feat!: add packages input that installs packages on the AWS instance as part of cloud-init (machulav#241)

* add ability to specify packages, switch to yaml cloud-init input

* debug-print the user data

* add the packages parameter to action.yaml

* packaged the action

* write the script to a file then execute the file, to allow multi line input

* write pre-runner-script.sh using write_files

* remove debug print used while developing

* always write pre-runner script (even if empty) since runner-setup.sh always sources it

* enable debugging

* remove debug-printing the user-data content

* clean up printing of internal logs, used in development

* bring back the user-data.log prinitng, it was in upstream - no need to remove

* remove the dependency on jq

* make the github api return value parsing more robust to changes in whitespace

* run npm run package

Author: yonch

action.yml

@@ -129,6 +129,12 @@ inputs:
     description: >-
       JSON string specifying the metadata options for the EC2 instance.
       Example: '{"HttpTokens": "required", "HttpEndpoint": "enabled", "HttpPutResponseHopLimit": 2, "InstanceMetadataTags": "enabled"}'
+  packages:
+    description: >-
+      JSON array of packages to install via cloud-init.
+      Example: '["git", "docker.io", "nodejs"]'
+    required: false
+    default: '[]'
 outputs:
   label:
     description: >-

dist/index.js

@@ -127451,7 +127451,7 @@ module.exports = {
 
 
 const { parseSetCookie } = __nccwpck_require__(4408)
-const { stringify } = __nccwpck_require__(3121)
+const { stringify, getHeadersList } = __nccwpck_require__(3121)
 const { webidl } = __nccwpck_require__(1744)
 const { Headers } = __nccwpck_require__(554)
 
@@ -127527,13 +127527,14 @@ function getSetCookies (headers) {
 
   webidl.brandCheck(headers, Headers, { strict: false })
 
-  const cookies = headers.getSetCookie()
+  const cookies = getHeadersList(headers).cookies
 
   if (!cookies) {
     return []
   }
 
-  return cookies.map((pair) => parseSetCookie(pair))
+  // In older versions of undici, cookies is a list of name:value.
+  return cookies.map((pair) => parseSetCookie(Array.isArray(pair) ? pair[1] : pair))
 }
 
 /**
@@ -127961,15 +127962,14 @@ module.exports = {
 /***/ }),
 
 /***/ 3121:
-/***/ ((module) => {
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
 
 "use strict";
 
 
-/**
- * @param {string} value
- * @returns {boolean}
- */
+const assert = __nccwpck_require__(9491)
+const { kHeadersList } = __nccwpck_require__(2785)
+
 function isCTLExcludingHtab (value) {
   if (value.length === 0) {
     return false
@@ -128230,13 +128230,31 @@ function stringify (cookie) {
   return out.join('; ')
 }
 
+let kHeadersListNode
+
+function getHeadersList (headers) {
+  if (headers[kHeadersList]) {
+    return headers[kHeadersList]
+  }
+
+  if (!kHeadersListNode) {
+    kHeadersListNode = Object.getOwnPropertySymbols(headers).find(
+      (symbol) => symbol.description === 'headers list'
+    )
+
+    assert(kHeadersListNode, 'Headers cannot be parsed')
+  }
+
+  const headersList = headers[kHeadersListNode]
+  assert(headersList)
+
+  return headersList
+}
+
 module.exports = {
   isCTLExcludingHtab,
-  validateCookieName,
-  validateCookiePath,
-  validateCookieValue,
-  toIMFDate,
-  stringify
+  stringify,
+  getHeadersList
 }
 
 
@@ -132240,7 +132258,6 @@ const {
   isValidHeaderName,
   isValidHeaderValue
 } = __nccwpck_require__(2538)
-const util = __nccwpck_require__(3837)
 const { webidl } = __nccwpck_require__(1744)
 const assert = __nccwpck_require__(9491)
 
