diff --git a/CHANGELOG.md b/CHANGELOG.md
index fe4fa4302..97d7608fe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
# Changelog
+## [6.3.0](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/6.2.0...6.3.0) (2023-04-21)
+
+
+### Features
+
+* add an IAM policy to grant the runner access to the KMS key ([#778](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/778)) ([df25b6a](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/df25b6ae06b7cbbb85c089fc45a181dce0aa1e00))
+* **spotfleet:** add supports spot fleets for spot instances allowing us to use multiple instance types and AZs ([#777](https://github.com/cattle-ops/terraform-aws-gitlab-runner/issues/777)) ([1bb7e11](https://github.com/cattle-ops/terraform-aws-gitlab-runner/commit/1bb7e1126e5d9f2950e5931cb19d691dcf579eb7))
+
## [6.2.0](https://github.com/cattle-ops/terraform-aws-gitlab-runner/compare/6.1.2...6.2.0) (2023-03-22)
diff --git a/README.md b/README.md
index 2844ae92d..5bb01c1cb 100644
--- a/README.md
+++ b/README.md
@@ -507,6 +507,7 @@ Made with [contributors-img](https://contrib.rocks).
| [aws_iam_instance_profile.instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
| [aws_iam_policy.eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.instance_docker_machine_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.instance_kms_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.instance_session_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.service_linked_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
@@ -518,16 +519,17 @@ Made with [contributors-img](https://contrib.rocks).
| [aws_iam_role_policy_attachment.docker_machine_user_defined_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.instance_docker_machine_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.instance_kms_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.instance_session_manager_aws_managed](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.instance_session_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.service_linked_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.user_defined_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_key_pair.fleet_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource |
+| [aws_key_pair.fleet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource |
| [aws_kms_alias.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
| [aws_kms_key.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
+| [aws_launch_template.fleet_gitlab_runner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
| [aws_launch_template.gitlab_runner_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
-| [aws_launch_template.gitlab_runners](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
| [aws_security_group.docker_machine](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.runner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group_rule.docker_machine_docker_runner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
@@ -541,7 +543,7 @@ Made with [contributors-img](https://contrib.rocks).
| [aws_ssm_parameter.runner_sentry_dsn](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
| [local_file.config_toml](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.user_data](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
-| [tls_private_key.runner](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
+| [tls_private_key.fleet](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
| [aws_ami.docker-machine](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
| [aws_ami.runner](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
| [aws_availability_zone.runners](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
@@ -584,7 +586,7 @@ Made with [contributors-img](https://contrib.rocks).
| [docker\_machine\_iam\_policy\_arns](#input\_docker\_machine\_iam\_policy\_arns) | List of policy ARNs to be added to the instance profile of the docker machine runners. | `list(string)` | `[]` | no |
| [docker\_machine\_instance\_metadata\_options](#input\_docker\_machine\_instance\_metadata\_options) | Enable the docker machine instances metadata service. Requires you use GitLab maintained docker machines. | object({
http_tokens = string
http_put_response_hop_limit = number
}) | {
"http_put_response_hop_limit": 2,
"http_tokens": "required"
} | no |
| [docker\_machine\_instance\_type](#input\_docker\_machine\_instance\_type) | Instance type used for the instances hosting docker-machine. | `string` | `"m5.large"` | no |
-| [docker\_machine\_instance\_types](#input\_docker\_machine\_instance\_types) | Instance types used for the instances hosting docker-machine. This variable is only supported when use\_fleet is set to true. | `list(string)` | `[]` | no |
+| [docker\_machine\_instance\_types\_fleet](#input\_docker\_machine\_instance\_types\_fleet) | Instance types used for the instances hosting docker-machine. This variable is only supported when use\_fleet is set to true. | `list(string)` | `[]` | no |
| [docker\_machine\_options](#input\_docker\_machine\_options) | List of additional options for the docker machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no |
| [docker\_machine\_role\_json](#input\_docker\_machine\_role\_json) | Docker machine runner instance override policy, expected to be in JSON format. | `string` | `""` | no |
| [docker\_machine\_security\_group\_description](#input\_docker\_machine\_security\_group\_description) | A description for the docker-machine security group | `string` | `"A security group containing docker-machine instances"` | no |
@@ -603,6 +605,7 @@ Made with [contributors-img](https://contrib.rocks).
