├── .gitignore
├── .vscode
    └── tasks.json
├── LICENSE
├── README.md
├── deploy
    ├── main.tf
    ├── runner_module
    │   ├── main.tf
    │   └── variables.tf
    └── webhook_module
    │   ├── main.tf
    │   ├── outputs.tf
    │   └── variables.tf
├── deployment.drawio.svg
├── scripts
    ├── deploy-runner.sh
    ├── deploy-webhook.sh
    └── deploy.sh
└── src
    ├── lambda-github-runner
        ├── Dockerfile
        ├── Dockerfile.base
        ├── go.mod
        ├── go.sum
        └── main.go
    └── lambda-github-webhook
        ├── go.mod
        ├── go.sum
        └── main.go


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Binaries for programs and plugins
 2 | *.exe
 3 | *.exe~
 4 | *.dll
 5 | *.so
 6 | *.dylib
 7 | 
 8 | # Test binary, built with `go test -c`
 9 | *.test
10 | 
11 | # Output of the go coverage tool, specifically when used with LiteIDE
12 | *.out
13 | 
14 | # Dependency directories (remove the comment below to include it)
15 | # vendor/
16 | 
17 | # Local .terraform directories
18 | **/.terraform/*
19 | 
20 | # .tfstate files
21 | *.tfstate
22 | *.tfstate.*
23 | 
24 | # Crash log files
25 | crash.log
26 | 
27 | # Exclude all .tfvars files, which are likely to contain sentitive data, such as
28 | # password, private keys, and other secrets. These should not be part of version 
29 | # control as they are data points which are potentially sensitive and subject 
30 | # to change depending on the environment.
31 | #
32 | *.tfvars
33 | 
34 | # Ignore override files as they are usually used to override resources locally and so
35 | # are not checked in
36 | override.tf
37 | override.tf.json
38 | *_override.tf
39 | *_override.tf.json
40 | 
41 | # Include override files you do wish to add to version control using negated pattern
42 | #
43 | # !example_override.tf
44 | 
45 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
46 | # example: *tfplan*
47 | 
48 | # Ignore CLI configuration files
49 | .terraformrc
50 | terraform.rc
51 | src/lambda-github-webhook/lambda-github-webhook
52 | deploy/.terraform.lock.hcl
53 | deploy/runner_module/.terraform.lock.hcl
54 | deploy/webhook_module/.terraform.lock.hcl
55 | files/
56 | 


--------------------------------------------------------------------------------
/.vscode/tasks.json:
--------------------------------------------------------------------------------
  1 | {
  2 |     // See https://go.microsoft.com/fwlink/?LinkId=733558
  3 |     // for the documentation about the tasks.json format
  4 |     "version": "2.0.0",
  5 |     "tasks": [
  6 |         {
  7 |             "label": "Build Base Runner Image",
  8 |             "type": "shell",
  9 |             "command": "docker",
 10 |             "args": [
 11 |                 "build",
 12 |                 "--pull",
 13 |                 "--rm",
 14 |                 "-f",
 15 |                 "src/lambda-github-runner/Dockerfile.base",
 16 |                 "-t",
 17 |                 "lambda-github-runner-base:latest",
 18 |                 "src/lambda-github-runner"
 19 |             ],
 20 |             "problemMatcher": []
 21 |         },
 22 |         {
 23 |             "label": "Get AWS Lambda Container",
 24 |             "type": "shell",
 25 |             "command": "docker",
 26 |             "args": [
 27 |                 "pull",
 28 |                 "public.ecr.aws/lambda/provided:al2"
 29 |             ],
 30 |             "problemMatcher": []
 31 |         },
 32 |         {
 33 |             "label": "Build Runner Image",
 34 |             "type": "shell",
 35 |             "command": "docker",
 36 |             "args": [
 37 |                 "build",
 38 |                 "--rm",
 39 |                 "-f",
 40 |                 "src/lambda-github-runner/Dockerfile",
 41 |                 "-t",
 42 |                 "lambda-github-runner:latest",
 43 |                 "src/lambda-github-runner"
 44 |             ],
 45 |             "dependsOn": [
 46 |                 "Get AWS Lambda Container",
 47 |                 "Build Base Runner Image"
 48 |             ],
 49 |             "problemMatcher": []
 50 |         },
 51 |         {
 52 |             "label": "Get Webhook Mods",
 53 |             "type": "shell",
 54 |             "command": "go",
 55 |             "args": [
 56 |                 "mod",
 57 |                 "download"
 58 |             ],
 59 |             "options": {
 60 |                 "cwd": "src/lambda-github-webhook"
 61 |             },
 62 |             "problemMatcher": []
 63 |         },
 64 |         {
 65 |             "label": "Build Webhook",
 66 |             "type": "shell",
 67 |             "command": "go",
 68 |             "args": [
 69 |                 "build"
 70 |             ],
 71 |             "options": {
 72 |                 "env": {
 73 |                     "GOOS": "linux"
 74 |                 },
 75 |                 "cwd": "src/lambda-github-webhook"
 76 |             },
 77 |             "dependsOn": [
 78 |                 "Get Webhook Mods"
 79 |             ],
 80 |             "problemMatcher": []
 81 |         },
 82 |         {
 83 |             "label": "Validate Terraform",
 84 |             "type": "shell",
 85 |             "command": "terraform",
 86 |             "args": [
 87 |                 "validate"
 88 |             ],
 89 |             "options": {
 90 |                 "cwd": "deploy"
 91 |             },
 92 |             "problemMatcher": []
 93 |         },
 94 |         {
 95 |             "label": "Plan Terraform",
 96 |             "type": "shell",
 97 |             "command": "terraform",
 98 |             "args": [
 99 |                 "plan",
100 |                 "-var-file=.tfvars"
101 |             ],
102 |             "options": {
103 |                 "cwd": "deploy"
104 |             },
105 |             "problemMatcher": []
106 |         },
107 |         {
108 |             "label": "Destroy Terraform",
109 |             "type": "shell",
110 |             "command": "terraform",
111 |             "args": [
112 |                 "destroy",
113 |                 "-var-file:.tfvars"
114 |             ],
115 |             "options": {
116 |                 "cwd": "deploy"
117 |             },
118 |             "problemMatcher": []
119 |         },
120 |         {
121 |             "label": "Apply Terraform",
122 |             "type": "shell",
123 |             "command": "terraform",
124 |             "args": [
125 |                 "apply",
126 |                 "-var-file:.tfvars"
127 |             ],
128 |             "options": {
129 |                 "cwd": "deploy"
130 |             },
131 |             "problemMatcher": []
132 |         }
133 |     ]
134 | }


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020 Nathan Westfall
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Lambda GitHub Runner
 2 | A completely serverless way to have simple self-hosted runners for GitHub Actions.  Lightweight, fast and easy to deploy.
 3 | 
 4 | ## Why it was built
 5 | Once [Lambda Containers](https://aws.amazon.com/blogs/aws/new-for-aws-lambda-container-image-support/) came out, I wanted to see how far they could go.  I know there is already a serverless way of doing Github Runners with AWS Fargate, but if you can do it all in Lambda why not?
 6 | 
 7 | I also wanted to develop a way to do the last "job" in my actions in my own environment.  This way, I could assign the AWS permissions to the lambda function and not have to rotate keys in GitHub, just use IAM roles.
 8 | 
 9 | ## How it Works
10 | Using GitHub webhooks, we listen for the `check_run` event and then start up a runner when it's needed.  This is now possible through [Lambda Containers](https://aws.amazon.com/blogs/aws/new-for-aws-lambda-container-image-support/).  It uses a few different AWS services to make this possible.
11 | 
12 |  - Lambda (obviously)
13 |     - `lambda-github-webhook` - This function handles the incoming webhooks to start/stop/setup runners
14 |     - `lambda-github-runner` - This function is the actual self-hosted runner!
15 |  - API Gateway
16 |     - Gives you an endpoint for the GitHub webhooks
17 |  - SQS
18 |     - Used to "stop" the self-hosted runners in lambda when the action is complete
19 |  - ECR
20 |     - You are required to host the docker image in your own account for lambda (copies from public ECR repository)
21 |  - Cloudwatch
22 |     - All applications need logging, even if it's simple
23 | 
24 | Using the lifecycle of an action and the `check_run` webhook, we are able to dynamically add/remove self-hosted runners from GitHub as they are needed.
25 | 
26 | See working example - https://github.com/nwestfall/lambda-runner-test/actions
27 | 
28 | ## Deployment Overview
29 | ![Deployment Diagram](deployment.drawio.svg)
30 | 
31 | ### Generate a GitHub Token
32 | A GitHub token is required to setup the project.  This token just needs `repo` access.  It is used to generate GitHub Runner tokens used to add/remove the runners.
33 | 
34 | ### How to Deploy
35 | This project includes a Terraform so you can essentially set this up in your environment with little to no effort.  It uses the AWS credentials on your machine and pulls the lambda functions (`.zip` and docker image) from a public source, so you don't have to build locally (but you can if you want).  You will need the following on your machine to get started
36 | 
37 |  - Terraform
38 |  - AWS CLI v2 (yes, v2 is important)
39 |  - Docker (to pull and push the images)
40 | 
41 | Once you have everything above installed, just clone this repo, navigate to the `deploy` folder and run
42 | 
43 | `terraform init`
44 | 
45 | then
46 | 
47 | `terraform plan`
48 | 
49 | There are a number of variables you can provide before building to customize it in your account (listed below).  Once you feel confortable about what it is setting up, just run the final command
50 | 
51 | `terraform apply`
52 | 
53 | Once it is successfully deployed, it will output your webhook URL (generated by API Gateway).  This is what you will bring to your GitHub repository to setup webhooks.
54 | 
55 | ### Setting up GitHub Webhooks
56 | Once you have the project deployed in your AWS account, you just need to setup the webhook endpoint (provided at the end of the terraform process) in the GitHub repository you wish to have use the runners.
57 | 
58 | Go to the GitHub repository and select "Settings" -> "WebHooks".  You will see an option to "Add webhook".  Enter and change the following information.
59 | 
60 |  - Payload URL: The URL you got from the terraform script
61 |  - Content Type: Change to "application/json"
62 |  - Secret: Only enter if you set one up when deploying to AWS
63 |  - "Which events would you like to trigger this webhook?": Select "Let me select individual events" and make sure just "check_run" is selected (by default, just "push" is selected).  Other events are automatically ignored, but there is no sense in sending extra data.
64 | 
65 |  Once all this is entered, go ahead and create the webhook!  The first delivery you should see is a "ping" event.  This is to test the webhook and make sure everything is ok.  If it returns a `200`, then you are good to go!
66 | 
67 |  Something to note is that to make sure an Action doesn't fail, a self-hosted runner **MUST** be setup (even if it's not running).  If none are setup, the action will just fail rather they "wait" for an available runner.  We use the "ping" event to setup a default runner called "DEFAULT-LAMBDA-DO-NOT-REMOVE".  This should never be "active", but is used as a place holder to ensure that your actions don't immediately fail.  All other runners will have a unique name and be short lived.
68 | 
69 |  ** Note that it is possible to accidently remove the default runner if you run an action immediately after setting it up.  Please give it some time for the lambda function to become "cold" so that a new one is used (removing the other action) **
70 | 
71 | ## Known Limitations
72 |  - GitHub Action steps that need Docker will **NOT** work.  [Lambda Containers](https://aws.amazon.com/blogs/aws/new-for-aws-lambda-container-image-support/) currently don't support "docker-in-docker"
73 |  - You only have 15 minutes to complete the job.  Lambda functions timeout after that. (You can configure in the deployment for them to timeout sooner)
74 | 
75 | ## More to Come
76 | I do have some future plans for this project, including supporting a hidden "configuration" file in the repoistory (like how GitHub does workflows in `.github`) to configure more aspects of the runner and maybe even use "AWS Fargate" over Lambda in certain cases due to a longer execution time or some other variable.  Open to ideas!
77 | 


