From d628c89ff1297742cebd46de9239cd652a46ae93 Mon Sep 17 00:00:00 2001
From: Kartik Joshi <kartikjoshi@microsoft.com>
Date: Tue, 22 Aug 2023 16:39:52 +0530
Subject: [PATCH 1/2] Azure: Add terraform code to setup podvm community
 gallery

The code in this PR will be used to set up static infrastructure
to create community gallery to upload podvm images.

Fixes: #1327
Signed-off-by: Kartik Joshi <kartikjoshi@microsoft.com>
---
 ci-infra/azure/main.tf    | 11 +++++++++++
 ci-infra/azure/outputs.tf |  4 ++++
 2 files changed, 15 insertions(+)

diff --git a/ci-infra/azure/main.tf b/ci-infra/azure/main.tf
index 78ea43752..b1d3bfc9d 100644
--- a/ci-infra/azure/main.tf
+++ b/ci-infra/azure/main.tf
@@ -72,6 +72,16 @@ resource "azurerm_shared_image_gallery" "podvm_image_gallery" {
   name                = "${var.image_gallery}${var.ver}"
   resource_group_name = azurerm_resource_group.ci_rg.name
   location            = azurerm_resource_group.ci_rg.location
+
+  sharing {
+    permission = "Community"
+    community_gallery {
+	prefix = "cocopodvm"
+	eula   = "https://raw.githubusercontent.com/confidential-containers/confidential-containers/main/LICENSE"
+	publisher_uri = "https://github.com/confidential-containers/confidential-containers"
+	publisher_email = "kartikjoshi@microsoft.com"
+    }
+  }
 }
 
 resource "azurerm_shared_image" "podvm_image" {
@@ -87,4 +97,5 @@ resource "azurerm_shared_image" "podvm_image" {
   }
   hyper_v_generation        = "V2"
   confidential_vm_supported = true
+
 }
diff --git a/ci-infra/azure/outputs.tf b/ci-infra/azure/outputs.tf
index bfccce40b..bd7528dd3 100644
--- a/ci-infra/azure/outputs.tf
+++ b/ci-infra/azure/outputs.tf
@@ -33,3 +33,7 @@ output "AZURE_PODVM_IMAGE_DEF_NAME" {
 output "AZURE_MANAGED_IDENTITY_NAME" {
   value = azurerm_user_assigned_identity.gh_action_user_identity.name
 }
+
+output "AZURE_COMMUNITY_GALLERY_NAME" {
+  value = azurerm_shared_image_gallery.podvm_image_gallery.sharing[0].community_gallery[0].name
+}

From 7d1f8d19cf652bd1d3748d1e53751b22fec20035 Mon Sep 17 00:00:00 2001
From: Kartik Joshi <kartikjoshi@microsoft.com>
Date: Tue, 22 Aug 2023 17:31:35 +0530
Subject: [PATCH 2/2] Azure: add workflow to build nightly podvm images

Add workflow to build podvm nightly image for azure
provider

Fixes: #1327
Signed-off-by: Kartik Joshi <kartikjoshi@microsoft.com>
---
 .github/workflows/azure-podvm-image.yml | 118 ++++++++++++++++++++++++
 ci-infra/azure/main.tf                  |   3 +-
 2 files changed, 119 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/azure-podvm-image.yml