| [environment](#input\_environment) | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes |
| [extra\_security\_group\_ids\_runner\_agent](#input\_extra\_security\_group\_ids\_runner\_agent) | Optional IDs of extra security groups to apply to the runner agent. This will not apply to the runners spun up when using the docker+machine executor, which is the default. | `list(string)` | `[]` | no |
| [fleet\_executor\_subnet\_ids](#input\_fleet\_executor\_subnet\_ids) | List of subnets used for executors when the fleet mode is enabled. Must belong to the VPC specified above. | `list(string)` | `[]` | no |
+| [fleet\_key\_pair\_name](#input\_fleet\_key\_pair\_name) | The name of the key pair used by the runner to connect to the docker-machine executors. | `string` | `"fleet-key"` | no |
| [gitlab\_runner\_egress\_rules](#input\_gitlab\_runner\_egress\_rules) | List of egress rules for the gitlab runner instance. | list(object({
cidr_blocks = list(string)
ipv6_cidr_blocks = list(string)
prefix_list_ids = list(string)
from_port = number
protocol = string
security_groups = list(string)
self = bool
to_port = number
description = string
})) | [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 0,
"ipv6_cidr_blocks": [
"::/0"
],
"prefix_list_ids": null,
"protocol": "-1",
"security_groups": null,
"self": null,
"to_port": 0
}
]
| no |
| [gitlab\_runner\_registration\_config](#input\_gitlab\_runner\_registration\_config) | Configuration used to register the runner. See the README for an example, or reference the examples in the examples directory of this repo. | `map(string)` | {
"access_level": "",
"description": "",
"locked_to_project": "",
"maximum_timeout": "",
"registration_token": "",
"run_untagged": "",
"tag_list": ""
} | no |
| [gitlab\_runner\_security\_group\_description](#input\_gitlab\_runner\_security\_group\_description) | A description for the gitlab-runner security group | `string` | `"A security group containing gitlab-runner agent instances"` | no |
@@ -610,10 +613,9 @@ Made with [contributors-img](https://contrib.rocks).
| [gitlab\_runner\_version](#input\_gitlab\_runner\_version) | Version of the [GitLab runner](https://gitlab.com/gitlab-org/gitlab-runner/-/releases). | `string` | `"15.8.2"` | no |
| [instance\_role\_json](#input\_instance\_role\_json) | Default runner instance override policy, expected to be in JSON format. | `string` | `""` | no |
| [instance\_type](#input\_instance\_type) | Instance type used for the GitLab runner. | `string` | `"t3.micro"` | no |
-| [key\_pair\_name](#input\_key\_pair\_name) | The name of the key pair used by the runner to connect to the docker-machine executors. | `string` | `"fleet-key"` | no |
| [kms\_alias\_name](#input\_kms\_alias\_name) | Alias added to the kms\_key (if created and not provided by kms\_key\_id) | `string` | `""` | no |
| [kms\_deletion\_window\_in\_days](#input\_kms\_deletion\_window\_in\_days) | Key rotation window, set to 0 for no rotation. Only used when `enable_kms` is set to `true`. | `number` | `7` | no |
-| [kms\_key\_id](#input\_kms\_key\_id) | KMS key id to encrypted the resources. Ensure CloudWatch and Runner/Executor have access to the provided KMS key. | `string` | `""` | no |
+| [kms\_key\_id](#input\_kms\_key\_id) | KMS key ARN to encrypt the resources. Ensure CloudWatch has access to the provided KMS key (see policies/kms-policy.json). | `string` | `""` | no |
| [log\_group\_name](#input\_log\_group\_name) | Option to override the default name (`environment`) of the log group, requires `enable_cloudwatch_logging = true`. | `string` | `null` | no |
| [metrics\_autoscaling](#input\_metrics\_autoscaling) | A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances. | `list(string)` | `null` | no |
| [overrides](#input\_overrides) | This map provides the possibility to override some defaults.
The following attributes are supported:
* `name_sg` set the name prefix and overwrite the `Name` tag for all security groups created by this module.
* `name_runner_agent_instance` set the name prefix and override the `Name` tag for the EC2 gitlab runner instances defined in the auto launch configuration.
* `name_docker_machine_runners` override the `Name` tag of EC2 instances created by the runner agent (used as name prefix for `docker_machine_version` >= 0.16.2).
