- Notifications
You must be signed in to change notification settings - Fork686
feat(runner-binaries-syncer): add s3_tags variable for additional S3 bucket tagging#4832
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:main
Are you sure you want to change the base?
Uh oh!
There was an error while loading.Please reload this page.
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Pull Request Overview
This PR adds support for additional S3 bucket tagging in the runner-binaries-syncer module. Users can now specify custom tags for S3 buckets at both the module level and individual runner configuration level.
- Introduces
runner_binaries_s3_tagsvariable for module-level S3 bucket tagging - Adds
runner_binaries_s3_tagsfield to multi-runner configuration for runner-specific tagging - Implements tag merging logic that combines module-level and runner-specific tags
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| variables.tf | Adds module-levelrunner_binaries_s3_tags variable |
| modules/runner-binaries-syncer/variables.tf | Addss3_tags variable to syncer module |
| modules/runner-binaries-syncer/main.tf | Updates S3 bucket resource to merge default and additional tags |
| modules/multi-runner/variables.tf | Addsrunner_binaries_s3_tags to runner config and module variables |
| modules/multi-runner/runner-binaries.tf | Passes merged tags to runner binaries module |
| modules/multi-runner/main.tf | Implements tag merging logic for different OS/architecture combinations |
| main.tf | Passes S3 tags variable to runner binaries module |
Tip: Customize your code reviews with copilot-instructions.md.Create the file orlearn how to get started.
Uh oh!
There was an error while loading.Please reload this page.
damianrekosz commentedOct 23, 2025
@npalm could I get your input on this? |
npalm commentedOct 23, 2025
Sorry won't be able to review any PR till the end of the month. |
npalm commentedNov 2, 2025
@damianrekosz can you check the commen from copilot. Can you also quickly explain the use case for different tags on the bucket. |
damianrekosz commentedNov 3, 2025
The comment from Copilot isn't accurate. Removing
Yeah, sure. Some organizations may tag their S3 buckets differently - eg each bucket might be tagged with its name or department to provide better cost management visibility when custom tags in cost allocation are enabled. |
npalm left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
@damianrekosz thx for the PR, Sorry for the waiting time. PR looks in general ok. Made some suggestion comments on the multi runner. No need create a complex local object. Simply pass the tags down the mdule multi-runner module.
| tmp_distinct_list_unique_os_and_arch=distinct([fori,configinlocal.runner_config: {"os_type": config.runner_config.runner_os,"architecture": config.runner_config.runner_architecture }ifconfig.runner_config.enable_runner_binaries_syncer]) | ||
| unique_os_and_arch={fori,vinlocal.tmp_distinct_list_unique_os_and_arch:"${v.os_type}_${v.architecture}"=>v } | ||
| s3_tags={ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I think this local fors3_tags is not needed. The multi runner crates a bucket per github dist. Which means not a bucket er multi runner. So would simple pass the s3_tags down to the module. And no cmplext merge.
| } | ||
| } | ||
| variable"runner_binaries_s3_tags" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This variable is ok, lets remove the one on runner config lvel.
| state_event_rule_binaries_syncer=var.state_event_rule_binaries_syncer | ||
| server_side_encryption_configuration=var.runner_binaries_s3_sse_configuration | ||
| s3_tags=local.s3_tags[each.key] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
| s3_tags=local.s3_tags[each.key] | |
| s3_tags=var.runner_binaries_s3_tags |
damianrekosz commentedNov 6, 2025
Thanks for the suggestions. Unfortunately, without configuration at the runner level, we won't be able to assign different tags to different runner pools, such as arm64 and x64. This PR was meant to introduce that capability. The approach you suggested would only allow managing additional tags for S3 buckets, which wouldn't be sufficient, at least not in my organization. |
npalm commentedNov 6, 2025
But the bucket is shared with multiple runners in case the architecture and os is the same. So I think mapping per runner config is confusing. Costs related to those buckets should be smalle. Since it is not about much data. |
damianrekosz commentedNov 6, 2025
You're right, the cost isn't a major concern here, but organizations may have an AWS Config rule with auto-remediation enabled to tag all S3 buckets with the bucket's name. Such a configuration will cause drifts in the runner module, because without specifying the tags at the runner level, the drifts won't be resolved, causing the tags to be removed at every apply and re-applied by AWS Config. |
npalm commentedNov 6, 2025
Yup, so what main is to apply the s3_tags directly to all bukcets created by the runner-binary module. And for multi runner not pass the tags in the runner-config. But as top-level variable in the multi-runner module. It was now on two places in that module. |
damianrekosz commentedNov 7, 2025
Okay, let's investigate this case. I have a multi-runner configuration with 2 pools:
The 2 pools will create separate S3 buckets - one for each architecture - and now I'd like to tag the created buckets with specific tags. Let's assume the following buckets were created:
Now each bucket should have its own I can now add the tags at the runner configuration level:
which gives me the option to eliminate the drifts. |
This pull request introduces an option to provide additional tags for S3 buckets created by the
binaries-syncermodule.S3 tags can be specified using the
runner_binaries_s3_tagsvariable at the module level to apply tags to all S3 buckets at once, or at the individual runner configuration level to define different tags for specific runners. Tags defined at both the module and runner configuration levels are merged when their OS and architecture match.