Upload cloud images #100

Workflow file for this run

.github/workflows/upload-cloud-images.yaml at 48d5c2b

	name: Upload cloud images
	on:
	schedule:
	# Everyday at 2am
	- cron: '0 2 * * *'
	workflow_dispatch:
	inputs:
	force:
	description: 'Force pushing even if already pushed'
	required: false
	type: boolean

	permissions: read-all

	jobs:
	upload-gce:
	name: Upload to GCE
	runs-on: ubuntu-latest
	steps:
	- name: "Checkout code"
	uses: actions/checkout@v4
	with:
	persist-credentials: false
	- run: \|
	git fetch --prune --unshallow
	# https://github.com/google-github-actions/auth?tab=readme-ov-file#authenticate-to-google-cloud-from-github-actions
	# https://github.com/google-github-actions/auth/blob/main/docs/EXAMPLES.md#service-account-key-json
	- uses: 'google-github-actions/auth@v2'
	with:
	credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}'
	- name: 'Set up Cloud SDK'
	uses: 'google-github-actions/setup-gcloud@v2'
	- name: Install deps
	run: \|
	sudo apt update && sudo apt install -y qemu-utils
	- name: Build and push GCE image
	env:
	GCP_PROJECT: palette-kairos
	GCS_BUCKET: kairos-cloud-images
	run: \|
	set -xe

	latestTag=$(git describe --tags --abbrev=0)
	latestTagSanitized=$(echo "$latestTag" \| tr '.' '-')

	echo "Fetching all pushed versions"
	mapfile -t kairosVersions < <(gcloud compute images list --project=palette-kairos --filter="labels.version:*" --format="value(labels.version)")

	echo "Checking if '$latestTag' is already pushed"
	echo "Looking among versions: ${kairosVersions[@]}"
	alreadyPushed=false
	for version in "${kairosVersions[@]}"; do
	if [[ $version == $latestTagSanitized ]]; then
	stableVersions+=("$version")
	alreadyPushed=true
	break
	fi
	done

	if [[ "$alreadyPushed" = true && "${{ inputs.force }}" != "true" ]]; then
	echo "Image for $latestTag is already pushed and 'force' wasn't true. Exiting."
	exit 0
	fi

	containerImage="quay.io/kairos/ubuntu:24.04-core-amd64-generic-${latestTag}"
	docker run -v /var/run/docker.sock:/var/run/docker.sock --net host \
	--privileged \
	-v $PWD:/aurora --rm quay.io/kairos/auroraboot \
	--debug \
	--set "disable_http_server=true" \
	--set "container_image=docker:${containerImage}" \
	--set "disable_netboot=true" \
	--set "disk.bios=true" \
	--set "state_dir=/aurora"

	file=$(ls *.raw)
	mv "$file" disk.raw

	GB=$((102410241024))
	MB=$((1024*1024))
	size=$(qemu-img info -f raw --output json disk.raw \| gawk 'match($0, /"virtual-size": ([0-9]+),/, val) {print val[1];exit}')
	# shellcheck disable=SC2004
	ROUNDED_SIZE=$(echo "$size/$GB+1"\|bc)
	CURRENT_SIZE=$(echo "$size/$MB"\|bc)
	echo "Resizing raw image from \"$size\"MB to \"$ROUNDED_SIZE\"GB"
	qemu-img resize -f raw disk.raw "$ROUNDED_SIZE"G
	tar --format=oldgnu -czvf "${file%.*}.tar.gz" disk.raw

	.github/upload-image-to-gce.sh $(ls *.tar.gz) "$latestTag"

	upload-aws:
	name: Upload to AWS
	runs-on: ubuntu-latest
	steps:
	- name: "Checkout code"
	uses: actions/checkout@v4
	with:
	persist-credentials: false
	- run: \|
	git fetch --prune --unshallow
	# https://github.com/aws-actions/configure-aws-credentials?tab=readme-ov-file#assumerole-with-static-iam-credentials-in-repository-secrets
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: eu-central-1
	# role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
	# role-external-id: ${{ secrets.AWS_ROLE_EXTERNAL_ID }}
	role-duration-seconds: 1200
	role-session-name: AWSCIPush
	- name: Build and push AWS image
	env:
	AWS_S3_BUCKET: kairos-cloud-images
	AWS_REGION: eu-central-1
	run: \|
	set -e

	latestTag=$(git describe --tags --abbrev=0)

	echo "Fetching all pushed versions"
	mapfile -t kairosVersions < <(aws --region "$AWS_REGION" ec2 describe-images --owners self --query 'Images[].Tags[?Key==`KairosVersion`].Value' --output text)

	echo "Checking if '$latestTag' is already pushed"
	echo "Looking among versions: ${kairosVersions[@]}"
	for version in "${kairosVersions[@]}"; do
	if [[ $version == $latestTag ]]; then
	stableVersions+=("$version")
	alreadyPushed=true
	break
	fi
	done

	if [[ "$alreadyPushed" = true && "${{ inputs.force }}" != "true" ]]; then
	echo "Image for $latestTag is already pushed and 'force' wasn't true. Exiting."
	exit 0
	fi

	containerImage="quay.io/kairos/ubuntu:24.04-core-amd64-generic-${latestTag}"
	docker run -v /var/run/docker.sock:/var/run/docker.sock --net host \
	--privileged \
	-v $PWD:/aurora --rm quay.io/kairos/auroraboot \
	--debug \
	--set "disable_http_server=true" \
	--set "container_image=docker:${containerImage}" \
	--set "disable_netboot=true" \
	--set "disk.raw=true" \
	--set "state_dir=/aurora"

	.github/upload-image-to-aws.sh $(ls *.raw) "$latestTag"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upload cloud images #100

Workflow file

Upload cloud images #100

Jobs

Run details

Workflow file for this run