Merge branch 'main' into typos

viksuper555 · web-flow · commit f7efc3a2170c · 2025-12-19T12:06:24.000+02:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -31,7 +31,7 @@ jobs:
 
     steps:
     - name: Harden the runner (Audit all outbound calls)
-      uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -24,7 +24,7 @@ jobs:
       pull-requests: write # for actions/dependency-review-action to comment on PRs
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/lambda.yml b/.github/workflows/lambda.yml
@@ -27,7 +27,7 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/mkdocs/requirements.txt b/.github/workflows/mkdocs/requirements.txt
@@ -251,9 +251,9 @@ pygments==2.19.2 \
     --hash=sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887 \
     --hash=sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b
     # via mkdocs-material
-pymdown-extensions==10.16 \
-    --hash=sha256:71dac4fca63fabeffd3eb9038b756161a33ec6e8d230853d3cecf562155ab3de \
-    --hash=sha256:f5dd064a4db588cb2d95229fc4ee63a1b16cc8b4d0e6145c0899ed8723da1df2
+pymdown-extensions==10.16.1 \
+    --hash=sha256:aace82bcccba3efc03e25d584e6a22d27a8e17caa3f4dd9f207e49b787aa9a91 \
+    --hash=sha256:d6ba157a6c03146a7fb122b2b9a121300056384eafeec9c9f9e584adfdb2a32d
     # via mkdocs-material
 python-dateutil==2.9.0.post0 \
     --hash=sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3 \
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml
@@ -34,7 +34,7 @@ jobs:
         working-directory: images/${{ matrix.image }}
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -24,7 +24,7 @@ jobs:
       attestations: write # for actions/attest-build-provenance to write attestations
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
@@ -39,7 +39,7 @@ jobs:
         working-directory: lambdas
         run: yarn install --frozen-lockfile && yarn run test && yarn dist
       - name: Get installation token
-        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
         id: token
         with:
           app-id: ${{ vars.RELEASER_APP_ID }}
diff --git a/.github/workflows/semantic-check.yml b/.github/workflows/semantic-check.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -18,7 +18,7 @@ jobs:
       pull-requests: write # for actions/stale to close stale PRs
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -26,7 +26,7 @@ jobs:
       image: hashicorp/terraform:${{ matrix.terraform }}
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
@@ -100,7 +100,7 @@ jobs:
       image: hashicorp/terraform:${{ matrix.terraform }}
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
@@ -165,7 +165,7 @@ jobs:
       image: hashicorp/terraform:${{ matrix.terraform }}
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml
@@ -22,7 +22,7 @@ jobs:
       pull-requests: write # for peter-evans/create-pull-request to create PRs with doc updates
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
@@ -72,7 +72,7 @@ jobs:
       contents: write # for actions/checkout and mkdocs gh-deploy to push to gh-pages branch
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
         with:
           egress-policy: audit
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,18 @@
 # Changelog
 
+## [7.1.0](https://github.com/github-aws-runners/terraform-aws-github-runner/compare/v7.0.0...v7.1.0) (2025-12-18)
+
+
+### Features
+
+* **dispatch:** enhance logging for workflow job events and dispatch status ([#4964](https://github.com/github-aws-runners/terraform-aws-github-runner/issues/4964)) ([612f2b8](https://github.com/github-aws-runners/terraform-aws-github-runner/commit/612f2b81e6bb33a33bcf13a288927c06de11a556))
+
+
+### Bug Fixes
+
+* **lambda:** bump @octokit/webhooks from 14.1.3 to 14.2.0 in /lambdas in the octokit group ([#4955](https://github.com/github-aws-runners/terraform-aws-github-runner/issues/4955)) ([47b6a29](https://github.com/github-aws-runners/terraform-aws-github-runner/commit/47b6a29c46e5a2d12beb6ed827fe52fdd4f1e127))
+* **lambda:** bump the aws group in /lambdas with 6 updates ([#4954](https://github.com/github-aws-runners/terraform-aws-github-runner/issues/4954)) ([81e461e](https://github.com/github-aws-runners/terraform-aws-github-runner/commit/81e461edfe77e342867561097e2241030841aabe))
+
 ## [7.0.0](https://github.com/github-aws-runners/terraform-aws-github-runner/compare/v6.10.1...v7.0.0) (2025-12-13)
 
 
diff --git a/lambdas/functions/ami-housekeeper/package.json b/lambdas/functions/ami-housekeeper/package.json
@@ -26,8 +26,8 @@
   "dependencies": {
     "@aws-github-runner/aws-powertools-util": "*",
     "@aws-github-runner/aws-ssm-util": "*",
-    "@aws-sdk/client-ec2": "^3.943.0",
-    "@aws-sdk/client-ssm": "^3.943.0",
+    "@aws-sdk/client-ec2": "^3.948.0",
+    "@aws-sdk/client-ssm": "^3.948.0",
     "cron-parser": "^5.4.0"
   },
   "nx": {
diff --git a/lambdas/functions/control-plane/package.json b/lambdas/functions/control-plane/package.json
@@ -33,8 +33,8 @@
     "@aws-github-runner/aws-powertools-util": "*",
     "@aws-github-runner/aws-ssm-util": "*",
     "@aws-lambda-powertools/parameters": "^2.29.0",
-    "@aws-sdk/client-ec2": "^3.943.0",
-    "@aws-sdk/client-sqs": "^3.943.0",
+    "@aws-sdk/client-ec2": "^3.948.0",
+    "@aws-sdk/client-sqs": "^3.948.0",
     "@middy/core": "^6.4.5",
     "@octokit/auth-app": "8.1.2",
     "@octokit/core": "7.0.6",
diff --git a/lambdas/functions/gh-agent-syncer/package.json b/lambdas/functions/gh-agent-syncer/package.json
@@ -28,8 +28,8 @@
   },
   "dependencies": {
     "@aws-github-runner/aws-powertools-util": "*",
-    "@aws-sdk/client-s3": "^3.943.0",
-    "@aws-sdk/lib-storage": "^3.943.0",
+    "@aws-sdk/client-s3": "^3.948.0",
+    "@aws-sdk/lib-storage": "^3.948.0",
     "@middy/core": "^6.4.5",
     "@octokit/rest": "22.0.1",
     "axios": "^1.13.2"
diff --git a/lambdas/functions/termination-watcher/package.json b/lambdas/functions/termination-watcher/package.json
@@ -24,7 +24,7 @@
   },
   "dependencies": {
     "@aws-github-runner/aws-powertools-util": "*",
-    "@aws-sdk/client-ec2": "^3.943.0",
+    "@aws-sdk/client-ec2": "^3.948.0",
     "@middy/core": "^6.4.5"
   },
   "nx": {
diff --git a/lambdas/functions/webhook/package.json b/lambdas/functions/webhook/package.json
@@ -17,7 +17,7 @@
     "all": "yarn build && yarn format && yarn lint && yarn test"
   },
   "devDependencies": {
-    "@aws-sdk/client-eventbridge": "^3.943.0",
+    "@aws-sdk/client-eventbridge": "^3.948.0",
     "@octokit/webhooks-types": "^7.6.1",
     "@types/aws-lambda": "^8.10.155",
     "@types/express": "^5.0.3",
@@ -30,11 +30,11 @@
   "dependencies": {
     "@aws-github-runner/aws-powertools-util": "*",
     "@aws-github-runner/aws-ssm-util": "*",
-    "@aws-sdk/client-sqs": "^3.943.0",
+    "@aws-sdk/client-sqs": "^3.948.0",
     "@middy/core": "^6.4.5",
     "@octokit/rest": "22.0.1",
     "@octokit/types": "^16.0.0",
-    "@octokit/webhooks": "^14.1.3",
+    "@octokit/webhooks": "^14.2.0",
     "aws-lambda": "^1.0.7"
   },
   "nx": {
diff --git a/lambdas/functions/webhook/src/runners/dispatch.ts b/lambdas/functions/webhook/src/runners/dispatch.ts
@@ -36,6 +36,12 @@ async function handleWorkflowJob(
       body: `Workflow job not queued, not dispatching to queue.`,
     };
   }
+
+  logger.debug(
+    `Processing workflow job event - Repository: ${body.repository.full_name}, ` +
+      `Job ID: ${body.workflow_job.id}, Job Name: ${body.workflow_job.name}, ` +
+      `Run ID: ${body.workflow_job.run_id}, Labels: ${JSON.stringify(body.workflow_job.labels)}`,
+  );
   // sort the queuesConfig by order of matcher config exact match, with all true matches lined up ahead.
   matcherConfig.sort((a, b) => {
     return a.matcherConfig.exactMatch === b.matcherConfig.exactMatch ? 0 : a.matcherConfig.exactMatch ? -1 : 1;
@@ -51,7 +57,10 @@ async function handleWorkflowJob(
         queueId: queue.id,
         repoOwnerType: body.repository.owner.type,
       });
-      logger.info(`Successfully dispatched job for ${body.repository.full_name} to the queue ${queue.id}`);
+      logger.info(
+        `Successfully dispatched job for ${body.repository.full_name} to the queue ${queue.id} - ` +
+          `Job ID: ${body.workflow_job.id}, Job Name: ${body.workflow_job.name}, Run ID: ${body.workflow_job.run_id}`,
+      );
       return {
         statusCode: 201,
         body: `Successfully queued job for ${body.repository.full_name} to the queue ${queue.id}`,
@@ -61,7 +70,9 @@ async function handleWorkflowJob(
   const notAcceptedErrorMsg = `Received event contains runner labels '${body.workflow_job.labels}' from '${
     body.repository.full_name
   }' that are not accepted.`;
-  logger.warn(notAcceptedErrorMsg);
+  logger.warn(
+    `${notAcceptedErrorMsg} - Job ID: ${body.workflow_job.id}, Job Name: ${body.workflow_job.name}, Run ID: ${body.workflow_job.run_id}`,
+  );
   return { statusCode: 202, body: notAcceptedErrorMsg };
 }
 
diff --git a/lambdas/libs/aws-ssm-util/package.json b/lambdas/libs/aws-ssm-util/package.json
@@ -23,7 +23,7 @@
   },
   "dependencies": {
     "@aws-github-runner/aws-powertools-util": "*",
-    "@aws-sdk/client-ssm": "^3.943.0"
+    "@aws-sdk/client-ssm": "^3.948.0"
   },
   "nx": {
     "includedScripts": [
diff --git a/lambdas/package.json b/lambdas/package.json
@@ -25,9 +25,9 @@
   },
   "devDependencies": {
     "@eslint/eslintrc": "^3.3.1",
-    "@nx/eslint": "22.1.2",
-    "@nx/js": "^22.1.2",
-    "@nx/vite": "^22.1.2",
+    "@nx/eslint": "22.2.0",
+    "@nx/js": "^22.2.0",
+    "@nx/vite": "^22.2.0",
     "@swc-node/register": "~1.11.1",
     "@swc/core": "~1.15.0",
     "@swc/helpers": "~0.5.17",
diff --git a/lambdas/yarn.lock b/lambdas/yarn.lock
