-
Notifications
You must be signed in to change notification settings - Fork 3
131 lines (128 loc) · 4.98 KB
/
prerelease.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
---
name: prerelease
on:
release:
types: [prereleased]
env:
AWS_DEFAULT_REGION: us-east-1
CURL_CACHE_DIR: ~/.cache/curl
PIP_CACHE_DIR: ~/.cache/pip
RUN_TMATE: ${{ secrets.RUN_TMATE }}
jobs:
diagnostics:
name: Run diagnostics
runs-on: ubuntu-latest
steps:
# Note that a duplicate of this step must be added at the top of
# each job.
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: github-status
name: Check GitHub status
uses: crazy-max/ghaction-github-status@v4
- id: dump-context
name: Dump context
uses: crazy-max/ghaction-dump-context@v2
prerelease:
needs:
- diagnostics
runs-on: ubuntu-latest
steps:
- id: harden-runner
name: Harden the runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- id: setup-env
uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v4
- id: setup-python
uses: actions/setup-python@v5
with:
python-version: ${{ steps.setup-env.outputs.python-version }}
- uses: actions/cache@v3
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}-\
packer${{ steps.setup-env.outputs.packer-version }}-\
tf-${{ steps.setup-env.outputs.terraform-version }}-"
with:
path: |
${{ env.PIP_CACHE_DIR }}
${{ env.CURL_CACHE_DIR }}
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements.txt') }}"
restore-keys: |
${{ env.BASE_CACHE_KEY }}
- name: Setup curl cache
run: mkdir -p ${{ env.CURL_CACHE_DIR }}
- name: Install Packer
env:
PACKER_VERSION: ${{ steps.setup-env.outputs.packer-version }}
run: |
PACKER_ZIP="packer_${PACKER_VERSION}_linux_amd64.zip"
curl --output ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
--time-cond ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
--location \
"https://releases.hashicorp.com/packer/${PACKER_VERSION}/${PACKER_ZIP}"
sudo unzip -d /opt/packer \
${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
sudo mv /usr/local/bin/packer /usr/local/bin/packer-default
sudo ln -s /opt/packer/packer /usr/local/bin/packer
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install --upgrade \
--requirement requirements.txt
- name: Install ansible roles
run: ansible-galaxy install --force --role-file src/requirements.yml
- name: Assume AWS build role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
role-to-assume: ${{ secrets.BUILD_ROLE_TO_ASSUME_STAGING }}
role-duration-seconds: 3600
# When called by Packer, Ansible will find /usr/bin/python3 and
# use it; therefore, we must ensure that /usr/bin/python3 points
# to the version of Python that we installed in the
# actions/setup-python step above. This can hose other tasks
# that are expecting to find the system Python at that location,
# though, so we undo this change after running Packer.
- name: Create a /usr/bin/python3 symlink to the installed python
run: |
sudo mv /usr/bin/python3 /usr/bin/python3-default
sudo ln -s ${{ env.pythonLocation }}/bin/python3 \
/usr/bin/python3
- name: Install Packer plugins
run: packer init src
- name: Create machine image
<<<<<<< HEAD
env:
# Since we are using the default value of 15 seconds for
# AWS_POLL_DELAY_SECONDS, this corresponds to a timeout of
# an hour and a half. We need such a long timeout because
# it can take almost an hour to create this AMI.
AWS_MAX_ATTEMPTS: 360
=======
>>>>>>> 3817aa9bb37da86d830fb3fdea51fe8d14f43e1d
run: |
packer build -timestamp-ui \
-var build_bucket=${{ secrets.THIRD_PARTY_BUCKET_STAGING }} \
-var is_prerelease=${{ github.event.release.prerelease }} \
-var release_tag=${{ github.event.release.tag_name }} \
-var release_url=${{ github.event.release.html_url }} \
src/packer.pkr.hcl
- name: Remove /usr/bin/python3 symlink to the installed python
run: |
sudo mv /usr/bin/python3-default /usr/bin/python3
- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE