Update Terraform configurations and add Packer pipeline template

.terraform_commits

@@ -34,5 +34,41 @@
     "commit_message": "Refactor default.auto.tfvars and main.tf",
     "author": "arnol377",
     "timestamp": "2025-03-27T16:21:05.154328"
+  },
+  {
+    "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3",
+    "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners",
+    "author": "arnol377",
+    "timestamp": "2025-04-18T15:43:00.974992"
+  },
+  {
+    "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3",
+    "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners",
+    "author": "arnol377",
+    "timestamp": "2025-04-18T15:49:00.568207"
+  },
+  {
+    "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3",
+    "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners",
+    "author": "arnol377",
+    "timestamp": "2025-04-18T16:32:16.503568"
+  },
+  {
+    "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3",
+    "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners",
+    "author": "arnol377",
+    "timestamp": "2025-05-05T14:01:24.078604"
+  },
+  {
+    "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3",
+    "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners",
+    "author": "arnol377",
+    "timestamp": "2025-05-05T14:34:49.711580"
+  },
+  {
+    "commit_hash": "9b299b61b677f5f1ca77fc1889e50f5120a8f7b3",
+    "commit_message": "Merge branch 'main' of github.e.it.census.gov:CSVD/ghe-runners",
+    "author": "arnol377",
+    "timestamp": "2025-05-20T13:49:56.129780"
   }
 ]

backend.tf

@@ -3,6 +3,5 @@ terraform {
     bucket         = "inf-tfstate-229685449397"
     key            = "csvd-dev-gov/common/apps/ghe-runner"
     region         = "us-gov-east-1"
-    dynamodb_table = "tf_remote_state"
   }
 }

config_packer.hcl

@@ -0,0 +1,54 @@
+// Packer Pipeline Configuration Template
+// Generated by packer-pipeline
+
+packer_pipeline {
+  // Required parameters
+  repo_path            = "./my-packer-repo"              // Path to the local repository to upload
+  packer_vars_file     = "vars.pkrvars.hcl"       // Path to the Packer variables file (.pkrvars.hcl or .json)
+  packer_template_file = "template.pkr.hcl"   // Relative path within the repo to the Packer template
+  s3_bucket            = "my-packer-artifacts"              // Name of the S3 bucket for artifacts
+  assets_bucket        = "my-packer-assets"          // Name of the S3 bucket containing tool assets
+  codebuild_project_name = "packer-pipeline-project" // Name for the CodeBuild project
+
+  // Tool Configuration
+  tools = [
+    {
+      name         = "packer"
+      version      = "1.9.4"
+      zip_path     = "packer_1.9.4_linux_amd64.zip"
+      binary_name  = "packer"
+      install_path = "/usr/local/bin"
+    }
+  ]
+
+  // AWS Account Configuration (Optional)
+  account_number       = "123456789012"         // AWS account number
+  partition           = "aws-us-gov"              // AWS partition (aws or aws-us-gov)
+
+  // Role Management (choose one)
+  create_role         = True                // Enable automatic role creation
+  // codebuild_role_arn = ""    // OR specify an existing role ARN
+
+  // Region Configuration
+  aws_region         = "us-gov-west-1"              // AWS region
+  gov_cloud         = True                   // Use AWS GovCloud partition (auto-detected from region if not set)
+
+  // Optional Configuration
+  s3_key_prefix      = "packer-builds/"           // Prefix for S3 keys
+  compute_type       = "BUILD_GENERAL1_SMALL"            // CodeBuild compute type
+  image              = "aws/codebuild/amazonlinux2-x86_64-standard:4.0"                   // CodeBuild image
+  buildspec_template = "buildspec.yml.j2"       // Buildspec template file
+
+  // Directory Exclusions
+  exclude_dirs = ['.git', 'node_modules', 'dist', 'build']
+
+  // VPC Configuration (Optional)
+  vpc_config {
+    vpc_id             = "vpc-00576a396ec570b94"            // VPC ID
+    subnet_ids         = ['subnet-0b1992a84536c581b']            // List of subnet IDs
+    security_group_ids = ['sg-0641c697588b9aa6b']    // List of security group IDs
+  }
+
+  // Environment Variables (Optional)
+  environment_variables = {'EXAMPLE_VAR': 'value'}
+}

iam.tf

@@ -4,3 +4,8 @@ resource "aws_iam_policy" "policy" {
   description = "Enables Github Actions access to State Config"
   policy      = file("${path.module}/iam_policy/session_configuration.json")
 }
+
+# import {
+#   id = "arn:aws-us-gov:iam::229685449397:policy/SCT-Engineering-state-access"
+#   to = aws_iam_policy.policy
+# }

imports.tf

@@ -0,0 +1,10 @@
+# import {}
+
+# module.github-runner.aws_iam_policy.secretsmanager_policy
+# module.github-runner.aws_iam_policy.certs_policy[0]
+# module.github-runner.aws_iam_role.ecs_task_role
+# module.github-runner.aws_iam_role.ecs_task_execution_role
+#import {
+#  to = aws_ecs_cluster.github-runner[0]
+#  id = "ecs-ghe-runners-us-gov-west-1"
+#}

main.tf

@@ -97,12 +97,31 @@ locals {
   ]
 }
 
+
+module "ecr-clone" {
+  source           = "HappyPathway/ecr-clone/aws"
+  registry_name = "github-runners"
+  image_config = [
+    {
+        enabled         = true
+        dest_path       = null
+        name            = var.image_name
+        source_image    = "h1g9x7n8/${var.image_name}"
+        source_registry = "public.ecr.aws"
+        source_tag      = var.image_version
+        tag             = var.image_version
+    }
+  ]
+  tags         = {}
+}
+
+
 module "github-runner" {
   # for_each     = toset([for repo in local.all_repos : repo])
   source      = "HappyPathway/github-runner/ecs"
   ecs_cluster = local.ecs_cluster.name
   hostname    = var.repo_org
-  image       = "229685449397.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/github-runners/${var.image_name}:${var.image_version}"
+  image       = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/github-runners/${var.image_name}:${var.image_version}"
   repo_org    = var.repo_org
   # repo_name    = each.value
   namespace = "${lower(var.repo_org)}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
@@ -126,7 +145,8 @@ module "github-runner" {
     "${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}",
     data.aws_caller_identity.current.account_id,
     data.aws_region.current.name,
-    "ecs-github-runner"
+    "ecs-github-runner",
+    "ubuntu-latest"
   ]
   certs = var.certs
   network_configuration = {
@@ -137,7 +157,8 @@ module "github-runner" {
   tag = "github-runner"
   depends_on = [
     aws_iam_policy.policy,
-    aws_ecs_cluster.github-runner
+    aws_ecs_cluster.github-runner,
+    module.ecr-clone
   ]
 }
 

terraform_data_dirs/csvd/environment

@@ -0,0 +1 @@
+sct-engineering

terraform_data_dirs/csvd/modules/modules.json

@@ -0,0 +1 @@
+{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"ecr-clone","Source":"registry.terraform.io/HappyPathway/ecr-clone/aws","Version":"0.0.30","Dir":"/data/terraform/workspaces/arnol377/git/ghe-runner/terraform_data_dirs/csvd/modules/ecr-clone"},{"Key":"github-runner","Source":"registry.terraform.io/HappyPathway/github-runner/ecs","Version":"0.0.92","Dir":"/data/terraform/workspaces/arnol377/git/ghe-runner/terraform_data_dirs/csvd/modules/github-runner"}]}

terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64

@@ -0,0 +1 @@
+/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64

terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64

@@ -0,0 +1 @@
+/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64

terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64

@@ -0,0 +1 @@
+/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64

terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64

@@ -0,0 +1 @@
+/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64

terraform_data_dirs/csvd/providers/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64

@@ -0,0 +1 @@
+/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64

terraform_data_dirs/sct-engineering/modules/modules.json

@@ -0,0 +1 @@
+{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"github-runner","Source":"registry.terraform.io/HappyPathway/github-runner/ecs","Version":"0.0.92","Dir":"/data/terraform/workspaces/arnol377/git/ghe-runner/terraform_data_dirs/sct-engineering/modules/github-runner"}]}

terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64

@@ -0,0 +1 @@
+/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/aws/5.70.0/linux_amd64

terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64

@@ -0,0 +1 @@
+/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/dns/3.4.2/linux_amd64

terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64

@@ -0,0 +1 @@
+/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/github/6.3.1/linux_amd64

terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/local/2.5.2/linux_amd64

@@ -0,0 +1 @@
+/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/local/2.5.2/linux_amd64

terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64

@@ -0,0 +1 @@
+/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/null/3.2.3/linux_amd64

terraform_data_dirs/sct-engineering/providers/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64

@@ -0,0 +1 @@
+/data/terraform/workspaces/arnol377/terraform-plugin-cache/registry.terraform.io/hashicorp/random/3.6.3/linux_amd64

varfiles/csvd.json

@@ -0,0 +1,4 @@
+{
+    "GITHUB_OWNER": "CSVD",
+    "TF_WORKSPACE_COLOR": 32
+}

varfiles/csvd.tfvars

@@ -15,4 +15,6 @@ certs = {
 # ]
 # security_groups = [
 #   "sg-03cbf2a626ed55c7e"
-# ]
+# ]
+image_name    = "github-runner"
+image_version = "1.68.0"

varfiles/sct-engineering.json

@@ -0,0 +1,5 @@
+{
+    "GITHUB_OWNER": "SCT-Engineering",
+    "TF_WORKSPACE_COLOR": 96
+
+}

varfiles/sct-engineering.tfvars

@@ -1,3 +1,6 @@
 namespace     = "sct-eng-ghe-runner"
 repo_org      = "SCT-Engineering"
 desired_count = 1
+create_ecs_cluster = false
+image_name    = "github-runner"
+image_version = "1.68.0"