diff --git a/docs/layers/github-actions/eks-github-actions-controller.mdx b/docs/layers/github-actions/eks-github-actions-controller.mdx
index c991fb401..70db5a200 100644
--- a/docs/layers/github-actions/eks-github-actions-controller.mdx
+++ b/docs/layers/github-actions/eks-github-actions-controller.mdx
@@ -5,6 +5,7 @@ sidebar_label: "Actions Runner Controller (EKS)"
import Intro from '@site/src/components/Intro';
import KeyPoints from '@site/src/components/KeyPoints';
import Note from '@site/src/components/Note';
+import Steps from '@site/src/components/Steps';
import Step from '@site/src/components/Step';
import StepNumber from '@site/src/components/StepNumber';
import AtmosWorkflow from '@site/src/components/AtmosWorkflow';
@@ -41,149 +42,151 @@ In order to deploy Self-Hosted GitHub Runners on EKS, follow the steps outlined
- Then we need to decide on the SSM path for the GitHub secret (Application private key) and GitHub webhook secret.
-
- ### GitHub Application Private Key
+
+
+ ### GitHub Application Private Key
- Since the secret is automatically scoped by AWS to the account and region where the secret is stored, we recommend the
- secret be stored at `/github/acme/github_token`.
+ Since the secret is automatically scoped by AWS to the account and region where the secret is stored, we recommend the
+ secret be stored at `/github/acme/github_token`.
- `stacks/catalog/eks/actions-runner-controller.yaml`:
+ `stacks/catalog/eks/actions-runner-controller.yaml`:
- ```yaml
- ssm_github_secret_path: "/github_runners/controller_github_app_secret"
- ```
+ ```yaml
+ ssm_github_secret_path: "/github_runners/controller_github_app_secret"
+ ```
- The preferred way to authenticate is by _creating_ and _installing_ a GitHub App. This is the recommended approach as it
- allows for more much more restricted access than using a personal access token, at least until
- [fine-grained personal access token permissions](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/)
- are generally available. Follow the instructions
- [here](https://github.com/actions/actions-runner-controller/blob/master/docs/authenticating-to-the-github-api.md) to
- create and install the GitHub App.
+ The preferred way to authenticate is by _creating_ and _installing_ a GitHub App. This is the recommended approach as it
+ allows for more much more restricted access than using a personal access token, at least until
+ [fine-grained personal access token permissions](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/)
+ are generally available. Follow the instructions
+ [here](https://github.com/actions/actions-runner-controller/blob/master/docs/authenticating-to-the-github-api.md) to
+ create and install the GitHub App.
- At the creation stage, you will be asked to generate a private key. This is the private key that will be used to
- authenticate the Action Runner Controller. Download the file and store the contents in SSM using the following command,
- adjusting the profile and file name. The profile should be the `admin` role in the account to which you are deploying
- the runner controller. The file name should be the name of the private key file you downloaded.
+ At the creation stage, you will be asked to generate a private key. This is the private key that will be used to
+ authenticate the Action Runner Controller. Download the file and store the contents in SSM using the following command,
+ adjusting the profile and file name. The profile should be the `admin` role in the account to which you are deploying
+ the runner controller. The file name should be the name of the private key file you downloaded.
- ```
- AWS_PROFILE=acme-core-use1-auto-admin chamber write github_runners controller_github_app_secret -- "$(cat APP_NAME.DATE.private-key.pem)"
- ```
+ ```
+ AWS_PROFILE=acme-core-use1-auto-admin chamber write github_runners controller_github_app_secret -- "$(cat APP_NAME.DATE.private-key.pem)"
+ ```
- You can verify the file was correctly written to SSM by matching the private key fingerprint reported by GitHub with:
+ You can verify the file was correctly written to SSM by matching the private key fingerprint reported by GitHub with:
- ```
- AWS_PROFILE=acme-core-use1-auto-admin chamber read -q github_runners controller_github_app_secret | openssl rsa -in - -pubout -outform DER | openssl sha256 -binary | openssl base64
- ```
+ ```
+ AWS_PROFILE=acme-core-use1-auto-admin chamber read -q github_runners controller_github_app_secret | openssl rsa -in - -pubout -outform DER | openssl sha256 -binary | openssl base64
+ ```
- At this stage, record the Application ID and the private key fingerprint in your secrets manager (e.g. 1Password). You
- will need the Application ID to configure the runner controller, and want the fingerprint to verify the private key.
