Merge branch 'release/4.21.0' into master

cattle-ops · Jan 13, 2021 · b9ff8f5 · b9ff8f5
2 parents 2cb42b5 + 9898862
commit b9ff8f5
Show file tree

Hide file tree

Showing 17 changed files with 257 additions and 140 deletions.
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
@@ -1,5 +1,10 @@
 name: Verify
-on: [push, pull_request]
+on: 
+  push: 
+    branches:
+      - master
+      - develop
+  pull_request:
 
 jobs:
   verify:
@@ -9,7 +14,7 @@ jobs:
       - uses: actions/checkout@v1
       - name: verify
         run: |
-          ./ci/bin/install.sh
+          source ./ci/bin/install.sh
           ./ci/bin/verify.sh
 
   verify-examples:
@@ -19,5 +24,5 @@ jobs:
       - uses: actions/checkout@v1
       - name: verify-examples
         run: |
-          ./ci/bin/install.sh
+          source ./ci/bin/install.sh
           ./ci/bin/verify-examples.sh
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## Unreleased
 
+
+## 4.21.0 - 2021-01-13
+- Changed: Updated default version of runner to 13.7
+- Changed: Updated default version of docker machine to GitLab v0.16.2-gitlab.2
+- Changed: Updated default runner ami to ubuntu 20.04
+- Added: Option to set docker runtime (#273) by @thomaskelm
+- Added: Option to attach additional policies to the runner (#269) by @bliles
+- Added: Random suffix to s3 bucket (#252) by @fliphess
+
+
 ## 4.20.0 - 2020-10-08
 
 - Changed: upgrade default version for gitlab runner to 13.4.0 (#261)
@@ -387,7 +397,8 @@ Module is available as Terraform 0.11 module, pin module to version 3.x. Please
 - Update default AMI's to The latest Amazon Linux AMI 2017.09.1 - released on 2018-01-17.
 - Minor updates in the example
 
-[unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.20.0...HEAD
+[unreleased]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.21.0...HEAD
+[4.21.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.21.0...4.20.0
 [4.20.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.20.0...4.19.0
 [4.19.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.19.0...4.18.0
 [4.18.0]: https://github.com/npalm/terraform-aws-gitlab-runner/compare/4.18.0...4.17.0

diff --git a/README.md b/README.md
diff --git a/ci/bin/terraform.sh b/ci/bin/terraform.sh
@@ -1,9 +1,9 @@
 #!/usr/bin/env bash
 
-TARGET_DIR=/opt
-PATH=${PATH}:${TARGET_DIR}
+export TARGET_DIR=/opt
+export PATH=${TARGET_DIR}:${PATH}
 
-TERRAFORM_VERSION=${1:-"0.12.29"}
+TERRAFORM_VERSION=${1:-"0.13.6"}
 OS=${2:-"linux"}
 TERRAFORM_URL="https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_${OS}_amd64.zip"
 

diff --git a/examples/.terraform-version b/examples/.terraform-version
@@ -1 +1 @@
-0.12.29
+0.13.6
diff --git a/examples/runner-default/providers.tf b/examples/runner-default/providers.tf
@@ -1,16 +1,20 @@
 provider "aws" {
   region  = var.aws_region
-  version = "2.68"
+  version = "~> 3.23.0"
 }
 
 provider "local" {
   version = "1.4"
 }
 
 provider "null" {
-  version = "2.1.2"
+  version = "~> 3.0.0"
 }
 
 provider "tls" {
   version = "2.2.0"
 }
+
+provider "random" {
+  version = "~> 3.0.1"
+}
diff --git a/examples/runner-default/versions.tf b/examples/runner-default/versions.tf
@@ -1,4 +1,18 @@
 
 terraform {
-  required_version = ">= 0.12"
+  required_version = ">= 0.13"
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    local = {
+      source = "hashicorp/local"
+    }
+    null = {
+      source = "hashicorp/null"
+    }
+    tls = {
+      source = "hashicorp/tls"
+    }
+  }
 }
diff --git a/examples/runner-docker/versions.tf b/examples/runner-docker/versions.tf
@@ -1,4 +1,17 @@
-
 terraform {
-  required_version = ">= 0.12"
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    local = {
+      source = "hashicorp/local"
+    }
+    null = {
+      source = "hashicorp/null"
+    }
+    tls = {
+      source = "hashicorp/tls"
+    }
+  }
+  required_version = ">= 0.13"
 }
diff --git a/examples/runner-pre-registered/versions.tf b/examples/runner-pre-registered/versions.tf
@@ -1,4 +1,18 @@
 
