fix: Pass enable_runner_workflow_job_labels variable to submodule

modules/multi-runner/runners.tf

@@ -31,54 +31,53 @@ module "runners" {
   ami_id_ssm_parameter_name = each.value.runner_config.ami_id_ssm_parameter_name
   ami_kms_key_arn           = each.value.runner_config.ami_kms_key_arn
 
-  sqs_build_queue                      = { "arn" : each.value.arn, "url" : each.value.url }
-  github_app_parameters                = local.github_app_parameters
-  ebs_optimized                        = each.value.runner_config.ebs_optimized
-  enable_on_demand_failover_for_errors = each.value.runner_config.enable_on_demand_failover_for_errors
-  enable_organization_runners          = each.value.runner_config.enable_organization_runners
-  enable_ephemeral_runners             = each.value.runner_config.enable_ephemeral_runners
-  enable_jit_config                    = each.value.runner_config.enable_jit_config
-  enable_job_queued_check              = each.value.runner_config.enable_job_queued_check
-  disable_runner_autoupdate            = each.value.runner_config.disable_runner_autoupdate
-  enable_managed_runner_security_group = var.enable_managed_runner_security_group
-  enable_runner_detailed_monitoring    = each.value.runner_config.enable_runner_detailed_monitoring
-  scale_down_schedule_expression       = each.value.runner_config.scale_down_schedule_expression
-  minimum_running_time_in_minutes      = each.value.runner_config.minimum_running_time_in_minutes
-  runner_boot_time_in_minutes          = each.value.runner_config.runner_boot_time_in_minutes
-  runner_disable_default_labels        = each.value.runner_config.runner_disable_default_labels
-  runner_labels                        = each.value.runner_config.runner_disable_default_labels ? sort(distinct(each.value.runner_config.runner_extra_labels)) : sort(distinct(concat(["self-hosted", each.value.runner_config.runner_os, each.value.runner_config.runner_architecture], each.value.runner_config.runner_extra_labels)))
-  runner_as_root                       = each.value.runner_config.runner_as_root
-  runner_run_as                        = each.value.runner_config.runner_run_as
-  runners_maximum_count                = each.value.runner_config.runners_maximum_count
-  idle_config                          = each.value.runner_config.idle_config
-  enable_ssm_on_runners                = each.value.runner_config.enable_ssm_on_runners
-  egress_rules                         = var.runner_egress_rules
-  runner_additional_security_group_ids = try(coalescelist(each.value.runner_config.runner_additional_security_group_ids, var.runner_additional_security_group_ids), [])
-  metadata_options                     = each.value.runner_config.runner_metadata_options
-  credit_specification                 = each.value.runner_config.credit_specification
-
-  enable_runner_binaries_syncer    = each.value.runner_config.enable_runner_binaries_syncer
-  lambda_s3_bucket                 = var.lambda_s3_bucket
-  runners_lambda_s3_key            = var.runners_lambda_s3_key
-  runners_lambda_s3_object_version = var.runners_lambda_s3_object_version
-  lambda_runtime                   = var.lambda_runtime
-  lambda_architecture              = var.lambda_architecture
-  lambda_zip                       = var.runners_lambda_zip
-  lambda_scale_up_memory_size      = var.scale_up_lambda_memory_size
-  lambda_timeout_scale_up          = var.runners_scale_up_lambda_timeout
-  lambda_scale_down_memory_size    = var.scale_down_lambda_memory_size
-  lambda_timeout_scale_down        = var.runners_scale_down_lambda_timeout
-  lambda_subnet_ids                = var.lambda_subnet_ids
-  lambda_security_group_ids        = var.lambda_security_group_ids
-  lambda_tags                      = var.lambda_tags
-  tracing_config                   = var.tracing_config
-  logging_retention_in_days        = var.logging_retention_in_days
-  logging_kms_key_id               = var.logging_kms_key_id
-  enable_cloudwatch_agent          = each.value.runner_config.enable_cloudwatch_agent
-  cloudwatch_config                = try(coalesce(each.value.runner_config.cloudwatch_config, var.cloudwatch_config), null)
-  runner_log_files                 = each.value.runner_config.runner_log_files
-  runner_group_name                = each.value.runner_config.runner_group_name
-  runner_name_prefix               = each.value.runner_config.runner_name_prefix
+  sqs_build_queue                             = { "arn" : each.value.arn, "url" : each.value.url }
+  github_app_parameters                       = local.github_app_parameters
+  ebs_optimized                               = each.value.runner_config.ebs_optimized
+  enable_on_demand_failover_for_errors        = each.value.runner_config.enable_on_demand_failover_for_errors
+  enable_organization_runners                 = each.value.runner_config.enable_organization_runners
+  enable_ephemeral_runners                    = each.value.runner_config.enable_ephemeral_runners
+  enable_jit_config                           = each.value.runner_config.enable_jit_config
+  enable_job_queued_check                     = each.value.runner_config.enable_job_queued_check
+  enable_runner_workflow_job_labels_check_all = each.value.runner_config.enable_runner_workflow_job_labels_check_all
+  disable_runner_autoupdate                   = each.value.runner_config.disable_runner_autoupdate
+  enable_managed_runner_security_group        = var.enable_managed_runner_security_group
+  enable_runner_detailed_monitoring           = each.value.runner_config.enable_runner_detailed_monitoring
+  scale_down_schedule_expression              = each.value.runner_config.scale_down_schedule_expression
+  minimum_running_time_in_minutes             = each.value.runner_config.minimum_running_time_in_minutes
+  runner_boot_time_in_minutes                 = each.value.runner_config.runner_boot_time_in_minutes
+  runner_labels                               = sort(distinct(concat(["self-hosted", each.value.runner_config.runner_os, each.value.runner_config.runner_architecture], each.value.runner_config.runner_extra_labels)))
+  runner_as_root                              = each.value.runner_config.runner_as_root
+  runner_run_as                               = each.value.runner_config.runner_run_as
+  runners_maximum_count                       = each.value.runner_config.runners_maximum_count
+  idle_config                                 = each.value.runner_config.idle_config
+  enable_ssm_on_runners                       = each.value.runner_config.enable_ssm_on_runners
+  egress_rules                                = var.runner_egress_rules
+  runner_additional_security_group_ids        = try(coalescelist(each.value.runner_config.runner_additional_security_group_ids, var.runner_additional_security_group_ids), [])
+  metadata_options                            = each.value.runner_config.runner_metadata_options
+  credit_specification                        = each.value.runner_config.credit_specification
+  enable_runner_binaries_syncer               = each.value.runner_config.enable_runner_binaries_syncer
+  lambda_s3_bucket                            = var.lambda_s3_bucket
+  runners_lambda_s3_key                       = var.runners_lambda_s3_key
+  runners_lambda_s3_object_version            = var.runners_lambda_s3_object_version
+  lambda_runtime                              = var.lambda_runtime
+  lambda_architecture                         = var.lambda_architecture
+  lambda_zip                                  = var.runners_lambda_zip
+  lambda_scale_up_memory_size                 = var.scale_up_lambda_memory_size
+  lambda_timeout_scale_up                     = var.runners_scale_up_lambda_timeout
+  lambda_scale_down_memory_size               = var.scale_down_lambda_memory_size
+  lambda_timeout_scale_down                   = var.runners_scale_down_lambda_timeout
+  lambda_subnet_ids                           = var.lambda_subnet_ids
+  lambda_security_group_ids                   = var.lambda_security_group_ids
+  lambda_tags                                 = var.lambda_tags
+  tracing_config                              = var.tracing_config
+  logging_retention_in_days                   = var.logging_retention_in_days
+  logging_kms_key_id                          = var.logging_kms_key_id
+  enable_cloudwatch_agent                     = each.value.runner_config.enable_cloudwatch_agent
+  cloudwatch_config                           = try(coalesce(each.value.runner_config.cloudwatch_config, var.cloudwatch_config), null)
+  runner_log_files                            = each.value.runner_config.runner_log_files
+  runner_group_name                           = each.value.runner_config.runner_group_name
+  runner_name_prefix                          = each.value.runner_config.runner_name_prefix
 