* `name_iam_objects` set the name prefix of all AWS IAM resources created by this module. | `map(string)` | {
"name_docker_machine_runners": "",
"name_iam_objects": "",
"name_runner_agent_instance": "",
"name_sg": ""
} | no |
diff --git a/examples/runner-default/README.md b/examples/runner-default/README.md
index 3b93dc087..2cc349e42 100644
--- a/examples/runner-default/README.md
+++ b/examples/runner-default/README.md
@@ -30,32 +30,32 @@ check `.terraform-version` for the tested version.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1 |
-| [aws](#requirement\_aws) | 4.59.0 |
+| [aws](#requirement\_aws) | 4.63.0 |
| [local](#requirement\_local) | 2.4.0 |
| [null](#requirement\_null) | 3.2.1 |
-| [random](#requirement\_random) | 3.4.3 |
+| [random](#requirement\_random) | 3.5.1 |
| [tls](#requirement\_tls) | 4.0.4 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.59.0 |
+| [aws](#provider\_aws) | 4.63.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [runner](#module\_runner) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 3.19.0 |
-| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 3.19.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 4.0.1 |
+| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 4.0.1 |
## Resources
| Name | Type |
|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/data-sources/availability_zones) | data source |
-| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/data-sources/security_group) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.63.0/docs/data-sources/availability_zones) | data source |
+| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/4.63.0/docs/data-sources/security_group) | data source |
## Inputs
diff --git a/examples/runner-docker/README.md b/examples/runner-docker/README.md
index e8dd87aa8..450f1e623 100644
--- a/examples/runner-docker/README.md
+++ b/examples/runner-docker/README.md
@@ -36,31 +36,31 @@ check `.terraform-version` for the tested version.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1 |
-| [aws](#requirement\_aws) | 4.59.0 |
+| [aws](#requirement\_aws) | 4.63.0 |
| [local](#requirement\_local) | 2.4.0 |
| [null](#requirement\_null) | 3.2.1 |
-| [random](#requirement\_random) | 3.4.3 |
+| [random](#requirement\_random) | 3.5.1 |
| [tls](#requirement\_tls) | 4.0.4 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.59.0 |
+| [aws](#provider\_aws) | 4.63.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [runner](#module\_runner) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 3.19.0 |
-| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 3.19.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 4.0.1 |
+| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 4.0.1 |
## Resources
| Name | Type |
|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/data-sources/availability_zones) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.63.0/docs/data-sources/availability_zones) | data source |
## Inputs
diff --git a/examples/runner-public/README.md b/examples/runner-public/README.md
index 2b4e3fe08..56283aeec 100644
--- a/examples/runner-public/README.md
+++ b/examples/runner-public/README.md
@@ -30,17 +30,17 @@ check `.terraform-version` for the tested version.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1 |
-| [aws](#requirement\_aws) | 4.59.0 |
+| [aws](#requirement\_aws) | 4.63.0 |
| [local](#requirement\_local) | 2.4.0 |
| [null](#requirement\_null) | 3.2.1 |
-| [random](#requirement\_random) | 3.4.3 |
+| [random](#requirement\_random) | 3.5.1 |
| [tls](#requirement\_tls) | 4.0.4 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 4.59.0 |
+| [aws](#provider\_aws) | 4.63.0 |
## Modules
@@ -49,13 +49,13 @@ check `.terraform-version` for the tested version.
| [cache](#module\_cache) | ../../modules/cache | n/a |
| [runner](#module\_runner) | ../../ | n/a |
| [runner2](#module\_runner2) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 3.19.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 4.0.1 |
## Resources
| Name | Type |
|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/data-sources/availability_zones) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/4.63.0/docs/data-sources/availability_zones) | data source |
## Inputs
diff --git a/modules/cache/README.md b/modules/cache/README.md
index 1fd606c48..d5a6d63ba 100644
--- a/modules/cache/README.md
+++ b/modules/cache/README.md
@@ -66,22 +66,22 @@ No modules.
## Inputs
-| Name | Description | Type | Default | Required |
-|------|---------------------------------------------------------------------------------------------------------------------|------|---------|:--------:|
-| [arn\_format](#input\_arn\_format) | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no |
-| [cache\_bucket\_name\_include\_account\_id](#input\_cache\_bucket\_name\_include\_account\_id) | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no |
-| [cache\_bucket\_prefix](#input\_cache\_bucket\_prefix) | Prefix for s3 cache bucket name. | `string` | `""` | no |
-| [cache\_bucket\_set\_random\_suffix](#input\_cache\_bucket\_set\_random\_suffix) | Random string suffix for s3 cache bucket | `bool` | `false` | no |
-| [cache\_bucket\_versioning](#input\_cache\_bucket\_versioning) | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no |
-| [cache\_expiration\_days](#input\_cache\_expiration\_days) | Number of days before cache objects expires. | `number` | `1` | no |
-| [cache\_lifecycle\_clear](#input\_cache\_lifecycle\_clear) | Enable the rule to cleanup the cache for expired objects. | `bool` | `true` | no |
-| [cache\_lifecycle\_prefix](#input\_cache\_lifecycle\_prefix) | Object key prefix identifying one or more objects to which the clean up rule applies. | `string` | `"runner/"` | no |
-| [cache\_logging\_bucket](#input\_cache\_logging\_bucket) | S3 Bucket ID where the access logs to the cache bucket are stored. | `string` | `null` | no |
-| [cache\_logging\_bucket\_prefix](#input\_cache\_logging\_bucket\_prefix) | Prefix within the `cache_logging_bucket`. | `string` | `null` | no |
-| [create\_cache\_bucket](#input\_create\_cache\_bucket) | (deprecated) If the cache should not be created, remove the whole module call! | `bool` | `null` | no |
-| [environment](#input\_environment) | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes |
-| [kms\_key\_id](#input\_kms\_key\_id) | KMS key id to encrypted the resources. Ensure that your Runner/Executor has access to the KMS key. | `string` | `""` | no |
-| [name\_iam\_objects](#input\_name\_iam\_objects) | Set the name prefix of all AWS IAM resources created by this module | `string` | `""` | no |
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [arn\_format](#input\_arn\_format) | ARN format to be used. May be changed to support deployment in GovCloud/China regions. | `string` | `"arn:aws"` | no |
+| [cache\_bucket\_name\_include\_account\_id](#input\_cache\_bucket\_name\_include\_account\_id) | Boolean to add current account ID to cache bucket name. | `bool` | `true` | no |
+| [cache\_bucket\_prefix](#input\_cache\_bucket\_prefix) | Prefix for s3 cache bucket name. | `string` | `""` | no |
+| [cache\_bucket\_set\_random\_suffix](#input\_cache\_bucket\_set\_random\_suffix) | Random string suffix for s3 cache bucket | `bool` | `false` | no |
+| [cache\_bucket\_versioning](#input\_cache\_bucket\_versioning) | Boolean used to enable versioning on the cache bucket, false by default. | `bool` | `false` | no |
+| [cache\_expiration\_days](#input\_cache\_expiration\_days) | Number of days before cache objects expires. | `number` | `1` | no |
+| [cache\_lifecycle\_clear](#input\_cache\_lifecycle\_clear) | Enable the rule to cleanup the cache for expired objects. | `bool` | `true` | no |
+| [cache\_lifecycle\_prefix](#input\_cache\_lifecycle\_prefix) | Object key prefix identifying one or more objects to which the clean up rule applies. | `string` | `"runner/"` | no |
+| [cache\_logging\_bucket](#input\_cache\_logging\_bucket) | S3 Bucket ID where the access logs to the cache bucket are stored. | `string` | `null` | no |
+| [cache\_logging\_bucket\_prefix](#input\_cache\_logging\_bucket\_prefix) | Prefix within the `cache_logging_bucket`. | `string` | `null` | no |
+| [create\_cache\_bucket](#input\_create\_cache\_bucket) | (deprecated) If the cache should not be created, remove the whole module call! | `bool` | `null` | no |
+| [environment](#input\_environment) | A name that identifies the environment, used as prefix and for tagging. | `string` | n/a | yes |
+| [kms\_key\_id](#input\_kms\_key\_id) | KMS key id to encrypted the resources. Ensure that your Runner/Executor has access to the KMS key. | `string` | `""` | no |
+| [name\_iam\_objects](#input\_name\_iam\_objects) | Set the name prefix of all AWS IAM resources created by this module | `string` | `""` | no |
| [tags](#input\_tags) | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no |
## Outputs