Elastic Ci Stack For Aws Versions Save

An auto-scaling cluster of build agents running in your own AWS VPC

v6.8.0

6 months ago

v6.8.0 (2023-10-19)

Full Changelog

Changed

  • Bump Agent Scaler version to v1.7.0. This updates the lambda runtime to provided.al2 from the deprecated go1.x #1236 (@HugeIRL) Note: depending on how you upgrade existing stacks, you may not automatically be upgraded to v1.7.0 of Buildkite Agent Scaler. See here for a work around to this known issue.
  • Bump buildkite-agent to v3.56.0 #1237 (@triarius)
  • Bump docker-compose to v2.22.0 #1234 (@jkburges)
  • Improve logging for startup scripts on linux #1230 (@triarius)
  • Wrap quotes around AWS::StackName #1238 (@n-tucker)

Fixed

  • Fix rsyslog was missing from base AMI #1240 (@peter-svensson)
  • Fix Service Role was missing some permissions #1192 (@philnielsen) #1233 (@triarius)
  • Fix hyphens were not allowed in InstanceTypes #1228 (@nitrocode)
  • Fix qemu binfmt image is pulled during instance startup #1231 (@triarius)

Internal

  • Fix Windows AMI build failed #1239 (@triarius)
  • Add test stack remover script #1226 (@moskyb)
  • Add a step to CI to check files have been formatted with shfmt #1232 (@triarius)

Upgrading

Perform a CloudFormation stack update with the following URL:
https://s3.amazonaws.com/buildkite-aws-stack/v6.8.0/aws-stack.yml

If you want to launch a new stack, you can use this link (make sure not to use your production AWS account, create a new one for CI):

Launch Buildkite AWS Stack

Documentation

See the README for this release.

v6.7.1

7 months ago

v6.7.1 (2023-09-20)

Full Changelog

Security

⚠️ This release fixes a medium-severity security vulnerability. We recommend upgrading to v6.7.1 or v5.22.5.

  • Affected versions: All prior versions of Elastic CI Stack (except v5.22.5). v6.7.0 and v5.22.4 contained a partial fix.
  • Impact: Privilege escalation to root on Linux agent instances
  • Required privileges: Users that can run user-controlled commands on agents (e.g. by pushing a branch to a repo that triggers a build with those changes)
  • Attack vector: A specially crafted build can abuse the fix-buildkite-agent-builds-permissions script to run commands as root on subsequent builds
  • Fix: Improved input validation and file handling #1219, #1221 (@DrJosh9000)
  • Alternative workarounds: Deploy a pre-bootstrap hook to prevent execution of fix-buildkite-agent-builds-permissions during a build

Thanks to Nick Nam of Atredis Partners for reporting the vulnerability.

Upgrading

Perform a CloudFormation stack update with the following URL:
https://s3.amazonaws.com/buildkite-aws-stack/v6.7.1/aws-stack.yml

If you want to launch a new stack, you can use this link (make sure not to use your production AWS account, create a new one for CI):

Launch Buildkite AWS Stack

Documentation

See the README for this release.

v5.22.5

7 months ago

v5.22.5 (2023-09-14)

Full Changelog

Security

⚠️ This release fixes a medium-severity security vulnerability. We recommend upgrading to v6.7.1 or v5.22.5.

  • Affected versions: All prior versions of Elastic CI Stack (except v5.22.5). v6.7.0 and v5.22.4 contained a partial fix.
  • Impact: Privilege escalation to root on Linux agent instances
  • Required privileges: Users that can run user-controlled commands on agents (e.g. by pushing a branch to a repo that triggers a build with those changes)
  • Attack vector: A specially crafted build can abuse the fix-buildkite-agent-builds-permissions script to run commands as root on subsequent builds
  • Fix: Improved input validation and file handling #1220 (@DrJosh9000)
  • Alternative workarounds: Deploy a pre-bootstrap hook to prevent execution of fix-buildkite-agent-builds-permissions during a build

Thanks to Nick Nam of Atredis Partners for reporting the vulnerability.

Upgrading

Perform a CloudFormation stack update with the following URL:
https://s3.amazonaws.com/buildkite-aws-stack/v5.22.5/aws-stack.yml

If you want to launch a new stack, you can use this link (make sure not to use your production AWS account, create a new one for CI):

Launch Buildkite AWS Stack

Documentation

See the README for this release.

v6.7.0

7 months ago

v6.7.0 (2023-09-14)

Full Changelog

Security

⚠️ This release partially fixes a medium-severity security vulnerability. We recommend upgrading to v6.7.1 or v5.22.5.

  • Affected versions: All prior versions of Elastic CI Stack
  • Impact: Privilege escalation to root on Linux agent instances
  • Required privileges: Users that can run user-controlled commands on agents (e.g. by pushing a branch to a repo that triggers a build with those changes)
  • Attack vector: A specially crafted build can abuse the fix-buildkite-agent-builds-permissions script to run commands as root on subsequent builds
  • Fix: Improved input validation in fix-buildkite-agent-builds-permissions #1212 (@DrJosh9000)
  • Alternative workarounds: Deploy a pre-bootstrap hook to prevent execution of fix-buildkite-agent-builds-permissions during a build

Thanks to Nick Nam of Atredis Partners for reporting the vulnerability.