+ At this stage, record the Application ID and the private key fingerprint in your secrets manager (e.g. 1Password). You
+ will need the Application ID to configure the runner controller, and want the fingerprint to verify the private key.
- Proceed to install the GitHub App in the organization or repository you want to use the runner controller for, and
- record the Installation ID (the final numeric part of the URL, as explained in the instructions linked above) in your
- secrets manager. You will need the Installation ID to configure the runner controller.
+ Proceed to install the GitHub App in the organization or repository you want to use the runner controller for, and
+ record the Installation ID (the final numeric part of the URL, as explained in the instructions linked above) in your
+ secrets manager. You will need the Installation ID to configure the runner controller.
- In your stack configuration, set the following variables, making sure to quote the values so they are treated as
- strings, not numbers.
+ In your stack configuration, set the following variables, making sure to quote the values so they are treated as
+ strings, not numbers.
- ```
- github_app_id: "12345"
- github_app_installation_id: "12345"
- ```
-
+ ```
+ github_app_id: "12345"
+ github_app_installation_id: "12345"
+ ```
+
-
- ### GitHub Webhook Secret Token
+
+ ### GitHub Webhook Secret Token
- If using the Webhook Driven autoscaling (recommended), generate a random string to use as the Secret when creating the
- webhook in GitHub.
+ If using the Webhook Driven autoscaling (recommended), generate a random string to use as the Secret when creating the
+ webhook in GitHub.
- Generate the string using 1Password (no special characters, length 45) or by running
+ Generate the string using 1Password (no special characters, length 45) or by running
- ```bash
- dd if=/dev/random bs=1 count=33 2>/dev/null | base64
- ```
+ ```bash
+ dd if=/dev/random bs=1 count=33 2>/dev/null | base64
+ ```
- Store this key in AWS SSM under the same path specified by `ssm_github_webhook_secret_token_path`
+ Store this key in AWS SSM under the same path specified by `ssm_github_webhook_secret_token_path`
- `stacks/catalog/eks/actions-runner-controller.yaml`:
+ `stacks/catalog/eks/actions-runner-controller.yaml`:
- ```yaml
- ssm_github_webhook_secret_token_path: "/github_runners/github_webhook_secret_token"
- ```
-
+ ```yaml
+ ssm_github_webhook_secret_token_path: "/github_runners/github_webhook_secret_token"
+ ```
+
-## Deploy
+ ## Deploy
-Automation has an unique set of components from the `plat` clusters and therefore has its own Atmos Workflow. Notably,
-`auto` includes the `eks/actions-runner-controller` component, which is used to create the `self-hosted` runners for the
-GitHub Repository or Organization
+ Automation has an unique set of components from the `plat` clusters and therefore has its own Atmos Workflow. Notably,
+ `auto` includes the `eks/actions-runner-controller` component, which is used to create the `self-hosted` runners for the
+ GitHub Repository or Organization
-
- The first three steps before are all included in the following workflow:
+
+ The first three steps before are all included in the following workflow:
-
-
+
+
-
- ### `iam-service-linked-roles` Component
+
+ ### `iam-service-linked-roles` Component
- At this point we assume that the `iam-service-linked-roles` component is already deployed for `core-auto`. If not,
- deploy this component now with the following command:
+ At this point we assume that the `iam-service-linked-roles` component is already deployed for `core-auto`. If not,
+ deploy this component now with the following command:
- ```bash
- atmos terraform apply iam-service-linked-roles -s core-gbl-auto
- ```
-
+ ```bash
+ atmos terraform apply iam-service-linked-roles -s core-gbl-auto
+ ```
+
-
- ### Deploy Automation Cluster and Resources
+
+ ### Deploy Automation Cluster and Resources
- Deploy the cluster with the same commands as `plat` cluster deployments:
+ Deploy the cluster with the same commands as `plat` cluster deployments:
-
-
+
+
- Validate the `core-auto` deployment using Echo Server. For example: https://echo.use1.auto.core.acme-svc.com/
-
+ Validate the `core-auto` deployment using Echo Server. For example: https://echo.use1.auto.core.acme-svc.com/
+
-
- ### Deploy the Actions Runner Controller
+
+ ### Deploy the Actions Runner Controller
- Finally, deploy the `actions-runner-controller` component with the following command:
+ Finally, deploy the `actions-runner-controller` component with the following command:
- ```bash
- atmos terraform deploy eks/actions-runner-controller -s core-use1-auto
- ```
+ ```bash
+ atmos terraform deploy eks/actions-runner-controller -s core-use1-auto
+ ```
-
+
-
- ### Using Webhook Driven Autoscaling (Click Ops)
+
+ ### Using Webhook Driven Autoscaling (Click Ops)
- To use the Webhook Driven autoscaling, you must also install the GitHub organization-level webhook after deploying the
- component (specifically, the webhook server). The URL for the webhook is determined by the `webhook.hostname_template`
- and where it is deployed. Recommended URL is
- `https://gha-webhook.[environment].[stage].[tenant].[service-discovery-domain]`, which for this organization would be
- `https://gha-webhook.use1.auto.core.acme-svc.com`
+ To use the Webhook Driven autoscaling, you must also install the GitHub organization-level webhook after deploying the
+ component (specifically, the webhook server). The URL for the webhook is determined by the `webhook.hostname_template`
+ and where it is deployed. Recommended URL is
+ `https://gha-webhook.[environment].[stage].[tenant].[service-discovery-domain]`, which for this organization would be
+ `https://gha-webhook.use1.auto.core.acme-svc.com`
- As a GitHub organization admin, go to
- `https://github.com/organizations/acme/settings/hooks`, and then:
+ As a GitHub organization admin, go to
+ `https://github.com/organizations/acme/settings/hooks`, and then:
- - Click "Add webhook" and create a new webhook with the following settings:
- - Payload URL: copy from Terraform output `webhook_payload_url`
- - Content type: `application/json`
- - Secret: whatever you configured in the secret above
- - Which events would you like to trigger this webhook:
- - Select "Let me select individual events"
- - Uncheck everything ("Pushes" is likely the only thing already selected)
- - Check "Workflow jobs"
- - Ensure that "Active" is checked (should be checked by default)
- - Click "Add webhook" at the bottom of the settings page
+ - Click "Add webhook" and create a new webhook with the following settings:
+ - Payload URL: copy from Terraform output `webhook_payload_url`
+ - Content type: `application/json`
+ - Secret: whatever you configured in the secret above
+ - Which events would you like to trigger this webhook:
+ - Select "Let me select individual events"
+ - Uncheck everything ("Pushes" is likely the only thing already selected)
+ - Check "Workflow jobs"
+ - Ensure that "Active" is checked (should be checked by default)
+ - Click "Add webhook" at the bottom of the settings page
- After the webhook is created, select "edit" for the webhook and go to the "Recent Deliveries" tab and verify that there
- is a delivery (of a "ping" event) with a green check mark. If not, verify all the settings and consult the logs of the
- `actions-runner-controller-github-webhook-server` pod.
-
+ After the webhook is created, select "edit" for the webhook and go to the "Recent Deliveries" tab and verify that there
+ is a delivery (of a "ping" event) with a green check mark. If not, verify all the settings and consult the logs of the
+ `actions-runner-controller-github-webhook-server` pod.
