finishing up readme #128
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # https://docs.github.com/en/actions/quickstart | |
| # hhttps://github.com/marketplace/actions/build-and-publish-docker-image-to-github-container-registry | |
| name: "GIB - Golden Image Builder" | |
| on: # yamllint disable-line rule:truthy | |
| push: # yamllint disable-line rule:empty-values | |
| env: | |
| TF_CLOUD_ORGANIZATION: "nolan" | |
| TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" | |
| TF_WORKSPACE: "golden-image-builder" | |
| TF_MAX_TIMEOUT: "1h" | |
| CONFIG_DIRECTORY: "./" | |
| jobs: | |
| build-and-publish-latest: | |
| if: | | |
| always() && | |
| contains(github.event.pull_request.labels.*.name, 'rebuild container image') && | |
| (github.ref != 'refs/heads/main' || github.ref != 'refs/heads/master') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # https://github.com/docker/setup-qemu-action | |
| # https://blog.thesparktree.com/docker-multi-arch-github-actions | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| with: | |
| platforms: 'arm64,amd64' | |
| # https://github.com/docker/setup-buildx-action | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| # https://github.com/marketplace/actions/docker-build-push-action | |
| - uses: mr-smithers-excellent/docker-build-push@v6 | |
| name: Build and Push Docker image | |
| with: | |
| image: golden-image-builder-container | |
| tags: latest | |
| registry: ghcr.io | |
| multiPlatform: true | |
| platform: linux/amd64,linux/arm64 | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| run-run-dot-sh: | |
| needs: build-and-publish-latest | |
| if: | | |
| always() && | |
| (github.ref != 'refs/heads/main' || github.ref != 'refs/heads/master') && | |
| (needs.build-and-publish-latest.result == 'success' || needs.build-and-publish-latest.result == 'skipped') | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ghcr.io/${{ github.repository_owner }}/golden-image-builder-container:latest | |
| options: --user 1001 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Packer version | |
| run: packer -v | |
| - name: Ansible version | |
| run: ansible --version | |
| - name: Terraform version | |
| run: terraform -v | |
| - name: Copy /home/ubuntu/.tflint.d to /github/home/ | |
| run: cp -r /home/ubuntu/.tflint.d /github/home/ | |
| - name: Install Pre Commit | |
| run: python3 -m pip install --no-cache-dir --quiet --upgrade --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org git+https://github.com/pre-commit/[email protected] | |
| - name: cd GITHUB_WORKSPACE | |
| run: cd $GITHUB_WORKSPACE | |
| - name: Run | |
| run: ./run.sh | |
| azure-image-gallery: | |
| needs: run-run-dot-sh | |
| if: | | |
| always() && | |
| (needs.run-run-dot-sh.result == 'success' || needs.run-run-dot-sh.result == 'skipped') | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ghcr.io/${{ github.repository_owner }}/golden-image-builder-container:latest | |
| options: --user 1001 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Terraform version | |
| run: terraform -v | |
| - name: Terraform init | |
| run: terraform init -upgrade | |
| working-directory: ./terraform/azure-shared-image-gallery | |
| - name: Terraform plan | |
| run: terraform plan | |
| working-directory: ./terraform/azure-shared-image-gallery | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
| GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }} | |
| azure-image-gallery-on-tfc: | |
| needs: run-run-dot-sh | |
| if: | | |
| always() && | |
| (needs.run-run-dot-sh.result == 'success' || needs.run-run-dot-sh.result == 'skipped') | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ghcr.io/${{ github.repository_owner }}/golden-image-builder-container:latest | |
| options: --user 1001 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Terraform version | |
| run: terraform -v | |
| - name: Upload Configuration | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: plan-upload | |
| if: | | |
| env.GITHUB_TOKEN == true | |
| with: | |
| workspace: 'azure-image-gallery' | |
| directory: './terraform/azure-shared-image-gallery' | |
| speculative: true | |
| - name: Create Plan Run | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: plan-run | |
| if: | | |
| env.GITHUB_TOKEN == true | |
| with: | |
| workspace: 'azure-image-gallery' | |
| directory: './terraform/azure-shared-image-gallery' | |
| configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }} | |
| plan_only: true | |
| - name: Get Plan Output | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: plan-output | |
| if: | | |
| env.GITHUB_TOKEN == true | |
| with: | |
| workspace: 'azure-image-gallery' | |
| directory: './terraform/azure-shared-image-gallery' | |
| plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }} | |
| - name: Upload Configuration | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: upload | |
| with: | |
| workspace: 'azure-image-gallery' | |
| directory: "./terraform/azure-shared-image-gallery" | |
| - name: Create Run | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: create-run | |
| with: | |
| workspace: 'azure-image-gallery' | |
| configuration_version: ${{ steps.upload.outputs.configuration_version_id }} | |
