diff --git a/.github/workflows/gerrit-packer-verify.yaml b/.github/workflows/gerrit-packer-verify.yaml new file mode 100644 index 0000000000..0f64cb783c --- /dev/null +++ b/.github/workflows/gerrit-packer-verify.yaml @@ -0,0 +1,179 @@ +--- +name: Packer Verify + +# yamllint disable-line rule:truthy +on: + workflow_dispatch: + inputs: + GERRIT_BRANCH: + description: "Branch that change is against" + required: true + type: string + default: master + GERRIT_CHANGE_ID: + description: "The ID for the change" + required: true + type: string + GERRIT_CHANGE_NUMBER: + description: "The Gerrit number" + required: true + type: string + GERRIT_CHANGE_URL: + description: "URL to the change" + required: true + type: string + GERRIT_EVENT_TYPE: + description: "Type of Gerrit event" + required: true + type: string + GERRIT_PATCHSET_NUMBER: + description: "The patch number for the change" + required: true + type: string + GERRIT_PATCHSET_REVISION: + description: "The revision sha" + required: true + type: string + GERRIT_PROJECT: + description: "Project in Gerrit" + required: true + type: string + default: releng/builder + GERRIT_REFSPEC: + description: "Gerrit refspec of change" + required: true + type: string + default: master + +env: + OS_CLOUD: "vex" + PACKER_VERSION: "1.9.1" + +concurrency: + group: ${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }} + cancel-in-progress: true + +jobs: + prepare: + runs-on: ubuntu-latest + steps: + - name: Clear votes + uses: lfit/gerrit-review-action@v0.4 + with: + host: ${{ vars.GERRIT_SERVER }} + username: ${{ vars.GERRIT_SSH_USER }} + key: ${{ secrets.GERRIT_SSH_PRIVKEY }} + known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }} + gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }} + gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }} + vote-type: clear + comment-only: true + - name: Allow replication + run: sleep 10s + + packer-validator: + needs: prepare + runs-on: ubuntu-latest + steps: + - uses: lfit/checkout-gerrit-change-action@v0.4 + with: + gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} + delay: "0s" + - name: Clone git submodules + run: git submodule update --init + - name: Setup packer + uses: hashicorp/setup-packer@main + id: setup + with: + version: ${{ env.PACKER_VERSION }} + - name: Create cloud-env file required for packer + id: create-cloud-env-file + shell: bash + run: | + echo "${{ secrets.CLOUDS_ENV_B64 }}" | base64 --decode > "${GITHUB_WORKSPACE}/cloud-env.pkrvars.hcl" + - name: Create cloud.yaml file for openstack client + id: create-cloud-yaml-file + shell: bash + run: | + mkdir -p "$HOME/.config/openstack" + echo "${{ secrets.CLOUDS_YAML_B64 }}" | base64 --decode > "$HOME/.config/openstack/clouds.yaml" + - uses: actions/setup-python@v4 + id: setup-python + with: + python-version: "3.11" + - name: Install openstack deps + id: install-openstack-deps + run: | + python -m pip install --upgrade pip + pip install python-openstackclient + pip freeze + - uses: dorny/paths-filter@v2 + id: changes + with: + base: ${{ inputs.GERRIT_BRANCH }} + ref: ${{ inputs.GERRIT_REFSPEC }} + filters: | + src: + - 'packer/**' + - if: steps.changes.outputs.src == 'true' + run: | + set -x + cd packer + + varfiles=(common-packer/vars/*.pkrvars.hcl) + templates=(templates/*.pkr.hcl) + + mkdir -p "${GITHUB_WORKSPACE}/logs" + PACKER_LOGS_DIR="${GITHUB_WORKSPACE}/logs" + + for varfile in "${varfiles[@]}"; do + if [[ "$varfile" == *"cloud-env.json"* ]] || \ + [[ "$varfile" == "vars/*.json" ]] || \ + [[ "$varfile" == *"cloud-env.pkrvars.hcl"* ]] || \ + [[ "$varfile" == *"cloud-env-aws.pkrvars.hcl"* ]] || \ + [[ "$varfile" == "vars/*.pkrvars.hcl" ]]; then + continue + fi + + echo "-----> Test var: $varfile" + for template in "${templates[@]}"; do + if [[ "$template" == *"variables.pkr.hcl"* ]] || \ + [[ "$template" == *"variables.auto.pkr.hcl"* ]]; then + continue + fi + + if [[ "${template#*.