Feature/idle runners (#113)

* Add support for ARM64 runners

* Support Graviton (a1) and Graviton2 (*6g*)

* Address TF format issues.

* Address additional TF format error.

* Add test case for arm64 release asset.

* Add documentation changes for ARM64.

* Make ARM/ICU patch conditional in user_data.sh.

* Run pre-commit hooks.

* Release 0.3.0

* Add feature to keep runners idle based on an idle config

* Update modules/runners/variables.tf

Co-authored-by: Ben Davies <[email protected]>

* Update modules/runners/variables.tf

Co-authored-by: Ben Davies <[email protected]>

* Fix formatting

* Fix unit test

* Fix unit test

* Implement idle config for terraform deployment

* Fix logging

* Set name for event rules

* Add documentation for idle config

* Add documentation for idle config

* Add documentation for idle config

Co-authored-by: Brice Ruth <[email protected]>
Co-authored-by: Ben Davies <[email protected]>

Author: 3 people

README.md

@@ -33,8 +33,13 @@ module "runners" {
   enable_organization_runners = false
   runner_extra_labels         = "default,example"
 
-  # instance_type = "a1.large"
+  # Uncommet idle config to have idle runners from 9 to 5 in time zone Amsterdam
+  # idle_config = [{
+  #   cron      = "* * 9-17 * * *"
+  #   timeZone  = "Europe/Amsterdam"
+  #   idleCount = 1
+  # }]
 
   # disable KMS and encryption
-  # encrypt_secrets = true
+  # encrypt_secrets = false
 }

examples/default/main.tf

@@ -74,6 +74,7 @@ module "runners" {
   runner_extra_labels             = var.runner_extra_labels
   runner_as_root                  = var.runner_as_root
   runners_maximum_count           = var.runners_maximum_count
+  idle_config                     = var.idle_config
 
   lambda_zip                = var.runners_lambda_zip
   lambda_timeout_scale_up   = var.runners_scale_up_lambda_timeout
@@ -101,7 +102,6 @@ module "runner_binaries" {
   lambda_zip     = var.runner_binaries_syncer_lambda_zip
   lambda_timeout = var.runner_binaries_syncer_lambda_timeout
 
-
   role_path                 = var.role_path
   role_permissions_boundary = var.role_permissions_boundary
 }

