fix: Remove runner agents if provider assumed a role (#401)

* Integrate the removal script into Terraform

* Reference variables from trigger only

* Format code

* Always read the token

main.tf

@@ -21,19 +21,26 @@ resource "aws_ssm_parameter" "runner_registration_token" {
   }
 }
 
+# to read the current token for the null_resource. aws_ssm_parameter.runner_registration_token.value is never updated!
+data "aws_ssm_parameter" "current_runner_registration_token" {
+  depends_on = [aws_ssm_parameter.runner_registration_token]
+
+  name = local.secure_parameter_store_runner_token_key
+}
+
 resource "null_resource" "remove_runner" {
   depends_on = [aws_ssm_parameter.runner_registration_token]
+
   triggers = {
-    script                                  = "${path.module}/bin/remove-runner.sh"
-    aws_region                              = var.aws_region
-    runners_gitlab_url                      = var.runners_gitlab_url
-    secure_parameter_store_runner_token_key = local.secure_parameter_store_runner_token_key
+    aws_region                = var.aws_region
+    runners_gitlab_url        = var.runners_gitlab_url
+    runner_registration_token = data.aws_ssm_parameter.current_runner_registration_token.value
   }
 
   provisioner "local-exec" {
     when       = destroy
     on_failure = continue
-    command    = "${self.triggers.script} ${self.triggers.aws_region} ${self.triggers.runners_gitlab_url} ${self.triggers.secure_parameter_store_runner_token_key}"
+    command    = "curl -sS --request DELETE \"${self.triggers.runners_gitlab_url}/api/v4/runners\" --form \"token=${self.triggers.runner_registration_token}\""
   }
 }
 

versions.tf

@@ -1,10 +1,12 @@
 terraform {
   required_version = ">= 0.13.0"
+
   required_providers {
     aws = {
       version = ">= 3.35.0"
       source  = "hashicorp/aws"
     }
+
     null = {
       source = "hashicorp/null"
     }