--------------------------------------------------------------------------------
/deploy/main.tf:
--------------------------------------------------------------------------------
  1 | terraform {
  2 |   required_providers {
  3 |     aws = {
  4 |       source  = "hashicorp/aws"
  5 |     }
  6 |   }
  7 | }
  8 | 
  9 | data "aws_caller_identity" "current" {}
 10 | 
 11 | variable "aws_region" {
 12 |     description = "AWS Region to deploy in"
 13 |     default = "us-east-1"
 14 | }
 15 | 
 16 | variable "github_token" {
 17 |     description = "Github PAT token with REPO access"
 18 |     sensitive = true
 19 | }
 20 | 
 21 | variable "github_secret" {
 22 |     description = "Github Webhook Secret to validate payload signature"
 23 |     sensitive = true
 24 | }
 25 | 
 26 | variable "sqs_name" {
 27 |     description = "Name of the SQS queue for the lambda runner."
 28 |     default = "lambda-github-runner-queue"
 29 | }
 30 | 
 31 | variable "api_gateway_name" {
 32 |     description = "Name of the API Gateway for the lambda webhook."
 33 |     default = "lambda-github-webook"
 34 | }
 35 | 
 36 | variable "webhook_lambda_name" {
 37 |     description = "Name of the lambda function for the github webhook."
 38 |     default = "lambda-github-webhook"
 39 | }
 40 | 
 41 | variable "runner_lambda_name" {
 42 |     description = "Name of the lambda function for the github action runner."
 43 |     default = "lambda-github-runner"
 44 | }
 45 | 
 46 | variable "runner_repo_uri" {
 47 |     description = "Repo URI to use for Lambda Runner (only if you want a custom version)"
 48 |     default = "public.ecr.aws/n9q0k4a8"
 49 | }
 50 | 
 51 | variable "runner_image_uri" {
 52 |     description = "Image URI to use for Lambda Runner (only change if you want a custom version)"
 53 |     default = "public.ecr.aws/n9q0k4a8/lambda-github-runner:latest"
 54 | }
 55 | 
 56 | variable "runner_timeout" {
 57 |     description = "Timeout of Github Runner in seconds"
 58 |     default = 900
 59 |     type = number
 60 |     validation {
 61 |         condition     = var.runner_timeout > 0 && var.runner_timeout < 901
 62 |         error_message = "Runner timeout must be in-between 1 and 900."
 63 |     }
 64 | }
 65 | 
 66 | variable "runner_memory" {
 67 |     description = "Memory configuration for the Github runner"
 68 |     default = 2048
 69 |     type = number
 70 |     validation {
 71 |         condition     = var.runner_memory >= 128 && var.runner_memory <= 10240 && var.runner_memory % 128 == 0
 72 |         error_message = "Runner memory must be in-between 128 and 10240, and in increments of 128."
 73 |     }
 74 | }
 75 | 
 76 | variable "cloudwatch_retention_days" {
 77 |     description = "Number of days to keep cloudwatch logs."
 78 |     default = 14
 79 |     type = number
 80 |     validation { 
 81 |         condition     = var.cloudwatch_retention_days > 0
 82 |         error_message = "Cloudwatch retention days must be greater then 0."
 83 |     }
 84 | }
 85 | 
 86 | provider "aws" {
 87 |     region = var.aws_region
 88 | }
 89 | 
 90 | resource "aws_iam_policy" "lambda_runner_logging" {
 91 |     name        = "${var.runner_lambda_name}_logging"
 92 |     path        = "/"
 93 |     description = "IAM policy for logging from ${var.runner_lambda_name}"
 94 | 
 95 |     policy = <<EOF
 96 | {
 97 |   "Version": "2012-10-17",
 98 |   "Statement": [
 99 |     {
100 |       "Action": [
101 |         "logs:CreateLogStream",
102 |         "logs:PutLogEvents"
103 |       ],
104 |       "Resource": "arn:aws:logs:${var.aws_region}:${data.aws_caller_identity.current.account_id}:log-group:/aws/lambda/${var.runner_lambda_name}:*",
105 |       "Effect": "Allow"
106 |     }
107 |   ]
108 | }
109 | EOF
110 | }
111 | 
112 | resource "aws_iam_policy" "lambda_webhook_logging" {
113 |     name        = "${var.webhook_lambda_name}_logging"
114 |     path        = "/"
115 |     description = "IAM policy for logging from ${var.webhook_lambda_name}"
116 | 
117 |     policy = <<EOF
118 | {
119 |   "Version": "2012-10-17",
120 |   "Statement": [
121 |     {
122 |       "Action": [
123 |         "logs:CreateLogStream",
124 |         "logs:PutLogEvents"
125 |       ],
126 |       "Resource": "arn:aws:logs:${var.aws_region}:${data.aws_caller_identity.current.account_id}:log-group:/aws/lambda/${var.webhook_lambda_name}:*",
127 |       "Effect": "Allow"
128 |     }
129 |   ]
130 | }
131 | EOF
132 | }
133 | 
134 | resource "aws_iam_role" "cloudwatch" {
135 |     name = "api_gateway_cloudwatch_global"
136 | 
137 |     assume_role_policy = <<EOF
138 | {
139 |   "Version": "2012-10-17",
140 |   "Statement": [
141 |     {
142 |       "Sid": "",
143 |       "Effect": "Allow",
144 |       "Principal": {
145 |         "Service": "apigateway.amazonaws.com"
146 |       },
147 |       "Action": "sts:AssumeRole"
148 |     }
149 |   ]
150 | }
151 | EOF
152 | }
153 | 
154 | resource "aws_iam_role_policy" "cloudwatch" {
155 |     name = "default"
156 |     role = aws_iam_role.cloudwatch.id
157 | 
158 |     policy = <<EOF
159 | {
160 |     "Version": "2012-10-17",
161 |     "Statement": [
162 |         {
163 |             "Effect": "Allow",
164 |             "Action": [
165 |                 "logs:CreateLogGroup",
166 |                 "logs:CreateLogStream",
167 |                 "logs:DescribeLogGroups",
168 |                 "logs:DescribeLogStreams",
169 |                 "logs:PutLogEvents",
170 |                 "logs:GetLogEvents",
171 |                 "logs:FilterLogEvents"
172 |             ],
173 |             "Resource": "*"
174 |         }
175 |     ]
176 | }
177 | EOF
178 | }
179 | 
180 | resource "aws_iam_role" "lambda_github_runner_role" {
181 |     path = "/service-role/"
182 |     name = "lambda-github-runner-role-hjt0uhf1"
183 |     assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}"
184 |     max_session_duration = 3600
185 | }
186 | 
187 | resource "aws_iam_role" "lambda_github_webhook_role" {
188 |     path = "/service-role/"
189 |     name = "lambda-github-webhook-role-gzxhup3h"
190 |     assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}"
191 |     max_session_duration = 3600
192 | }
193 | 
194 | resource "aws_sqs_queue" "lambda_github_sqs" {
195 |     delay_seconds = "0"
196 |     max_message_size = "262144"
197 |     message_retention_seconds = "900"
198 |     receive_wait_time_seconds = "20"
199 |     visibility_timeout_seconds = "25"
200 |     name = var.sqs_name
201 | }
202 | 
203 | resource "aws_sqs_queue_policy" "lambda_github_sqs_policy" {
204 |     policy = "{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__owner_statement\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::034828384224:root\"},\"Action\":\"SQS:*\",\"Resource\":\"${aws_sqs_queue.lambda_github_sqs.arn}\"}]}"
205 |     queue_url = "https://sqs.${var.aws_region}.amazonaws.com/${data.aws_caller_identity.current.account_id}/${var.sqs_name}"
206 | }
207 | 
208 | resource "aws_ecr_repository" "lambda_github_runner_repo" {
209 |     name = "lambda-github-runner"
210 | }
211 | 
212 | resource "aws_iam_policy" "lambda_github_runner_read_sqs" {
213 |     name        = "lambda_github_runner_read_sqs"
214 |     path        = "/"
215 |     description = "IAM policy for reading the SQS queue for lambda-github-runner"
216 | 
217 |     policy = <<EOF
218 | {
219 |     "Version": "2012-10-17",
220 |     "Statement": [
221 |         {
222 |             "Sid": "VisualEditor0",
223 |             "Effect": "Allow",
224 |             "Action": [
225 |                 "sqs:DeleteMessage",
226 |                 "sqs:ReceiveMessage"
227 |             ],
228 |             "Resource": "${aws_sqs_queue.lambda_github_sqs.arn}"
229 |         }
230 |     ]
231 | }
232 | EOF
233 | }
234 | 
235 | resource "aws_iam_policy" "lambda_github_webhook_write_sqs" {
236 |     name        = "lambda_github_webhook_write_sqs"
237 |     path        = "/"
238 |     description = "IAM policy for write to the SQS queue for lambda-github-runner"
239 | 
240 |     policy = <<EOF
241 | {
242 |     "Version": "2012-10-17",
243 |     "Statement": [
244 |         {
245 |             "Sid": "VisualEditor0",
246 |             "Effect": "Allow",
247 |             "Action": "sqs:SendMessage",
248 |             "Resource": "${aws_sqs_queue.lambda_github_sqs.arn}"
249 |         }
250 |     ]
251 | }
252 | EOF
253 | }
254 | 
255 | module "lambda_runner_push" {
256 |     source = "./runner_module"
257 | 
258 |     aws_region = var.aws_region
259 |     local_runner_repo_uri = aws_ecr_repository.lambda_github_runner_repo.repository_url
260 |     runner_repo_uri = var.runner_repo_uri
261 |     runner_image_uri = var.runner_image_uri
262 | }
263 | 
264 | resource "aws_cloudwatch_log_group" "lambda_github_runner_cloudwatch" {
265 |   name              = "/aws/lambda/${var.runner_lambda_name}"
266 |   retention_in_days = var.cloudwatch_retention_days
267 | }
268 | 
269 | resource "aws_iam_role_policy_attachment" "lambda_github_runner_logs" {
270 |   role       = aws_iam_role.lambda_github_runner_role.name
271 |   policy_arn = aws_iam_policy.lambda_runner_logging.arn
272 | }
273 | 
274 | resource "aws_iam_role_policy_attachment" "lambda_github_runner_read_sqs" {
275 |   role       = aws_iam_role.lambda_github_runner_role.name
276 |   policy_arn = aws_iam_policy.lambda_github_runner_read_sqs.arn
277 | }
278 | 
279 | resource "aws_lambda_function" "lambda_github_runner_lambda" {
280 |     depends_on = [ module.lambda_runner_push ]
281 |     description = "Github Action Runner"
282 |     function_name = var.runner_lambda_name
283 |     memory_size = var.runner_memory
284 |     role = aws_iam_role.lambda_github_runner_role.arn
285 |     timeout = var.runner_timeout
286 |     package_type = "Image"
287 |     image_uri = "${aws_ecr_repository.lambda_github_runner_repo.repository_url}:latest"
288 |     tracing_config {
289 |         mode = "PassThrough"
290 |     }
291 | }
292 | 
293 | resource "aws_iam_policy" "lambda_github_runner_invoke" {
294 |     name        = "${var.runner_lambda_name}_invoke"
295 |     path        = "/"
296 |     description = "IAM policy for invoking ${var.runner_lambda_name}"
297 | 
298 |     policy = <<EOF
299 | {
300 |     "Version": "2012-10-17",
301 |     "Statement": [
302 |         {
303 |             "Sid": "VisualEditor0",
304 |             "Effect": "Allow",
305 |             "Action": "lambda:InvokeFunction",
306 |             "Resource": "${aws_lambda_function.lambda_github_runner_lambda.arn}"
307 |         }
308 |     ]
309 | }
310 | EOF
311 | }
312 | 
313 | resource "aws_cloudwatch_log_group" "lambda_github_webhook_cloudwatch" {
314 |   name              = "/aws/lambda/${var.webhook_lambda_name}"
315 |   retention_in_days = var.cloudwatch_retention_days
316 | }
317 | 
318 | resource "aws_iam_role_policy_attachment" "lambda_github_webhook_logs" {
319 |   role       = aws_iam_role.lambda_github_webhook_role.name
320 |   policy_arn = aws_iam_policy.lambda_webhook_logging.arn
321 | }
322 | 
323 | resource "aws_iam_role_policy_attachment" "lambda_github_webhook_invoke_runner" {
324 |   role       = aws_iam_role.lambda_github_webhook_role.name
325 |   policy_arn = aws_iam_policy.lambda_github_runner_invoke.arn
326 | }
327 | 
328 | resource "aws_iam_role_policy_attachment" "lambda_github_webhook_write_sqs" {
329 |   role       = aws_iam_role.lambda_github_webhook_role.name
330 |   policy_arn = aws_iam_policy.lambda_github_webhook_write_sqs.arn
331 | }
332 | 
333 | module "lambda_webhook_pull" {
334 |     source = "./webhook_module"
335 | }
336 | 
337 | resource "aws_lambda_function" "lambda_github_webhook_lambda" {
338 |     depends_on = [ module.lambda_webhook_pull ]
339 | 
340 |     description = "Github Webhook Lambda"
341 |     environment {
342 |         variables = {
343 |             SQS_QUEUE_URL = "https://sqs.${var.aws_region}.amazonaws.com/${data.aws_caller_identity.current.account_id}/${var.sqs_name}"
344 |             GITHUB_TOKEN = var.github_token
345 |         }
346 |     }
347 |     function_name = var.webhook_lambda_name
348 |     handler = "main"
349 |     filename = module.lambda_webhook_pull.file_location
350 |     #source_code_hash = filebase64sha256(module.lambda_webhook_pull.file_location)
351 |     memory_size = 128
352 |     role = aws_iam_role.lambda_github_webhook_role.arn
353 |     runtime = "go1.x"
354 |     timeout = 10
355 |     tracing_config {
356 |         mode = "PassThrough"
357 |     }
358 | }
359 | 
360 | resource "aws_api_gateway_account" "lambda_github_webhook_account" {
361 |   cloudwatch_role_arn = aws_iam_role.cloudwatch.arn
362 | }
363 | 
364 | resource "aws_api_gateway_rest_api" "lambda_github_webhook_rest_api" {
365 |     name = var.api_gateway_name
366 |     description = "Webhook API for Lambda Github Runner"
367 |     api_key_source = "HEADER"
368 |     endpoint_configuration {
369 |         types = [
370 |             "EDGE"
371 |         ]
372 |     }
373 | }
374 | 
375 | resource "aws_api_gateway_method" "lambda_github_webhook_method" {
376 |     rest_api_id = aws_api_gateway_rest_api.lambda_github_webhook_rest_api.id
377 |     resource_id = aws_api_gateway_rest_api.lambda_github_webhook_rest_api.root_resource_id
378 |     http_method = "ANY"
379 |     authorization = "NONE"
380 |     api_key_required = false
381 | }
382 | 
383 | resource "aws_api_gateway_integration" "lambda_github_webhook_integration" {
384 |   rest_api_id             = aws_api_gateway_rest_api.lambda_github_webhook_rest_api.id
385 |   resource_id             = aws_api_gateway_rest_api.lambda_github_webhook_rest_api.root_resource_id
386 |   http_method             = aws_api_gateway_method.lambda_github_webhook_method.http_method
387 |   integration_http_method = "ANY"
388 |   type                    = "AWS_PROXY"
389 |   uri                     = aws_lambda_function.lambda_github_webhook_lambda.invoke_arn
390 | }
391 | 
392 | resource "aws_api_gateway_resource" "lambda_github_webhook_resource" {
393 |     rest_api_id = aws_api_gateway_rest_api.lambda_github_webhook_rest_api.id
394 |     path_part = "{proxy+}"
395 |     parent_id = aws_api_gateway_rest_api.lambda_github_webhook_rest_api.root_resource_id
396 | }
397 | 
398 | resource "aws_api_gateway_method" "lambda_github_webhook_proxy_method" {
399 |     rest_api_id = aws_api_gateway_rest_api.lambda_github_webhook_rest_api.id
400 |     resource_id = aws_api_gateway_resource.lambda_github_webhook_resource.id
401 |     http_method = "ANY"
402 |     authorization = "NONE"
403 |     api_key_required = false
404 |     request_parameters = {
405 |         "method.request.path.proxy" = true
406 |     }
407 | }
408 | 
409 | resource "aws_api_gateway_integration" "lambda_github_webhook_integration2" {
410 |   rest_api_id             = aws_api_gateway_rest_api.lambda_github_webhook_rest_api.id
411 |   resource_id             = aws_api_gateway_resource.lambda_github_webhook_resource.id
412 |   http_method             = aws_api_gateway_method.lambda_github_webhook_proxy_method.http_method
413 |   integration_http_method = "ANY"
414 |   type                    = "AWS_PROXY"
415 |   uri                     = aws_lambda_function.lambda_github_webhook_lambda.invoke_arn
416 | }
417 | 
418 | resource "aws_api_gateway_deployment" "lambda_github_webhook_deployment" {
419 |     depends_on = [aws_api_gateway_integration.lambda_github_webhook_integration, aws_api_gateway_integration.lambda_github_webhook_integration2]
420 |     rest_api_id = aws_api_gateway_rest_api.lambda_github_webhook_rest_api.id
421 |     stage_name  = "staging"
422 | }
423 | 
424 | resource "aws_api_gateway_stage" "lambda_github_webhook_stage" {
425 |   depends_on = [aws_cloudwatch_log_group.lambda_github_webhook_rest_api_cloudwatch, aws_api_gateway_account.lambda_github_webhook_account]
426 | 
427 |   stage_name = "default"
428 |   rest_api_id = aws_api_gateway_rest_api.lambda_github_webhook_rest_api.id
429 |   deployment_id = aws_api_gateway_deployment.lambda_github_webhook_deployment.id
430 |   access_log_settings {
431 |     destination_arn = aws_cloudwatch_log_group.lambda_github_webhook_rest_api_cloudwatch.arn
432 |     format = "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \"$context.httpMethod $context.resourcePath $context.protocol\" $context.status $context.responseLength $context.requestId"
433 |   }
434 | }
435 | 
436 | resource "aws_cloudwatch_log_group" "lambda_github_webhook_rest_api_cloudwatch" {
437 |   name              = "API-Gateway-Execution-Logs_${aws_api_gateway_rest_api.lambda_github_webhook_rest_api.id}/default"
438 |   retention_in_days = var.cloudwatch_retention_days
439 | }
440 | 
441 | resource "aws_lambda_permission" "lambda_github_webhook_lambda_permission" {
442 |     statement_id  = "AllowExecutionFromAPIGateway"
443 |     action = "lambda:InvokeFunction"
444 |     function_name = aws_lambda_function.lambda_github_webhook_lambda.arn
445 |     principal = "apigateway.amazonaws.com"
446 |     source_arn = "arn:aws:execute-api:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${aws_api_gateway_rest_api.lambda_github_webhook_rest_api.id}/*/${aws_api_gateway_method.lambda_github_webhook_method.http_method}/"
447 | }
448 | 
449 | resource "aws_lambda_permission" "lambda_github_webhook_lambda_permission2" {
450 |     statement_id  = "AllowExecutionFromAPIGateway2"
451 |     action = "lambda:InvokeFunction"
452 |     function_name = aws_lambda_function.lambda_github_webhook_lambda.arn
453 |     principal = "apigateway.amazonaws.com"
454 |     source_arn = "arn:aws:execute-api:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${aws_api_gateway_rest_api.lambda_github_webhook_rest_api.id}/*/${aws_api_gateway_method.lambda_github_webhook_proxy_method.http_method}${aws_api_gateway_resource.lambda_github_webhook_resource.path}"
455 | }
456 | 
457 | output "github_webhook_url" {
458 |     value = aws_api_gateway_stage.lambda_github_webhook_stage.invoke_url
459 | }


