fix: define user agent (#4394)

## Desription Setting the user-agent to call API call. By default the agent is set to `aws-github-runners` the value can be overriden. ## Notes cc: @SvanBoxel --------- Co-authored-by: github-aws-runners-pr|bot <github-aws-runners-pr[bot]@users.noreply.github.com>
github-aws-runners · Feb 5, 2025 · 95c9b8a · 95c9b8a
1 parent 8a387b8
commit 95c9b8a
Show file tree

Hide file tree

Showing 18 changed files with 34 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -221,6 +221,7 @@ Join our discord community via [this invite link](https://discord.gg/bxgXW8jJGh)
 | <a name="input_syncer_lambda_s3_object_version"></a> [syncer\_lambda\_s3\_object\_version](#input\_syncer\_lambda\_s3\_object\_version) | S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no |
 | <a name="input_tracing_config"></a> [tracing\_config](#input\_tracing\_config) | Configuration for lambda tracing. | <pre>object({<br/>    mode                  = optional(string, null)<br/>    capture_http_requests = optional(bool, false)<br/>    capture_error         = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_user_agent"></a> [user\_agent](#input\_user\_agent) | User agent used for API calls by lambda functions. | `string` | `"github-aws-runners"` | no |
 | <a name="input_userdata_content"></a> [userdata\_content](#input\_userdata\_content) | Alternative user-data content, replacing the templated one. By providing your own user\_data you have to take care of installing all required software, including the action runner and registering the runner.  Be-aware configuration paramaters in SSM as well as tags are treated as internals. Changes will not trigger a breaking release. | `string` | `null` | no |
 | <a name="input_userdata_post_install"></a> [userdata\_post\_install](#input\_userdata\_post\_install) | Script to be ran after the GitHub Actions runner is installed on the EC2 instances | `string` | `""` | no |
 | <a name="input_userdata_pre_install"></a> [userdata\_pre\_install](#input\_userdata\_pre\_install) | Script to be ran before the GitHub Actions runner is installed on the EC2 instances | `string` | `""` | no |

diff --git a/lambdas/functions/control-plane/src/github/auth.ts b/lambdas/functions/control-plane/src/github/auth.ts
@@ -29,6 +29,7 @@ export async function createOctokitClient(token: string, ghesApiUrl = ''): Promi
 
   return new CustomOctokit({
     ...ocktokitOptions,
+    userAgent: process.env.USER_AGENT || 'github-aws-runners',
     throttle: {
       onRateLimit: (retryAfter: number, options: Required<EndpointDefaults>) => {
         logger.warn(

diff --git a/main.tf b/main.tf
@@ -256,6 +256,7 @@ module "runners" {
 
   ghes_url        = var.ghes_url
   ghes_ssl_verify = var.ghes_ssl_verify
+  user_agent      = var.user_agent
 
   kms_key_arn = var.kms_key_arn
 

diff --git a/modules/multi-runner/README.md b/modules/multi-runner/README.md
@@ -178,6 +178,7 @@ module "multi-runner" {
 | <a name="input_syncer_lambda_s3_object_version"></a> [syncer\_lambda\_s3\_object\_version](#input\_syncer\_lambda\_s3\_object\_version) | S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket. | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no |
 | <a name="input_tracing_config"></a> [tracing\_config](#input\_tracing\_config) | Configuration for lambda tracing. | <pre>object({<br/>    mode                  = optional(string, null)<br/>    capture_http_requests = optional(bool, false)<br/>    capture_error         = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_user_agent"></a> [user\_agent](#input\_user\_agent) | User agent used for API calls by lambda functions. | `string` | `"github-aws-runners"` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | The VPC for security groups of the action runners. | `string` | n/a | yes |
 | <a name="input_webhook_lambda_apigateway_access_log_settings"></a> [webhook\_lambda\_apigateway\_access\_log\_settings](#input\_webhook\_lambda\_apigateway\_access\_log\_settings) | Access log settings for webhook API gateway. | <pre>object({<br/>    destination_arn = string<br/>    format          = string<br/>  })</pre> | `null` | no |
 | <a name="input_webhook_lambda_memory_size"></a> [webhook\_lambda\_memory\_size](#input\_webhook\_lambda\_memory\_size) | Memory size limit in MB for webhook lambda. | `number` | `256` | no |

diff --git a/modules/multi-runner/runners.tf b/modules/multi-runner/runners.tf
@@ -102,6 +102,7 @@ module "runners" {
 
   ghes_url        = var.ghes_url
   ghes_ssl_verify = var.ghes_ssl_verify
+  user_agent      = var.user_agent
 
   kms_key_arn = var.kms_key_arn
 

diff --git a/modules/multi-runner/variables.tf b/modules/multi-runner/variables.tf
@@ -671,3 +671,9 @@ variable "eventbridge" {
 