+
+
# Related Topics
diff --git a/docs/layers/github-actions/philips-labs-github-runners.mdx b/docs/layers/github-actions/philips-labs-github-runners.mdx
index 98446b43c..9a31d1760 100644
--- a/docs/layers/github-actions/philips-labs-github-runners.mdx
+++ b/docs/layers/github-actions/philips-labs-github-runners.mdx
@@ -5,6 +5,9 @@ sidebar_label: Philips Labs Action Runners
import Intro from '@site/src/components/Intro';
import KeyPoints from '@site/src/components/KeyPoints';
import AtmosWorkflow from '@site/src/components/AtmosWorkflow';
+import Steps from '@site/src/components/Steps';
+import Step from '@site/src/components/Step';
+import StepNumber from '@site/src/components/StepNumber';
If we are not deploying EKS, it's not worth the additional effort to set up Self-Hosted runners on EKS. Instead, we
@@ -32,134 +35,155 @@ hand the setup back to Cloud Posse. Then Cloud Posse can deploy the component an
customer will then need to add the webhook to the GitHub App and ensure the App is installed to all relevant GitHub
repositories.
-Follow the guide with the upstream module,
-[philips-labs/terraform-aws-github-runner](https://github.com/philips-labs/terraform-aws-github-runner#setup-github-app-part-1),
-or follow the steps below.
+Follow the guide with the upstream module, [philips-labs/terraform-aws-github-runner](https://github.com/philips-labs/terraform-aws-github-runner#setup-github-app-part-1), or follow the steps below.
-### Create the GitHub App
+
+
+ ### Create the GitHub App
-:::info Customer Requirement
+ :::info Customer Requirement
-This step requires access to the GitHub Organization. Customers will need to create this GitHub App in Jumpstart
-engagements.
+ This step requires access to the GitHub Organization. Customers will need to create this GitHub App in Jumpstart
+ engagements.
-:::
+ :::
-1. Create a new GitHub App
-1. Choose a name
-1. Choose a website (mandatory, not required for the module).
-1. Disable the webhook for now (we will configure this later or create an alternative webhook).
-1. Add the following permission:
+
+ 1. Create a new GitHub App
+ 1. Choose a name
+ 1. Choose a website (mandatory, not required for the module).
+ 1. Disable the webhook for now (we will configure this later or create an alternative webhook).
+ 1. Add the following permission:
+ ```diff
+ # Required Permissions for Repository Runners:
+ ## Permissions for all runners:
+ ### Repository:
+ + Actions: Read-only (check for queued jobs)
+ + Checks: Read-only (receive events for new builds)
+ + Metadata: Read-only (default/required)
-```diff
-# Required Permissions for Repository Runners:
-## Permissions for all runners:
-### Repository:
-+ Actions: Read-only (check for queued jobs)
-+ Checks: Read-only (receive events for new builds)
-+ Metadata: Read-only (default/required)
+ ## Permissions for repository-level runners only:
+ ### Repository:
+ + Administration: Read & write (to register runner)
-## Permissions for repository-level runners only:
-### Repository:
-+ Administration: Read & write (to register runner)
+ ## Permissions for organization-level runners only:
+ ### Organization
+ + Self-hosted runners: Read & write (to register runner)
+ ```
-## Permissions for organization-level runners only:
-### Organization
-+ Self-hosted runners: Read & write (to register runner)
-```
+ 1. Generate a Private Key
+
-6. Generate a Private Key
+ If you are working with Cloud Posse, upload this Private Key and GitHub App ID to 1Password and inform Cloud Posse.
+ Otherwise, continue with the component deployment in `core-use1-auto`.
+
-If you are working with Cloud Posse, upload this Private Key and GitHub App ID to 1Password and inform Cloud Posse.
-Otherwise, continue with the component deployment in `core-use1-auto`.
