n \"if [ \\\"$RESPONSE_URL\\\" != \\\"unspecified\\\" ]; then jq . /tmp/payload.json; curl -fsSL -X PUT -H \\\"Content-Type:\\\" -d \\\"@/tmp/payload.json\\\" \\\"$RESPONSE_URL\\\"; fi\",\n \"docker rmi \\\"$REPO_URI\\\"\",\n \"LATEST_SOCI_VERSION=`curl -w \\\"%{redirect_url}\\\" -fsS https://github.com/CloudSnorkel/standalone-soci-indexer/releases/latest | grep -oE \\\"[^/]+$\\\"`\",\n \"curl -fsSL https://github.com/CloudSnorkel/standalone-soci-indexer/releases/download/${LATEST_SOCI_VERSION}/standalone-soci-indexer_Linux_arm64.tar.gz | tar xz\",\n \"./standalone-soci-indexer \\\"$REPO_URI\\\"\"\n ]\n }\n }\n}" - ] - ] + "WaitHandle": { + "Ref": "LambdaImageBuilderzBuildWaitHandle169e3bd7e10B7BEF57" } }, "DependsOn": [ @@ -8810,7 +8476,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "2dd30d0564f58d0d86550d44455883dabdababcb520c404817cd9193ac0a5161.zip" + "S3Key": "5d536d3909907c631aa15996d7eee0e12247f88312d888640b63f34a352c5fa4.zip" }, "Description": "Custom resource handler that triggers CodeBuild to build runner images, and cleans-up images on deletion", "Environment": { @@ -11350,10 +11016,7 @@ [ "{\"service\":\"fake\",\"action\":\"fake\",\"parameters\":{\"version\":1,\"labels\":[\"lambda\",\"x64\"],\"architecture\":\"x86_64\",\"dependable\":\"", { - "Fn::GetAtt": [ - "LambdaImageBuilderx64Builder42F384AF", - "Random" - ] + "Ref": "LambdaImageBuilderx64BuildWait2f63c7d6a24C1963D9" }, "\"}}" ] @@ -11814,10 +11477,7 @@ [ "{\"service\":\"fake\",\"action\":\"fake\",\"parameters\":{\"version\":1,\"labels\":[\"lambda\",\"arm64\"],\"architecture\":\"arm64\",\"dependable\":\"", { - "Fn::GetAtt": [ - "LambdaImageBuilderzBuilder235DD147", - "Random" - ] + "Ref": "LambdaImageBuilderzBuildWait169e3bd7e14C086212" }, "\"}}" ]