Azure: enable podvm images nightly build

.github/workflows/azure-podvm-image.yml

@@ -0,0 +1,118 @@
+name: azure-podvm-image
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  PODVM_IMAGE_NAME: "peerpod-image-${{ github.run_id }}-${{ github.run_attempt }}"
+  SSH_USERNAME: "peerpod"
+  # VM size used for building image.
+  VM_SIZE: "Standard_D2as_v5"
+
+on:
+  schedule:
+    # Run at 12:00 AM UTC
+    - cron: '0 0 * * *'
+
+jobs:
+  build-podvm-image:
+    runs-on: ubuntu-latest
+    outputs:
+      pod-image-version: "${{ steps.generate_image_version.outputs.pod_image_version }}"
+    steps:
+    - name: Generate version for pod vm image
+      id: generate_image_version
+      run: |
+        unique_version=$(date +'%Y.%m.%d')
+        echo "Generated unique version for the image as: ${unique_version}"
+        echo "pod_image_version=${unique_version}" >> $GITHUB_OUTPUT
+
+    - uses: actions/checkout@v3
+      with:
+        path: cloud-api-adaptor
+
+    - name: Clone kata repository
+      uses: actions/checkout@v3
+      with:
+        repository: kata-containers/kata-containers 
+        path: kata-containers
+        ref: CC-0.7.0
+
+    - uses: actions-rs/toolchain@v1
+      with:
+        profile: minimal
+        toolchain: 1.69.0
+        default: true
+
+    - name: Set up rust build cache
+      uses: actions/cache@v3
+      continue-on-error: false
+      with:
+        # The paths to cache are documented here: https://doc.rust-lang.org/cargo/guide/cargo-home.html#caching-the-cargo-home-in-ci
+        path: |
+          ~/.cargo/.crates.toml
+          ~/.cargo/.crates2.json
+          ~/.cargo/bin/
+          ~/.cargo/registry/index/
+          ~/.cargo/registry/cache/
+          ~/.cargo/git/db/
+        key: rust
+
+    - name: Set up Go environment
+      uses: actions/setup-go@v4
+      with:
+        go-version: '1.20'
+        cache-dependency-path: cloud-api-adaptor/go.sum
+
+    - name: Install Dependencies
+      run: |
+        rustup target add x86_64-unknown-linux-musl
+        sudo apt-get install -y musl-tools libdevmapper-dev libgpgme-dev
+      shell: bash
+
+    - name: Set up rust cache for kata-containers repository
+      uses: actions/cache@v3
+      with:
+        path: |
+          kata-containers/src/agent/target
+          cloud-api-adaptor/podvm/files/usr/local/bin/kata-agent
+        key: rust-${{ hashFiles('kata-containers/src/agent/Cargo.lock') }}
+
+    - name: Set up umoci, skopeo cache
+      uses: actions/cache@v3
+      with:
+        path: |
+          cloud-api-adaptor/azure/image/umoci
+          cloud-api-adaptor/azure/image/skopeo
+          guest-components/
+        key: umoci-${{ hashFiles('cloud-api-adaptor/podvm/Makefile.inc') }}
+
+    - name: Build binaries
+      env:
+        GOPATH: /home/runner/go
+      working-directory: cloud-api-adaptor/azure/image
+      run: make binaries
+
+    - uses: azure/login@v1
+      name: 'Az CLI login'
+      with:
+        client-id: ${{ secrets.AZURE_CLIENT_ID }}
+        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+    - name: Create podvm image
+      id: create-podvm-image
+      env:
+        PKR_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+        PKR_VAR_resource_group: ${{ secrets.AZURE_RESOURCE_GROUP }}
+        PKR_VAR_location: ${{ secrets.AZURE_REGION }}
+        PKR_VAR_az_image_name: ${{ env.PODVM_IMAGE_NAME }}
+        PKR_VAR_vm_size: ${{ env.VM_SIZE }}
+        PKR_VAR_ssh_username: ${{ env.SSH_USERNAME }}
+        PKR_VAR_az_gallery_name: ${{ secrets.AZURE_PODVM_GALLERY_NAME }}
+        PKR_VAR_az_gallery_image_name: ${{ secrets.AZURE_PODVM_IMAGE_DEF_NAME }}
+        PKR_VAR_az_gallery_image_version: ${{ steps.generate_image_version.outputs.pod_image_version }}
+        PKR_VAR_use_azure_cli_auth: "true"
+        PODVM_DISTRO: "ubuntu"
+      working-directory: cloud-api-adaptor/azure/image
+      run: make image

ci-infra/azure/main.tf

@@ -72,6 +72,16 @@ resource "azurerm_shared_image_gallery" "podvm_image_gallery" {
   name                = "${var.image_gallery}${var.ver}"
   resource_group_name = azurerm_resource_group.ci_rg.name
   location            = azurerm_resource_group.ci_rg.location
+
+  sharing {
+    permission = "Community"
+    community_gallery {
+	prefix = "cocopodvm"
+	eula   = "https://raw.githubusercontent.com/confidential-containers/confidential-containers/main/LICENSE"
+	publisher_uri = "https://github.com/confidential-containers/confidential-containers"
+	publisher_email = "[email protected]"
+    }
+  }
 }
 
 resource "azurerm_shared_image" "podvm_image" {

ci-infra/azure/outputs.tf

@@ -33,3 +33,7 @@ output "AZURE_PODVM_IMAGE_DEF_NAME" {
 output "AZURE_MANAGED_IDENTITY_NAME" {
   value = azurerm_user_assigned_identity.gh_action_user_identity.name
 }
+
+output "AZURE_COMMUNITY_GALLERY_NAME" {
+  value = azurerm_shared_image_gallery.podvm_image_gallery.sharing[0].community_gallery[0].name
+}