feat: Adding runner_enable_default_labels variable

jgutierrezglez · jgutierrezglez · commit 7704ec3aa172 · 2024-11-14T11:48:49.000+01:00
diff --git a/README.md b/README.md
@@ -209,6 +209,7 @@ Talk to the forestkeepers in the `runners-channel` on Slack.
 | <a name="input_runner_credit_specification"></a> [runner\_credit\_specification](#input\_runner\_credit\_specification) | The credit option for CPU usage of a T instance. Can be unset, "standard" or "unlimited". | `string` | `null` | no |
 | <a name="input_runner_ec2_tags"></a> [runner\_ec2\_tags](#input\_runner\_ec2\_tags) | Map of tags that will be added to the launch template instance tag specifications. | `map(string)` | `{}` | no |
 | <a name="input_runner_egress_rules"></a> [runner\_egress\_rules](#input\_runner\_egress\_rules) | List of egress rules for the GitHub runner instances. | <pre>list(object({<br/>    cidr_blocks      = list(string)<br/>    ipv6_cidr_blocks = list(string)<br/>    prefix_list_ids  = list(string)<br/>    from_port        = number<br/>    protocol         = string<br/>    security_groups  = list(string)<br/>    self             = bool<br/>    to_port          = number<br/>    description      = string<br/>  }))</pre> | <pre>[<br/>  {<br/>    "cidr_blocks": [<br/>      "0.0.0.0/0"<br/>    ],<br/>    "description": null,<br/>    "from_port": 0,<br/>    "ipv6_cidr_blocks": [<br/>      "::/0"<br/>    ],<br/>    "prefix_list_ids": null,<br/>    "protocol": "-1",<br/>    "security_groups": null,<br/>    "self": null,<br/>    "to_port": 0<br/>  }<br/>]</pre> | no |
+| <a name="input_runner_enable_default_labels"></a> [runner\_enable\_default\_labels](#input\_runner\_enable\_default\_labels) | Enable default labels for the runners (os, architecture and `self-hosted`). If disabled, the runner will only have the extra labels provided in `runner_extra_labels`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | `bool` | `true` | no |
 | <a name="input_runner_extra_labels"></a> [runner\_extra\_labels](#input\_runner\_extra\_labels) | Extra (custom) labels for the runners (GitHub). Labels checks on the webhook can be enforced by setting `enable_runner_workflow_job_labels_check_all`. GitHub read-only labels should not be provided. | `list(string)` | `[]` | no |
 | <a name="input_runner_group_name"></a> [runner\_group\_name](#input\_runner\_group\_name) | Name of the runner group. | `string` | `"Default"` | no |
 | <a name="input_runner_iam_role_managed_policy_arns"></a> [runner\_iam\_role\_managed\_policy\_arns](#input\_runner\_iam\_role\_managed\_policy\_arns) | Attach AWS or customer-managed IAM policies (by ARN) to the runner IAM role | `list(string)` | `[]` | no |
diff --git a/main.tf b/main.tf
@@ -8,7 +8,8 @@ locals {
     key_base64 = module.ssm.parameters.github_app_key_base64
   }
 
-  runner_labels = sort(distinct(concat(["self-hosted", var.runner_os, var.runner_architecture], var.runner_extra_labels)))
+  default_runner_labels = distinct(concat(["self-hosted", var.runner_os, var.runner_architecture]))
+  runner_labels         = (var.runner_enable_default_labels == true) ? concat(local.default_runner_labels, var.runner_extra_labels) : var.runner_extra_labels
 
   ssm_root_path = var.ssm_paths.use_prefix ? "/${var.ssm_paths.root}/${var.prefix}" : "/${var.ssm_paths.root}"
 }
@@ -199,6 +200,7 @@ module "runners" {
   scale_down_schedule_expression       = var.scale_down_schedule_expression
   minimum_running_time_in_minutes      = var.minimum_running_time_in_minutes
   runner_boot_time_in_minutes          = var.runner_boot_time_in_minutes
+  runner_enable_default_labels         = var.runner_enable_default_labels
   runner_labels                        = local.runner_labels
   runner_as_root                       = var.runner_as_root
   runner_run_as                        = var.runner_run_as
diff --git a/modules/runners/README.md b/modules/runners/README.md
@@ -202,6 +202,7 @@ yarn run dist
 | <a name="input_runner_ec2_tags"></a> [runner\_ec2\_tags](#input\_runner\_ec2\_tags) | Map of tags that will be added to the launch template instance tag specifications. | `map(string)` | `{}` | no |
 | <a name="input_runner_group_name"></a> [runner\_group\_name](#input\_runner\_group\_name) | Name of the runner group. | `string` | `"Default"` | no |
 | <a name="input_runner_iam_role_managed_policy_arns"></a> [runner\_iam\_role\_managed\_policy\_arns](#input\_runner\_iam\_role\_managed\_policy\_arns) | Attach AWS or customer-managed IAM policies (by ARN) to the runner IAM role | `list(string)` | `[]` | no |
+| <a name="input_runner_enable_default_labels"></a> [runner\_enable\_default\_labels](#input\_runner\_enable\_default\_labels) | Enable default labels for the runners (os, architecture and `self-hosted`). If disabled, the runner will only have the extra labels provided in `runner_extra_labels`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | `bool` | `true` | no |
 | <a name="input_runner_labels"></a> [runner\_labels](#input\_runner\_labels) | All the labels for the runners (GitHub) including the default one's(e.g: self-hosted, linux, x64, label1, label2). Separate each label by a comma | `list(string)` | n/a | yes |
 | <a name="input_runner_log_files"></a> [runner\_log\_files](#input\_runner\_log\_files) | (optional) List of logfiles to send to CloudWatch, will only be used if `enable_cloudwatch_agent` is set to true. Object description: `log_group_name`: Name of the log group, `prefix_log_group`: If true, the log group name will be prefixed with `/github-self-hosted-runners/<var.prefix>`, `file_path`: path to the log file, `log_stream_name`: name of the log stream. | <pre>list(object({<br/>    log_group_name   = string<br/>    prefix_log_group = bool<br/>    file_path        = string<br/>    log_stream_name  = string<br/>  }))</pre> | `null` | no |
 | <a name="input_runner_name_prefix"></a> [runner\_name\_prefix](#input\_runner\_name\_prefix) | The prefix used for the GitHub runner name. The prefix will be used in the default start script to prefix the instance name when register the runner in GitHub. The value is availabe via an EC2 tag 'ghr:runner\_name\_prefix'. | `string` | `""` | no |
diff --git a/modules/runners/runner-config.tf b/modules/runners/runner-config.tf
@@ -12,6 +12,13 @@ resource "aws_ssm_parameter" "runner_agent_mode" {
   tags  = local.tags
 }
 
