Image: Agent - duplocloud-docker #47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Image: Agent - duplocloud-docker' | |
on: | |
workflow_dispatch: | |
inputs: | |
image_version: | |
description: 'Set the image version' | |
required: false | |
default: 'dev' # default to dev version | |
only_partition: | |
description: 'Only build this partition' | |
required: false | |
default: 'all' | |
only_builders: | |
description: 'Only run these builders' | |
required: false | |
default: 'amazon-ebs.ubuntu-22,amazon-ebs.amazonlinux-2' | |
env: | |
git_user: duplo-bot | |
git_email: joe+github-bot@duplocloud.net | |
duplo_host: https://prod.duplocloud.net | |
duplo_token: "${{ secrets.PROD_DUPLO_TOKEN }}" | |
jobs: | |
build-commercial: | |
if: "${{ github.event.inputs.only_partition == 'all' || github.event.inputs.only_partition == 'commercial' }}" | |
# Needed for GCP (OIDC): Add "id-token" with the intended permissions. | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
# GCP credentials | |
- name: Packer GCP Service Account | |
uses: google-github-actions/auth@v0 | |
with: | |
workload_identity_provider: 'projects/17033121890/locations/global/workloadIdentityPools/duplo-githubactions/providers/duplo-githubactions' | |
service_account: 'packer@msp-duplocloud-01.iam.gserviceaccount.com' | |
# AWS credentials | |
- name: Packer AWS Role | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
aws-region: us-west-2 | |
role-to-assume: arn:aws:iam::227120241369:role/packer-builder | |
role-session-name: github-duplocloud-linuxagent | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
# Build images | |
- name: Build VM Images | |
run: | | |
set -eu | |
# Install session manager. | |
curl -o session-manager-plugin.deb "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" | |
sudo dpkg -i session-manager-plugin.deb | |
# Install packer. | |
curl -o packer.zip https://releases.hashicorp.com/packer/1.8.6/packer_1.8.6_linux_amd64.zip | |
mkdir -p /tmp/bin | |
sudo unzip -d /tmp/bin packer.zip | |
export PATH="/tmp/bin:$PATH" | |
# Validate the template. | |
packer validate -syntax-only ./packer | |
# Parse build options. | |
if [ "$ONLY_BUILDERS" = "all" ]; then | |
ONLY_BUILDERS="" | |
elif [ -n "$ONLY_BUILDERS" ]; then | |
ONLY_BUILDERS="-only=$ONLY_BUILDERS" | |
fi | |
# Build the images. | |
rm -f packer-manifest.json # always be clean | |
packer build $ONLY_BUILDERS \ | |
-color=false -on-error=cleanup -parallel-builds=10 -timestamp-ui \ | |
./packer | |
env: | |
ONLY_BUILDERS: "${{ github.event.inputs.only_builders }}" | |
PKR_VAR_image_version: "${{ github.event.inputs.image_version }}" | |
PKR_VAR_agent_git_ref: "${{ github.sha }}" | |
# Upload the image manifest | |
- name: Attach Manifest | |
uses: actions/upload-artifact@v3 | |
with: | |
name: packer-manifest.json | |
path: packer-manifest.json | |
build-govcloud: | |
if: "${{ github.event.inputs.only_partition == 'all' || github.event.inputs.only_partition == 'govcloud' }}" | |
runs-on: ubuntu-latest | |
env: | |
duplo_host: https://qa-govcloud.duplocloud.net | |
duplo_token: "${{ secrets.GOVCLOUD_DUPLO_TOKEN }}" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
# AWS credentials | |
- name: Tenant AWS JIT | |
uses: duplocloud/ghactions-aws-jit@master | |
with: | |
tenant: github | |
# AWS credentials | |
- name: Packer AWS Role | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
aws-region: us-gov-west-1 | |
role-to-assume: arn:aws-us-gov:iam::051848153245:role/packer-builder | |
role-session-name: github-duplocloud-linuxagent | |
role-chaining: true | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
# Build images | |
- name: Build VM Images | |
run: | | |
set -eu | |
# Install session manager. | |
curl -o session-manager-plugin.deb "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" | |
sudo dpkg -i session-manager-plugin.deb | |
# Install packer. | |
curl -o packer.zip https://releases.hashicorp.com/packer/1.8.6/packer_1.8.6_linux_amd64.zip | |
mkdir -p /tmp/bin | |
sudo unzip -d /tmp/bin packer.zip | |
export PATH="/tmp/bin:$PATH" | |
# Validate the template. | |
packer validate -syntax-only ./packer | |
# Parse build options. | |
if [ "$ONLY_BUILDERS" = "all" ]; then | |
ONLY_BUILDERS="-only=amazon-ebs.ubuntu-20,amazon-ebs.ubuntu-22,amazon-ebs.amazonlinux-2" | |
elif [ -n "$ONLY_BUILDERS" ]; then | |
ONLY_BUILDERS="-only=$ONLY_BUILDERS" | |
fi | |
# Build the images. | |
rm -f *packer-manifest.json # always be clean | |
packer build $ONLY_BUILDERS \ | |
-color=false -on-error=cleanup -parallel-builds=10 -timestamp-ui \ | |
-var-file=packer/duplo-gov.json \ | |
./packer | |
mv packer-manifest.json govcloud-packer-manifest.json | |
env: | |
ONLY_BUILDERS: "${{ github.event.inputs.only_builders }}" | |
PKR_VAR_image_version: "${{ github.event.inputs.image_version }}" | |
PKR_VAR_agent_git_ref: "${{ github.sha }}" | |
# Upload the image manifest | |
- name: Attach Manifest | |
uses: actions/upload-artifact@v3 | |
with: | |
name: govcloud-packer-manifest.json | |
path: govcloud-packer-manifest.json | |
# If this is a release build, create a PR to update Duplo | |
autoupdate-duplo-images: | |
runs-on: ubuntu-latest | |
if: "${{ startsWith(github.event.inputs.image_version, 'release-') && github.event.inputs.only_partition == 'all' }}" | |
needs: | |
- build-commercial | |
steps: | |
# Get the code for the image JSON generation, and the code for Duplo master. | |
- name: Checkout duplo-infra | |
uses: actions/checkout@v3 | |
- name: Checkout duplo (backend) | |
uses: actions/checkout@v3 | |
with: | |
repository: duplocloud-internal/duplo | |
ref: master # always start from master | |
token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} | |
path: duplo-backend | |
# Download the image manifest | |
- name: Download Manifest (Commercial) | |
uses: actions/download-artifact@v3 | |
with: | |
name: packer-manifest.json | |
path: packer | |
- name: Download Manifest (Govcloud) | |
uses: actions/download-artifact@v3 | |
with: | |
name: govcloud-packer-manifest.json | |
path: packer | |
# Run the script to generate new image JSON. | |
- name: Update duplo images JSON | |
run: | | |
git config core.autocrlf false | |
cd packer | |
INPUT_FILES='packer-manifest.json govcloud-packer-manifest.json' DUPLO_SOURCE=../duplo-backend ./gen-native-images.sh | |
# Create a PR | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@v4 | |
with: | |
title: '[duplo-bot] Update Duplo Docker AMI(s)' | |
branch: auto-update/duplo-docker-amis | |
base: master | |
add-paths: config/V1/BuiltInNativeImages.json | |
commit-message: '[duplo-bot] Update Duplo Docker AMI(s)' | |
body: 'Automated update of Duplo Docker AMI(s)' | |
committer: "${{ env.git_user }} <${{ env.git_email }}>" | |
delete-branch: true | |
path: duplo-backend | |
token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} |