Skip to content

Azure & GCP AMI manual publish #38

Azure & GCP AMI manual publish

Azure & GCP AMI manual publish #38

name: Azure & GCP AMI manual publish
on:
workflow_dispatch:
jobs:
build:
name: Build the Azure & GCP AMIs using Packer
strategy:
matrix:
cloud: [azure, gcp]
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
env:
# GCP
PKR_VAR_project_id: spacelift-workers
PKR_VAR_account_file: ./gcp.json
PKR_VAR_image_base_name: spacelift-worker
PKR_VAR_image_family: spacelift-worker
# Azure
PKR_VAR_client_id: "976e4a6e-c619-417e-9add-50e2d674e2db"
PKR_VAR_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
PKR_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
PKR_VAR_oidc_request_url: "${ACTIONS_ID_TOKEN_REQUEST_URL}"
PKR_VAR_oidc_request_token: "${ACTIONS_ID_TOKEN_REQUEST_TOKEN}"
PKR_VAR_image_resource_group: rg-worker_images-public-westeurope
PKR_VAR_packer_work_group: rg-worker_images_packer-public-westeurope
PKR_VAR_gallery_resource_group: rg-worker_images-public-westeurope
PKR_VAR_gallery_name: worker_images_public
PKR_VAR_gallery_image_name: ubuntu_20_04
PKR_VAR_gallery_replication_regions: '["westeurope"]'
PKR_VAR_gallery_image_version: 1.0.${{ github.run_number }}
steps:
- name: Check out the source code
uses: actions/checkout@main
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-duration-seconds: 3600
- name: Set up Google Cloud SDK
if: matrix.cloud == 'gcp'
uses: google-github-actions/setup-gcloud@v2
- name: Create account file for GCP
if: matrix.cloud == 'gcp'
run: |
echo '${{ secrets.GCP_CREDENTIALS_JSON }}' > ${{ env.PKR_VAR_account_file }}
- name: Authenticate with GCP
if: matrix.cloud == 'gcp'
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS_JSON }}
- name: Export suffix for GCP
if: matrix.cloud == 'gcp'
run: |
echo "PKR_VAR_suffix=$(date +%s)-$(cat /dev/urandom | tr -dc 'a-z0-9' | head -c 8)" >> $GITHUB_ENV
- name: Setup packer
uses: hashicorp/setup-packer@main
with:
version: latest
- name: Initialize Packer
run: packer init ${{ matrix.cloud }}.pkr.hcl
- name: Azure => Build the AMI using Packer
if: matrix.cloud == 'azure'
run: packer build azure.pkr.hcl
- name: GCP => Build the AMI using Packer for US
if: matrix.cloud == 'gcp'
run: packer build gcp.pkr.hcl
env:
PKR_VAR_image_storage_location: us
PKR_VAR_zone: us-central1-a
- name: GCP => Build the AMI using Packer for EU
if: matrix.cloud == 'gcp'
run: packer build gcp.pkr.hcl
env:
PKR_VAR_image_storage_location: eu
PKR_VAR_zone: europe-west1-d
- name: GCP => Build the AMI using Packer for Asia
if: matrix.cloud == 'gcp'
run: packer build gcp.pkr.hcl
env:
PKR_VAR_image_storage_location: asia
PKR_VAR_zone: asia-northeast2-a
- name: GCP => Add IAM policy binding to the Compute Engine images
if: matrix.cloud == 'gcp'
run: |
gcloud compute images add-iam-policy-binding ${PKR_VAR_image_base_name}-us-${PKR_VAR_suffix} --member='allAuthenticatedUsers' --role='roles/compute.imageUser'
gcloud compute images add-iam-policy-binding ${PKR_VAR_image_base_name}-eu-${PKR_VAR_suffix} --member='allAuthenticatedUsers' --role='roles/compute.imageUser'
gcloud compute images add-iam-policy-binding ${PKR_VAR_image_base_name}-asia-${PKR_VAR_suffix} --member='allAuthenticatedUsers' --role='roles/compute.imageUser'
- name: Upload manifest
uses: actions/upload-artifact@v4
with:
path: manifest_${{ matrix.cloud }}.json
name: manifest_${{ matrix.cloud }}.json
retention-days: 5
print-markdown:
needs: [build]
name: Print the AMI IDs in a markdown format
runs-on: ubuntu-latest
steps:
- name: Download Google Cloud manifest
uses: actions/download-artifact@v4
with:
name: manifest_gcp.json
# The GCP manifest file look like this:
# "builds": [
# {
# "name": "spacelift",
# "builder_type": "googlecompute",
# "build_time": 1700479054,
# "files": null,
# "artifact_id": "spacelift-worker-us-1700478848-305dsvij",
# "packer_run_uuid": "cdc82943-986b-5ab9-6ce1-9024ca0ebb6a",
# "custom_data": null
# },
# {
# "name": "spacelift",
# "builder_type": "googlecompute",
# "build_time": 1700479263,
# "files": null,
# "artifact_id": "spacelift-worker-eu-1700478848-305dsvij",
# "packer_run_uuid": "2440c9b1-a342-3606-2661-6e5389bdffc6",
# "custom_data": null
# }
# ]
- name: Print in a markdown format
uses: actions/github-script@v7
env:
RUN_NUMBER: ${{ github.run_number }}
with:
script: |
const fs = require("fs");
content = fs.readFileSync("./manifest_gcp.json", "utf8");
manifest = JSON.parse(content);
const gcpLinesToPrint = [];
manifest["builds"].forEach((build) => {
artifact = build["artifact_id"];
if (artifact.indexOf("-us-") > 0) {
gcpLinesToPrint.push(` - United States | \`${artifact}\``);
}
if (artifact.indexOf("-eu-") > 0) {
gcpLinesToPrint.push(` - Europe | \`${artifact}\``);
}
if (artifact.indexOf("-asia-") > 0) {
gcpLinesToPrint.push(` - Asia | \`${artifact}\``);
}
});
console.log("## Azure");
console.log("");
console.log(`- Publisher | \`spaceliftinc1625499025476\`.`);
console.log(`- Offer | \`spacelift_worker\`.`);
console.log(`- SKU | \`ubuntu_20_04\`.`);
console.log(`- Version | \`1.0.${process.env.RUN_NUMBER}\`.`);
console.log("");
console.log("## Google Cloud Platform");
console.log("");
gcpLinesToPrint.forEach(line => console.log(line));