   default = {}
 }
+
+variable "user_agent" {
+  description = "User agent used for API calls by lambda functions."
+  type        = string
+  default     = "github-aws-runners"
+}
diff --git a/modules/runners/README.md b/modules/runners/README.md
@@ -223,6 +223,7 @@ yarn run dist
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`. | `list(string)` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Map of tags that will be added to created resources. By default resources will be tagged with name. | `map(string)` | `{}` | no |
 | <a name="input_tracing_config"></a> [tracing\_config](#input\_tracing\_config) | Configuration for lambda tracing. | <pre>object({<br/>    mode                  = optional(string, null)<br/>    capture_http_requests = optional(bool, false)<br/>    capture_error         = optional(bool, false)<br/>  })</pre> | `{}` | no |
+| <a name="input_user_agent"></a> [user\_agent](#input\_user\_agent) | User agent used for API calls. | `string` | `null` | no |
 | <a name="input_userdata_content"></a> [userdata\_content](#input\_userdata\_content) | Alternative user-data content, replacing the templated one. By providing your own user\_data you have to take care of installing all required software, including the action runner and registering the runner.  Be-aware configuration paramaters in SSM as well as tags are treated as internals. Changes will not trigger a breaking release. | `string` | `null` | no |
 | <a name="input_userdata_post_install"></a> [userdata\_post\_install](#input\_userdata\_post\_install) | User-data script snippet to insert after GitHub action runner install | `string` | `""` | no |
 | <a name="input_userdata_pre_install"></a> [userdata\_pre\_install](#input\_userdata\_pre\_install) | User-data script snippet to insert before GitHub action runner install | `string` | `""` | no |