+resource "aws_ssm_parameter" "default_labels" {
+  name  = "${var.ssm_paths.root}/${var.ssm_paths.config}/default_labels"
+  type  = "String"
+  value = var.runner_enable_default_labels
+  tags  = local.tags
+}
+
 resource "aws_ssm_parameter" "jit_config_enabled" {
   name  = "${var.ssm_paths.root}/${var.ssm_paths.config}/enable_jit_config"
   type  = "String"
diff --git a/modules/runners/templates/start-runner.sh b/modules/runners/templates/start-runner.sh
@@ -141,6 +141,9 @@ echo "Retrieved /$ssm_config_path/enable_cloudwatch parameter - ($enable_cloudwa
 agent_mode=$(echo "$parameters" | jq --arg ssm_config_path "$ssm_config_path" -r '.[] | select(.Name == "'$ssm_config_path'/agent_mode") | .Value')
 echo "Retrieved /$ssm_config_path/agent_mode parameter - ($agent_mode)"
 
+default_labels=$(echo "$parameters" | jq --arg ssm_config_path "$ssm_config_path" -r '.[] | select(.Name == "'$ssm_config_path'/default_labels") | .Value')
+echo "Retrieved /$ssm_config_path/default_labels parameter - ($default_labels)"
+
 enable_jit_config=$(echo "$parameters" | jq --arg ssm_config_path "$ssm_config_path" -r '.[] | select(.Name == "'$ssm_config_path'/enable_jit_config") | .Value')
 echo "Retrieved /$ssm_config_path/enable_jit_config parameter - ($enable_jit_config)"
 
@@ -216,7 +219,11 @@ echo "Starting the runner as user $run_as"
 # configure the runner if the runner is non ephemeral or jit config is disabled
 if [[ "$enable_jit_config" == "false" || $agent_mode != "ephemeral" ]]; then
   echo "Configure GH Runner as user $run_as"
-  sudo --preserve-env=RUNNER_ALLOW_RUNASROOT -u "$run_as" -- ./config.sh --unattended --name "$runner_name_prefix$instance_id" --work "_work" $${config}
+  if [[ "$default_labels" == "true" ]]; then
+      sudo --preserve-env=RUNNER_ALLOW_RUNASROOT -u "$run_as" -- ./config.sh --unattended --name "$runner_name_prefix$instance_id" --work "_work" $${config}
+  else
+      sudo --preserve-env=RUNNER_ALLOW_RUNASROOT -u "$run_as" -- ./config.sh --unattended --no-default-labels --name "$runner_name_prefix$instance_id" --work "_work" $${config}
+  fi
 fi
 
 create_xray_success_segment "$SEGMENT"
diff --git a/modules/runners/variables.tf b/modules/runners/variables.tf
@@ -217,9 +217,20 @@ variable "runner_boot_time_in_minutes" {
   default     = 5
 }
 
+variable "runner_enable_default_labels" {
+  description = "Enable default labels for the runners (os, architecture and `self-hosted`). If disabled, the runner will only have the extra labels provided in `runner_extra_labels`."
+  type        = bool
+  default     = true
+}
+
 variable "runner_labels" {
   description = "All the labels for the runners (GitHub) including the default one's(e.g: self-hosted, linux, x64, label1, label2). Separate each label by a comma"
   type        = list(string)
+
+  validation {
+    condition     = var.runner_labels != null && var.runner_labels != []
+    error_message = "The runner_labels variable must be set."
+  }
 }
 
 variable "runner_group_name" {
diff --git a/variables.tf b/variables.tf
@@ -58,10 +58,21 @@ variable "runner_boot_time_in_minutes" {
   default     = 5
 }
 
+variable "runner_enable_default_labels" {
+  description = "Enable default labels for the runners (os, architecture and `self-hosted`). If disabled, the runner will only have the extra labels provided in `runner_extra_labels`. In order set runner_enable_default_labels = false, enable_jit_config and enable_ephemeral_runners must be set to true; otherwise the value of this variable will be considered as true"
+  type        = bool
+  default     = true
+}
+
 variable "runner_extra_labels" {
-  description = "Extra (custom) labels for the runners (GitHub). Labels checks on the webhook can be enforced by setting `enable_runner_workflow_job_labels_check_all`. GitHub read-only labels should not be provided."
+  description = "Extra (custom) labels for the runners (GitHub). Separate each label by a comma. Labels checks on the webhook can be enforced by setting `enable_workflow_job_labels_check`. GitHub read-only labels should not be provided."
   type        = list(string)
   default     = []
+
+  validation {
+    condition     = var.runner_extra_labels != null
+    error_message = "Extra labels should not be null."
+  }
 }
 
 variable "runner_group_name" {