main.tf

@@ -34,29 +34,39 @@ yarn run dist
 ```
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| aws\_region | AWS region. | string | n/a | yes |
-| distribution\_bucket\_name | Bucket for storing the action runner distribution. | string | n/a | yes |
-| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes |
-| lambda\_schedule\_expression | Scheduler expression for action runner binary syncer. | string | `"cron(27 * * * ? *)"` | no |
-| lambda\_timeout | Time out of the lambda in seconds. | number | `"300"` | no |
-| lambda\_zip | File location of the lambda zip file. | string | `"null"` | no |
-| role\_path | The path that will be added to the role, if not set the environment name will be used. | string | `"null"` | no |
-| role\_permissions\_boundary | Permissions boundary that will be added to the created role for the lambda. | string | `"null"` | no |
-| runner\_architecture | The platform architecture for the runner instance \(x64, arm64\), defaults to 'x64' | string | `"x64"` | no |
-| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map(string) | `{}` | no |
+|------|-------------|------|---------|:--------:|
+| aws\_region | AWS region. | `string` | n/a | yes |
+| distribution\_bucket\_name | Bucket for storing the action runner distribution. | `string` | n/a | yes |
+| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes |
+| lambda\_schedule\_expression | Scheduler expression for action runner binary syncer. | `string` | `"cron(27 * * * ? *)"` | no |
+| lambda\_timeout | Time out of the lambda in seconds. | `number` | `300` | no |
+| lambda\_zip | File location of the lambda zip file. | `string` | `null` | no |
+| role\_path | The path that will be added to the role, if not set the environment name will be used. | `string` | `null` | no |
+| role\_permissions\_boundary | Permissions boundary that will be added to the created role for the lambda. | `string` | `null` | no |
+| runner\_architecture | The platform architecture for the runner instance (x64, arm64), defaults to 'x64' | `string` | `"x64"` | no |
+| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| bucket |  |
-| lambda |  |
-| lambda\_role |  |
-| runner\_distribution\_object\_key |  |
+| bucket | n/a |
+| lambda | n/a |
+| lambda\_role | n/a |
+| runner\_distribution\_object\_key | n/a |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 

modules/runner-binaries-syncer/README.md

@@ -60,6 +60,7 @@ resource "aws_iam_role_policy" "syncer" {
 }
 
 resource "aws_cloudwatch_event_rule" "syncer" {
+  name                = "${var.environment}-syncer-rule"
   schedule_expression = var.lambda_schedule_expression
   tags                = var.tags
 }

modules/runner-binaries-syncer/runner-binaries-syncer.tf

@@ -48,52 +48,63 @@ yarn run dist
 ```
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| ami\_filter | List of maps used to create the AMI filter for the action runner AMI. | map(list(string)) | `{ "name": [ "amzn2-ami-hvm-2.*-x86_64-ebs" ] }` | no |
-| ami\_owners | The list of owners used to select the AMI of action runner instances. | list(string) | `[ "amazon" ]` | no |
-| aws\_region | AWS region. | string | n/a | yes |
-| block\_device\_mappings | The EC2 instance block device configuration. Takes the following keys: `delete\_on\_termination`, `volume\_type`, `volume\_size`, `encrypted`, `iops` | map(string) | `{}` | no |
-| enable\_organization\_runners |  | bool | n/a | yes |
-| encryption | KMS key to encrypted lambda environment secrets. Either provide a key and `encrypt` set to `true`. Or set the key to `null` and encrypt to `false`. | object | n/a | yes |
-| environment | A name that identifies the environment, used as prefix and for tagging. | string | n/a | yes |
-| github\_app | GitHub app parameters, see your github app. Ensure the key is base64 encoded. | object | n/a | yes |
-| instance\_profile\_path | The path that will be added to the instance\_profile, if not set the environment name will be used. | string | `"null"` | no |
-| instance\_type | Default instance type for the action runner. | string | `"m5.large"` | no |
-| lambda\_timeout\_scale\_down | Time out for the scale down lambda in seconds. | number | `"60"` | no |
-| lambda\_timeout\_scale\_up | Time out for the scale up lambda in seconds. | number | `"60"` | no |
-| lambda\_zip | File location of the lambda zip file. | string | `"null"` | no |
-| market\_options | Market options for the action runner instances. | string | `"spot"` | no |
-| minimum\_running\_time\_in\_minutes | The time an ec2 action runner should be running at minimum before terminated if non busy. | number | `"5"` | no |
-| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name\_sg` overwrite the `Name` tag for all security groups created by this module. `name\_runner\_agent\_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name\_docker\_machine\_runners` override the `Name` tag spot instances created by the runner agent. | map(string) | `{ "name_runner": "", "name_sg": "" }` | no |
-| role\_path | The path that will be added to the role, if not set the environment name will be used. | string | `"null"` | no |
-| role\_permissions\_boundary | Permissions boundary that will be added to the created role for the lambda. | string | `"null"` | no |
-| runner\_architecture | The platform architecture of the runner instance\_type. | string | `"x64"` | no |
-| runner\_as\_root | Run the action runner under the root user. | bool | `"false"` | no |
-| runner\_extra\_labels | Extra labels for the runners \(GitHub\). Separate each label by a comma | string | `""` | no |
-| runners\_maximum\_count | The maximum number of runners that will be created. | number | `"3"` | no |
-| s3\_bucket\_runner\_binaries |  | object | n/a | yes |
-| s3\_location\_runner\_binaries | S3 location of runner distribution. | string | n/a | yes |
-| scale\_down\_schedule\_expression | Scheduler expression to check every x for scale down. | string | `"cron(*/5 * * * ? *)"` | no |
-| sqs\_build\_queue | SQS queue to consume accepted build events. | object | n/a | yes |
-| subnet\_ids | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc\_id`. | list(string) | n/a | yes |
-| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | map(string) | `{}` | no |
-| userdata\_post\_install | User-data script snippet to insert after GitHub acton runner install | string | `""` | no |
-| userdata\_pre\_install | User-data script snippet to insert before GitHub acton runner install | string | `""` | no |
-| vpc\_id | The VPC for the security groups. | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| ami\_filter | List of maps used to create the AMI filter for the action runner AMI. | `map(list(string))` | <pre>{<br>  "name": [<br>    "amzn2-ami-hvm-2.*-x86_64-ebs"<br>  ]<br>}</pre> | no |
+| ami\_owners | The list of owners used to select the AMI of action runner instances. | `list(string)` | <pre>[<br>  "amazon"<br>]</pre> | no |
+| aws\_region | AWS region. | `string` | n/a | yes |
+| block\_device\_mappings | The EC2 instance block device configuration. Takes the following keys: `delete_on_termination`, `volume_type`, `volume_size`, `encrypted`, `iops` | `map(string)` | `{}` | no |
+| enable\_organization\_runners | n/a | `bool` | n/a | yes |
+| encryption | KMS key to encrypted lambda environment secrets. Either provide a key and `encrypt` set to `true`. Or set the key to `null` and encrypt to `false`. | <pre>object({<br>    kms_key_id = string<br>    encrypt    = bool<br>  })</pre> | n/a | yes |
+| environment | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes |
+| github\_app | GitHub app parameters, see your github app. Ensure the key is base64 encoded. | <pre>object({<br>    key_base64    = string<br>    id            = string<br>    client_id     = string<br>    client_secret = string<br>  })</pre> | n/a | yes |
+| idle\_config | List of time period that can be defined as cron expression to keep a minimum amount of runners active instead of scaling down to 0. By defining this list you can ensure that in time periods that match the cron expression within 5 seconds a runner is kept idle. | <pre>list(object({<br>    cron      = string<br>    timeZone  = string<br>    idleCount = number<br>  }))</pre> | `[]` | no |
+| instance\_profile\_path | The path that will be added to the instance\_profile, if not set the environment name will be used. | `string` | `null` | no |
+| instance\_type | Default instance type for the action runner. | `string` | `"m5.large"` | no |
+| lambda\_timeout\_scale\_down | Time out for the scale down lambda in seconds. | `number` | `60` | no |
+| lambda\_timeout\_scale\_up | Time out for the scale up lambda in seconds. | `number` | `60` | no |
+| lambda\_zip | File location of the lambda zip file. | `string` | `null` | no |
+| market\_options | Market options for the action runner instances. | `string` | `"spot"` | no |
+| minimum\_running\_time\_in\_minutes | The time an ec2 action runner should be running at minimum before terminated if non busy. | `number` | `5` | no |
+| overrides | This maps provides the possibility to override some defaults. The following attributes are supported: `name_sg` overwrite the `Name` tag for all security groups created by this module. `name_runner_agent_instance` override the `Name` tag for the ec2 instance defined in the auto launch configuration. `name_docker_machine_runners` override the `Name` tag spot instances created by the runner agent. | `map(string)` | <pre>{<br>  "name_runner": "",<br>  "name_sg": ""<br>}</pre> | no |
+| role\_path | The path that will be added to the role, if not set the environment name will be used. | `string` | `null` | no |
+| role\_permissions\_boundary | Permissions boundary that will be added to the created role for the lambda. | `string` | `null` | no |
+| runner\_architecture | The platform architecture of the runner instance\_type. | `string` | `"x64"` | no |
+| runner\_as\_root | Run the action runner under the root user. | `bool` | `false` | no |
+| runner\_extra\_labels | Extra labels for the runners (GitHub). Separate each label by a comma | `string` | `""` | no |
+| runners\_maximum\_count | The maximum number of runners that will be created. | `number` | `3` | no |
+| s3\_bucket\_runner\_binaries | n/a | <pre>object({<br>    arn = string<br>  })</pre> | n/a | yes |
+| s3\_location\_runner\_binaries | S3 location of runner distribution. | `string` | n/a | yes |
+| scale\_down\_schedule\_expression | Scheduler expression to check every x for scale down. | `string` | `"cron(*/5 * * * ? *)"` | no |
+| sqs\_build\_queue | SQS queue to consume accepted build events. | <pre>object({<br>    arn = string<br>  })</pre> | n/a | yes |
+| subnet\_ids | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | n/a | yes |
+| tags | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no |
+| userdata\_post\_install | User-data script snippet to insert after GitHub acton runner install | `string` | `""` | no |
+| userdata\_pre\_install | User-data script snippet to insert before GitHub acton runner install | `string` | `""` | no |
+| vpc\_id | The VPC for the security groups. | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| lambda\_scale\_down |  |
-| lambda\_scale\_up |  |
-| launch\_template |  |
-| role\_runner |  |
-| role\_scale\_down |  |
-| role\_scale\_up |  |
+| lambda\_scale\_down | n/a |
+| lambda\_scale\_up | n/a |
+| launch\_template | n/a |
+| role\_runner | n/a |
+| role\_scale\_down | n/a |
+| role\_scale\_up | n/a |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 