Changed

  • Update to scaler v1.6.0 #1213 (@DrJosh9000)
  • Bump buildkite-agent to v3.55.0 #1214 (@DrJosh9000)

Internal

  • Fix ami_source_filter #1211 (@DrJosh9000)

Upgrading

Perform a CloudFormation stack update with the following URL:
https://s3.amazonaws.com/buildkite-aws-stack/v6.7.0/aws-stack.yml

If you want to launch a new stack, you can use this link (make sure not to use your production AWS account, create a new one for CI):

Launch Buildkite AWS Stack

Documentation

See the README for this release.

v5.22.4

7 months ago

v5.22.4 (2023-09-14)

Full Changelog

Security

⚠️ This release partially fixes a medium-severity security vulnerability. We recommend upgrading to v6.7.1 or v5.22.5.

  • Affected versions: All prior versions of Elastic CI Stack
  • Impact: Privilege escalation to root on Linux agent instances
  • Required privileges: Users that can run user-controlled commands on agents (e.g. by pushing a branch to a repo that triggers a build with those changes)
  • Attack vector: A specially crafted build can abuse the fix-buildkite-agent-builds-permissions script to run commands as root on subsequent builds
  • Fix: Improved input validation in fix-buildkite-agent-builds-permissions #1215 (@DrJosh9000)
  • Alternative workarounds: Deploy a pre-bootstrap hook to prevent execution of fix-buildkite-agent-builds-permissions during a build

Thanks to Nick Nam of Atredis Partners for reporting the vulnerability.

Upgrading

Perform a CloudFormation stack update with the following URL:
https://s3.amazonaws.com/buildkite-aws-stack/v5.22.4/aws-stack.yml

If you want to launch a new stack, you can use this link (make sure not to use your production AWS account, create a new one for CI):

Launch Buildkite AWS Stack

Documentation

See the README for this release.

v6.6.0

7 months ago

v6.6.0 (2023-09-07)

Full Changelog

Fixed

  • Fix instance storage mount script fails when instance storage not available #1206 (@triarius)

Changed

  • Bump buildkite-agent to v3.54.0 #1207 (@DrJosh9000)

Upgrading

Perform a CloudFormation stack update with the following URL:
https://s3.amazonaws.com/buildkite-aws-stack/v6.6.0/aws-stack.yml

If you want to launch a new stack, you can use this link (make sure not to use your production AWS account, create a new one for CI):

Launch Buildkite AWS Stack

Documentation

See the README for this release.

v6.5.0

7 months ago

v6.5.0 (2023-08-31)

Full Changelog

Changed

  • Bump buildkite-agent to v3.53.0 #1204 (@DrJosh9000)

Upgrading

Perform a CloudFormation stack update with the following URL:
https://s3.amazonaws.com/buildkite-aws-stack/v6.5.0/aws-stack.yml

If you want to launch a new stack, you can use this link (make sure not to use your production AWS account, create a new one for CI):

Launch Buildkite AWS Stack

Documentation

See the README for this release.

v6.4.0

8 months ago

v6.4.0 (2023-08-24)

Full Changelog

Changed

  • Bump docker-compose to v2.20.3 #1201 (@triarius)
  • Bump buildkite-agent to v3.52.1 #1200 (@triarius)
  • Change the Community Slack links in documentation to Forum ones #1199 (@mcncl)

Internal

  • Prevent tag builds from publishing a latest template when they are not "on the main branch" #1197 (@triarius)

Upgrading

Perform a CloudFormation stack update with the following URL:
https://s3.amazonaws.com/buildkite-aws-stack/v6.4.0/aws-stack.yml

If you want to launch a new stack, you can use this link (make sure not to use your production AWS account, create a new one for CI):

Launch Buildkite AWS Stack

Documentation

See the README for this release.

v6.3.0

8 months ago

Known Issues

⚠️ Buildkite Agent v3.51.0 has a known issue with the buildkite-agent step export command. This is fixed in v3.52.0.

v6.3.0 (2023-08-16)

Full Changelog

Changed

  • Bump buildkite-agent to v3.51.0 #1193 (@triarius)
  • Bump git-lfs to v3.4.0 #1191 (@triarius)

Fix

  • Fix mdadm is not installed, leading to broken instance storage when there is more than one volumes #1190 (@triarius)

Internal

  • Incorporated CHANGELOG for v5.22.3 #1189 (@triarius)

Upgrading

Perform a CloudFormation stack update with the following URL:
https://s3.amazonaws.com/buildkite-aws-stack/v6.3.0/aws-stack.yml

If you want to launch a new stack, you can use this link (make sure not to use your production AWS account, create a new one for CI):

Launch Buildkite AWS Stack

Documentation

See the README for this release.

v5.22.3

8 months ago

v5.22.3 (2023-08-10)

Full Changelog

Changed

  • Bump buildkite-agent to v3.50.4 #1186 (@triarius)
  • Use Windows Server 2019 base image and Docker CE #1187 (@triarius)

Upgrading

Perform a CloudFormation stack update with the following URL:
https://s3.amazonaws.com/buildkite-aws-stack/v5.22.3/aws-stack.yml

If you want to launch a new stack, you can use this link (make sure not to use your production AWS account, create a new one for CI):

Launch Buildkite AWS Stack

Documentation

See the README for this release.