 terraform {
-  required_version = ">= 0.12"
+  required_version = ">= 0.13"
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    local = {
+      source = "hashicorp/local"
+    }
+    null = {
+      source = "hashicorp/null"
+    }
+    tls = {
+      source = "hashicorp/tls"
+    }
+  }
 }
diff --git a/examples/runner-public/versions.tf b/examples/runner-public/versions.tf
@@ -1,4 +1,18 @@
 
 terraform {
-  required_version = ">= 0.12"
+  required_version = ">= 0.13"
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    local = {
+      source = "hashicorp/local"
+    }
+    null = {
+      source = "hashicorp/null"
+    }
+    tls = {
+      source = "hashicorp/tls"
+    }
+  }
 }
diff --git a/main.tf b/main.tf
@@ -108,6 +108,7 @@ locals {
       runners_concurrent                = var.runners_concurrent
       runners_image                     = var.runners_image
       runners_privileged                = var.runners_privileged
+      runners_docker_runtime            = var.runners_docker_runtime
       runners_shm_size                  = var.runners_shm_size
       runners_pull_policy               = var.runners_pull_policy
       runners_idle_count                = var.runners_idle_count
@@ -243,6 +244,7 @@ module "cache" {
   create_cache_bucket                  = var.cache_bucket["create"]
   cache_bucket_prefix                  = var.cache_bucket_prefix
   cache_bucket_name_include_account_id = var.cache_bucket_name_include_account_id
+  cache_bucket_set_random_suffix       = var.cache_bucket_set_random_suffix
   cache_bucket_versioning              = var.cache_bucket_versioning
   cache_expiration_days                = var.cache_expiration_days
 }
@@ -336,6 +338,16 @@ resource "aws_iam_instance_profile" "docker_machine" {
   role = aws_iam_role.docker_machine.name
 }
 
+################################################################################
+### Add user defined policies
+################################################################################
+resource "aws_iam_role_policy_attachment" "docker_machine_user_defined_policies" {
+  count      = length(var.docker_machine_iam_policy_arns)
+  role       = aws_iam_role.docker_machine.name
+  policy_arn = var.docker_machine_iam_policy_arns[count.index]
+}
+
+################################################################################
 resource "aws_iam_role_policy_attachment" "docker_machine_session_manager_aws_managed" {
   count = var.enable_docker_machine_ssm_access ? 1 : 0
 

diff --git a/modules/cache/README.md b/modules/cache/README.md
@@ -4,7 +4,7 @@ This sub module creates an S3 bucket for build caches. The cache will have by de
 
 ## Usages
 
-``` 
+```
 
 module "cache" {
   source      = "https://github.com/npalm/terraform-aws-gitlab-runner/tree/move-cache-to-moudle/cache"
@@ -36,6 +36,7 @@ module "runner" {
 | Name | Version |
 |------|---------|
 | aws | n/a |
+| random | n/a |
 
 ## Inputs
 
@@ -44,6 +45,7 @@ module "runner" {
 | arn\_format | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no |
 | cache\_bucket\_name\_include\_account\_id | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no |
 | cache\_bucket\_prefix | Prefix for s3 cache bucket name. | `string` | `""` | no |
+| cache\_bucket\_set\_random\_suffix | Random string suffix for s3 cache bucket | `bool` | `false` | no |
 | cache\_bucket\_versioning | Boolean used to enable versioning on the cache bucket, false by default. | `string` | `"false"` | no |
 | cache\_expiration\_days | Number of days before cache objects expires. | `number` | `1` | no |
 | cache\_lifecycle\_clear | Enable the rule to cleanup the cache for expired objects. | `bool` | `true` | no |
@@ -60,4 +62,4 @@ module "runner" {
 | bucket | Name of the created bucket. |
 | policy\_arn | Policy for users of the cache (bucket). |
 
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/cache/main.tf b/modules/cache/main.tf
@@ -1,5 +1,6 @@
 data "aws_caller_identity" "current" {}
 
+
 locals {
   tags = merge(
     {
@@ -11,7 +12,15 @@ locals {
     var.tags,
   )
 
