-
Notifications
You must be signed in to change notification settings - Fork 11
163 lines (141 loc) · 5.32 KB
/
build_aws_scheduled.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
name: AWS AMI scheduled publish
on:
schedule:
# Every Sunday at 23:00 UTC
- cron: "00 23 * * 0"
workflow_dispatch:
jobs:
timestamp:
name: Get the build timestamp
runs-on: ubuntu-latest
outputs:
timestamp: ${{ steps.timestamp.outputs.timestamp }}
steps:
- name: Get the timestamp
id: timestamp
run: echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT
build:
# Since we run in parallel, let's make sure we use the same timestamp for all jobs
needs: timestamp
strategy:
matrix:
arch: [x86_64, arm64]
name: Build the AWS AMI using Packer
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Check out the source code
uses: actions/checkout@main
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-duration-seconds: 3600
- name: Setup packer
uses: hashicorp/setup-packer@main
with:
version: latest
- name: Initialize Packer
run: packer init aws.pkr.hcl
- name: Build the AWS AMI using Packer (${{ matrix.arch }})
run: packer build aws.pkr.hcl
env:
PKR_VAR_encrypt_boot: false
PKR_VAR_ami_name_prefix: spacelift-${{ needs.timestamp.outputs.timestamp }}
PKR_VAR_source_ami_architecture: ${{ matrix.arch }}
PKR_VAR_instance_type: ${{ matrix.arch == 'x86_64' && 't3.micro' || 't4g.micro' }}
- name: Upload manifest
uses: actions/upload-artifact@v4
with:
path: manifest_aws_${{ matrix.arch }}.json
name: manifest_aws_${{ matrix.arch }}.json
retention-days: 5
build-govcloud:
# Since we run in parallel, let's make sure we use the same timestamp for all jobs
needs: timestamp
strategy:
matrix:
arch: [x86_64, arm64]
name: Build the AWS (GovCloud) AMI using Packer
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Check out the source code
uses: actions/checkout@main
- name: Configure GovCloud AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.GOVCLOUD_AWS_REGION }}
role-to-assume: ${{ secrets.GOVCLOUD_AWS_ROLE_ARN }}
role-duration-seconds: 3600
- name: Setup packer
uses: hashicorp/setup-packer@main
with:
version: latest
- name: Initialize Packer
run: packer init aws.pkr.hcl
- name: Build the GovCloud AWS AMI using Packer (${{ matrix.arch }})
run: packer build aws.pkr.hcl
env:
PKR_VAR_source_ami_owners: '["045324592363"]'
PKR_VAR_region: us-gov-east-1
PKR_VAR_ami_regions: '["us-gov-east-1", "us-gov-west-1"]'
PKR_VAR_encrypt_boot: false
PKR_VAR_ami_name_prefix: spacelift-${{ needs.timestamp.outputs.timestamp }}
PKR_VAR_source_ami_architecture: ${{ matrix.arch }}
PKR_VAR_instance_type: ${{ matrix.arch == 'x86_64' && 't3.micro' || 't4g.micro' }}
print-markdown:
needs: [build]
name: Print the AMI IDs in a markdown format
runs-on: ubuntu-latest
steps:
- name: Download x64 manifest
uses: actions/download-artifact@v4
with:
name: manifest_aws_x86_64.json
- name: Download arm64 manifest
uses: actions/download-artifact@v4
with:
name: manifest_aws_arm64.json
# The manifest file look like this:
# "builds": [
# {
# "name": "spacelift",
# "builder_type": "amazon-ebs",
# "build_time": 1698670371,
# "files": null,
# "artifact_id": "ap-northeast-1:ami-0facbd2b91807c339,ap-northeast-2:ami-03849b8d23619dfb2,...
# }
# ]
- name: Print in a markdown format
uses: actions/github-script@v7
with:
script: |
const fs = require("fs");
var content = fs.readFileSync("./manifest_aws_arm64.json", "utf8");
var manifest = JSON.parse(content);
const toPrint = [];
manifest["builds"].forEach((build) => {
const regionToAmi = build["artifact_id"].split(",");
regionToAmi.forEach((regionToAmi) => {
const [region, ami] = regionToAmi.split(":");
toPrint.push(`| ${region} | ${ami} |`);
});
});
content = fs.readFileSync("./manifest_aws_x86_64.json", "utf8");
manifest = JSON.parse(content);
manifest["builds"].forEach((build) => {
const regionToAmi = build["artifact_id"].split(",");
regionToAmi.forEach((regionToAmi, i) => {
const [region, ami] = regionToAmi.split(":");
toPrint[i] = toPrint[i] + ` ${ami} |`;
});
});
console.log("| AWS Region | AMI ID (ARM64) | AMI ID (x86_64) |");
console.log("|------------------|-------------------------|-------------------------|");
toPrint.forEach(line => console.log(line));