diff --git a/modules/runners/job-retry/README.md b/modules/runners/job-retry/README.md
@@ -42,7 +42,7 @@ The module is an inner module and used by the runner module when the opt-in feat
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_config"></a> [config](#input\_config) | Configuration for the spot termination watcher lambda function.<br/><br/>`aws_partition`: Partition for the base arn if not 'aws'<br/>`architecture`: AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86\_64' functions.<br/>`environment_variables`: Environment variables for the lambda.<br/>`enable_organization_runners`: Enable organization runners.<br/>`enable_metric`: Enable metric for the lambda. If `spot_warning` is set to true, the lambda will emit a metric when it detects a spot termination warning.<br/>'ghes\_url': Optional GitHub Enterprise Server URL.<br/>'github\_app\_parameters': Parameter Store for GitHub App Parameters.<br/>'kms\_key\_arn': Optional CMK Key ARN instead of using the default AWS managed key.<br/>`lambda_principals`: Add extra principals to the role created for execution of the lambda, e.g. for local testing.<br/>`lambda_tags`: Map of tags that will be added to created resources. By default resources will be tagged with name and environment.<br/>`log_level`: Logging level for lambda logging. Valid values are  'silly', 'trace', 'debug', 'info', 'warn', 'error', 'fatal'.<br/>`logging_kms_key_id`: Specifies the kms key id to encrypt the logs with<br/>`logging_retention_in_days`: Specifies the number of days you want to retain log events for the lambda log group. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653.<br/>`memory_size`: Memory size linit in MB of the lambda.<br/>`metrics`: Configuration to enable metrics creation by the lambda.<br/>`prefix`: The prefix used for naming resources.<br/>`role_path`: The path that will be added to the role, if not set the environment name will be used.<br/>`role_permissions_boundary`: Permissions boundary that will be added to the created role for the lambda.<br/>`runtime`: AWS Lambda runtime.<br/>`s3_bucket`: S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly.<br/>`s3_key`: S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas.<br/>`s3_object_version`: S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket.<br/>`security_group_ids`: List of security group IDs associated with the Lambda function.<br/>'sqs\_build\_queue': SQS queue for build events to re-publish job request.<br/>`subnet_ids`: List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`.<br/>`tag_filters`: Map of tags that will be used to filter the resources to be tracked. Only for which all tags are present and starting with the same value as the value in the map will be tracked.<br/>`tags`: Map of tags that will be added to created resources. By default resources will be tagged with name and environment.<br/>`timeout`: Time out of the lambda in seconds.<br/>`tracing_config`: Configuration for lambda tracing.<br/>`zip`: File location of the lambda zip file. | <pre>object({<br/>    aws_partition               = optional(string, null)<br/>    architecture                = optional(string, null)<br/>    enable_organization_runners = bool<br/>    environment_variables       = optional(map(string), {})<br/>    ghes_url                    = optional(string, null)<br/>    github_app_parameters = object({<br/>      key_base64 = map(string)<br/>      id         = map(string)<br/>    })<br/>    kms_key_arn               = optional(string, null)<br/>    lambda_tags               = optional(map(string), {})<br/>    log_level                 = optional(string, null)<br/>    logging_kms_key_id        = optional(string, null)<br/>    logging_retention_in_days = optional(number, null)<br/>    memory_size               = optional(number, null)<br/>    metrics = optional(object({<br/>      enable    = optional(bool, false)<br/>      namespace = optional(string, null)<br/>      metric = optional(object({<br/>        enable_github_app_rate_limit = optional(bool, true)<br/>        enable_job_retry             = optional(bool, true)<br/>      }), {})<br/>    }), {})<br/>    prefix = optional(string, null)<br/>    principals = optional(list(object({<br/>      type        = string<br/>      identifiers = list(string)<br/>    })), [])<br/>    queue_encryption = optional(object({<br/>      kms_data_key_reuse_period_seconds = optional(number, null)<br/>      kms_master_key_id                 = optional(string, null)<br/>      sqs_managed_sse_enabled           = optional(bool, true)<br/>    }), {})<br/>    role_path                 = optional(string, null)<br/>    role_permissions_boundary = optional(string, null)<br/>    runtime                   = optional(string, null)<br/>    security_group_ids        = optional(list(string), [])<br/>    subnet_ids                = optional(list(string), [])<br/>    s3_bucket                 = optional(string, null)<br/>    s3_key                    = optional(string, null)<br/>    s3_object_version         = optional(string, null)<br/>    sqs_build_queue = object({<br/>      url = string<br/>      arn = string<br/>    })<br/>    tags    = optional(map(string), {})<br/>    timeout = optional(number, 30)<br/>    tracing_config = optional(object({<br/>      mode                  = optional(string, null)<br/>      capture_http_requests = optional(bool, false)<br/>      capture_error         = optional(bool, false)<br/>    }), {})<br/>    zip = optional(string, null)<br/>  })</pre> | n/a | yes |
+| <a name="input_config"></a> [config](#input\_config) | Configuration for the spot termination watcher lambda function.<br/><br/>`aws_partition`: Partition for the base arn if not 'aws'<br/>`architecture`: AWS Lambda architecture. Lambda functions using Graviton processors ('arm64') tend to have better price/performance than 'x86\_64' functions.<br/>`environment_variables`: Environment variables for the lambda.<br/>`enable_organization_runners`: Enable organization runners.<br/>`enable_metric`: Enable metric for the lambda. If `spot_warning` is set to true, the lambda will emit a metric when it detects a spot termination warning.<br/>'ghes\_url': Optional GitHub Enterprise Server URL.<br/>'user\_agent': Optional User-Agent header for GitHub API requests.<br/>'github\_app\_parameters': Parameter Store for GitHub App Parameters.<br/>'kms\_key\_arn': Optional CMK Key ARN instead of using the default AWS managed key.<br/>`lambda_principals`: Add extra principals to the role created for execution of the lambda, e.g. for local testing.<br/>`lambda_tags`: Map of tags that will be added to created resources. By default resources will be tagged with name and environment.<br/>`log_level`: Logging level for lambda logging. Valid values are  'silly', 'trace', 'debug', 'info', 'warn', 'error', 'fatal'.<br/>`logging_kms_key_id`: Specifies the kms key id to encrypt the logs with<br/>`logging_retention_in_days`: Specifies the number of days you want to retain log events for the lambda log group. Possible values are: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653.<br/>`memory_size`: Memory size linit in MB of the lambda.<br/>`metrics`: Configuration to enable metrics creation by the lambda.<br/>`prefix`: The prefix used for naming resources.<br/>`role_path`: The path that will be added to the role, if not set the environment name will be used.<br/>`role_permissions_boundary`: Permissions boundary that will be added to the created role for the lambda.<br/>`runtime`: AWS Lambda runtime.<br/>`s3_bucket`: S3 bucket from which to specify lambda functions. This is an alternative to providing local files directly.<br/>`s3_key`: S3 key for syncer lambda function. Required if using S3 bucket to specify lambdas.<br/>`s3_object_version`: S3 object version for syncer lambda function. Useful if S3 versioning is enabled on source bucket.<br/>`security_group_ids`: List of security group IDs associated with the Lambda function.<br/>'sqs\_build\_queue': SQS queue for build events to re-publish job request.<br/>`subnet_ids`: List of subnets in which the action runners will be launched, the subnets needs to be subnets in the `vpc_id`.<br/>`tag_filters`: Map of tags that will be used to filter the resources to be tracked. Only for which all tags are present and starting with the same value as the value in the map will be tracked.<br/>`tags`: Map of tags that will be added to created resources. By default resources will be tagged with name and environment.<br/>`timeout`: Time out of the lambda in seconds.<br/>`tracing_config`: Configuration for lambda tracing.<br/>`zip`: File location of the lambda zip file. | <pre>object({<br/>    aws_partition               = optional(string, null)<br/>    architecture                = optional(string, null)<br/>    enable_organization_runners = bool<br/>    environment_variables       = optional(map(string), {})<br/>    ghes_url                    = optional(string, null)<br/>    user_agent                  = optional(string, null)<br/>    github_app_parameters = object({<br/>      key_base64 = map(string)<br/>      id         = map(string)<br/>    })<br/>    kms_key_arn               = optional(string, null)<br/>    lambda_tags               = optional(map(string), {})<br/>    log_level                 = optional(string, null)<br/>    logging_kms_key_id        = optional(string, null)<br/>    logging_retention_in_days = optional(number, null)<br/>    memory_size               = optional(number, null)<br/>    metrics = optional(object({<br/>      enable    = optional(bool, false)<br/>      namespace = optional(string, null)<br/>      metric = optional(object({<br/>        enable_github_app_rate_limit = optional(bool, true)<br/>        enable_job_retry             = optional(bool, true)<br/>      }), {})<br/>    }), {})<br/>    prefix = optional(string, null)<br/>    principals = optional(list(object({<br/>      type        = string<br/>      identifiers = list(string)<br/>    })), [])<br/>    queue_encryption = optional(object({<br/>      kms_data_key_reuse_period_seconds = optional(number, null)<br/>      kms_master_key_id                 = optional(string, null)<br/>      sqs_managed_sse_enabled           = optional(bool, true)<br/>    }), {})<br/>    role_path                 = optional(string, null)<br/>    role_permissions_boundary = optional(string, null)<br/>    runtime                   = optional(string, null)<br/>    security_group_ids        = optional(list(string), [])<br/>    subnet_ids                = optional(list(string), [])<br/>    s3_bucket                 = optional(string, null)<br/>    s3_key                    = optional(string, null)<br/>    s3_object_version         = optional(string, null)<br/>    sqs_build_queue = object({<br/>      url = string<br/>      arn = string<br/>    })<br/>    tags    = optional(map(string), {})<br/>    timeout = optional(number, 30)<br/>    tracing_config = optional(object({<br/>      mode                  = optional(string, null)<br/>      capture_http_requests = optional(bool, false)<br/>      capture_error         = optional(bool, false)<br/>    }), {})<br/>    zip = optional(string, null)<br/>  })</pre> | n/a | yes |
 