   scale_up_reserved_concurrent_executions = each.value.runner_config.scale_up_reserved_concurrent_executions
 

modules/runners/README.md

@@ -155,6 +155,7 @@ yarn run dist
 | <a name="input_enable_organization_runners"></a> [enable\_organization\_runners](#input\_enable\_organization\_runners) | Register runners to organization, instead of repo level | `bool` | n/a | yes |
 | <a name="input_enable_runner_binaries_syncer"></a> [enable\_runner\_binaries\_syncer](#input\_enable\_runner\_binaries\_syncer) | Option to disable the lambda to sync GitHub runner distribution, useful when using a pre-build AMI. | `bool` | `true` | no |
 | <a name="input_enable_runner_detailed_monitoring"></a> [enable\_runner\_detailed\_monitoring](#input\_enable\_runner\_detailed\_monitoring) | Enable detailed monitoring for runners | `bool` | `false` | no |
+| <a name="input_enable_runner_workflow_job_labels_check_all"></a> [enable\_runner\_workflow\_job\_labels\_check\_all](#input\_enable\_runner\_workflow\_job\_labels\_check\_all) | If set to true all labels in the workflow job must match the GitHub labels (os, architecture and `self-hosted`). When false if __any__ label matches it will trigger the webhook. | `bool` | n/a | yes |
 | <a name="input_enable_ssm_on_runners"></a> [enable\_ssm\_on\_runners](#input\_enable\_ssm\_on\_runners) | Enable to allow access to the runner instances for debugging purposes via SSM. Note that this adds additional permissions to the runner instances. | `bool` | n/a | yes |
 | <a name="input_enable_user_data_debug_logging"></a> [enable\_user\_data\_debug\_logging](#input\_enable\_user\_data\_debug\_logging) | Option to enable debug logging for user-data, this logs all secrets as well. | `bool` | `false` | no |
 | <a name="input_enable_userdata"></a> [enable\_userdata](#input\_enable\_userdata) | Should the userdata script be enabled for the runner. Set this to false if you are using your own prebuilt AMI | `bool` | `true` | no |

modules/runners/variables.tf

@@ -721,3 +721,8 @@ variable "job_retry" {
     error_message = "The maxium message delay for SWS is 900 seconds."
   }
 }
+
+variable "enable_runner_workflow_job_labels_check_all" {
+  description = "If set to true all labels in the workflow job must match the GitHub labels (os, architecture and `self-hosted`). When false if __any__ label matches it will trigger the webhook."
+  type        = bool
+}