+
+ ### Deploy the `philips-labs-github-runner` Component
-### Deploy the `philips-labs-github-runner` Component
+ :::tip
-:::tip
+ This step does _not_ require access to the GitHub Organization. Cloud Posse will run this deployment for Jumpstart
+ engagements.
-This step does _not_ require access to the GitHub Organization. Cloud Posse will run this deployment for Jumpstart
-engagements.
+ :::
-:::
+ Run the `deploy/pl-github-runners` workflow with `atmos` to write the GitHub App information to the `core-use1-auto`
+ SSM account and deploy the component.
-Run the `deploy/pl-github-runners` workflow with `atmos` to write the GitHub App information to the `core-use1-auto`
-SSM account and deploy the component.
+
-
+ This is the same as the following steps:
-This is the same as the following steps:
+
+ 1. Upload the PEM file key to the specified ssm path, `/pl-github-runners/key`, in `core-use1-auto` as a base64
+ encoded string.
+ 2. Upload the GitHub App ID to the specified ssm path, `/pl-github-runners/id`, in `core-use1-auto`.
+ 3. Deploy the `philips-labs-github-runners` component to `core-use1-auto`. Run this with the following:
-1. Upload the PEM file key to the specified ssm path, `/pl-github-runners/key`, in `core-use1-auto` as a base64
- encoded string.
-2. Upload the GitHub App ID to the specified ssm path, `/pl-github-runners/id`, in `core-use1-auto`.
-3. Deploy the `philips-labs-github-runners` component to `core-use1-auto`. Run this with the following:
+ ```console
+ atmos terraform apply philips-labs-github-runners -s core-use1-auto
+ ```
-```console
-atmos terraform apply philips-labs-github-runners -s core-use1-auto
-```
+ Once the component is deployed, save the webhook URL and secret in 1Password. The endpoint can be found with the
+ following:
-Once the component is deployed, save the webhook URL and secret in 1Password. The endpoint can be found with the
-following:
+ ```console
+ atmos terraform output philips-labs-github-runners -s core-use1-auto 'webhook'
+ ```
+
+
-```console
-atmos terraform output philips-labs-github-runners -s core-use1-auto 'webhook'
-```
+
+ ### Add the Webhook to the GitHub App
-### Add the Webhook to the GitHub App
+ :::info Customer Requirement
-:::info Customer Requirement
+ This step requires access to the GitHub Organization. Customers will need to finalize the GitHub App in Jumpstart
+ engagements.
-This step requires access to the GitHub Organization. Customers will need to finalize the GitHub App in Jumpstart
-engagements.
+ :::
-:::
+ Now that the component is deployed and the webhook has been created, add that webhook to the GitHub App. Both the
+ webhook URL and secret should now be stored in 1Password. If not, you can retrieve these values from the output of the
+ `philips-labs-github-runners` component in `core-use1-auto` as described in the previous step.
-Now that the component is deployed and the webhook has been created, add that webhook to the GitHub App. Both the
-webhook URL and secret should now be stored in 1Password. If not, you can retrieve these values from the output of the
-`philips-labs-github-runners` component in `core-use1-auto` as described in the previous step.
+
+ 1. Open the GitHub App created in
+ [Create the GitHub App above](/layers/github-actions/philips-labs-github-runners/#create-the-github-app)
+ 1. Enable the webhook.
+ 1. Provide the webhook url, should be part of the output of terraform.
+ 1. Provide the webhook secret (`terraform output -raw `).
+ 1. In the _"Permissions & Events"_ section and then _"Subscribe to Events"_ subsection, check _"Workflow Job"_.
-1. Open the GitHub App created in
- [Create the GitHub App above](/layers/github-actions/philips-labs-github-runners/#create-the-github-app)
-1. Enable the webhook.
-1. Provide the webhook url, should be part of the output of terraform.
-1. Provide the webhook secret (`terraform output -raw `).
-1. In the _"Permissions & Events"_ section and then _"Subscribe to Events"_ subsection, check _"Workflow Job"_.
