-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
re-enable AMI deploys #446
base: master
Are you sure you want to change the base?
Conversation
008236a
to
b457dd0
Compare
459a162
to
6ed3ab7
Compare
a5f0dca
to
9e21b8d
Compare
7f6595c
to
d91b169
Compare
Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
Required to give the scripts running in the AMI helper image AWS access Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
AMI names with a + (e.g +rev) aren't permitted Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
d91b169
to
2972875
Compare
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
DT_ARCH: ${{ steps.balena-lib.outputs.dt_arch }} | ||
run: | | ||
if [ "${DT_ARCH}" = "amd64" ]; then | ||
echo "string=x86_64" >>"${GITHUB_OUTPUT}" |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
if [ "${DT_ARCH}" = "amd64" ]; then | ||
echo "string=x86_64" >>"${GITHUB_OUTPUT}" | ||
elif [ "${DT_ARCH}" = "aarch64" ]; then | ||
echo "string=arm64" >>"${GITHUB_OUTPUT}" |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
VERSION: "${{ steps.balena-lib.outputs.os_version }}" | ||
run: | | ||
if [ "${{ inputs.sign-image }}" = "true" ]; then | ||
echo "string=balenaOS-secureboot-${VERSION}-${MACHINE}" | sed 's/+/-/g' >>"${GITHUB_OUTPUT}" |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
if [ "${{ inputs.sign-image }}" = "true" ]; then | ||
echo "string=balenaOS-secureboot-${VERSION}-${MACHINE}" | sed 's/+/-/g' >>"${GITHUB_OUTPUT}" | ||
else | ||
echo "string=balenaOS-${VERSION}-${MACHINE}" | sed 's/+/-/g' >>"${GITHUB_OUTPUT}" |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
this is to enable easier debugging if the instance is not reachable Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
s3_url="s3://${S3_BUCKET}/preloaded-images/${s3_key}" | ||
echo "s3_url=${s3_url}" >>"${GITHUB_OUTPUT}" | ||
aws s3 cp --sse AES256 "${IMAGE}" "${s3_url}" | ||
|
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
echo "* AWS import snapshot task complete. SnapshotId: ${snapshot_id}" | ||
echo "snapshot_id=${snapshot_id}" >>"${GITHUB_OUTPUT}" | ||
|
||
- name: Create AMI image |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
|
||
echo "image_id=${image_id}" >>"${GITHUB_OUTPUT}" | ||
|
||
- name: Cleanup installer image from s3 |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
config_json=$(mktemp) | ||
echo "config_json=${config_json}" >>"${GITHUB_OUTPUT}" | ||
|
||
# Create test fleet |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
fi | ||
echo "fleet=${AMI_TEST_ORG}/${ami_test_fleet}" >>"${GITHUB_OUTPUT}" | ||
|
||
- name: Test AMI image |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
|
||
echo "instance_id=${_instance_id}" >>"${GITHUB_OUTPUT}" | ||
|
||
aws ec2 wait instance-running --instance-ids "${instance_id}" |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
6031b7e
to
eafd7e3
Compare
fi | ||
echo "ami_image_id=${_ami_image_id}" >>"${GITHUB_OUTPUT}" | ||
|
||
_instance_arch=$(aws ec2 describe-images --image-ids "${_ami_image_id}" | jq -r '.Images[0].Architecture') |
Check failure
Code scanning / octoscan
Write to "$GITHUB_OUTPUT" in a bash script. Error
eafd7e3
to
0f05314
Compare
0f05314
to
8623a96
Compare
This makes it easier to iterate on, as well as having the benefit of it being more secure to have this logic in the workflow and not a script Change-type: patch Signed-off-by: Ryan Cooke <ryan@balena.io>
8623a96
to
0a2d02c
Compare
Change-type: patch
Required by:
Initial check to see how far it gets and start debugging