@@ -132794,9 +132811,6 @@ Object.defineProperties(Headers.prototype, {
   [Symbol.toStringTag]: {
     value: 'Headers',
     configurable: true
-  },
-  [util.inspect.custom]: {
-    enumerable: false
   }
 })
 
@@ -141973,20 +141987,6 @@ class Pool extends PoolBase {
       ? { ...options.interceptors }
       : undefined
     this[kFactory] = factory
-
-    this.on('connectionError', (origin, targets, error) => {
-      // If a connection error occurs, we remove the client from the pool,
-      // and emit a connectionError event. They will not be re-used.
-      // Fixes https://github.com/nodejs/undici/issues/3895
-      for (const target of targets) {
-        // Do not use kRemoveClient here, as it will close the client,
-        // but the client cannot be closed in this state.
-        const idx = this[kClients].indexOf(target)
-        if (idx !== -1) {
-          this[kClients].splice(idx, 1)
-        }
-      }
-    })
   }
 
   [kGetDispatcher] () {
@@ -145011,8 +145011,8 @@ const { EC2Client, RunInstancesCommand, TerminateInstancesCommand, waitUntilInst
 const core = __nccwpck_require__(2186);
 const config = __nccwpck_require__(4570);
 
-// User data scripts are run as the root user
-function buildUserDataScript(githubRegistrationToken, label) {
+// Build the commands to run on the instance
+function buildRunCommands(githubRegistrationToken, label) {
   let userData;
   if (config.input.runnerHomeDir) {
     // If runner home directory is specified, we expect the actions-runner software (and dependencies)
@@ -145021,8 +145021,7 @@ function buildUserDataScript(githubRegistrationToken, label) {
       '#!/bin/bash',
       'exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1',
       `cd "${config.input.runnerHomeDir}"`,
-      `echo "${config.input.preRunnerScript}" > pre-runner-script.sh`,
-      'source pre-runner-script.sh',
+      'source /tmp/pre-runner-script.sh',
       'export RUNNER_ALLOW_RUNASROOT=1',
       `./config.sh --url https://github.com/${config.githubContext.owner}/${config.githubContext.repo} --token ${githubRegistrationToken} --labels ${label}`,
     ];
@@ -145031,10 +145030,9 @@ function buildUserDataScript(githubRegistrationToken, label) {
       '#!/bin/bash',
       'exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1',
       'mkdir actions-runner && cd actions-runner',
-      `echo "${config.input.preRunnerScript}" > pre-runner-script.sh`,
-      'source pre-runner-script.sh',
+      'source /tmp/pre-runner-script.sh',
       'case $(uname -m) in aarch64) ARCH="arm64" ;; amd64|x86_64) ARCH="x64" ;; esac && export RUNNER_ARCH=${ARCH}',
-      'RUNNER_VERSION=$(curl -s "https://api.github.com/repos/actions/runner/releases/latest" | jq -r ".name" | tr -d "v")',
+      `RUNNER_VERSION=$(curl -s "https://api.github.com/repos/actions/runner/releases/latest" | grep -o '"tag_name"[[:space:]]*:[[:space:]]*"[^"]*"' | sed 's/.*"tag_name"[[:space:]]*:[[:space:]]*"\\([^"]*\\)".*/\\1/' | tr -d "v")`,
       'curl -O -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz',
       'tar xzf ./actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz',
       'export RUNNER_ALLOW_RUNASROOT=1',
@@ -145053,6 +145051,57 @@ function buildUserDataScript(githubRegistrationToken, label) {
   return userData;
 }
 
+// Build cloud-init YAML user data
+function buildUserDataScript(githubRegistrationToken, label) {
+  const runCommands = buildRunCommands(githubRegistrationToken, label);
+  
+  // Create a script file with all commands to avoid YAML escaping issues
+  const scriptContent = runCommands.join('\n');
+  
+  // Start with cloud-init header
+  let yamlContent = '#cloud-config\n';
+  
+  // Add packages if specified
+  if (config.input.packages && config.input.packages.length > 0) {
+    yamlContent += 'packages:\n';
+    config.input.packages.forEach(pkg => {
+      yamlContent += `  - ${pkg}\n`;
+    });
+  }
+  
+  // Write files
+  yamlContent += 'write_files:\n';
+  
+  // Always write pre-runner script (even if empty) since runner-setup.sh always sources it
+  yamlContent += '  - path: /tmp/pre-runner-script.sh\n';
+  yamlContent += '    permissions: "0755"\n';
+  yamlContent += '    content: |\n';
+  
+  if (config.input.preRunnerScript) {
+    config.input.preRunnerScript.split('\n').forEach(line => {
+      yamlContent += `      ${line}\n`;
+    });
+  } else {
+    yamlContent += '      #!/bin/bash\n';
+  }
+  
+  // Write main setup script
+  yamlContent += '  - path: /tmp/runner-setup.sh\n';
+  yamlContent += '    permissions: "0755"\n';
+  yamlContent += '    content: |\n';
+  
+  // Add each line of the script with proper indentation
+  scriptContent.split('\n').forEach(line => {
+    yamlContent += `      ${line}\n`;
+  });
+  
+  // Execute the script
+  yamlContent += 'runcmd:\n';
+  yamlContent += '  - /tmp/runner-setup.sh\n';
+  
+  return yamlContent;
+}
+
 function buildMarketOptions() {
   if (config.input.marketType !== 'spot') {
     return undefined;
@@ -145080,7 +145129,7 @@ async function createEc2InstanceWithParams(imageId, subnetId, securityGroupId, l
     MinCount: 1,
     SecurityGroupIds: [securityGroupId],
     SubnetId: subnetId,
-    UserData: Buffer.from(userData.join('\n')).toString('base64'),
+    UserData: Buffer.from(userData).toString('base64'),
     IamInstanceProfile: config.input.iamRoleName ? { Name: config.input.iamRoleName } : undefined,
     TagSpecifications: config.tagSpecifications,
     InstanceMarketOptions: buildMarketOptions(),
@@ -145237,6 +145286,7 @@ class Config {
       blockDeviceMappings: JSON.parse(core.getInput('block-device-mappings') || '[]'),
       availabilityZonesConfig: core.getInput('availability-zones-config'),
       metadataOptions: JSON.parse(core.getInput('metadata-options') || '{}'),
+      packages: JSON.parse(core.getInput('packages') || '[]'),
     };
 
     // Get the AWS_REGION environment variable

src/aws.js

@@ -3,8 +3,8 @@ const { EC2Client, RunInstancesCommand, TerminateInstancesCommand, waitUntilInst
 const core = require('@actions/core');
 const config = require('./config');
 
-// User data scripts are run as the root user
-function buildUserDataScript(githubRegistrationToken, label) {
+// Build the commands to run on the instance
+function buildRunCommands(githubRegistrationToken, label) {
   let userData;
   if (config.input.runnerHomeDir) {
     // If runner home directory is specified, we expect the actions-runner software (and dependencies)
@@ -13,8 +13,7 @@ function buildUserDataScript(githubRegistrationToken, label) {
       '#!/bin/bash',
       'exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1',
       `cd "${config.input.runnerHomeDir}"`,
-      `echo "${config.input.preRunnerScript}" > pre-runner-script.sh`,
-      'source pre-runner-script.sh',
+      'source /tmp/pre-runner-script.sh',
       'export RUNNER_ALLOW_RUNASROOT=1',
       `./config.sh --url https://github.com/${config.githubContext.owner}/${config.githubContext.repo} --token ${githubRegistrationToken} --labels ${label}`,
     ];
@@ -23,10 +22,9 @@ function buildUserDataScript(githubRegistrationToken, label) {
       '#!/bin/bash',
       'exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1',
       'mkdir actions-runner && cd actions-runner',
-      `echo "${config.input.preRunnerScript}" > pre-runner-script.sh`,
-      'source pre-runner-script.sh',
+      'source /tmp/pre-runner-script.sh',
       'case $(uname -m) in aarch64) ARCH="arm64" ;; amd64|x86_64) ARCH="x64" ;; esac && export RUNNER_ARCH=${ARCH}',
-      'RUNNER_VERSION=$(curl -s "https://api.github.com/repos/actions/runner/releases/latest" | jq -r ".name" | tr -d "v")',
+      `RUNNER_VERSION=$(curl -s "https://api.github.com/repos/actions/runner/releases/latest" | grep -o '"tag_name"[[:space:]]*:[[:space:]]*"[^"]*"' | sed 's/.*"tag_name"[[:space:]]*:[[:space:]]*"\\([^"]*\\)".*/\\1/' | tr -d "v")`,
       'curl -O -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz',
       'tar xzf ./actions-runner-linux-${RUNNER_ARCH}-${RUNNER_VERSION}.tar.gz',
       'export RUNNER_ALLOW_RUNASROOT=1',
@@ -45,6 +43,57 @@ function buildUserDataScript(githubRegistrationToken, label) {
   return userData;
 }
 
+// Build cloud-init YAML user data
+function buildUserDataScript(githubRegistrationToken, label) {
+  const runCommands = buildRunCommands(githubRegistrationToken, label);
+  
+  // Create a script file with all commands to avoid YAML escaping issues
+  const scriptContent = runCommands.join('\n');
+  
+  // Start with cloud-init header
+  let yamlContent = '#cloud-config\n';
+  
+  // Add packages if specified
+  if (config.input.packages && config.input.packages.length > 0) {
+    yamlContent += 'packages:\n';
+    config.input.packages.forEach(pkg => {
+      yamlContent += `  - ${pkg}\n`;
+    });
+  }
+  
+  // Write files
+  yamlContent += 'write_files:\n';
+  
+  // Always write pre-runner script (even if empty) since runner-setup.sh always sources it
+  yamlContent += '  - path: /tmp/pre-runner-script.sh\n';
+  yamlContent += '    permissions: "0755"\n';
+  yamlContent += '    content: |\n';
+  
+  if (config.input.preRunnerScript) {
+    config.input.preRunnerScript.split('\n').forEach(line => {
+      yamlContent += `      ${line}\n`;
+    });
+  } else {
+    yamlContent += '      #!/bin/bash\n';
+  }
+  
+  // Write main setup script
+  yamlContent += '  - path: /tmp/runner-setup.sh\n';
+  yamlContent += '    permissions: "0755"\n';
+  yamlContent += '    content: |\n';
+  
+  // Add each line of the script with proper indentation
+  scriptContent.split('\n').forEach(line => {
+    yamlContent += `      ${line}\n`;
+  });
+  
+  // Execute the script
+  yamlContent += 'runcmd:\n';
+  yamlContent += '  - /tmp/runner-setup.sh\n';
+  
+  return yamlContent;
+}
+
 function buildMarketOptions() {
   if (config.input.marketType !== 'spot') {
     return undefined;
@@ -72,7 +121,7 @@ async function createEc2InstanceWithParams(imageId, subnetId, securityGroupId, l
     MinCount: 1,
     SecurityGroupIds: [securityGroupId],
     SubnetId: subnetId,
-    UserData: Buffer.from(userData.join('\n')).toString('base64'),
+    UserData: Buffer.from(userData).toString('base64'),
     IamInstanceProfile: config.input.iamRoleName ? { Name: config.input.iamRoleName } : undefined,
     TagSpecifications: config.tagSpecifications,
     InstanceMarketOptions: buildMarketOptions(),

src/config.js

@@ -27,6 +27,7 @@ class Config {
       blockDeviceMappings: JSON.parse(core.getInput('block-device-mappings') || '[]'),
       availabilityZonesConfig: core.getInput('availability-zones-config'),
       metadataOptions: JSON.parse(core.getInput('metadata-options') || '{}'),
+      packages: JSON.parse(core.getInput('packages') || '[]'),
     };
 
     // Get the AWS_REGION environment variable