Skip to content

Releases: namecheap/ec2-github-runner

v3.0.1

09 Jun 10:23
@kurok kurok
v3.0.1
a9a3f47
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v3.0.1 Latest
Latest

Patch release — refreshes bundled dependencies and rebuilds dist/. No functional or API changes.

Dependency updates

  • @actions/core 1.11.1 → 2.0.3
  • @aws-sdk/client-ec2 3.1033.0 → 3.1064.0
  • dev tooling: eslint 9 → 10 (plus explicit @eslint/js), dotenv 8 → 17, globals 15 → 17

@actions/core and @actions/github are held at their latest CommonJS majors (2.x / 8.x); 3.x / 9.x are ESM-only and cannot be bundled by ncc.

Security

npm audit reports 0 vulnerabilities (production + dev trees).

Full changelog: v3.0.0...v3.0.1

Assets 2
Loading

v3.0.0

09 Jun 10:06
@kurok kurok
v3.0.0
ee454b5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v3.0.0

First Namecheap release of ec2-github-runner, superseding v2.2.1 with a large set of features, hardening, and a runtime modernization. This is a major release — review the upgrade notes before bumping.

⚠️ Breaking changes & new defaults

  • Action runtime is now Node 24 (runs.using: node24). Use GitHub-hosted runners, or self-hosted runners new enough to execute node24 actions.
  • Runner host base is Amazon Linux 2023 (was AL2). The bootstrap is yum-based and installs libicu; only yum-based Linux is supported.
  • IMDSv2 is enforced by default (http-tokens: required). If a workload on the runner still needs IMDSv1, set http-tokens: optional.
  • Runners are now ephemeral and non-root — registered with --ephemeral under a dedicated runner user; GitHub auto-deregisters the runner after a single job.
  • AWS SDK migrated to v3 (@aws-sdk/client-ec2). Internal change; IAM permissions are unchanged.
  • actions/runner pinned to v2.333.1 and its tarball verified against a hardcoded SHA-256 table (src/runner-checksums.js). The runner-version input may only select versions present in that table.

✨ Features

  • New inputs: ec2-image-filters, ec2-image-owner, eip-allocation-id, iam-role-name, runner-version, http-tokens, encrypt-ebs, aws-resource-tags, debug.
  • AMI selection by filters/owner in addition to an explicit ec2-image-id.
  • Opt-in EBS root-volume encryption (encrypt-ebs: true).
  • Elastic IP association for the runner instance (eip-allocation-id).
  • Structured JSON logging with secret redaction, plus an opt-in debug mode.
  • Retries with backoff on AWS/GitHub calls; stop mode terminates the instance and removes the runner independently, so one failure can't strand the other.

🐛 Fixes

  • Write outputs to $GITHUB_OUTPUT instead of the deprecated ::set-output.
  • Silence the DEP0169 (url.parse()) deprecation warning.
  • Remove the lodash dependency in favor of native JS.

🔧 CI / internal

  • verify-dist (dist/src sync) and pinned-runner + checksum-table verification jobs.
  • Build-provenance attestation for dist/index.js.
  • Jest unit tests (config, utils, logging, retry, EBS mapping, checksums).
  • ESLint flat config; refreshed .env.example.

Full changelog: v2.2.1...v3.0.0

Loading