--------------------------------------------------------------------------------
/deploy/runner_module/main.tf:
--------------------------------------------------------------------------------
 1 | resource "null_resource" "lambda_github_runner_pull_image" {
 2 |     provisioner "local-exec" {
 3 |         command = "aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${var.runner_repo_uri} && docker pull ${var.runner_image_uri}"
 4 |     }
 5 | }
 6 | 
 7 | resource "null_resource" "lambda_github_runner_tag_image" {
 8 |     depends_on = [ null_resource.lambda_github_runner_pull_image ]
 9 |     provisioner "local-exec" {
10 |         command = "docker tag ${var.runner_image_uri} ${var.local_runner_repo_uri}:latest"
11 |     }
12 | }
13 | 
14 | resource "null_resource" "lambda_github_runner_push_image" {
15 |     depends_on = [ null_resource.lambda_github_runner_tag_image ]
16 |     provisioner "local-exec" {
17 |         command = "aws ecr get-login-password --region ${var.aws_region} | docker login --username AWS --password-stdin ${var.local_runner_repo_uri} && docker push ${var.local_runner_repo_uri}:latest"
18 |     }
19 | }


--------------------------------------------------------------------------------
/deploy/runner_module/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "aws_region" {
 2 |     description = "The AWS Region for ECR."
 3 |     default = "us-east-1"
 4 | }
 5 | 
 6 | variable "local_runner_repo_uri" {
 7 |     description = "Repo URI in your own account to host the Lambda Runner."
 8 | }
 9 | 
10 | variable "runner_repo_uri" {
11 |     description = "Repo URI to use for Lambda Runner (only if you want a custom version)"
12 |     default = "public.ecr.aws/n9q0k4a8"
13 | }
14 | 
15 | variable "runner_image_uri" {
16 |     description = "Image URI to use for Lambda Runner (only change if you want a custom version)"
17 |     default = "public.ecr.aws/n9q0k4a8/lambda-github-runner:latest"
18 | }
19 | 


--------------------------------------------------------------------------------
/deploy/webhook_module/main.tf:
--------------------------------------------------------------------------------
1 | resource "null_resource" "lambda_github_webhook_pull_zip" {
2 |     provisioner "local-exec" {
3 |         command = "mkdir -p ${var.file_destination} && aws s3api get-object --bucket lambda-github-webhook --key lambda-github-webhook-function.zip --request-payer true ${var.file_destination}/lambda-github-webhook-function.zip"
4 |     }
5 | }


--------------------------------------------------------------------------------
/deploy/webhook_module/outputs.tf:
--------------------------------------------------------------------------------
1 | output "file_location" {
2 |     value = "${var.file_destination}/lambda-github-webhook-function.zip"
3 | }


--------------------------------------------------------------------------------
/deploy/webhook_module/variables.tf:
--------------------------------------------------------------------------------
1 | variable "file_destination" {
2 |     description = "Location for where the file should be saved."
3 |     default = "../files"
4 | }


