Release observability images #124
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release observability images | |
| on: | |
| workflow_dispatch: | |
| env: | |
| PACKER_VERSION: "latest" | |
| ENV_FILE_PATH: .github/shared-variables/.env | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| get-observability-version: | |
| runs-on: ubuntu-latest | |
| environment: release-node-images | |
| outputs: | |
| observability_version: ${{ steps.observability.outputs.version }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Load and Increment OBSERVABILITY_VERSION | |
| id: observability | |
| run: | | |
| if [ ! -f ${{ env.ENV_FILE_PATH }} ]; then | |
| echo "::error::${{ env.ENV_FILE_PATH }} file not found!" | |
| exit 1 | |
| fi | |
| OBSERVABILITY_VERSION=$(grep '^OBSERVABILITY_VERSION=' .github/shared-variables/.env | cut -d '=' -f2) | |
| if [ -z "$OBSERVABILITY_VERSION" ]; then | |
| echo "::error::OBSERVABILITY_VERSION not found in .${{ env.ENV_FILE_PATH }}!" | |
| exit 1 | |
| fi | |
| NEW_VERSION=$(printf "%05d" $((10#$OBSERVABILITY_VERSION + 1))) | |
| echo "version=${NEW_VERSION}" >> $GITHUB_OUTPUT | |
| release-observability-image: | |
| runs-on: ubuntu-latest | |
| environment: release-node-images | |
| needs: [get-observability-version] | |
| strategy: | |
| matrix: | |
| cloud_provider: ['gcp', 'aws'] | |
| defaults: | |
| run: | |
| working-directory: ./packer | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Load common variables | |
| run: cat ../.github/shared-variables/.env >> $GITHUB_ENV | |
| - name: Configure Cloud Credentials | |
| if: matrix.cloud_provider == 'gcp' | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| project_id: concordium-mgmt-0 | |
| workload_identity_provider: projects/761241104197/locations/global/workloadIdentityPools/github/providers/concordium | |
| service_account: github-infra-images-packer@concordium-mgmt-0.iam.gserviceaccount.com | |
| - name: Configure AWS Credentials | |
| if: matrix.cloud_provider == 'aws' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.OBSERVABILITY_AWS_REGION }} | |
| role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
| role-session-name: ReleaseObservabilityImageSession | |
| - name: Setup Packer | |
| uses: hashicorp/setup-packer@main | |
| id: setup | |
| with: | |
| version: ${{ env.PACKER_VERSION }} | |
| - name: Initialize Packer | |
| run: packer init observability | |
| - name: Determine Image Name | |
| run: echo "IMAGE_NAME=concordium-observability-node-${{ needs.get-observability-version.outputs.observability_version }}-${{ matrix.cloud_provider == 'gcp' && 'x86-64' || 'x86_64' }}" >> $GITHUB_ENV | |
| - name: Check if Image Already Exists | |
| run: | | |
| if [ "${{ matrix.cloud_provider }}" == "gcp" ]; then | |
| IMAGE_ID=$(gcloud compute images list --project="concordium-mgmt-0" --filter="name=(${IMAGE_NAME})" --format="value(name)") | |
| elif [ "${{ matrix.cloud_provider }}" == "aws" ]; then | |
| IMAGE_ID=$(aws ec2 describe-images --filters Name=name,Values=$IMAGE_NAME --query 'Images[*].ImageId' --output text) | |
| else | |
| echo "::error::Unknown cloud provider: ${{ matrix.cloud_provider }}" | |
| exit 1 | |
| fi | |
| echo "IMAGE_ID=$IMAGE_ID" >> $GITHUB_ENV | |
| - name: Setup subnet id | |
| if: ${{ matrix.cloud_provider == 'aws' }} | |
| run: | | |
| VALUE=$(echo '${{ env.REGION_TO_SUBNET }}' | jq -r --arg key "${{ env.OBSERVABILITY_AWS_REGION }}" '.[$key]') | |
| if [[ $VALUE == "null" ]]; then | |
| echo "::error::Key '${{ env.AWS_ENVIRONMENT_REGION }}' not found in ${{ env.REGION_TO_SUBNET }}" | |
| exit 1 | |
| fi | |
| echo "AWS_SUBNET_ID=$VALUE" >> $GITHUB_ENV | |
| - name: Set variables | |
| if: ${{ env.IMAGE_ID == '' }} | |
| run: | | |
| export AMI_USERS='["727113945353"]' | |
| export CLOUD_PROVIDER=${{ matrix.cloud_provider }} | |
| export TARGET_AWS_REGIONS=$(echo '${{ env.ENVIRONMENT_TO_AWS_REGION }}' | jq -r -c --arg region "$AWS_REGION" '[..|strings]|unique | map(select(. != $region))') | |
| envsubst < observability/variables.pkrvars.hcl.template > variables.pkrvars.hcl | |
| - name: Build Image | |
| if: ${{ env.IMAGE_ID == '' }} | |
| run: | | |
| set -eo pipefail | |
| packer build -machine-readable -var-file=./variables.pkrvars.hcl observability | tee build-output.log | |
| remote-git-changes: | |
| runs-on: ubuntu-latest | |
| needs: [ release-observability-image, get-observability-version] | |
| environment: release-node-images | |
| env: | |
| OBSERVABILITY_VERSION: ${{ needs.get-observability-version.outputs.observability_version }} | |
| steps: | |
| - uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.APP_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| - name: Alter observability version | |
| run: | | |
| sed -i "s/^OBSERVABILITY_VERSION=.*/OBSERVABILITY_VERSION=${{ env.OBSERVABILITY_VERSION }}/" ${{ env.ENV_FILE_PATH }} | |
| echo "::notice::OBSERVABILITY_VERSION=${{ env.OBSERVABILITY_VERSION }}" | |
| - name: Commit and Push Changes | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "[email protected]" | |
| git commit -am "Increment OBSERVABILITY_VERSION to ${{ env.OBSERVABILITY_VERSION }}" | |
| git tag -m "Release observability version ${{ env.OBSERVABILITY_VERSION }}" observability/${{ env.OBSERVABILITY_VERSION }} | |
| git push origin HEAD --follow-tags |