-  cache_bucket_name = var.cache_bucket_name_include_account_id ? "${var.cache_bucket_prefix}${data.aws_caller_identity.current.account_id}-gitlab-runner-cache" : "${var.cache_bucket_prefix}-gitlab-runner-cache"
+  cache_bucket_string = var.cache_bucket_name_include_account_id ? format("%s%s-gitlab-runner-cache", var.cache_bucket_prefix, data.aws_caller_identity.current.account_id) : format("%s-gitlab-runner-cache", var.cache_bucket_prefix)
+  cache_bucket_name   = var.cache_bucket_set_random_suffix ? format("%s-%s", local.cache_bucket_string, random_string.s3_suffix[0].result) : local.cache_bucket_string
+}
+
+resource "random_string" "s3_suffix" {
+  count   = var.cache_bucket_set_random_suffix ? 1 : 0
+  length  = 8
+  upper   = false
+  special = false
 }
 
 resource "aws_s3_bucket" "build_cache" {

diff --git a/modules/cache/variables.tf b/modules/cache/variables.tf
@@ -9,6 +9,12 @@ variable "cache_bucket_prefix" {
   default     = ""
 }
 
+variable "cache_bucket_set_random_suffix" {
+  description = "Random string suffix for s3 cache bucket"
+  type        = bool
+  default     = false
+}
+
 variable "cache_bucket_name_include_account_id" {
   description = "Boolean to add current account ID to cache bucket name."
   type        = bool

diff --git a/template/runner-config.tpl b/template/runner-config.tpl
@@ -21,6 +21,7 @@ check_interval = 0
     volumes = ["/cache"${runners_additional_volumes}]
     shm_size = ${runners_shm_size}
     pull_policy = "${runners_pull_policy}"
+    runtime = "${runners_docker_runtime}"
   [runners.docker.tmpfs]
     ${runners_volumes_tmpfs}
   [runners.docker.services_tmpfs]
@@ -63,4 +64,4 @@ check_interval = 0
     ${runners_off_peak_idle_count}
     ${runners_off_peak_idle_time}
     ${runners_off_peak_periods_string}
-  ${runners_machine_autoscaling}
+   ${runners_machine_autoscaling}
diff --git a/variables.tf b/variables.tf
@@ -86,13 +86,13 @@ variable "docker_machine_spot_price_bid" {
 variable "docker_machine_download_url" {
   description = "Full url pointing to a linux x64 distribution of docker machine. Once set `docker_machine_version` will be ingored. For example the GitLab version, https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.2/docker-machine."
   type        = string
-  default     = ""
+  default     = "https://gitlab-docker-machine-downloads.s3.amazonaws.com/v0.16.2-gitlab.10/docker-machine-Linux-aarch64"
 }
 
 variable "docker_machine_version" {
-  description = "Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set."
+  description = "By default docker_machine_download_url is used to set the docker machine version. Version of docker-machine. The version will be ingored once `docker_machine_download_url` is set."
   type        = string
-  default     = "0.16.2"
+  default     = ""
 }
 
 variable "runners_name" {
@@ -171,6 +171,12 @@ variable "runners_shm_size" {
   default     = 0
 }
 
+variable "runners_docker_runtime" {
+  description = "docker runtime for runners, will be used in the runner config.toml"
+  type        = string
+  default     = ""
+}
+
 variable "runners_pull_policy" {
   description = "pull_policy for the runners, will be used in the runner config.toml"
   type        = string
@@ -308,6 +314,12 @@ variable "cache_bucket_name_include_account_id" {
   default     = true
 }
 
+variable "cache_bucket_set_random_suffix" {
+  description = "Append the cache bucket name with a random string suffix"
+  type        = bool
+  default     = false
+}
+
 variable "cache_bucket_versioning" {
   description = "Boolean used to enable versioning on the cache bucket, false by default."
   type        = bool
@@ -329,7 +341,7 @@ variable "cache_shared" {
 variable "gitlab_runner_version" {
   description = "Version of the GitLab runner."
   type        = string
-  default     = "13.4.0"
+  default     = "13.7.0"
 }
 
 variable "enable_ping" {
@@ -456,7 +468,7 @@ variable "runner_ami_filter" {
   type        = map(list(string))
 
   default = {
-    name = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
+    name = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
   }
 }
 
@@ -633,3 +645,9 @@ variable "runner_iam_policy_arns" {
   description = "List of policy ARNs to be added to the instance profile of the gitlab runner agent ec2 instance."
   default     = []
 }
+
+variable "docker_machine_iam_policy_arns" {
+  type        = list(string)
+  description = "List of policy ARNs to be added to the instance profile of the docker machine runners."
+  default     = []
+}
diff --git a/versions.tf b/versions.tf
@@ -1,4 +1,12 @@
 
 terraform {
   required_version = ">= 0.12"
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    null = {
+      source = "hashicorp/null"
+    }
+  }
 }