| - name: Apply Run | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| # assign id attribute to reference in subsequent steps | |
| id: apply | |
| with: | |
| run: ${{ steps.create-run.outputs.run_id }} | |
| comment: "Confirmed from GitHub Actions CI" | |
| packer-build: | |
| needs: azure-image-gallery-on-tfc | |
| if: | | |
| always() && | |
| (needs.run-run-dot-sh.result == 'success' || needs.run-run-dot-sh.result == 'skipped') && | |
| (needs.azure-image-gallery.result == 'success' || needs.azure-image-gallery.result == 'skipped' || needs.azure-image-gallery-on-tfc.result == 'success' || needs.azure-image-gallery-on-tfc.result == 'skipped') | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ghcr.io/${{ github.repository_owner }}/golden-image-builder-container:latest | |
| options: --user 1001 | |
| steps: | |
| # Checking out the repo | |
| - uses: actions/checkout@v3 | |
| - name: Ansible version | |
| run: ansible --version | |
| - name: Ansible Galaxy install roles | |
| run: ansible-galaxy install -f -r ansible/roles/requirements.yml -p ansible/roles/ | |
| - name: Packer version | |
| run: packer -v | |
| - name: Packer init | |
| run: packer init -upgrade packer/all | |
| - name: Packer build | |
| # https://developer.hashicorp.com/packer/docs/templates/hcl_templates/onlyexcept | |
| run: packer build -force -only='amazon-ebs.ubuntu-2204' packer/all | |
| # run: packer build -force -except='vagrant.*' packer/all | |
| # run: PACKER_LOG=1 packer build -debug -force -only='googlecompute.ubuntu-2204' packer/all | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
| GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }} | |
| awx-ansible-tower: | |
| needs: packer-build | |
| if: | | |
| always() && | |
| (needs.run-run-dot-sh.result == 'success' || needs.run-run-dot-sh.result == 'skipped') && | |
| (needs.packer-build.result == 'success' || needs.packer-build.result == 'skipped') | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ghcr.io/${{ github.repository_owner }}/golden-image-builder-container:latest | |
| options: --user 1001 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Terraform version | |
| run: terraform -v | |
| - name: Terraform init | |
| run: terraform init -upgrade | |
| working-directory: ./terraform/awx-ansible-tower-instance | |
| - name: Terraform auto tfvars | |
| run: | | |
| echo "use_packer_image = true" >> terraform.auto.tfvars | |
| echo "ssh_public_key = \"${{ vars.TF_VAR_SSH_PUBLIC_KEY }}\"" >> terraform.auto.tfvars | |
| echo "ssh_private_key = <<EOF\n${{ secrets.TF_VAR_SSH_PRIVATE_KEY }}\nEOF" >> terraform.auto.tfvars | |
| ls -la | |
| cat terraform.auto.tfvars | |
| working-directory: ./terraform/awx-ansible-tower-instance | |
| - name: Terraform plan | |
| run: terraform plan | |
| working-directory: ./terraform/awx-ansible-tower-instance | |
| env: | |
| TF_VAR_ssh_public_key: ${{ vars.TF_VAR_SSH_PUBLIC_KEY }} | |
| TF_VAR_ssh_private_key: ${{ secrets.TF_VAR_SSH_PRIVATE_KEY }} | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
| GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }} | |
| awx-ansible-tower-on-tfc: | |
| needs: packer-build | |
| if: | | |
| always() && | |
| (needs.run-run-dot-sh.result == 'success' || needs.run-run-dot-sh.result == 'skipped') && | |
| (needs.packer-build.result == 'success' || needs.packer-build.result == 'skipped') | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ghcr.io/${{ github.repository_owner }}/golden-image-builder-container:latest | |
| options: --user 1001 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Terraform version | |
| run: terraform -v | |
| - name: Terraform auto tfvars | |
| run: | | |
| echo "use_packer_image = true" >> terraform.auto.tfvars | |
| echo "ssh_public_key = \"${{ vars.TF_VAR_SSH_PUBLIC_KEY }}\"" >> terraform.auto.tfvars | |
| echo "ssh_private_key = <<EOF\n${{ secrets.TF_VAR_SSH_PRIVATE_KEY }}\nEOF" >> terraform.auto.tfvars | |
| ls -la | |
| cat terraform.auto.tfvars | |
| working-directory: ./terraform/awx-ansible-tower-instance | |
| - name: Upload Configuration | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: plan-upload | |
| with: | |
| workspace: "awx-ansible-tower" | |
| directory: "./terraform/awx-ansible-tower-instance" | |
| speculative: true | |
| - name: Create Plan Run | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: plan-run | |
| with: | |
| workspace: "awx-ansible-tower" | |
| configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }} | |
| plan_only: true | |
| - name: Get Plan Output | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: plan-output | |
| with: | |
| plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }} | |
| - name: Upload Configuration | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: upload | |
| with: | |
| workspace: "awx-ansible-tower" | |
| directory: "./terraform/awx-ansible-tower-instance" | |
| - name: Create Run | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: create-run | |
| with: | |
| workspace: "awx-ansible-tower" | |
| configuration_version: ${{ steps.upload.outputs.configuration_version_id }} | |
| - name: Apply Run | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: apply | |
| continue-on-error: true | |
| with: | |
| run: ${{ steps.create-run.outputs.run_id }} | |
| comment: "Confirmed from GitHub Actions CI" |