 ## Outputs
 

diff --git a/modules/runners/job-retry/main.tf b/modules/runners/job-retry/main.tf
@@ -7,6 +7,7 @@ locals {
     ENABLE_METRIC_JOB_RETRY              = var.config.metrics.enable && var.config.metrics.metric.enable_job_retry
     ENABLE_METRIC_GITHUB_APP_RATE_LIMIT  = var.config.metrics.enable && var.config.metrics.metric.enable_github_app_rate_limit
     GHES_URL                             = var.config.ghes_url
+    USER_AGENT                           = var.config.user_agent
     JOB_QUEUE_SCALE_UP_URL               = var.config.sqs_build_queue.url
     PARAMETER_GITHUB_APP_ID_NAME         = var.config.github_app_parameters.id.name
     PARAMETER_GITHUB_APP_KEY_BASE64_NAME = var.config.github_app_parameters.key_base64.name

diff --git a/modules/runners/job-retry/variables.tf b/modules/runners/job-retry/variables.tf
@@ -8,6 +8,7 @@ variable "config" {
     `enable_organization_runners`: Enable organization runners.
     `enable_metric`: Enable metric for the lambda. If `spot_warning` is set to true, the lambda will emit a metric when it detects a spot termination warning.
     'ghes_url': Optional GitHub Enterprise Server URL.
+    'user_agent': Optional User-Agent header for GitHub API requests.
     'github_app_parameters': Parameter Store for GitHub App Parameters.
     'kms_key_arn': Optional CMK Key ARN instead of using the default AWS managed key.
     `lambda_principals`: Add extra principals to the role created for execution of the lambda, e.g. for local testing.
@@ -39,6 +40,7 @@ variable "config" {
     enable_organization_runners = bool
     environment_variables       = optional(map(string), {})
     ghes_url                    = optional(string, null)
+    user_agent                  = optional(string, null)
     github_app_parameters = object({
       key_base64 = map(string)
       id         = map(string)

diff --git a/modules/runners/pool.tf b/modules/runners/pool.tf
@@ -9,6 +9,7 @@ module "pool" {
       ssl_verify = var.ghes_ssl_verify
       url        = var.ghes_url
     }
+    user_agent                    = var.user_agent
     github_app_parameters         = var.github_app_parameters
     instance_allocation_strategy  = var.instance_allocation_strategy
     instance_max_spot_price       = var.instance_max_spot_price