AWS AMI scheduled publish #70
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: AWS AMI scheduled publish | |
on: | |
schedule: | |
# Every Sunday at 23:00 UTC | |
- cron: "00 23 * * 0" | |
workflow_dispatch: | |
jobs: | |
timestamp: | |
name: Get the build timestamp | |
runs-on: ubuntu-latest | |
outputs: | |
timestamp: ${{ steps.timestamp.outputs.timestamp }} | |
steps: | |
- name: Get the timestamp | |
id: timestamp | |
run: echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT | |
build: | |
# Since we run in parallel, let's make sure we use the same timestamp for all jobs | |
needs: timestamp | |
strategy: | |
matrix: | |
arch: [x86_64, arm64] | |
name: Build the AWS AMI using Packer | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Check out the source code | |
uses: actions/checkout@main | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ secrets.AWS_REGION }} | |
role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
role-duration-seconds: 3600 | |
- name: Setup packer | |
uses: hashicorp/setup-packer@main | |
with: | |
version: latest | |
- name: Initialize Packer | |
run: packer init aws.pkr.hcl | |
- name: Build the AWS AMI using Packer (${{ matrix.arch }}) | |
run: packer build aws.pkr.hcl | |
env: | |
PKR_VAR_encrypt_boot: false | |
PKR_VAR_ami_name_prefix: spacelift-${{ needs.timestamp.outputs.timestamp }} | |
PKR_VAR_source_ami_architecture: ${{ matrix.arch }} | |
PKR_VAR_instance_type: ${{ matrix.arch == 'x86_64' && 't3.micro' || 't4g.micro' }} | |
- name: Upload manifest | |
uses: actions/upload-artifact@v3 | |
with: | |
path: manifest_aws_${{ matrix.arch }}.json | |
name: manifest_aws_${{ matrix.arch }}.json | |
retention-days: 5 | |
build-govcloud: | |
# Since we run in parallel, let's make sure we use the same timestamp for all jobs | |
needs: timestamp | |
strategy: | |
matrix: | |
arch: [x86_64, arm64] | |
name: Build the AWS (GovCloud) AMI using Packer | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- name: Check out the source code | |
uses: actions/checkout@main | |
- name: Configure GovCloud AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ secrets.GOVCLOUD_AWS_REGION }} | |
role-to-assume: ${{ secrets.GOVCLOUD_AWS_ROLE_ARN }} | |
role-duration-seconds: 3600 | |
- name: Setup packer | |
uses: hashicorp/setup-packer@main | |
with: | |
version: latest | |
- name: Initialize Packer | |
run: packer init aws.pkr.hcl | |
- name: Build the GovCloud AWS AMI using Packer (${{ matrix.arch }}) | |
run: packer build aws.pkr.hcl | |
env: | |
PKR_VAR_source_ami_owners: '["045324592363"]' | |
PKR_VAR_region: us-gov-east-1 | |
PKR_VAR_ami_regions: '["us-gov-east-1", "us-gov-west-1"]' | |
PKR_VAR_encrypt_boot: false | |
PKR_VAR_ami_name_prefix: spacelift-${{ needs.timestamp.outputs.timestamp }} | |
PKR_VAR_source_ami_architecture: ${{ matrix.arch }} | |
PKR_VAR_instance_type: ${{ matrix.arch == 'x86_64' && 't3.micro' || 't4g.micro' }} |