-
Notifications
You must be signed in to change notification settings - Fork 2
166 lines (147 loc) · 6.02 KB
/
aws-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
name: Manual Action to build goldenimage to Amazon EC2
# on:
# push:
# paths:
# - 'envs/amazon/*.pkr.hcl'
# - 'envs/amazon/*.pkrvars.hcl'
# - 'envs/amazon/*.yaml'
##########################
### Run Manually ###
##########################
on:
workflow_dispatch:
inputs:
target:
type: choice
description: create target
options:
- dev
- prod
region:
type: choice
description: create at region
options:
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ap-northeast-2
windowsversion:
type: choice
description: which version you want to create
options:
- 2019
- 2022
env:
# set with your preferred AWS region, e.g. us-west-1
AWS_REGION: ${{ github.event.inputs.region }}
# set with GitHub Actions role name
AWS_ROLE_ARN: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-action-to-ec2
ROLLE_SESSION_NAME: GithubAction-PackerBuild
PACKER_VERSION: 1.8.1
PYTHON_VERSION: 3.8
ANSIBLE_VERSION: 5.9.0
EGIHS_TARGET: ${{ github.event.inputs.target }}
EGIHS_WINDOW_VERSION: ${{ github.event.inputs.windowsversion }}
defaults:
run:
working-directory: ./packer/
jobs:
packer:
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-20.04
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
steps:
- uses: actions/checkout@v2
id: checkout
# if manual-run, please comment out the following
# if: contains(toJSON(github.event.commits.*.message), '@builddev-aws')
with:
submodules: true # Fetch submodules
fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod
- name: Configure AWS credentials from IAM Role for Github Action
if: ${{ !env.ACT }}
id: configure_aws_credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: ${{ env.AWS_REGION }}
role-session-name: ${{ env.ROLLE_SESSION_NAME }}-${{ github.run_id }}
role-to-assume: ${{ env.AWS_ROLE_ARN }}
- name: Configure AWS credentials from IAM Role for Local
if: ${{ env.ACT }}
id: configure_aws_credentials_local
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: ${{ env.AWS_REGION }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Set up Packer
uses: hashicorp-contrib/setup-packer@v1
with:
packer-version: ${{ env.PACKER_VERSION }}
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Set up Ansible dependencies
run: |
python -m pip install --upgrade pip
pip install botocore boto3 pywinrm
- name: Set up Ansible
run: |
python -m pip install --upgrade pip
pip install ansible==${{ env.ANSIBLE_VERSION }} ansible-lint
- name: install awscli
id: install-aws-cli
uses: unfor19/install-aws-cli-action@v1.0.3
with:
version: 2
- name: Download privatekey ssm
run: aws ssm get-parameter --name "sampleprivatekey" --with-decryption | jq -r .Parameter.Value > ./privatekey
working-directory: ./ansible/
# - name: Packer validate
# id: packer_validate
# run: 'packer validate -syntax-only -var-file aws-${{ env.EGIHS_TARGET }}.pkrvars.hcl -var region=${{ env.AWS_REGION }} aws.pkr.hcl'
# working-directory: ./packer/
# - name: Packer build
# continue-on-error: true
# id: packer_build
# if: ${{ steps.packer_validate.outcome == 'success' }}
# run: 'packer build -color=false -on-error=abort -var-file aws-${{ env.EGIHS_TARGET }}.pkrvars.hcl -var region=${{ env.AWS_REGION }} aws.pkr.hcl'
# Development Job
- name: Packer validate for dev
id: packer_validate_dev
run: 'packer validate -syntax-only -var-file aws-${{ env.EGIHS_TARGET }}.pkrvars.hcl -var region=${{ env.AWS_REGION }} -only ${{ env.EGIHS_TARGET }}-windowsserver${{ env.EGIHS_WINDOW_VERSION }}.* aws.pkr.hcl'
working-directory: ./packer/
if: ${{ env.EGIHS_TARGET == 'dev'}}
- name: Packer build for dev
continue-on-error: true
id: packer_build_dev
run: 'packer build -color=false -on-error=abort -var-file aws-${{ env.EGIHS_TARGET }}.pkrvars.hcl -var region=${{ env.AWS_REGION }} -only ${{ env.EGIHS_TARGET }}-windowsserver${{ env.EGIHS_WINDOW_VERSION }}.* aws.pkr.hcl'
if: steps.packer_validate_dev.outcome == 'success'
# if: ${{ steps.packer_validate_dev.outcome == 'success' }}
# Production Job
- name: Packer validate for prod
id: packer_validate
run: 'packer validate -syntax-only -var-file aws.pkrvars.hcl -var region=${{ env.AWS_REGION }} -only windowsserver${{ env.EGIHS_WINDOW_VERSION }}.* aws.pkr.hcl'
working-directory: ./packer/
if: ${{ env.EGIHS_TARGET == 'prod'}}
- name: Packer build for prod
continue-on-error: true
id: packer_build
run: 'packer build -color=false -on-error=abort -var-file aws.pkrvars.hcl -var region=${{ env.AWS_REGION }} -only windowsserver${{ env.EGIHS_WINDOW_VERSION }}.* aws.pkr.hcl'
if: steps.packer_validate.outcome == 'success'
# if: ${{ steps.packer_validate.outcome == 'success' }}
- name: check if there is a crash log with unexcepted error
id: file_check
run: |
$existing = Test-Path -Path ./crash.log
Write-Host "::set-output name=existing::$existing"
shell: pwsh
- name: Error handling
if: ${{ steps.file_check.outputs.existing == 'True' }}
run: aws s3 cp ./crash.log s3://egihs-packer-log/