--------------------------------------------------------------------------------
/deployment.drawio.svg:
--------------------------------------------------------------------------------
  1 | <svg host="65bd71144e" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="760px" height="654px" viewBox="-0.5 -0.5 760 654" content="&lt;mxfile host=&quot;&quot; modified=&quot;2020-12-29T02:17:55.815Z&quot; agent=&quot;5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Code/1.46.1 Chrome/78.0.3904.130 Electron/7.3.1 Safari/537.36&quot; version=&quot;13.10.0&quot; etag=&quot;ny0r6q6ZrnvpB6Ri5w_r&quot; type=&quot;embed&quot;&gt;&lt;diagram id=&quot;2pkeYc-LhA2YMBUIuDWp&quot; name=&quot;Page-1&quot;&gt;7VpJc6M4FP41vroAsR4dJ+meqnRVpnPo6VNKBhnUEcgj5K1//UggMELEyXS8DNVzcaGnp4Xve5uEJ2Ce7z4xuMq+0ASRiWMluwm4nThOFIXiVwr2tcCLnFqQMpzUIvsgeMI/kRJaSrrGCSo1RU4p4XilC2NaFCjmmgwyRre62pISfdUVTJEheIohMaXfcMKzWhp61kH+GeE0a1a2LdWTw0ZZCcoMJnTbEYG7CZgzSnn9lO/miEjsGlzqcfev9LYbY6jg7xrgq33wffNyKBHvqpqU8YymtIDk7iC9YXRdJEjOYInWQeeB0pUQ2kL4A3G+V8TBNadClPGcqN56TbnQq9tWopKuWay0PMU0ZClSWn4LmTA1RHPE2V6oMEQgxxt9dqhIT1s9NXTGGNx3FFYUF7zszPwoBUJBma8P3HrGxno9V8e4p+9Z4Ji+eKh30LQ6r3IQVbwNc9ja0kU5FEyx/V9y/NRrmt/VdFXjdqe19t3WI2JYvCFiSngyg7DtMVhE4PvntYho1F7thB8ksQPkUZzU2htI1mpSAze65gQXaN5mEglOAsusRWqDGMciNzzABSKPtMQc00L0LSjnNO8ozAhOZQeXeN5A1YoFONIPukiKrLCS6+e7VObPKdyWYEpgvkig6F1iQuaUUFbtENx7oSfsD9wI3QSL2Zq+ghaopUVuAu2OE2Mi3kSwSLdXt0nE20P2C/ypgjPrpL4IfJwlB1w3vmnR7RDszh/f/DPEt3eDPqLC4CRVwFDanjYRQtl9ELj6LDU1amAP3H8XsoEZev7beOt2GVwj7YLI0ujxffto2u3rNwX7a/qhe0z9w1na/z/7vCv7uL7uhb7tXjD72FfJPr/mmIHpmJcqpYK3jVmz20HL7gBgGCjpGXjb8Yse0LfyLVoQQVI5TTHP1ouT2G2vaIpMsx0w2kb2IaP1ftOSKTQ9wLuQB9jhVTDfYd45hYvW907PAXDZ2HcaZ4Pbdi6Edzim9AlX+DmFHG1lvdDPobfRLHDts+ZQx7/mCc62x8RV+Xd5FY6CxqSvU+c4Y+IoJnSdbCGPM5OqwIvm8h3P6k7gTapC52xUuQZVK1ykYlicofjlma0LGcs3SJ2eNA7FS/M3Sq0+RzlOkjpboRL/hItqKsm2OqCJeb2biXcr5xIJqqxzlX0aqG27F7mACbXtWibSzbX4h5A2y1q8FO2Jb1WI+2INS9hWJTmAX4kzsbDcg08k3guh5KfyiWdI7iquPKMeyJBIDUk1bF6xBZk8htaaYsJC0DJ2Ht1mSHPnPVAOtx/4ujyCU/AYGTzO4hiVkqEHmo7fS5yel3iuiW54JidxzOzeOMmgS1Rm3fcKzR9oviJI8whUJOYYpVePywWb8rOt/BQsfp7+fBo9qT7QXcaNTFLtYIBV7xSsmknmAZccSayXVchrEkxd2gu2auiH411rCc9igYpTU7OUxYDYwbKaM0bitJCMnkTPc/vXyL41wKN/Lh5H9ZHrynWd6zsaU0F4ybpu4BJNJCch+FLHttJ0mVmygUVc+R6p8pi1ZIIPQ+8T5p/lpZb1VVUTFtxATCpfGL2HWXruCwaKcds7l3uN6hriyu7lRfqxqU0yF3GvppA84l4j94T+/1CAZ+IbnakKBGYV+EexoS8y+X9Di4zSF/F0vy5UoTdyqEHkTvWs7gLzSm0w7JwEbWCgPUuS5jD6FeV0g7rRvs4KVpsGZhUL47f4/u1A6FgNLd1z5YloEM3DXzPrL76H/7eCu38A&lt;/diagram&gt;&lt;/mxfile&gt;">
  2 |     <defs/>
  3 |     <g>
  4 |         <path d="M 588.3 279 L 588.3 330 L 457 330 L 457 383.63" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/>
  5 |         <path d="M 457 388.88 L 453.5 381.88 L 457 383.63 L 460.5 381.88 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/>
  6 |         <path d="M 588.3 279 L 588.3 330 L 720.3 330 L 720.26 383.63" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/>
  7 |         <path d="M 720.25 388.88 L 716.76 381.88 L 720.26 383.63 L 723.76 381.88 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/>
  8 |         <path d="M 588.25 186 L 588.25 99.37" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/>
  9 |         <path d="M 588.25 94.12 L 591.75 101.12 L 588.25 99.37 L 584.75 101.12 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/>
 10 |         <path d="M 599.68 218.56 L 606.64 217.62 L 615.79 228.9 L 615.79 215.59 L 599.68 211.33 Z M 599.68 253.75 L 615.79 249.4 L 615.79 236.28 L 606.64 247.47 L 599.68 246.5 Z M 588.24 279 L 576.8 273.29 L 576.8 265.76 L 567.84 268.73 L 560.77 265.16 L 560.77 260.81 L 554.82 262.23 L 550 259.74 L 550 205.32 L 554.82 202.82 L 560.77 204.24 L 560.77 199.9 L 567.84 196.27 L 576.8 199.16 L 576.8 191.75 L 588.24 186 L 626.5 205.3 L 626.5 259.62 Z" fill="#f58534" stroke="none" pointer-events="all"/>
 11 |         <path d="M 615.79 249.4 L 615.79 236.28 L 618.77 232.52 L 615.79 228.9 L 615.79 215.59 L 621.55 214.81 L 621.55 250.27 Z M 599.68 246.5 L 599.68 218.56 L 606.64 217.62 L 606.64 247.47 Z M 576.8 273.29 L 576.8 191.75 L 588.24 186 L 588.24 279 Z M 560.77 265.16 L 560.77 199.9 L 567.84 196.27 L 567.84 268.73 Z M 550 259.74 L 550 205.32 L 554.82 202.82 L 554.82 262.23 Z" fill-opacity="0.3" fill="#000000" stroke="none" pointer-events="all"/>
 12 |         <path d="M 599.68 211.33 L 599.68 208.12 L 621.55 214.81 L 615.79 215.59 Z" fill-opacity="0.5" fill="#000000" stroke="none" pointer-events="all"/>
 13 |         <path d="M 599.68 253.75 L 615.79 249.4 L 621.55 250.27 L 621.55 250.27 L 599.68 257.05 Z" fill-opacity="0.3" fill="#ffffff" stroke="none" pointer-events="all"/>
 14 |         <path d="M 495.5 436.5 L 675.63 436.5" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/>
 15 |         <path d="M 680.88 436.5 L 673.88 440 L 675.63 436.5 L 673.88 433 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/>
 16 |         <path d="M 457.3 483 L 457.3 516.5 L 457.26 543.63" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/>
 17 |         <path d="M 457.25 548.88 L 453.76 541.88 L 457.26 543.63 L 460.76 541.89 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/>
 18 |         <path d="M 419 436.5 L 344 436.5 L 344 626 L 38 626 L 38 276.37" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/>
 19 |         <path d="M 38 271.12 L 41.5 278.12 L 38 276.37 L 34.5 278.12 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/>
 20 |         <path d="M 468.68 422.56 L 475.64 421.62 L 484.79 432.9 L 484.79 419.59 L 468.68 415.33 Z M 468.68 457.75 L 484.79 453.4 L 484.79 440.28 L 475.64 451.47 L 468.68 450.5 Z M 457.24 483 L 445.8 477.29 L 445.8 469.76 L 436.84 472.73 L 429.77 469.16 L 429.77 464.81 L 423.82 466.23 L 419 463.74 L 419 409.32 L 423.82 406.82 L 429.77 408.24 L 429.77 403.9 L 436.84 400.27 L 445.8 403.16 L 445.8 395.75 L 457.24 390 L 495.5 409.3 L 495.5 463.62 Z" fill="#f58534" stroke="none" pointer-events="all"/>
 21 |         <path d="M 484.79 453.4 L 484.79 440.28 L 487.77 436.52 L 484.79 432.9 L 484.79 419.59 L 490.55 418.81 L 490.55 454.27 Z M 468.68 450.5 L 468.68 422.56 L 475.64 421.62 L 475.64 451.47 Z M 445.8 477.29 L 445.8 395.75 L 457.24 390 L 457.24 483 Z M 429.77 469.16 L 429.77 403.9 L 436.84 400.27 L 436.84 472.73 Z M 419 463.74 L 419 409.32 L 423.82 406.82 L 423.82 466.23 Z" fill-opacity="0.3" fill="#000000" stroke="none" pointer-events="all"/>
 22 |         <path d="M 468.68 415.33 L 468.68 412.12 L 490.55 418.81 L 484.79 419.59 Z" fill-opacity="0.5" fill="#000000" stroke="none" pointer-events="all"/>
 23 |         <path d="M 468.68 457.75 L 484.79 453.4 L 490.55 454.27 L 490.55 454.27 L 468.68 461.05 Z" fill-opacity="0.3" fill="#ffffff" stroke="none" pointer-events="all"/>
 24 |         <path d="M 75 232.5 L 213.63 232.5" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/>
 25 |         <path d="M 218.88 232.5 L 211.88 236 L 213.63 232.5 L 211.88 229 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/>
 26 |         <path d="M 37.59 270 C 15.47 270 0 251.97 0 232.79 C 0 209.85 18.47 195 37.87 195 C 56.56 195 75 210.33 75 232.49 C 75 252.34 59.21 270 37.59 270 Z" fill="#0d2636" stroke="none" pointer-events="all"/>
 27 |         <path d="M 29.48 261.79 C 29.48 263.41 28.25 264.08 26.41 263.45 C 15.31 259.56 4.64 247.55 4.64 232.55 C 4.64 212.26 22 199.47 37.04 199.47 C 56.56 199.47 70.45 215.47 70.45 232.35 C 70.45 246.29 61.48 259.12 48.04 263.62 C 46.52 264.02 45.58 263.21 45.58 261.88 L 45.58 252.11 C 45.58 250.22 44.81 248.21 43.39 246.81 C 48.85 246.19 52.16 244.82 54.69 242.21 C 57.18 239.74 58.3 236.11 58.51 231.63 C 58.64 228.07 57.7 224.6 55.12 221.95 C 56.01 219.77 56.17 216.87 54.81 213.29 C 52.11 213.08 49.03 214.7 45.88 216.65 C 40.34 215.21 34.8 215.02 29.27 216.73 C 26.79 215.12 24.54 213.31 20.25 213.29 C 19.12 216.45 18.94 219.34 19.91 221.9 C 16.85 225.3 16.5 228.64 16.55 231.97 C 16.89 238.39 19.24 241.64 21.85 243.58 C 24.02 245.19 27.06 246.2 31.69 246.88 C 30.45 248.11 29.75 249.58 29.63 251.29 C 26.91 252.54 23.01 253.16 20.34 249.38 C 19.15 247.48 17.53 245.34 14.44 245.35 C 13.94 245.33 13.44 245.53 13.36 245.75 C 13.3 245.99 13.58 246.49 13.92 246.69 C 16.62 248.4 17.06 249.37 18.16 251.72 C 19.19 254.46 20.96 255.52 22.88 256.26 C 24.84 256.95 28.02 256.76 29.48 256.26 Z" fill="#ffffff" stroke="none" pointer-events="all"/>
 28 |         <path d="M 296.5 232.5 L 543.63 232.5" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/>
 29 |         <path d="M 548.88 232.5 L 541.88 236 L 543.63 232.5 L 541.88 229 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/>
 30 |         <path d="M 258.25 279 L 258.3 334.5 L 258.3 383.63" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/>
 31 |         <path d="M 258.3 388.88 L 254.8 381.88 L 258.3 383.63 L 261.8 381.88 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/>
 32 |         <path d="M 246.8 273.24 L 246.8 261.17 L 230.77 265.46 L 220 260.04 L 220 238.38 L 238.64 237.59 L 246.8 238.13 L 246.8 227.34 L 238.65 227.88 L 220 226.98 L 220 205.19 L 230.77 199.89 L 246.8 204.28 L 246.8 191.75 L 258.24 186 L 269.68 191.75 L 269.68 204.27 L 285.73 199.89 L 296.5 205.31 L 296.5 227.07 L 277.88 227.87 L 269.68 227.34 L 269.68 238.13 L 277.86 237.59 L 296.5 238.37 L 296.5 260.04 L 285.73 265.46 L 269.68 261.17 L 269.68 273.24 L 258.24 279 Z" fill="#d9a741" stroke="none" pointer-events="all"/>
 33 |         <path d="M 285.73 225.95 L 269.68 226.87 L 269.68 220.9 L 270.24 220.99 L 279.79 219.96 L 279.79 209.25 L 269.68 205.91 L 269.68 204.27 L 285.73 199.89 Z M 285.73 265.46 L 269.68 261.17 L 269.68 259.48 L 279.79 256.2 L 279.79 245.37 L 270.25 244.34 L 269.68 244.42 L 269.68 238.56 L 285.73 239.38 Z M 236.71 219.96 L 236.71 209.25 L 246.8 205.92 L 246.8 191.75 L 258.24 186 L 258.24 279 L 246.8 273.24 L 246.8 259.48 L 236.71 256.2 L 236.71 245.37 L 246.8 247.17 L 246.8 218.16 Z M 230.77 225.95 L 220 226.98 L 220 205.19 L 230.77 199.89 Z M 230.77 265.46 L 220 260.04 L 220 238.38 L 230.77 239.38 Z" fill-opacity="0.3" fill="#000000" stroke="none" pointer-events="all"/>
 34 |         <path d="M 246.23 220.99 L 236.71 219.96 L 246.8 218.16 L 246.8 220.91 Z M 296.5 227.07 L 277.88 227.87 L 269.68 227.34 L 269.68 226.87 L 285.73 225.95 Z M 269.68 220.9 L 269.68 218.16 L 279.79 219.96 L 270.24 220.99 Z M 238.65 227.88 L 220 226.98 L 230.77 225.95 L 246.8 226.87 L 246.8 227.34 Z" fill-opacity="0.5" fill="#000000" stroke="none" pointer-events="all"/>
 35 |         <path d="M 285.73 239.38 L 269.68 238.56 L 269.68 238.13 L 277.86 237.59 L 296.5 238.37 Z M 269.68 247.17 L 269.68 244.42 L 270.25 244.34 L 279.79 245.37 Z M 246.8 247.17 L 236.71 245.37 L 246.23 244.34 L 246.8 244.43 Z M 230.77 239.38 L 220 238.38 L 238.64 237.59 L 246.8 238.13 L 246.8 238.56 Z" fill-opacity="0.3" fill="#ffffff" stroke="none" pointer-events="all"/>
 36 |         <path d="M 720.24 483 L 682 463.71 L 682 409.31 L 720.24 390 L 758.5 409.31 L 758.5 420.14 L 725.97 424.21 L 725.97 425.41 L 758.5 429.64 L 758.5 443.38 L 725.97 447.52 L 725.97 448.81 L 758.5 452.87 L 758.5 463.69 Z" fill="#d9a741" stroke="none" pointer-events="all"/>
 37 |         <path d="M 701.07 445.86 L 691.99 444.75 L 691.99 428.27 L 701.07 427.14 Z M 720.24 448.24 L 706.11 446.43 L 706.11 426.48 L 720.24 424.66 Z M 720.24 483 L 682 463.71 L 682 409.31 L 720.24 390 L 720.24 408.63 L 686.94 418.67 L 686.94 454.33 L 720.24 464.38 Z" fill-opacity="0.3" fill="#000000" stroke="none" pointer-events="all"/>
 38 |         <path d="M 725.97 424.21 L 686.94 418.67 L 720.24 408.63 L 758.5 420.14 Z" fill-opacity="0.5" fill="#000000" stroke="none" pointer-events="all"/>
 39 |         <path d="M 725.97 448.81 L 758.5 452.87 L 720.24 464.38 L 686.94 454.33 Z" fill-opacity="0.3" fill="#ffffff" stroke="none" pointer-events="all"/>
 40 |         <path d="M 258.25 483 L 217 462.46 L 217 453.99 L 225.27 452.78 L 225.27 407.94 L 232.19 405.35 L 236.25 406.27 L 236.25 394.85 L 245.89 390 L 278.86 402.88 L 278.86 439.99 L 287.94 440.01 L 287.94 452.29 L 299.5 454 L 299.5 462.44 Z" fill="#759c3e" stroke="none" pointer-events="all"/>
 41 |         <path d="M 232.19 455.39 L 225.27 453.31 L 225.27 407.94 L 232.19 405.35 Z M 245.89 459.57 L 236.25 456.7 L 236.25 394.85 L 245.89 390 Z M 258.25 463.24 L 249.41 460.55 L 249.41 441.9 L 258.25 442.82 Z M 258.25 483 L 217 462.46 L 217 453.99 L 258.25 468.55 Z" fill-opacity="0.3" fill="#000000" stroke="none" pointer-events="all"/>
 42 |         <path d="M 287.94 440.01 L 258.25 442.82 L 249.41 441.9 L 278.86 439.99 Z M 299.5 454 L 258.25 468.55 L 217 453.99 L 225.27 452.78 L 225.27 453.31 L 232.19 455.39 L 236.25 454.74 L 236.25 456.7 L 245.89 459.57 L 249.41 458.82 L 249.41 460.55 L 258.25 463.24 L 287.94 454.33 L 287.94 452.29 Z" fill-opacity="0.3" fill="#ffffff" stroke="none" pointer-events="all"/>
 43 |         <rect x="70" y="210" width="140" height="20" fill="none" stroke="none" pointer-events="all"/>
 44 |         <g transform="translate(-0.5 -0.5)">
 45 |             <switch>
 46 |                 <foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility">
 47 |                     <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 220px; margin-left: 140px;">
 48 |                         <div style="box-sizing: border-box; font-size: 0; text-align: center; ">
 49 |                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">
 50 |                                 ping/check_run events
 51 |                             </div>
 52 |                         </div>
 53 |                     </div>
 54 |                 </foreignObject>
 55 |                 <text x="140" y="224" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">
 56 |                     ping/check_run events
 57 |                 </text>
 58 |             </switch>
 59 |         </g>
 60 |         <rect x="375" y="295" width="210" height="30" fill="none" stroke="none" pointer-events="all"/>
 61 |         <g transform="translate(-0.5 -0.5)">
 62 |             <switch>
 63 |                 <foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility">
 64 |                     <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 310px; margin-left: 480px;">
 65 |                         <div style="box-sizing: border-box; font-size: 0; text-align: center; ">
 66 |                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">
 67 |                                 if `ping` or `check_run` has
 68 |                                 <br/>
 69 |                                 the action `created`, start the runner
 70 |                             </div>
 71 |                         </div>
 72 |                     </div>
 73 |                 </foreignObject>
 74 |                 <text x="480" y="314" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">
 75 |                     if `ping` or `check_run` has...
 76 |                 </text>
 77 |             </switch>
 78 |         </g>
 79 |         <rect x="170" y="325" width="80" height="20" fill="none" stroke="none" pointer-events="all"/>
 80 |         <g transform="translate(-0.5 -0.5)">
 81 |             <switch>
 82 |                 <foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility">
 83 |                     <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 335px; margin-left: 210px;">
 84 |                         <div style="box-sizing: border-box; font-size: 0; text-align: center; ">
 85 |                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">
 86 |                                 Access Logs
 87 |                             </div>
 88 |                         </div>
 89 |                     </div>
 90 |                 </foreignObject>
 91 |                 <text x="210" y="339" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">
 92 |                     Access Logs
 93 |                 </text>
 94 |             </switch>
 95 |         </g>
 96 |         <rect x="585" y="275" width="170" height="50" fill="none" stroke="none" pointer-events="all"/>
 97 |         <g transform="translate(-0.5 -0.5)">
 98 |             <switch>
 99 |                 <foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility">
100 |                     <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 300px; margin-left: 670px;">
101 |                         <div style="box-sizing: border-box; font-size: 0; text-align: center; ">
102 |                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">
103 |                                 if `check_run` has the
104 |                                 <br/>
105 |                                 action `completed`, send
106 |                                 <br/>
107 |                                 completion message to SQS
108 |                             </div>
109 |                         </div>
110 |                     </div>
111 |                 </foreignObject>
112 |                 <text x="670" y="304" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">
113 |                     if `check_run` has the...
114 |                 </text>
115 |             </switch>
116 |         </g>
117 |         <rect x="508.25" y="385" width="160" height="50" fill="none" stroke="none" pointer-events="all"/>
118 |         <g transform="translate(-0.5 -0.5)">
119 |             <switch>
120 |                 <foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility">
121 |                     <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 410px; margin-left: 588px;">
122 |                         <div style="box-sizing: border-box; font-size: 0; text-align: center; ">
123 |                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">
124 |                                 Listen for events related to
125 |                                 <br/>
126 |                                 the check_run_id,
127 |                                 <br/>
128 |                                 stop if received
129 |                             </div>
130 |                         </div>
131 |                     </div>
132 |                 </foreignObject>
133 |                 <text x="588" y="414" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">
134 |                     Listen for events related...
135 |                 </text>
136 |             </switch>
137 |         </g>
138 |         <path d="M 457.25 653 L 416 632.46 L 416 623.99 L 424.27 622.78 L 424.27 577.94 L 431.19 575.35 L 435.25 576.27 L 435.25 564.85 L 444.89 560 L 477.86 572.88 L 477.86 609.99 L 486.94 610.01 L 486.94 622.29 L 498.5 624 L 498.5 632.44 Z" fill="#759c3e" stroke="none" pointer-events="all"/>
139 |         <path d="M 431.19 625.39 L 424.27 623.31 L 424.27 577.94 L 431.19 575.35 Z M 444.89 629.57 L 435.25 626.7 L 435.25 564.85 L 444.89 560 Z M 457.25 633.24 L 448.41 630.55 L 448.41 611.9 L 457.25 612.82 Z M 457.25 653 L 416 632.46 L 416 623.99 L 457.25 638.55 Z" fill-opacity="0.3" fill="#000000" stroke="none" pointer-events="all"/>
140 |         <path d="M 486.94 610.01 L 457.25 612.82 L 448.41 611.9 L 477.86 609.99 Z M 498.5 624 L 457.25 638.55 L 416 623.99 L 424.27 622.78 L 424.27 623.31 L 431.19 625.39 L 435.25 624.74 L 435.25 626.7 L 444.89 629.57 L 448.41 628.82 L 448.41 630.55 L 457.25 633.24 L 486.94 624.33 L 486.94 622.29 Z" fill-opacity="0.3" fill="#ffffff" stroke="none" pointer-events="all"/>
141 |         <rect x="460" y="490" width="150" height="50" fill="none" stroke="none" pointer-events="all"/>
142 |         <g transform="translate(-0.5 -0.5)">
143 |             <switch>
144 |                 <foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility">
145 |                     <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 515px; margin-left: 535px;">
146 |                         <div style="box-sizing: border-box; font-size: 0; text-align: center; ">
147 |                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">
148 |                                 Log Messages
149 |                                 <br/>
150 |                                 Advanced logs from
151 |                                 <br/>
152 |                                 GitHub Runner available
153 |                             </div>
154 |                         </div>
155 |                     </div>
156 |                 </foreignObject>
157 |                 <text x="535" y="519" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">
158 |                     Log Messages...
159 |                 </text>
160 |             </switch>
161 |         </g>
162 |         <path d="M 588.25 93 L 547 72.46 L 547 63.99 L 555.27 62.78 L 555.27 17.94 L 562.19 15.35 L 566.25 16.27 L 566.25 4.85 L 575.89 0 L 608.86 12.88 L 608.86 49.99 L 617.94 50.01 L 617.94 62.29 L 629.5 64 L 629.5 72.44 Z" fill="#759c3e" stroke="none" pointer-events="all"/>
163 |         <path d="M 562.19 65.39 L 555.27 63.31 L 555.27 17.94 L 562.19 15.35 Z M 575.89 69.57 L 566.25 66.7 L 566.25 4.85 L 575.89 0 Z M 588.25 73.24 L 579.41 70.55 L 579.41 51.9 L 588.25 52.82 Z M 588.25 93 L 547 72.46 L 547 63.99 L 588.25 78.55 Z" fill-opacity="0.3" fill="#000000" stroke="none" pointer-events="all"/>
164 |         <path d="M 617.94 50.01 L 588.25 52.82 L 579.41 51.9 L 608.86 49.99 Z M 629.5 64 L 588.25 78.55 L 547 63.99 L 555.27 62.78 L 555.27 63.31 L 562.19 65.39 L 566.25 64.74 L 566.25 66.7 L 575.89 69.57 L 579.41 68.82 L 579.41 70.55 L 588.25 73.24 L 617.94 64.33 L 617.94 62.29 Z" fill-opacity="0.3" fill="#ffffff" stroke="none" pointer-events="all"/>
165 |         <rect x="588" y="130" width="90" height="20" fill="none" stroke="none" pointer-events="all"/>
166 |         <g transform="translate(-0.5 -0.5)">
167 |             <switch>
168 |                 <foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility">
169 |                     <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 140px; margin-left: 633px;">
170 |                         <div style="box-sizing: border-box; font-size: 0; text-align: center; ">
171 |                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">
172 |                                 Log Messages
173 |                             </div>
174 |                         </div>
175 |                     </div>
176 |                 </foreignObject>
177 |                 <text x="633" y="144" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">
178 |                     Log Messages
179 |                 </text>
180 |             </switch>
181 |         </g>
182 |         <rect x="348.5" y="206" width="150" height="20" fill="none" stroke="none" pointer-events="all"/>
183 |         <g transform="translate(-0.5 -0.5)">
184 |             <switch>
185 |                 <foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility">
186 |                     <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 216px; margin-left: 424px;">
187 |                         <div style="box-sizing: border-box; font-size: 0; text-align: center; ">
188 |                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">
189 |                                 Invoke Webhook Function
190 |                             </div>
191 |                         </div>
192 |                     </div>
193 |                 </foreignObject>
194 |                 <text x="424" y="220" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">
195 |                     Invoke Webhook Function
196 |                 </text>
197 |             </switch>
198 |         </g>
199 |         <rect x="70" y="596.5" width="250" height="20" fill="none" stroke="none" pointer-events="all"/>
200 |         <g transform="translate(-0.5 -0.5)">
201 |             <switch>
202 |                 <foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility">
203 |                     <div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 607px; margin-left: 195px;">
204 |                         <div style="box-sizing: border-box; font-size: 0; text-align: center; ">
205 |                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: #000000; line-height: 1.2; pointer-events: all; white-space: nowrap; ">
206 |                                 Add or Remove Runner from GitHub Actions
207 |                             </div>
208 |                         </div>
209 |                     </div>
210 |                 </foreignObject>
211 |                 <text x="195" y="610" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">
212 |                     Add or Remove Runner from GitHub Actions
213 |                 </text>
214 |             </switch>
215 |         </g>
216 |     </g>
217 |     <switch>
218 |         <g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/>
219 |         <a transform="translate(0,-5)" xlink:href="https://desk.draw.io/support/solutions/articles/16000042487" target="_blank">
220 |             <text text-anchor="middle" font-size="10px" x="50%" y="100%">
221 |                 Viewer does not support full SVG 1.1
222 |             </text>
223 |         </a>
224 |     </switch>
225 | </svg>


--------------------------------------------------------------------------------
/scripts/deploy-runner.sh:
--------------------------------------------------------------------------------
 1 | echo "Building Runner Base"
 2 | docker build --pull --rm -f "../src/lambda-github-runner/Dockerfile.base" -t lambda-github-runner-base:latest "../src/lambda-github-runner"
 3 | echo "Runner Base Built"
 4 | echo "Building Runner"
 5 | docker build --rm -f "../src/lambda-github-runner/Dockerfile" -t public.ecr.aws/n9q0k4a8/lambda-github-runner:latest "../src/lambda-github-runner"
 6 | echo "Runner Built"
 7 | aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/n9q0k4a8
 8 | echo "Pushing Runner Container"
 9 | docker push public.ecr.aws/n9q0k4a8/lambda-github-runner:latest
10 | echo "Runner Container Pushed"


--------------------------------------------------------------------------------
/scripts/deploy-webhook.sh:
--------------------------------------------------------------------------------
 1 | cd ../src/lambda-github-webhook
 2 | go mod download
 3 | GOOS=linux go build -o ../../main
 4 | cd ../../
 5 | zip lambda-github-webhook-function.zip main
 6 | 
 7 | echo "Updating Webhook"
 8 | aws s3 cp lambda-github-webhook-function.zip s3://lambda-github-webhook
 9 | echo "Webhook Updated"
10 | 
11 | rm -rf main
12 | rm -rf lambda-github-webhook-function.zip


--------------------------------------------------------------------------------
/scripts/deploy.sh:
--------------------------------------------------------------------------------
1 | bash deploy-webhook.sh
2 | bash deploy-runner.sh


--------------------------------------------------------------------------------
/src/lambda-github-runner/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM public.ecr.aws/lambda/provided:al2 as build
 2 | # install compiler
 3 | RUN yum install -y golang
 4 | RUN go env -w GOPROXY=direct
 5 | # cache dependencies
 6 | ADD go.mod go.sum ./
 7 | RUN go mod download
 8 | # build
 9 | ADD main.go .
10 | RUN go build -o /main
11 | 
12 | FROM lambda-github-runner-base:latest
13 | 
14 | # Copy Lambda Entrypoint
15 | COPY --from=build /main /main
16 | 
17 | ENTRYPOINT ["/main"]


--------------------------------------------------------------------------------
/src/lambda-github-runner/Dockerfile.base:
--------------------------------------------------------------------------------
 1 | FROM debian:buster-slim
 2 | 
 3 | ARG DEBIAN_FRONTEND=noninteractive
 4 | ARG GIT_VERSION="2.26.2"
 5 | ARG GH_RUNNER_VERSION
 6 | ARG DOCKER_COMPOSE_VERSION="1.27.4"
 7 | 
 8 | ENV RUNNER_NAME=""
 9 | ENV RUNNER_WORK_DIRECTORY="_work"
10 | ENV RUNNER_TOKEN=""
11 | ENV RUNNER_REPOSITORY_URL=""
12 | ENV RUNNER_LABELS=""
13 | ENV RUNNER_ALLOW_RUNASROOT=true
14 | ENV GITHUB_ACCESS_TOKEN=""
15 | ENV AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
16 | 
17 | RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
18 |     apt-get install -y \
19 |         curl \
20 |         unzip \
21 |         apt-transport-https \
22 |         ca-certificates \
23 |         software-properties-common \
24 |         sudo \
25 |         supervisor \
26 |         jq \
27 |         iputils-ping \
28 |         build-essential \
29 |         zlib1g-dev \
30 |         gettext \
31 |         liblttng-ust0 \
32 |         libcurl4-openssl-dev \
33 |         openssh-client && \
34 |     rm -rf /var/lib/apt/lists/* && \
35 |     apt-get clean
36 | 
37 | RUN cd /tmp && \
38 |     curl -sL -o git.tgz \
39 |     https://www.kernel.org/pub/software/scm/git/git-${GIT_VERSION}.tar.gz && \
40 |     tar zxf git.tgz  && \
41 |     cd git-${GIT_VERSION}  && \
42 |     ./configure --prefix=/usr  && \
43 |     make && \
44 |     make install && \
45 |     rm -rf /tmp/*
46 | 
47 | RUN mkdir -p /runner ${AGENT_TOOLSDIRECTORY}
48 | 
49 | WORKDIR /runner
50 | 
51 | RUN GH_RUNNER_VERSION=${GH_RUNNER_VERSION:-$(curl --silent "https://api.github.com/repos/actions/runner/releases/latest" | grep tag_name | sed -E 's/.*"v([^"]+)".*/\1/')} \
52 |     && curl -L -O https://github.com/actions/runner/releases/download/v${GH_RUNNER_VERSION}/actions-runner-linux-x64-${GH_RUNNER_VERSION}.tar.gz \
53 |     && tar -zxf actions-runner-linux-x64-${GH_RUNNER_VERSION}.tar.gz \
54 |     && rm -f actions-runner-linux-x64-${GH_RUNNER_VERSION}.tar.gz \
55 |     && ./bin/installdependencies.sh \
56 |     && chown -R root: /runner \
57 |     && rm -rf /var/lib/apt/lists/* \
58 |     && apt-get clean
59 | 
60 | ENV RUNNER_TOOL_CACHE="/tmp/toolcache"


--------------------------------------------------------------------------------
/src/lambda-github-runner/go.mod:
--------------------------------------------------------------------------------
1 | module lambda-github-runner
2 | 
3 | go 1.15
4 | 
5 | require (
6 | 	github.com/aws/aws-lambda-go v1.20.0
7 | 	github.com/aws/aws-sdk-go v1.36.15
8 | )
9 | 


--------------------------------------------------------------------------------
/src/lambda-github-runner/go.sum:
--------------------------------------------------------------------------------
 1 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 2 | github.com/aws/aws-lambda-go v1.20.0 h1:ZSweJx/Hy9BoIDXKBEh16vbHH0t0dehnF8MKpMiOWc0=
 3 | github.com/aws/aws-lambda-go v1.20.0/go.mod h1:jJmlefzPfGnckuHdXX7/80O3BvUUi12XOkbv4w9SGLU=
 4 | github.com/aws/aws-sdk-go v1.36.15 h1:nGqgPlXegCKPZOKXvWnYCLvLPJPRoSOHHn9d0N0DG7Y=
 5 | github.com/aws/aws-sdk-go v1.36.15/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 6 | github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 7 | github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 8 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 9 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
10 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
11 | github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
12 | github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
13 | github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
14 | github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
15 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
16 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
17 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
18 | github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
19 | github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
20 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
21 | github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
22 | github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
23 | github.com/urfave/cli/v2 v2.2.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
24 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
25 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
26 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
27 | golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME=
28 | golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
29 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
30 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
31 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
32 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
33 | golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
34 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
35 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
36 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
37 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
38 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
39 | gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
40 | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
41 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
42 | gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
43 | gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
44 | 


--------------------------------------------------------------------------------
/src/lambda-github-runner/main.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"context"
  5 | 	"encoding/json"
  6 | 	"fmt"
  7 | 	"io/ioutil"
  8 | 	"net/http"
  9 | 	"os"
 10 | 	"os/exec"
 11 | 	"path/filepath"
 12 | 	"strings"
 13 | 	"time"
 14 | 
 15 | 	"github.com/aws/aws-lambda-go/lambda"
 16 | 	"github.com/aws/aws-lambda-go/lambdacontext"
 17 | 
 18 | 	"github.com/aws/aws-sdk-go/aws"
 19 | 	"github.com/aws/aws-sdk-go/aws/session"
 20 | 	"github.com/aws/aws-sdk-go/service/sqs"
 21 | )
 22 | 
 23 | // RunnerEvent is the event passed in
 24 | type RunnerEvent struct {
 25 | 	QueueURL     string `json:"queue_url"`
 26 | 	RepoURL      string `json:"repo_url"`
 27 | 	RepoFullName string `json:"repo_fullname"`
 28 | 	Token        string `json:"token"`
 29 | 	VirtualID    string `json:"virtual_id"`
 30 | 	Event        string `json:"event"`
 31 | }
 32 | 
 33 | // RunnerToken is the token used for the github runner
 34 | type RunnerToken struct {
 35 | 	Token string `json:"token"`
 36 | }
 37 | 
 38 | // HandleRequest handles the lambda request
 39 | func HandleRequest(ctx context.Context, event RunnerEvent) (string, error) {
 40 | 	defer func() {
 41 | 		if e := recover(); e != nil {
 42 | 			fmt.Println("Recovered from panic", e)
 43 | 		}
 44 | 	}()
 45 | 
 46 | 	tempToken := event.Token
 47 | 	event.Token = "******"
 48 | 	fmt.Println(event)
 49 | 	event.Token = tempToken
 50 | 
 51 | 	lc, _ := lambdacontext.FromContext(ctx)
 52 | 	fmt.Println("Getting runner token")
 53 | 	client := http.Client{
 54 | 		Timeout: time.Duration(30 * time.Second),
 55 | 	}
 56 | 	url := "https://api.github.com/repos/" + event.RepoFullName + "/actions/runners/registration-token"
 57 | 	fmt.Println(url)
 58 | 	request, _ := http.NewRequest("POST", url, nil)
 59 | 	request.Header.Set("Accept", "application/vnd.github.v3+json")
 60 | 	request.Header.Set("Authorization", "token "+event.Token)
 61 | 	request.Header.Set("User-Agent", "lambda-github-runner")
 62 | 	resp, err := client.Do(request)
 63 | 	if err != nil || resp.StatusCode != 201 {
 64 | 		fmt.Println("Unable to get runner registrtation token", err)
 65 | 		fmt.Println(resp)
 66 | 		return "Unable to get runner registration token", err
 67 | 	}
 68 | 	defer resp.Body.Close()
 69 | 	regToken := RunnerToken{}
 70 | 	regData, _ := ioutil.ReadAll(resp.Body)
 71 | 	json.Unmarshal(regData, &regToken)
 72 | 
 73 | 	fmt.Println("Move runner directory to lambda /tmp")
 74 | 	err = os.Mkdir("/tmp/runner", 0755)
 75 | 	if os.IsExist(err) == false {
 76 | 		err = copy("/runner", "/tmp/runner")
 77 | 		if err != nil {
 78 | 			fmt.Println("Unable to copy runner", err)
 79 | 			return "Unable to copy runner", err
 80 | 		}
 81 | 	}
 82 | 	err = os.Mkdir("/tmp/toolcache", 0755)
 83 | 
 84 | 	fmt.Println("Removing runner in case one already exists")
 85 | 	err = stopAndDecomissionRunner(regToken)
 86 | 	if err != nil {
 87 | 		fmt.Printf("Unable to remove runner, going to continue anyway\n", err)
 88 | 	}
 89 | 
 90 | 	fmt.Printf("Configuring runner (Request: %s|RepoUrl: %s|RepoFullName: %s|QueueUrl: %s)...\n", lc.AwsRequestID, event.RepoURL, event.RepoFullName, event.QueueURL)
 91 | 	runnerName := "lambda-" + lc.AwsRequestID
 92 | 	if event.Event == "create" {
 93 | 		runnerName = "DEFAULT-LAMBDA-DO-NOT-REMOVE"
 94 | 		fmt.Println("Creating default runner")
 95 | 	}
 96 | 
 97 | 	configcmd := exec.Command("/tmp/runner/config.sh", "--url", event.RepoURL, "--token", regToken.Token, "--name", runnerName, "--runnergroup", "lambda", "--labels", "lambda", "--work", "_work", "--replace")
 98 | 	out, err := configcmd.Output()
 99 | 	if err != nil {
100 | 		fmt.Println(string(out), err)
101 | 		readRunnerLogs()
102 | 		return fmt.Sprint(out), err
103 | 	}
104 | 	if os.Getenv("ALWAYS_PRINT_LOGS") == "true" {
105 | 		readRunnerLogs()
106 | 	}
107 | 
108 | 	// if event is 'created', bail after configured
109 | 	if event.Event == "create" {
110 | 		fmt.Println("This is a create event, stopping runner")
111 | 		return fmt.Sprint("Runner created"), nil
112 | 	}
113 | 
114 | 	fmt.Println("Starting runner...")
115 | 	err = startRunner()
116 | 	if err != nil {
117 | 		return fmt.Sprint("Unable to start runner"), err
118 | 	}
119 | 
120 | 	fmt.Println("Runner started...")
121 | 	// Setup Virtual Queue and wait for Message
122 | 	sess := session.Must(session.NewSessionWithOptions(session.Options{
123 | 		SharedConfigState: session.SharedConfigEnable,
124 | 	}))
125 | 
126 | 	svc := sqs.New(sess)
127 | 	fmt.Println("Starting to listener for complete message")
128 | 	for {
129 | 		msgResult, err := svc.ReceiveMessage(&sqs.ReceiveMessageInput{
130 | 			AttributeNames: []*string{
131 | 				aws.String(sqs.MessageSystemAttributeNameSentTimestamp),
132 | 			},
133 | 			MessageAttributeNames: []*string{
134 | 				aws.String(sqs.QueueAttributeNameAll),
135 | 			},
136 | 			QueueUrl:            aws.String(event.QueueURL),
137 | 			MaxNumberOfMessages: aws.Int64(1),
138 | 			VisibilityTimeout:   aws.Int64(60),
139 | 		})
140 | 
141 | 		if err != nil {
142 | 			fmt.Println("Error while receiving messages", err)
143 | 		}
144 | 
145 | 		if len(msgResult.Messages) > 0 {
146 | 			if strings.Compare(*msgResult.Messages[0].Body, event.VirtualID) == 0 {
147 | 				fmt.Println("Message received, closing runner")
148 | 				_, err = svc.DeleteMessage(&sqs.DeleteMessageInput{
149 | 					QueueUrl:      aws.String(event.QueueURL),
150 | 					ReceiptHandle: msgResult.Messages[0].ReceiptHandle,
151 | 				})
152 | 				if err != nil {
153 | 					fmt.Println("Error while deleting message", err)
154 | 				}
155 | 				break
156 | 			}
157 | 		}
158 | 
159 | 		deadline, _ := ctx.Deadline()
160 | 		deadline = deadline.Add(-30 * time.Second)
161 | 
162 | 		if time.Until(deadline).Seconds() < 0 {
163 | 			fmt.Println("Function is about to timeout, decomissioning")
164 | 			break
165 | 		}
166 | 	}
167 | 
168 | 	err = stopAndDecomissionRunner(regToken)
169 | 
170 | 	fmt.Println("Complete!")
171 | 	return fmt.Sprint("Complete!"), err
172 | }
173 | 
174 | // startRunner starts the github runner
175 | func startRunner() error {
176 | 	runcmd := exec.Command("/tmp/runner/run.sh")
177 | 	// Something with output
178 | 	return runcmd.Start()
179 | }
180 | 
181 | // stopAndDecomissionRunner stops and removes the runner
182 | func stopAndDecomissionRunner(event RunnerToken) error {
183 | 	fmt.Println("Removing runner...")
184 | 	configcmd := exec.Command("/tmp/runner/config.sh", "remove", "--token", event.Token)
185 | 	_, err := configcmd.Output()
186 | 	if err != nil {
187 | 		fmt.Println("Unable to remove runner", err)
188 | 		return err
189 | 	}
190 | 	fmt.Println("Runner removed")
191 | 	return nil
192 | }
193 | 
194 | // readRunnerLogs reads the runners logs to console
195 | func readRunnerLogs() {
196 | 	fmt.Println("Reading logs...")
197 | 	// Try to get logs
198 | 	files, _ := ioutil.ReadDir("/tmp/runner/_diag")
199 | 	for _, f := range files {
200 | 		fmt.Println(f.Name())
201 | 		content, _ := ioutil.ReadFile("/tmp/runner/_diag/" + f.Name())
202 | 		fmt.Println(string(content))
203 | 	}
204 | 	fmt.Println("Done reading logs...")
205 | }
206 | 
207 | // copy copies the source to destination directories recursively
208 | func copy(source, destination string) error {
209 | 	var err error = filepath.Walk(source, func(path string, info os.FileInfo, err error) error {
210 | 		var relPath string = strings.Replace(path, source, "", 1)
211 | 		if relPath == "" {
212 | 			return nil
213 | 		}
214 | 		if info.IsDir() {
215 | 			return os.Mkdir(filepath.Join(destination, relPath), 0755)
216 | 		}
217 | 
218 | 		var data, err1 = ioutil.ReadFile(filepath.Join(source, relPath))
219 | 		if err1 != nil {
220 | 			return err1
221 | 		}
222 | 		return ioutil.WriteFile(filepath.Join(destination, relPath), data, 0777)
223 | 	})
224 | 	return err
225 | }
226 | 
227 | func main() {
228 | 	lambda.Start(HandleRequest)
229 | }
230 | 


--------------------------------------------------------------------------------
/src/lambda-github-webhook/go.mod:
--------------------------------------------------------------------------------
1 | module lambda-github-webhook
2 | 
3 | go 1.15
4 | 
5 | require (
6 | 	"github.com/aws/aws-lambda-go" v1.20.0
7 | 	"github.com/aws/aws-sdk-go" v1.36.15
8 | )


--------------------------------------------------------------------------------
/src/lambda-github-webhook/go.sum:
--------------------------------------------------------------------------------
 1 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 2 | github.com/aws/aws-lambda-go v1.20.0 h1:ZSweJx/Hy9BoIDXKBEh16vbHH0t0dehnF8MKpMiOWc0=
 3 | github.com/aws/aws-lambda-go v1.20.0/go.mod h1:jJmlefzPfGnckuHdXX7/80O3BvUUi12XOkbv4w9SGLU=
 4 | github.com/aws/aws-sdk-go v1.36.15 h1:nGqgPlXegCKPZOKXvWnYCLvLPJPRoSOHHn9d0N0DG7Y=
 5 | github.com/aws/aws-sdk-go v1.36.15/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 6 | github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 7 | github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 8 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 9 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
10 | github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
11 | github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
12 | github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
13 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
14 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
15 | github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
16 | github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
17 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
18 | github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
19 | github.com/urfave/cli/v2 v2.2.0/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
20 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
21 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
22 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
23 | golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
24 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
25 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
26 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
27 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
28 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
29 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
30 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
31 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
32 | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
33 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
34 | gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
35 | 


