访问官网
Github
文档Terraform module Self-Hosted Scalable GitHub Actions runners on AWS.
📄 Extensive documentation is available via our GitHub Pages Docs site.
📢 We maintain the project as a truly open-source project. We maintain the project on a best effort basis. We welcome contributions from the community. Feel free to help us answering issues, reviewing PRs, or maintaining and improving the project.
📢
v5replaces Amazon Linux 2 with Amazon Linux 2023 as default OS. Check the PR for more details and other changes.
📢 For contributions to older versions you can make a PR to the related branch, e.g.
v4. We have no release process in place for older versions.
This Terraform module creates the required infrastructure needed to host GitHub Actions self-hosted, auto-scaling runners on AWS spot instances. It provides the required logic to handle the life cycle for scaling up and down using a set of AWS Lambda functions. Runners are scaled down to zero to avoid costs when no workflows are active.
Features
- Scaling: Scale up and down based on GitHub events
- Sustainability: Scale down to zero when no jobs are running
- Security: Runners are created on-demand and terminated after use (ephemeral runners)
- Cost optimization: Runners are created on spot instances
- Tailored software, hardware and network configuration: Bring your own AMI, define the instance types and subnets to use.
- OS support: Linux (x64/arm64) and Windows
- Multi-Runner: Create multiple runner configurations with a single deployment
- GitHub cloud and GitHub Enterprise Server (GHES) support.
- Org and repo level runners. enterprise level runners are not supported (yet).
Getting started
Check out the detailed instructions in the Getting Started section of the docs. On a high level, the following steps are required to get started:
- Setup your AWS account
- Create and configure a GitHub App
- Download or build the required lambdas
- Deploy the module using Terraform
- Install the GitHub App to your organization or repositories and add your repositories to the runner group(s).
Check out the provided Terraform examples in the examples directory for different scenarios.
Configuration
Please check the configuration section of the docs for major configuration options. See the Terraform module documentation for all available options.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Contributing
We welcome contributions, please check out the contribution guide. Be aware we use pre commit hooks to update the docs.
Philips Forest
This module is part of the Philips Forest.
___ _
/ __\__ _ __ ___ ___| |_
/ _\/ _ \| '__/ _ \/ __| __|
/ / | (_) | | | __/\__ \ |_
\/ \___/|_| \___||___/\__|
Infrastructure
Talk to the forestkeepers in the runners-channel on Slack.
Terraform root module documention
Requirements
Providers
Modules
| Name | Source | Version |
|---|---|---|
| ami_housekeeper | ./modules/ami-housekeeper | n/a |
| instance_termination_watcher | ./modules/termination-watcher | n/a |
| runner_binaries | ./modules/runner-binaries-syncer | n/a |
| runners | ./modules/runners | n/a |
| ssm | ./modules/ssm | n/a |
| webhook | ./modules/webhook | n/a |
Resources
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ami_filter | Map of lists used to create the AMI filter for the action runner AMI. | map(list(string)) | { | no |
| ami_housekeeper_cleanup_config | Configuration for AMI cleanup.amiFilters - Filters to use when searching for AMIs to cleanup. Default filter for images owned by the account and that are available.dryRun - If true, no AMIs will be deregistered. Default false.launchTemplateNames - Launch template names to use when searching for AMIs to cleanup. Default no launch templates.maxItems - The maximum numer of AMI's tha will be queried for cleanup. Default no maximum.minimumDaysOld - Minimum number of days old an AMI must be to be considered for cleanup. Default 30.ssmParameterNames - SSM parameter names to use when searching for AMIs to cleanup. This parameter should be set when using SSM to configure the AMI to use. Default no SSM parameters. | object({ | {} | no |
| ami_housekeeper_lambda_s3_key | S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas. | string | null | no |
| ami_housekeeper_lambda_s3_object_version | S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. | string | null | no |
| ami_housekeeper_lambda_schedule_expression | Scheduler expression for action runner binary syncer. | string | "rate(1 day)" | no |
| ami_housekeeper_lambda_timeout | Time out of the lambda in seconds. | number | 300 | no |
| ami_housekeeper_lambda_zip | File location of the lambda zip file. | string | null | no |
| ami_id_ssm_parameter_name | Externally managed SSM parameter (of data type aws:ec2:image) that contains the AMI ID to launch runner instances from. Overrides ami_filter | string | null | no |
| ami_kms_key_arn | Optional CMK Key ARN to be used to launch an instance from a shared encrypted AMI | string | null | no |
| ami_owners | The list of owners used to select the AMI of action runner instances. | list(string) | [ | no |
| associate_public_ipv4_address | Associate public IPv4 with the runner. Only tested with IPv4 | bool | false | no |
| aws_partition | (optiona) partition in the arn namespace to use if not 'aws' | string | "aws" | no |
| aws_region | AWS region. | string | n/a | yes |
| block_device_mappings | The EC2 instance block device configuration. Takes the following keys: device_name, delete_on_termination, volume_type, volume_size, encrypted, iops, throughput, kms_key_id, snapshot_id. | list(object({ | [ | no |
| cloudwatch_config | (optional) Replaces the module's default cloudwatch log config. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for details. | string | null | no |
| create_service_linked_role_spot | (optional) create the service linked role for spot instances that is required by the scale-up lambda. | bool | false | no |
| delay_webhook_event | The number of seconds the event accepted by the webhook is invisible on the queue before the scale up lambda will receive the event. | number | 30 | no |
| disable_runner_autoupdate | Disable the auto update of the github runner agent. Be aware there is a grace period of 30 days, see also the GitHub article | bool | false | no |
| enable_ami_housekeeper | Option to disable the lambda to clean up old AMIs. | bool | false | no |
| enable_cloudwatch_agent | Enables the cloudwatch agent on the ec2 runner instances. The runner uses a default config that can be overridden via cloudwatch_config. | bool | true | no |
| enable_ephemeral_runners | Enable ephemeral runners, runners will only be used once. | bool | false | no |
| enable_event_rule_binaries_syncer | DEPRECATED: Replaced by state_event_rule_binaries_syncer. | bool | null | no |
| enable_fifo_build_queue | Enable a FIFO queue to keep the order of events received by the webhook. Recommended for repo level runners. | bool | false | no |
