Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

re-enable AMI deploys #446

Draft
wants to merge 14 commits into
base: master
Choose a base branch
from
Draft

re-enable AMI deploys #446

wants to merge 14 commits into from

Conversation

rcooke-warwick
Copy link
Contributor

@rcooke-warwick rcooke-warwick commented Nov 6, 2024

Change-type: patch

Required by:

Initial check to see how far it gets and start debugging

@rcooke-warwick rcooke-warwick force-pushed the ryan/fix-ami branch 2 times, most recently from 459a162 to 6ed3ab7 Compare November 12, 2024 12:06
Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
Required to give the scripts running in the AMI helper image AWS access

Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
AMI names with a + (e.g +rev) aren't  permitted

Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

DT_ARCH: ${{ steps.balena-lib.outputs.dt_arch }}
run: |
if [ "${DT_ARCH}" = "amd64" ]; then
echo "string=x86_64" >>"${GITHUB_OUTPUT}"

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
if [ "${DT_ARCH}" = "amd64" ]; then
echo "string=x86_64" >>"${GITHUB_OUTPUT}"
elif [ "${DT_ARCH}" = "aarch64" ]; then
echo "string=arm64" >>"${GITHUB_OUTPUT}"

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
VERSION: "${{ steps.balena-lib.outputs.os_version }}"
run: |
if [ "${{ inputs.sign-image }}" = "true" ]; then
echo "string=balenaOS-secureboot-${VERSION}-${MACHINE}" | sed 's/+/-/g' >>"${GITHUB_OUTPUT}"

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
if [ "${{ inputs.sign-image }}" = "true" ]; then
echo "string=balenaOS-secureboot-${VERSION}-${MACHINE}" | sed 's/+/-/g' >>"${GITHUB_OUTPUT}"
else
echo "string=balenaOS-${VERSION}-${MACHINE}" | sed 's/+/-/g' >>"${GITHUB_OUTPUT}"

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
.github/workflows/yocto-build-deploy.yml Fixed Show fixed Hide fixed
.github/workflows/yocto-build-deploy.yml Fixed Show fixed Hide fixed
Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
this is to enable easier debugging if the instance is not reachable

Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
s3_url="s3://${S3_BUCKET}/preloaded-images/${s3_key}"
echo "s3_url=${s3_url}" >>"${GITHUB_OUTPUT}"
aws s3 cp --sse AES256 "${IMAGE}" "${s3_url}"

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
echo "* AWS import snapshot task complete. SnapshotId: ${snapshot_id}"
echo "snapshot_id=${snapshot_id}" >>"${GITHUB_OUTPUT}"

- name: Create AMI image

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.

echo "image_id=${image_id}" >>"${GITHUB_OUTPUT}"

- name: Cleanup installer image from s3

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
config_json=$(mktemp)
echo "config_json=${config_json}" >>"${GITHUB_OUTPUT}"

# Create test fleet

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
fi
echo "fleet=${AMI_TEST_ORG}/${ami_test_fleet}" >>"${GITHUB_OUTPUT}"

- name: Test AMI image

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
.github/workflows/yocto-build-deploy.yml Fixed Show fixed Hide fixed

echo "instance_id=${_instance_id}" >>"${GITHUB_OUTPUT}"

aws ec2 wait instance-running --instance-ids "${instance_id}"

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
fi
echo "ami_image_id=${_ami_image_id}" >>"${GITHUB_OUTPUT}"

_instance_arch=$(aws ec2 describe-images --image-ids "${_ami_image_id}" | jq -r '.Images[0].Architecture')

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
This makes it easier to iterate on, as well as having the benefit of it being more secure to have this logic in the workflow and not a script

Change-type: patch
Signed-off-by: Ryan Cooke <ryan@balena.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant