# XDR's Submodule for GitHub Runners

Original Source: https://github.com/philips-labs/terraform-aws-github-runner

## For USAGE, see the module documentation at
```
~/xdr-terraform-modules/base/github-runners/README.md
```

## Significant Changes

* in `modules/runners/policies/lambda-scale-up.json`, added section for KMS access:
```
        {
            "Effect": "Allow",
            "Action": [
                "kms:CreateGrant",
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey*",
                "kms:ReEncrypt*"
            ],
            "Resource": "*"
```
* in `modules/runners/scale-{up,down}.tf`, `modules/webhook/webhook.tf`, and `./modules/runner-binaries-syncer/runner-binaries-syncer.tf` changed architectures line to be:
```
  architectures     = var.lambda_architecture == "x86_64" ? [] : [var.lambda_architecture]
```
This solves an issue where terraform thinks there's a change every time.
* Similarly, for `./modules/runners/pool/main.tf`, changed architectures line to be:
```
  architectures     = var.config.lambda_architecture == "x86_64" ? [] : [var.config.lambda_architecture]
```

## Process

1. Cloned repo
1. `rm -rf .git`
1. Follow the `Setup GitHub App (part 1)` instructions at https://github.com/philips-labs/terraform-aws-github-runner#setup-github-app-part-1
  a. App name: `mdr-engineering-runners`
  b. Everything else as instructed.
1. Download the lambdas from the ['releases' page](https://github.com/philips-labs/terraform-aws-github-runner/releases) into `~/Downloads/terraform-aws-github`
1. Upload the lambdas:
```
cd ~/Downloads/
aws --profile mdr-common-services-gov s3 sync terraform-aws-github s3://afsxdr-binaries/terraform-aws-github
aws --profile mdr-common-services     s3 sync terraform-aws-github s3://afsxdr-binaries/terraform-aws-github
```
1. Add variables to ~/xdr-terraform-modules/base/github-runners/locals.tf
1. Modify variables in ~/xdr-terraform-live/test/aws-us-gov/mdr-test-c2/093-github-runners-mdr-engineering
1. `terragrunt-local init && terragrunt-local apply`
1. Follow the instructions at ['Setup the webhook'](https://github.com/philips-labs/terraform-aws-github-runner#setup-the-webhook--github-app-part-2)