diff --git a/.github/workflows/azure-podvm-image.yml b/.github/workflows/azure-podvm-image.yml
new file mode 100644
index 000000000..0110bdc73
--- /dev/null
+++ b/.github/workflows/azure-podvm-image.yml
@@ -0,0 +1,118 @@
+name: azure-podvm-image
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  PODVM_IMAGE_NAME: "peerpod-image-${{ github.run_id }}-${{ github.run_attempt }}"
+  SSH_USERNAME: "peerpod"
+  # VM size used for building image.
+  VM_SIZE: "Standard_D2as_v5"
+
+on:
+  schedule:
+    # Run at 12:00 AM UTC
+    - cron: '0 0 * * *'
+
+jobs:
+  build-podvm-image:
+    runs-on: ubuntu-latest
+    outputs:
+      pod-image-version: "${{ steps.generate_image_version.outputs.pod_image_version }}"
+    steps:
+    - name: Generate version for pod vm image
+      id: generate_image_version
+      run: |
+        unique_version=$(date +'%Y.%m.%d')
+        echo "Generated unique version for the image as: ${unique_version}"
+        echo "pod_image_version=${unique_version}" >> $GITHUB_OUTPUT
+
+    - uses: actions/checkout@v3
+      with:
+        path: cloud-api-adaptor
+
+    - name: Clone kata repository
+      uses: actions/checkout@v3
+      with:
+        repository: kata-containers/kata-containers 
+        path: kata-containers
+        ref: CC-0.7.0
+
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: 1.69.0
+        default: true
+
+    - name: Set up rust build cache
+      uses: actions/cache@v3
+      continue-on-error: false
+      with:
+        # The paths to cache are documented here: https://doc.rust-lang.org/cargo/guide/cargo-home.html#caching-the-cargo-home-in-ci
+        path: |
+          ~/.cargo/.crates.toml
+          ~/.cargo/.crates2.json
+          ~/.cargo/bin/
+          ~/.cargo/registry/index/
+          ~/.cargo/registry/cache/
+          ~/.cargo/git/db/
+        key: rust
+
+    - name: Set up Go environment
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.20'
+        cache-dependency-path: cloud-api-adaptor/go.sum
+
+    - name: Install Dependencies
+      run: |
+        rustup target add x86_64-unknown-linux-musl
+        sudo apt-get install -y musl-tools libdevmapper-dev libgpgme-dev
+      shell: bash
+
+    - name: Set up rust cache for kata-containers repository
+      uses: actions/cache@v3
+      with:
+        path: |
+          kata-containers/src/agent/target
+          cloud-api-adaptor/podvm/files/usr/local/bin/kata-agent
+        key: rust-${{ hashFiles('kata-containers/src/agent/Cargo.lock') }}
+
+    - name: Set up umoci, skopeo cache
+      uses: actions/cache@v3
+      with:
+        path: |
+          cloud-api-adaptor/azure/image/umoci
+          cloud-api-adaptor/azure/image/skopeo
+          guest-components/
+        key: umoci-${{ hashFiles('cloud-api-adaptor/podvm/Makefile.inc') }}
+
+    - name: Build binaries
+      env:
+        GOPATH: /home/runner/go
+      working-directory: cloud-api-adaptor/azure/image
+      run: make binaries
+
+    - uses: azure/login@v1
+      name: 'Az CLI login'
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+    - name: Create podvm image
+      id: create-podvm-image
+      env:
+        PKR_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        PKR_VAR_resource_group: ${{ secrets.AZURE_RESOURCE_GROUP }}
+        PKR_VAR_location: ${{ secrets.AZURE_REGION }}
+        PKR_VAR_az_image_name: ${{ env.PODVM_IMAGE_NAME }}
+        PKR_VAR_vm_size: ${{ env.VM_SIZE }}
+        PKR_VAR_ssh_username: ${{ env.SSH_USERNAME }}
+        PKR_VAR_az_gallery_name: ${{ secrets.AZURE_PODVM_GALLERY_NAME }}
+        PKR_VAR_az_gallery_image_name: ${{ secrets.AZURE_PODVM_IMAGE_DEF_NAME }}
+        PKR_VAR_az_gallery_image_version: ${{ steps.generate_image_version.outputs.pod_image_version }}
+        PKR_VAR_use_azure_cli_auth: "true"
+        PODVM_DISTRO: "ubuntu"
+      working-directory: cloud-api-adaptor/azure/image
+      run: make image
diff --git a/ci-infra/azure/main.tf b/ci-infra/azure/main.tf
index b1d3bfc9d..73c7ea5cc 100644
--- a/ci-infra/azure/main.tf
+++ b/ci-infra/azure/main.tf
@@ -79,7 +79,7 @@ resource "azurerm_shared_image_gallery" "podvm_image_gallery" {
 	prefix = "cocopodvm"
 	eula   = "https://raw.githubusercontent.com/confidential-containers/confidential-containers/main/LICENSE"
 	publisher_uri = "https://github.com/confidential-containers/confidential-containers"
-	publisher_email = "kartikjoshi@microsoft.com"
+	publisher_email = "cocoatmsft@outlook.com"
     }
   }
 }
@@ -97,5 +97,4 @@ resource "azurerm_shared_image" "podvm_image" {
   }
   hyper_v_generation        = "V2"
   confidential_vm_supported = true
-
 }