}" == "pkr.hcl" ]]; then + echo "packer init $template ..." + packer init "$template" + fi + + export PACKER_LOG="yes" + export PACKER_LOG_PATH="$PACKER_LOGS_DIR/packer-validate-${varfile##*/}-${template##*/}.log" + if output=$(OS_CLOUD=${{ env.OS_CLOUD }} packer validate \ + -var-file="${GITHUB_WORKSPACE}/cloud-env.pkrvars.hcl" \ + -var-file="$varfile" "$template"); then + echo "$template: $output" + else + echo "$template: $output" + exit 1 + fi + done + done + + vote: + if: ${{ always() }} + needs: [prepare, packer-validator] + runs-on: ubuntu-latest + steps: + - uses: technote-space/workflow-conclusion-action@v3 + - name: Set vote + uses: lfit/gerrit-review-action@v0.4 + with: + host: ${{ vars.GERRIT_SERVER }} + username: ${{ vars.GERRIT_SSH_USER }} + key: ${{ secrets.GERRIT_SSH_PRIVKEY }} + known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }} + gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }} + gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }} + vote-type: ${{ env.WORKFLOW_CONCLUSION }} + comment-only: true diff --git a/.github/workflows/gerrit-verify.yaml b/.github/workflows/gerrit-verify.yaml index d3b8b7c405..793099ae46 100644 --- a/.github/workflows/gerrit-verify.yaml +++ b/.github/workflows/gerrit-verify.yaml @@ -42,9 +42,6 @@ on: required: true type: string -env: - PACKER_VERSION: "1.8.6" - concurrency: group: ${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }} cancel-in-progress: true @@ -70,7 +67,7 @@ jobs: needs: prepare runs-on: ubuntu-latest steps: - - uses: lfit/checkout-gerrit-change-action@v0.3 + - uses: lfit/checkout-gerrit-change-action@v0.4 with: gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} delay: "0s" @@ -87,7 +84,7 @@ jobs: needs: prepare runs-on: ubuntu-latest steps: - - uses: lfit/checkout-gerrit-change-action@v0.3 + - uses: lfit/checkout-gerrit-change-action@v0.4 with: gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} delay: "0s" @@ -101,7 +98,7 @@ jobs: needs: prepare runs-on: ubuntu-latest steps: - - uses: lfit/checkout-gerrit-change-action@v0.3 + - uses: lfit/checkout-gerrit-change-action@v0.4 with: gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} delay: "0s" @@ -131,7 +128,7 @@ jobs: needs: prepare runs-on: ubuntu-latest steps: - - uses: lfit/checkout-gerrit-change-action@v0.3 + - uses: lfit/checkout-gerrit-change-action@v0.4 with: gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} delay: "0s" @@ -143,76 +140,9 @@ jobs: run: >- pipx run tox - packer-validation: - needs: prepare - runs-on: ubuntu-latest - steps: - - uses: lfit/checkout-gerrit-change-action@v0.3 - with: - gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }} - delay: "0s" - - name: Setup packer - uses: hashicorp/setup-packer@main - id: setup - env: - AUTH_URL: ${{ secrets.cloud_auth_url }} - CLOUD_ENV: "packer/cloud-env.json" - with: - cloud_auth_url: "https://auth.vexxhost.net/v3/" - cloud_tenant: ${{ secrets.cloud_tenant }} - cloud_user: ${{ secrets.cloud_user }} - cloud_network: ${{ secrets.cloud_network }} - version: ${{ env.PACKER_VERSION }} - cloud_pass: ${{ secrets.cloud_pass }} - dicrectory: packer - file_name: cloud-env.json - fail_on_empty: true - - name: Clone git submodules - run: git submodule update --init - - uses: dorny/paths-filter@v2 - id: changes - with: - filters: | - src: - - 'packer/**' - - if: steps.changes.outputs.src == 'true' - run: | - cd packer - varfiles=(vars/*.json common-packer/vars/*.json) - templates=(templates/*.json) - - for varfile in "${varfiles[@]}"; do - # cloud-env.json is a file containing credentials which is pulled in via - # CLOUDENV variable so skip it here. Also handle the case where a project - # has not vars/*.json file. - if [[ "$varfile" == *"cloud-env.json"* ]] || [[ "$varfile" == 'vars/*.json' ]]; then - continue - fi - - echo "-----> Testing varfile: $varfile" - for template in "${templates[@]}"; do - export PACKER_LOG="yes" - export PACKER_LOG_PATH="$PACKER_LOGS_DIR/packer-validate-${varfile##*/}-${template##*/}.log" - if output=$(packer validate -var-file="$CLOUDENV" -var-file="$varfile" "$template"); then - echo "$template: $output" - else - echo "$template: $output" - exit 1 - fi - done - done - vote: if: ${{ always() }} - needs: - [ - prepare, - actionlint, - pre-commit, - jjb-validation, - tox-verify, - packer-validation, - ] + needs: [prepare, actionlint, pre-commit, jjb-validation, tox-verify] runs-on: ubuntu-latest steps: - uses: technote-space/workflow-conclusion-action@v3