Skip to content

Commit

Permalink
Azure: add workflow to build nightly podvm images
Browse files Browse the repository at this point in the history
Add workflow to build podvm nightly image for azure
provider

Fixes: confidential-containers#1327
Signed-off-by: Kartik Joshi <[email protected]>
  • Loading branch information
kartikjoshi21 committed Aug 28, 2023
1 parent d628c89 commit 7d1f8d1
Show file tree
Hide file tree
Showing 2 changed files with 119 additions and 2 deletions.
118 changes: 118 additions & 0 deletions .github/workflows/azure-podvm-image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
name: azure-podvm-image

permissions:
id-token: write
contents: read

env:
PODVM_IMAGE_NAME: "peerpod-image-${{ github.run_id }}-${{ github.run_attempt }}"
SSH_USERNAME: "peerpod"
# VM size used for building image.
VM_SIZE: "Standard_D2as_v5"

on:
schedule:
# Run at 12:00 AM UTC
- cron: '0 0 * * *'

jobs:
build-podvm-image:
runs-on: ubuntu-latest
outputs:
pod-image-version: "${{ steps.generate_image_version.outputs.pod_image_version }}"
steps:
- name: Generate version for pod vm image
id: generate_image_version
run: |
unique_version=$(date +'%Y.%m.%d')
echo "Generated unique version for the image as: ${unique_version}"
echo "pod_image_version=${unique_version}" >> $GITHUB_OUTPUT
- uses: actions/checkout@v3
with:
path: cloud-api-adaptor

- name: Clone kata repository
uses: actions/checkout@v3
with:
repository: kata-containers/kata-containers
path: kata-containers
ref: CC-0.7.0

- uses: actions-rs/toolchain@v1
with:
profile: minimal
toolchain: 1.69.0
default: true

- name: Set up rust build cache
uses: actions/cache@v3
continue-on-error: false
with:
# The paths to cache are documented here: https://doc.rust-lang.org/cargo/guide/cargo-home.html#caching-the-cargo-home-in-ci
path: |
~/.cargo/.crates.toml
~/.cargo/.crates2.json
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
key: rust

- name: Set up Go environment
uses: actions/setup-go@v4
with:
go-version: '1.20'
cache-dependency-path: cloud-api-adaptor/go.sum

- name: Install Dependencies
run: |
rustup target add x86_64-unknown-linux-musl
sudo apt-get install -y musl-tools libdevmapper-dev libgpgme-dev
shell: bash

- name: Set up rust cache for kata-containers repository
uses: actions/cache@v3
with:
path: |
kata-containers/src/agent/target
cloud-api-adaptor/podvm/files/usr/local/bin/kata-agent
key: rust-${{ hashFiles('kata-containers/src/agent/Cargo.lock') }}

- name: Set up umoci, skopeo cache
uses: actions/cache@v3
with:
path: |
cloud-api-adaptor/azure/image/umoci
cloud-api-adaptor/azure/image/skopeo
guest-components/
key: umoci-${{ hashFiles('cloud-api-adaptor/podvm/Makefile.inc') }}

- name: Build binaries
env:
GOPATH: /home/runner/go
working-directory: cloud-api-adaptor/azure/image
run: make binaries

- uses: azure/login@v1
name: 'Az CLI login'
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
- name: Create podvm image
id: create-podvm-image
env:
PKR_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
PKR_VAR_resource_group: ${{ secrets.AZURE_RESOURCE_GROUP }}
PKR_VAR_location: ${{ secrets.AZURE_REGION }}
PKR_VAR_az_image_name: ${{ env.PODVM_IMAGE_NAME }}
PKR_VAR_vm_size: ${{ env.VM_SIZE }}
PKR_VAR_ssh_username: ${{ env.SSH_USERNAME }}
PKR_VAR_az_gallery_name: ${{ secrets.AZURE_PODVM_GALLERY_NAME }}
PKR_VAR_az_gallery_image_name: ${{ secrets.AZURE_PODVM_IMAGE_DEF_NAME }}
PKR_VAR_az_gallery_image_version: ${{ steps.generate_image_version.outputs.pod_image_version }}
PKR_VAR_use_azure_cli_auth: "true"
PODVM_DISTRO: "ubuntu"
working-directory: cloud-api-adaptor/azure/image
run: make image
3 changes: 1 addition & 2 deletions ci-infra/azure/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ resource "azurerm_shared_image_gallery" "podvm_image_gallery" {
prefix = "cocopodvm"
eula = "https://raw.githubusercontent.com/confidential-containers/confidential-containers/main/LICENSE"
publisher_uri = "https://github.com/confidential-containers/confidential-containers"
publisher_email = "kartikjoshi@microsoft.com"
publisher_email = "cocoatmsft@outlook.com"
}
}
}
Expand All @@ -97,5 +97,4 @@ resource "azurerm_shared_image" "podvm_image" {
}
hyper_v_generation = "V2"
confidential_vm_supported = true

}

0 comments on commit 7d1f8d1

Please sign in to comment.