modules/runners/README.md

@@ -25,7 +25,8 @@
   "dependencies": {
     "@octokit/auth-app": "^2.4.11",
     "@octokit/rest": "^18.0.3",
-    "moment": "^2.25.3",
+    "cron-parser": "^2.15.0",
+    "moment": "^2.27.0",
     "yn": "^4.0.0"
   }
 }

modules/runners/lambdas/runners/package.json

@@ -63,7 +63,7 @@ export async function terminateRunner(runner: RunnerInfo): Promise<void> {
       InstanceIds: [runner.instanceId],
     })
     .promise();
-  console.debug('Runner terminated.' + result.TerminatingInstances);
+  console.debug('Runner terminated.' + runner.instanceId);
 }
 
 export async function createRunner(runnerParameters: RunnerInputParameters): Promise<void> {

modules/runners/lambdas/runners/src/scale-runners/runners.ts

@@ -0,0 +1,39 @@
+import moment from 'moment-timezone';
+import { getIdleRunnerCount, ScalingDownConfig, ScalingDownConfigList } from './scale-down-config';
+
+const DEFAULT_TIMEZONE = 'America/Los_Angeles';
+const DEFAULT_IDLE_COUNT = 1;
+const now = moment.tz(new Date(), 'America/Los_Angeles');
+
+function getConfig(cronTabs: string[]): ScalingDownConfigList {
+  const result: ScalingDownConfigList = [];
+  for (const cron of cronTabs) {
+    result.push({
+      cron: cron,
+      idleCount: DEFAULT_IDLE_COUNT,
+      timeZone: DEFAULT_TIMEZONE,
+    });
+  }
+  return result;
+}
+
+describe('scaleDownConfig', () => {
+  beforeEach(() => {});
+
+  describe('Check runners that should be kept idle based on config.', () => {
+    it('One active cron configuration', async () => {
+      const scaleDownConfig = getConfig(['* * * * * *']);
+      expect(getIdleRunnerCount(scaleDownConfig)).toEqual(DEFAULT_IDLE_COUNT);
+    });
+
+    it('No active cron configuration', async () => {
+      const scaleDownConfig = getConfig(['* * * * * ' + ((now.day() + 1) % 7)]);
+      expect(getIdleRunnerCount(scaleDownConfig)).toEqual(0);
+    });
+
+    it('1 of 2 cron configurations be active', async () => {
+      const scaleDownConfig = getConfig(['* * * * * ' + ((now.day() + 1) % 7), '* * * * * ' + (now.day() % 7)]);
+      expect(getIdleRunnerCount(scaleDownConfig)).toEqual(DEFAULT_IDLE_COUNT);
+    });
+  });
+});

modules/runners/lambdas/runners/src/scale-runners/scale-down-config.test.ts

@@ -0,0 +1,25 @@
+import parser from 'cron-parser';
+import moment from 'moment';
+
+export type ScalingDownConfigList = ScalingDownConfig[];
+export interface ScalingDownConfig {
+  cron: string;
+  idleCount: number;
+  timeZone: string;
+}
+
+function inPeriod(period: ScalingDownConfig): boolean {
+  const now = moment(new Date());
+  const expr = parser.parseExpression(period.cron, {
+    tz: period.timeZone,
+  });
+  const next = moment(expr.next().toDate());
+  return Math.abs(next.diff(now, 'seconds')) < 5; // we keep a range of 5 seconds
+}
+
+export function getIdleRunnerCount(scalingDownConfigs: ScalingDownConfigList) {
+  for (const scalingDownConfig of scalingDownConfigs) {
+    if (inPeriod(scalingDownConfig)) return scalingDownConfig.idleCount;
+  }
+  return 0;
+}