+ 1. Ensure the webhook for the GitHub app is enabled and pointing to the output of the module.
+ - The endpoint can be found from `atmos terraform output philips-labs-github-runners -s core-use1-auto 'webhook'`
+
+
-1. Ensure the webhook for the GitHub app is enabled and pointing to the output of the module.
- - The endpoint can be found from `atmos terraform output philips-labs-github-runners -s core-use1-auto 'webhook'`
+
+ ## Vendor Components
-## Vendor
+ Vendor in the necessary components with the following workflow:
-Vendor in the necessary components with the following workflow:
+
+
-
+
+ ## Deploy the Philips Labs Runners
-## Deploy
+ :::info
+
+ You can run all workflows at once in the right order with
-:::info
+
-You can run all workflows at once in the right order with
+ :::
+
-
+
+ ### GitHub OIDC Provider
-:::
+ First deploy the GitHub OIDC provider to all accounts where we want to grant GitHub access. The typical list of accounts
+ is included with the `deploy/github-oidc-provider` workflow; run the following with `SuperAdmin`:
-### GitHub OIDC Provider
+
+
-First deploy the GitHub OIDC provider to all accounts where we want to grant GitHub access. The typical list of accounts
-is included with the `deploy/github-oidc-provider` workflow; run the following with `SuperAdmin`:
+
+ ### GitHub Runners
-
+ To deploy the self-hosted runners themselves, first verify [the GitHub App requirement](#Requirements) is complete
+ including both SSM parameters. Next we will deploy the token rotator and then the runners themselves.
-### GitHub Runners
+
-To deploy the self-hosted runners themselves, first verify [the GitHub App requirement](#Requirements) is complete
-including both SSM parameters. Next we will deploy the token rotator and then the runners themselves.
+ If all goes well, you should now see self-hosted runners registered to your infrastructure repository in GitHub. If not,
+ read through the attached [FAQs](#FAQ).
+
-
-If all goes well, you should now see self-hosted runners registered to your infrastructure repository in GitHub. If not,
-read through the attached [FAQs](#FAQ).
+
## Usage
diff --git a/src/components/Step/index.js b/src/components/Step/index.js
index b9abbbcb3..d9648056b 100644
--- a/src/components/Step/index.js
+++ b/src/components/Step/index.js
@@ -1,30 +1,16 @@
// src/components/Step.js
-import React, { useEffect, useState, createContext, useContext } from 'react';
+import React, { useContext } from 'react';
+import { StepContext } from '@site/src/components/Steps';
import './index.css';
-let stepCounter = 0;
-
-export const StepContext = createContext(0);
-
-export const resetStepCounter = () => {
- stepCounter = 0;
-};
-
const Step = ({ title, children }) => {
- const [stepNumber, setStepNumber] = useState(stepCounter);
-
- useEffect(() => {
- stepCounter += 1;
- setStepNumber(stepCounter);
- }, []);
+ const stepNumber = useContext(StepContext); // Consume the step number from context
return (
-
-
- {title &&
{`Step ${stepNumber}: ${title}`}
}
-
{children}
-
+ {title &&
{`Step ${stepNumber}: ${title}`}
}
+
{children}
+
{children}
-
+
+ {React.Children.map(children, (child, index) => {
+ // Provide a unique step number for each child
+ return (
+
+ {child}
+
+ );
+ })}
+
);
};
diff --git a/src/theme/DocItem/Layout/index.js b/src/theme/DocItem/Layout/index.js
index a3f6452f3..a49944037 100644
--- a/src/theme/DocItem/Layout/index.js
+++ b/src/theme/DocItem/Layout/index.js
@@ -1,10 +1,9 @@
import React, { useEffect } from 'react';
import Layout from '@theme-original/DocItem/Layout';
-import { resetStepCounter } from '@site/src/components/Step';
export default function LayoutWrapper(props) {
useEffect(() => {
- resetStepCounter(); // Reset the counter whenever the layout is rendered
+
}, []);
return (