Hi all, This is my first time dabbling in IaC, so sorry if this question seems newbie. I'm trying to bootstrap 4 environments: sandbox, dev, stage, prod. Apart from that I am bootstrapping an EC2 instance to become a GitHub Actions runner, that is supposed to act as my "infrastructure runner". Is there a way I can configure in my Pulumi code that I want to set up the GHA runner, maybe using the GitHub API, or do I manually have to set it up every time I want to bootstrap?

You can, but it's a bit tricky. To add runner to github you need a registration token which is valid in 1 hour and which you need to pass to the runner configuration / bootstrapper script. I came up with a following workflow: 1. Create a pulumi dynamic resource which creates github token (inspired by https://www.pulumi.com/docs/intro/concepts/resources/dynamic-providers/#example-github-labels-rest-api) 2. Put this token into EC2 userdata, along with call to runner configuration script (I pre-create AMI, but I think you can just dump whole installation into userdata). Command appears in the registration (https://docs.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners) 3. You need to run pulumi with

GITHUB_TOKEN

set to something which has admin rights. And AWS credentials. 4. This doesn't really work for autoscaling (I haven't got there), so scaling is adding / removing ec2 instances in the script and redeploying. You can wrap all runner things into a single component resource (https://www.pulumi.com/docs/intro/concepts/resources/components/). 5. Obviously this doesn't work when pulumi needs to re-create ec2 instance - registration token won't be updated and most likely it will be outdated. There are some discussions to address such circular dependencies in Pulumi, but they are wip. 6. You may check the recommended autoscaling bot for inspiration: https://github.com/philips-labs/terraform-aws-github-runner

Thank you, Yuri, for the very comprehensive steps. I see I have a lot of basics to learn before I can do this.