AWS AMI scheduled publish #109
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: AWS AMI scheduled publish | |
on: | |
schedule: | |
# Every Sunday at 23:00 UTC | |
- cron: "00 23 * * 0" | |
workflow_dispatch: | |
jobs: | |
timestamp: | |
name: Get the build timestamp | |
runs-on: ubuntu-latest | |
outputs: | |
timestamp: ${{ steps.timestamp.outputs.timestamp }} | |
steps: | |
- name: Get the timestamp | |
id: timestamp | |
run: echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT | |
build: | |
# Since we run in parallel, let's make sure we use the same timestamp for all jobs | |
needs: timestamp | |
strategy: | |
matrix: | |
arch: [x86_64, arm64] | |
name: Build the AWS AMI using Packer | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Check out the source code | |
uses: actions/checkout@main | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ secrets.AWS_REGION }} | |
role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
role-duration-seconds: 3600 | |
- name: Setup packer | |
uses: hashicorp/setup-packer@main | |
with: | |
version: latest | |
- name: Initialize Packer | |
run: packer init aws.pkr.hcl | |
- name: Build the AWS AMI using Packer (${{ matrix.arch }}) | |
run: packer build aws.pkr.hcl | |
env: | |
PKR_VAR_encrypt_boot: false | |
PKR_VAR_ami_name_prefix: spacelift-${{ needs.timestamp.outputs.timestamp }} | |
PKR_VAR_source_ami_architecture: ${{ matrix.arch }} | |
PKR_VAR_instance_type: ${{ matrix.arch == 'x86_64' && 't3.micro' || 't4g.micro' }} | |
- name: Upload manifest | |
uses: actions/upload-artifact@v4 | |
with: | |
path: manifest_aws_${{ matrix.arch }}.json | |
name: manifest_aws_${{ matrix.arch }}.json | |
retention-days: 5 | |
build-govcloud: | |
# Since we run in parallel, let's make sure we use the same timestamp for all jobs | |
needs: timestamp | |
strategy: | |
matrix: | |
arch: [x86_64, arm64] | |
name: Build the AWS (GovCloud) AMI using Packer | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Check out the source code | |
uses: actions/checkout@main | |
- name: Configure GovCloud AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ secrets.GOVCLOUD_AWS_REGION }} | |
role-to-assume: ${{ secrets.GOVCLOUD_AWS_ROLE_ARN }} | |
role-duration-seconds: 3600 | |
- name: Setup packer | |
uses: hashicorp/setup-packer@main | |
with: | |
version: latest | |
- name: Initialize Packer | |
run: packer init aws.pkr.hcl | |
- name: Build the GovCloud AWS AMI using Packer (${{ matrix.arch }}) | |
run: packer build aws.pkr.hcl | |
env: | |
PKR_VAR_source_ami_owners: '["045324592363"]' | |
PKR_VAR_region: us-gov-east-1 | |
PKR_VAR_ami_regions: '["us-gov-east-1", "us-gov-west-1"]' | |
PKR_VAR_encrypt_boot: false | |
PKR_VAR_ami_name_prefix: spacelift-${{ needs.timestamp.outputs.timestamp }} | |
PKR_VAR_source_ami_architecture: ${{ matrix.arch }} | |
PKR_VAR_instance_type: ${{ matrix.arch == 'x86_64' && 't3.micro' || 't4g.micro' }} | |
print-markdown: | |
needs: [build] | |
name: Print the AMI IDs in a markdown format | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download x64 manifest | |
uses: actions/download-artifact@v4 | |
with: | |
name: manifest_aws_x86_64.json | |
- name: Download arm64 manifest | |
uses: actions/download-artifact@v4 | |
with: | |
name: manifest_aws_arm64.json | |
# The manifest file look like this: | |
# "builds": [ | |
# { | |
# "name": "spacelift", | |
# "builder_type": "amazon-ebs", | |
# "build_time": 1698670371, | |
# "files": null, | |
# "artifact_id": "ap-northeast-1:ami-0facbd2b91807c339,ap-northeast-2:ami-03849b8d23619dfb2,... | |
# } | |
# ] | |
- name: Print in a markdown format | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const fs = require("fs"); | |
var content = fs.readFileSync("./manifest_aws_arm64.json", "utf8"); | |
var manifest = JSON.parse(content); | |
const toPrint = []; | |
manifest["builds"].forEach((build) => { | |
const regionToAmi = build["artifact_id"].split(","); | |
regionToAmi.forEach((regionToAmi) => { | |
const [region, ami] = regionToAmi.split(":"); | |
toPrint.push(`| ${region} | ${ami} |`); | |
}); | |
}); | |
content = fs.readFileSync("./manifest_aws_x86_64.json", "utf8"); | |
manifest = JSON.parse(content); | |
manifest["builds"].forEach((build) => { | |
const regionToAmi = build["artifact_id"].split(","); | |
regionToAmi.forEach((regionToAmi, i) => { | |
const [region, ami] = regionToAmi.split(":"); | |
toPrint[i] = toPrint[i] + ` ${ami} |`; | |
}); | |
}); | |
console.log("| AWS Region | AMI ID (ARM64) | AMI ID (x86_64) |"); | |
console.log("|------------------|-------------------------|-------------------------|"); | |
toPrint.forEach(line => console.log(line)); |