-
-
Notifications
You must be signed in to change notification settings - Fork 9
117 lines (111 loc) · 4.79 KB
/
upload-legacy-ami.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: Upload Legacy Amazon Image
permissions:
contents: read
on:
pull_request:
workflow_dispatch:
schedule:
- cron: "0 0 * * 0"
jobs:
upload-ami:
name: Upload Legacy Amazon Image
runs-on: ubuntu-latest
environment: images
permissions:
contents: read
id-token: write
strategy:
matrix:
release:
- release-24.05
# - nixos-unstable
system:
- x86_64-linux
- aarch64-linux
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: DeterminateSystems/nix-installer-action@7993355175c2765e5733dae74f3e0786fe0e5c4f # v12
- uses: DeterminateSystems/magic-nix-cache-action@87b14cf437d03d37989d87f0fa5ce4f5dc1a330b # v8
# NOTE: We download the AMI from Hydra instead of building it ourselves
# because aarch64 is currently not supported by AWS EC2 and the legacy
# image builder requires nested virtualization.
- name: Download AMI from Hydra
id: download_ami
run: |
set -o pipefail
build_id=$(curl -sSfL -H 'Accept: application/json' https://hydra.nixos.org/job/nixos/${{ matrix.release }}/tested/latest-finished | jq -r '.id')
out=$(curl -sSfL -H 'Accept: application/json' "https://hydra.nixos.org/build/${build_id}/constituents" | jq -r '.[] | select(.job == "nixos.amazonImage.${{ matrix.system }}") | .buildoutputs.out.path')
nix-store --realise "$out" --add-root ./result
echo "image_info=$out/nix-support/image-info.json" >> "$GITHUB_OUTPUT"
- uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/upload-ami
aws-region: ${{ vars.AWS_REGION }}
- name: Upload Smoke test AMI
id: upload_smoke_test_ami
run: |
image_info='${{ steps.download_ami.outputs.image_info }}'
images_bucket='${{ vars.IMAGES_BUCKET }}'
image_ids=$(nix run .#upload-ami -- \
--image-info "$image_info" \
--prefix "smoketest/" \
--s3-bucket "$images_bucket")
echo "image_ids=$image_ids" >> "$GITHUB_OUTPUT"
- name: Smoke test
id: smoke_test
# NOTE: make sure smoke test isn't cancelled. Such that instance gets cleaned up.
run: |
image_ids='${{ steps.upload_smoke_test_ami.outputs.image_ids }}'
image_id=$(echo "$image_ids" | jq -r '.["${{ vars.AWS_REGION }}"]')
nix run .#smoke-test -- --image-id "$image_id"
- name: Clean up smoke test
if: ${{ cancelled() }}
run: |
image_ids='${{ steps.upload_smoke_test_ami.outputs.image_ids }}'
image_id=$(echo "$image_ids" | jq -r '.["${{ vars.AWS_REGION }}"]')
nix run .#smoke-test -- --image-id "$image_id" --cancel
# NOTE: We do not pass run-id as we're not building the image ourselves
# and we thus need to poll hydra periodically. Including the run-id would
# cause us to register the same snapshot as an image over and over again
# for each run.
- name: Upload AMIs to all available regions
if: github.ref == 'refs/heads/main'
run: |
image_info='${{ steps.download_ami.outputs.image_info }}'
images_bucket='${{ vars.IMAGES_BUCKET }}'
nix run .#upload-ami -- \
--image-info "$image_info" \
--prefix "nixos/" \
--s3-bucket "$images_bucket" \
--copy-to-regions \
--public
deploy-pages:
name: Deploy images page
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs: upload-ami
permissions:
contents: read
id-token: write
pages: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: DeterminateSystems/nix-installer-action@7993355175c2765e5733dae74f3e0786fe0e5c4f # v12
- uses: DeterminateSystems/magic-nix-cache-action@87b14cf437d03d37989d87f0fa5ce4f5dc1a330b # v8
- uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.1
with:
role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/github-pages
aws-region: ${{ vars.AWS_REGION }}
- name: Describe images
run: nix run .#describe-images > ./site/images.json
- name: Upload pages
uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
with:
path: ./site
- name: Deploy pages
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
id: deployment
if: github.ref == 'refs/heads/main'