cdk-github-runners icon indicating copy to clipboard operation
cdk-github-runners copied to clipboard
verified publisher icon CloudSnorkel

Managed Image

Open tsuga opened this issue 1 year ago • 3 comments

Is it possible to specify a managed image (e.g. aws/codebuild/standard:7:0) for CodeBuild provider so that additional resources such as ECR and Lambda are not required?

tsuga avatar Oct 12 '24 11:10 tsuga

The base image doesn't have everything we need. Specifically the actions runner is not installed. That said, you can use StaticRunnerImage.fromDockerHub or similar implementation to avoid ECR. You will need to somehow install the actions runner too. I would imagine it's not worth the effort.

Lambda on the other hand is more of a hard requirement. It's used to handle the webhook and lifecycle of the runner.

Can I ask why you're trying to get rid of these dependencies?

kichik avatar Oct 12 '24 22:10 kichik

It looks like, at least the default image of CodeBuild runner is shipped with GH actions runner or Buildspec with the runner is injected. Generally speaking, I value less resources to avoid any potential problem.

tsuga avatar Oct 13 '24 17:10 tsuga

Sounds like they may have added that for their support of GitHub Actions. Honestly it sounds like that feature might be more in line with what you're looking for.

I also value less resources, but it sounds like you value it even more. That said:

  • Customizable runner image that remains up-to-date is one of the core differentiators of this project.
  • We try to use fine granular permissions wherever possible so new resources are harder to abuse.
  • We take great care to cleanup after ourselves on both stack deletion and during normal usage. That should help keep clutter down.

kichik avatar Oct 14 '24 02:10 kichik