--------------------------------------------------------------------------------
/src/lambda-github-webhook/main.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"context"
  5 | 	"crypto/hmac"
  6 | 	"crypto/sha256"
  7 | 	"encoding/hex"
  8 | 	"encoding/json"
  9 | 	"fmt"
 10 | 	"os"
 11 | 	"strconv"
 12 | 	"strings"
 13 | 	"time"
 14 | 
 15 | 	"github.com/aws/aws-lambda-go/events"
 16 | 	"github.com/aws/aws-lambda-go/lambda"
 17 | 	"github.com/aws/aws-sdk-go/aws"
 18 | 	"github.com/aws/aws-sdk-go/aws/session"
 19 | 	lmbda "github.com/aws/aws-sdk-go/service/lambda"
 20 | 	"github.com/aws/aws-sdk-go/service/sqs"
 21 | )
 22 | 
 23 | // AutoGenerated is the github webhook event payload
 24 | type AutoGenerated struct {
 25 | 	Action   string `json:"action"`
 26 | 	CheckRun struct {
 27 | 		ID          int         `json:"id"`
 28 | 		NodeID      string      `json:"node_id"`
 29 | 		HeadSha     string      `json:"head_sha"`
 30 | 		ExternalID  string      `json:"external_id"`
 31 | 		URL         string      `json:"url"`
 32 | 		HTMLURL     string      `json:"html_url"`
 33 | 		DetailsURL  string      `json:"details_url"`
 34 | 		Status      string      `json:"status"`
 35 | 		Conclusion  interface{} `json:"conclusion"`
 36 | 		StartedAt   time.Time   `json:"started_at"`
 37 | 		CompletedAt interface{} `json:"completed_at"`
 38 | 		Output      struct {
 39 | 			Title            interface{} `json:"title"`
 40 | 			Summary          interface{} `json:"summary"`
 41 | 			Text             interface{} `json:"text"`
 42 | 			AnnotationsCount int         `json:"annotations_count"`
 43 | 			AnnotationsURL   string      `json:"annotations_url"`
 44 | 		} `json:"output"`
 45 | 		Name       string `json:"name"`
 46 | 		CheckSuite struct {
 47 | 			ID           int           `json:"id"`
 48 | 			NodeID       string        `json:"node_id"`
 49 | 			HeadBranch   string        `json:"head_branch"`
 50 | 			HeadSha      string        `json:"head_sha"`
 51 | 			Status       string        `json:"status"`
 52 | 			Conclusion   interface{}   `json:"conclusion"`
 53 | 			URL          string        `json:"url"`
 54 | 			Before       string        `json:"before"`
 55 | 			After        string        `json:"after"`
 56 | 			PullRequests []interface{} `json:"pull_requests"`
 57 | 			App          struct {
 58 | 				ID     int    `json:"id"`
 59 | 				Slug   string `json:"slug"`
 60 | 				NodeID string `json:"node_id"`
 61 | 				Owner  struct {
 62 | 					Login             string `json:"login"`
 63 | 					ID                int    `json:"id"`
 64 | 					NodeID            string `json:"node_id"`
 65 | 					AvatarURL         string `json:"avatar_url"`
 66 | 					GravatarID        string `json:"gravatar_id"`
 67 | 					URL               string `json:"url"`
 68 | 					HTMLURL           string `json:"html_url"`
 69 | 					FollowersURL      string `json:"followers_url"`
 70 | 					FollowingURL      string `json:"following_url"`
 71 | 					GistsURL          string `json:"gists_url"`
 72 | 					StarredURL        string `json:"starred_url"`
 73 | 					SubscriptionsURL  string `json:"subscriptions_url"`
 74 | 					OrganizationsURL  string `json:"organizations_url"`
 75 | 					ReposURL          string `json:"repos_url"`
 76 | 					EventsURL         string `json:"events_url"`
 77 | 					ReceivedEventsURL string `json:"received_events_url"`
 78 | 					Type              string `json:"type"`
 79 | 					SiteAdmin         bool   `json:"site_admin"`
 80 | 				} `json:"owner"`
 81 | 				Name        string    `json:"name"`
 82 | 				Description string    `json:"description"`
 83 | 				ExternalURL string    `json:"external_url"`
 84 | 				HTMLURL     string    `json:"html_url"`
 85 | 				CreatedAt   time.Time `json:"created_at"`
 86 | 				UpdatedAt   time.Time `json:"updated_at"`
 87 | 				Permissions struct {
 88 | 					Actions             string `json:"actions"`
 89 | 					Checks              string `json:"checks"`
 90 | 					Contents            string `json:"contents"`
 91 | 					Deployments         string `json:"deployments"`
 92 | 					Issues              string `json:"issues"`
 93 | 					Metadata            string `json:"metadata"`
 94 | 					Packages            string `json:"packages"`
 95 | 					Pages               string `json:"pages"`
 96 | 					PullRequests        string `json:"pull_requests"`
 97 | 					RepositoryHooks     string `json:"repository_hooks"`
 98 | 					RepositoryProjects  string `json:"repository_projects"`
 99 | 					SecurityEvents      string `json:"security_events"`
100 | 					Statuses            string `json:"statuses"`
101 | 					VulnerabilityAlerts string `json:"vulnerability_alerts"`
102 | 				} `json:"permissions"`
103 | 				Events []string `json:"events"`
104 | 			} `json:"app"`
105 | 			CreatedAt time.Time `json:"created_at"`
106 | 			UpdatedAt time.Time `json:"updated_at"`
107 | 		} `json:"check_suite"`
108 | 		App struct {
109 | 			ID     int    `json:"id"`
110 | 			Slug   string `json:"slug"`
111 | 			NodeID string `json:"node_id"`
112 | 			Owner  struct {
113 | 				Login             string `json:"login"`
114 | 				ID                int    `json:"id"`
115 | 				NodeID            string `json:"node_id"`
116 | 				AvatarURL         string `json:"avatar_url"`
117 | 				GravatarID        string `json:"gravatar_id"`
118 | 				URL               string `json:"url"`
119 | 				HTMLURL           string `json:"html_url"`
120 | 				FollowersURL      string `json:"followers_url"`
121 | 				FollowingURL      string `json:"following_url"`
122 | 				GistsURL          string `json:"gists_url"`
123 | 				StarredURL        string `json:"starred_url"`
124 | 				SubscriptionsURL  string `json:"subscriptions_url"`
125 | 				OrganizationsURL  string `json:"organizations_url"`
126 | 				ReposURL          string `json:"repos_url"`
127 | 				EventsURL         string `json:"events_url"`
128 | 				ReceivedEventsURL string `json:"received_events_url"`
129 | 				Type              string `json:"type"`
130 | 				SiteAdmin         bool   `json:"site_admin"`
131 | 			} `json:"owner"`
132 | 			Name        string    `json:"name"`
133 | 			Description string    `json:"description"`
134 | 			ExternalURL string    `json:"external_url"`
135 | 			HTMLURL     string    `json:"html_url"`
136 | 			CreatedAt   time.Time `json:"created_at"`
137 | 			UpdatedAt   time.Time `json:"updated_at"`
138 | 			Permissions struct {
139 | 				Actions             string `json:"actions"`
140 | 				Checks              string `json:"checks"`
141 | 				Contents            string `json:"contents"`
142 | 				Deployments         string `json:"deployments"`
143 | 				Issues              string `json:"issues"`
144 | 				Metadata            string `json:"metadata"`
145 | 				Packages            string `json:"packages"`
146 | 				Pages               string `json:"pages"`
147 | 				PullRequests        string `json:"pull_requests"`
148 | 				RepositoryHooks     string `json:"repository_hooks"`
149 | 				RepositoryProjects  string `json:"repository_projects"`
150 | 				SecurityEvents      string `json:"security_events"`
151 | 				Statuses            string `json:"statuses"`
152 | 				VulnerabilityAlerts string `json:"vulnerability_alerts"`
153 | 			} `json:"permissions"`
154 | 			Events []string `json:"events"`
155 | 		} `json:"app"`
156 | 		PullRequests []interface{} `json:"pull_requests"`
157 | 	} `json:"check_run"`
158 | 	Repository struct {
159 | 		ID       int    `json:"id"`
160 | 		NodeID   string `json:"node_id"`
161 | 		Name     string `json:"name"`
162 | 		FullName string `json:"full_name"`
163 | 		Private  bool   `json:"private"`
164 | 		Owner    struct {
165 | 			Login             string `json:"login"`
166 | 			ID                int    `json:"id"`
167 | 			NodeID            string `json:"node_id"`
168 | 			AvatarURL         string `json:"avatar_url"`
169 | 			GravatarID        string `json:"gravatar_id"`
170 | 			URL               string `json:"url"`
171 | 			HTMLURL           string `json:"html_url"`
172 | 			FollowersURL      string `json:"followers_url"`
173 | 			FollowingURL      string `json:"following_url"`
174 | 			GistsURL          string `json:"gists_url"`
175 | 			StarredURL        string `json:"starred_url"`
176 | 			SubscriptionsURL  string `json:"subscriptions_url"`
177 | 			OrganizationsURL  string `json:"organizations_url"`
178 | 			ReposURL          string `json:"repos_url"`
179 | 			EventsURL         string `json:"events_url"`
180 | 			ReceivedEventsURL string `json:"received_events_url"`
181 | 			Type              string `json:"type"`
182 | 			SiteAdmin         bool   `json:"site_admin"`
183 | 		} `json:"owner"`
184 | 		HTMLURL          string      `json:"html_url"`
185 | 		Description      string      `json:"description"`
186 | 		Fork             bool        `json:"fork"`
187 | 		URL              string      `json:"url"`
188 | 		ForksURL         string      `json:"forks_url"`
189 | 		KeysURL          string      `json:"keys_url"`
190 | 		CollaboratorsURL string      `json:"collaborators_url"`
191 | 		TeamsURL         string      `json:"teams_url"`
192 | 		HooksURL         string      `json:"hooks_url"`
193 | 		IssueEventsURL   string      `json:"issue_events_url"`
194 | 		EventsURL        string      `json:"events_url"`
195 | 		AssigneesURL     string      `json:"assignees_url"`
196 | 		BranchesURL      string      `json:"branches_url"`
197 | 		TagsURL          string      `json:"tags_url"`
198 | 		BlobsURL         string      `json:"blobs_url"`
199 | 		GitTagsURL       string      `json:"git_tags_url"`
200 | 		GitRefsURL       string      `json:"git_refs_url"`
201 | 		TreesURL         string      `json:"trees_url"`
202 | 		StatusesURL      string      `json:"statuses_url"`
203 | 		LanguagesURL     string      `json:"languages_url"`
204 | 		StargazersURL    string      `json:"stargazers_url"`
205 | 		ContributorsURL  string      `json:"contributors_url"`
206 | 		SubscribersURL   string      `json:"subscribers_url"`
207 | 		SubscriptionURL  string      `json:"subscription_url"`
208 | 		CommitsURL       string      `json:"commits_url"`
209 | 		GitCommitsURL    string      `json:"git_commits_url"`
210 | 		CommentsURL      string      `json:"comments_url"`
211 | 		IssueCommentURL  string      `json:"issue_comment_url"`
212 | 		ContentsURL      string      `json:"contents_url"`
213 | 		CompareURL       string      `json:"compare_url"`
214 | 		MergesURL        string      `json:"merges_url"`
215 | 		ArchiveURL       string      `json:"archive_url"`
216 | 		DownloadsURL     string      `json:"downloads_url"`
217 | 		IssuesURL        string      `json:"issues_url"`
218 | 		PullsURL         string      `json:"pulls_url"`
219 | 		MilestonesURL    string      `json:"milestones_url"`
220 | 		NotificationsURL string      `json:"notifications_url"`
221 | 		LabelsURL        string      `json:"labels_url"`
222 | 		ReleasesURL      string      `json:"releases_url"`
223 | 		DeploymentsURL   string      `json:"deployments_url"`
224 | 		CreatedAt        time.Time   `json:"created_at"`
225 | 		UpdatedAt        time.Time   `json:"updated_at"`
226 | 		PushedAt         time.Time   `json:"pushed_at"`
227 | 		GitURL           string      `json:"git_url"`
228 | 		SSHURL           string      `json:"ssh_url"`
229 | 		CloneURL         string      `json:"clone_url"`
230 | 		SvnURL           string      `json:"svn_url"`
231 | 		Homepage         interface{} `json:"homepage"`
232 | 		Size             int         `json:"size"`
233 | 		StargazersCount  int         `json:"stargazers_count"`
234 | 		WatchersCount    int         `json:"watchers_count"`
235 | 		Language         string      `json:"language"`
236 | 		HasIssues        bool        `json:"has_issues"`
237 | 		HasProjects      bool        `json:"has_projects"`
238 | 		HasDownloads     bool        `json:"has_downloads"`
239 | 		HasWiki          bool        `json:"has_wiki"`
240 | 		HasPages         bool        `json:"has_pages"`
241 | 		ForksCount       int         `json:"forks_count"`
242 | 		MirrorURL        interface{} `json:"mirror_url"`
243 | 		Archived         bool        `json:"archived"`
244 | 		Disabled         bool        `json:"disabled"`
245 | 		OpenIssuesCount  int         `json:"open_issues_count"`
246 | 		License          interface{} `json:"license"`
247 | 		Forks            int         `json:"forks"`
248 | 		OpenIssues       int         `json:"open_issues"`
249 | 		Watchers         int         `json:"watchers"`
250 | 		DefaultBranch    string      `json:"default_branch"`
251 | 	} `json:"repository"`
252 | 	Sender struct {
253 | 		Login             string `json:"login"`
254 | 		ID                int    `json:"id"`
255 | 		NodeID            string `json:"node_id"`
256 | 		AvatarURL         string `json:"avatar_url"`
257 | 		GravatarID        string `json:"gravatar_id"`
258 | 		URL               string `json:"url"`
259 | 		HTMLURL           string `json:"html_url"`
260 | 		FollowersURL      string `json:"followers_url"`
261 | 		FollowingURL      string `json:"following_url"`
262 | 		GistsURL          string `json:"gists_url"`
263 | 		StarredURL        string `json:"starred_url"`
264 | 		SubscriptionsURL  string `json:"subscriptions_url"`
265 | 		OrganizationsURL  string `json:"organizations_url"`
266 | 		ReposURL          string `json:"repos_url"`
267 | 		EventsURL         string `json:"events_url"`
268 | 		ReceivedEventsURL string `json:"received_events_url"`
269 | 		Type              string `json:"type"`
270 | 		SiteAdmin         bool   `json:"site_admin"`
271 | 	} `json:"sender"`
272 | }
273 | 
274 | // RunnerEvent is the event passed to the lambda-github-runner
275 | type RunnerEvent struct {
276 | 	QueueURL     string `json:"queue_url"`
277 | 	RepoURL      string `json:"repo_url"`
278 | 	RepoFullName string `json:"repo_fullname"`
279 | 	Token        string `json:"token"`
280 | 	VirtualID    string `json:"virtual_id"`
281 | 	Event        string `json:"event"`
282 | }
283 | 
284 | func TriggerRunner(payloadEvent RunnerEvent) error {
285 | 	sess := session.Must(session.NewSessionWithOptions(session.Options{
286 | 		SharedConfigState: session.SharedConfigEnable,
287 | 	}))
288 | 
289 | 	payload, _ := json.Marshal(&payloadEvent)
290 | 
291 | 	client := lmbda.New(sess, &aws.Config{Region: aws.String("us-east-1")})
292 | 	_, err := client.Invoke(&lmbda.InvokeInput{FunctionName: aws.String("lambda-github-runner"), InvocationType: aws.String("Event"), Payload: payload})
293 | 	return err
294 | }
295 | 
296 | // HandleRequest handles Lambda Request
297 | func HandleRequest(ctx context.Context, req events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
298 | 	fmt.Println(req.Body)
299 | 	deliveryID := req.Headers["X-GitHub-Delivery"]
300 | 	fmt.Printf("Delivery ID - %s\n", deliveryID)
301 | 	fmt.Printf("Event - %s\n", req.Headers["X-GitHub-Event"])
302 | 
303 | 	// Only care about "check_run"/"ping" events
304 | 	if req.Headers["X-GitHub-Event"] != "check_run" && req.Headers["X-GitHub-Event"] != "ping" {
305 | 		return events.APIGatewayProxyResponse{StatusCode: 404}, nil
306 | 	}
307 | 
308 | 	// if a github webhook secret it provided, require the check
309 | 	if os.Getenv("GITHUB_WEBHOOK_SECRET") != "" {
310 | 		secretKey := []byte(os.Getenv("GITHUB_WEBHOOK_SECRET"))
311 | 		sha256Header := req.Headers["X-Hub-Signature-256"]
312 | 		sha256HeaderParts := strings.SplitN(sha256Header, "=", 2)
313 | 		buf, err := hex.DecodeString(sha256HeaderParts[1])
314 | 		if err != nil {
315 | 			fmt.Errorf("Error decoding signature %q: %w", sha256Header, err)
316 | 			return events.APIGatewayProxyResponse{StatusCode: 400, Body: "Error decoding signature"}, nil
317 | 		}
318 | 		hashFunc := sha256.New
319 | 		mac := hmac.New(hashFunc, secretKey)
320 | 		mac.Write([]byte(req.Body))
321 | 		ms := mac.Sum(nil)
322 | 		if !hmac.Equal(buf, ms) {
323 | 			fmt.Errorf("Payload signature check failed")
324 | 			return events.APIGatewayProxyResponse{StatusCode: 417, Body: "Payload signature check failed"}, nil
325 | 		}
326 | 	}
327 | 
328 | 	data := AutoGenerated{}
329 | 	json.Unmarshal([]byte(req.Body), &data)
330 | 
331 | 	virtualQueue := data.Repository.Name + strconv.Itoa(data.CheckRun.ID)
332 | 	queueURL := os.Getenv("SQS_QUEUE_URL")
333 | 	if queueURL == "" {
334 | 		fmt.Println("No SQS Queue URL is configured")
335 | 		return events.APIGatewayProxyResponse{StatusCode: 400, Body: "No SQS Queue URL is configured"}, nil
336 | 	}
337 | 
338 | 	// If ping, send different event
339 | 	if req.Headers["X-GitHub-Event"] == "ping" {
340 | 		// Create new lambda
341 | 		payloadEvent := RunnerEvent{
342 | 			QueueURL:     queueURL + "#" + virtualQueue,
343 | 			RepoURL:      data.Repository.HTMLURL,
344 | 			RepoFullName: data.Repository.FullName,
345 | 			Token:        os.Getenv("GITHUB_TOKEN"),
346 | 			VirtualID:    virtualQueue,
347 | 			Event:        "create",
348 | 		}
349 | 
350 | 		err := TriggerRunner(payloadEvent)
351 | 		if err != nil {
352 | 			fmt.Println("Error calling lambda-github-runner", err)
353 | 			return events.APIGatewayProxyResponse{StatusCode: 400, Body: "Unable to start runner"}, nil
354 | 		}
355 | 		fmt.Println("lambda-github-runner triggered")
356 | 		return events.APIGatewayProxyResponse{StatusCode: 200, Body: "Setting up default runner"}, nil
357 | 	}
358 | 
359 | 	if data.Action == "created" || data.Action == "rerequested" {
360 | 		// Create new lambda
361 | 		payloadEvent := RunnerEvent{
362 | 			QueueURL:     queueURL + "#" + virtualQueue,
363 | 			RepoURL:      data.Repository.HTMLURL,
364 | 			RepoFullName: data.Repository.FullName,
365 | 			Token:        os.Getenv("GITHUB_TOKEN"),
366 | 			VirtualID:    virtualQueue,
367 | 			Event:        "default",
368 | 		}
369 | 
370 | 		err := TriggerRunner(payloadEvent)
371 | 		if err != nil {
372 | 			fmt.Println("Error calling lambda-github-runner", err)
373 | 			return events.APIGatewayProxyResponse{StatusCode: 400, Body: "Unable to start runner"}, nil
374 | 		}
375 | 		fmt.Println("lambda-github-runner triggered")
376 | 	} else if data.Action == "completed" {
377 | 		// Stop lambda
378 | 		sess := session.Must(session.NewSessionWithOptions(session.Options{
379 | 			SharedConfigState: session.SharedConfigEnable,
380 | 		}))
381 | 
382 | 		svc := sqs.New(sess)
383 | 		sr, err := svc.SendMessage(&sqs.SendMessageInput{
384 | 			DelaySeconds: aws.Int64(0),
385 | 			MessageBody:  aws.String(virtualQueue),
386 | 			QueueUrl:     aws.String(queueURL + "#" + virtualQueue),
387 | 		})
388 | 
389 | 		if err != nil {
390 | 			fmt.Println("Error sending message to virtual queue", err)
391 | 			return events.APIGatewayProxyResponse{StatusCode: 400, Body: "Error sending message to virtual queue"}, nil
392 | 		}
393 | 
394 | 		fmt.Println("Message send to SQS")
395 | 		fmt.Println(sr)
396 | 	} else {
397 | 		fmt.Printf("Unknown action - %s\n", data.Action)
398 | 		return events.APIGatewayProxyResponse{StatusCode: 412, Body: "Unknown action"}, nil
399 | 	}
400 | 	return events.APIGatewayProxyResponse{StatusCode: 204}, nil
401 | }
402 | 
403 | func main() {
404 | 	lambda.Start(HandleRequest)
405 | }
406 | 


--------------------------------------------------------------------------------