Update documentation to reflect changes to release workflows.

README.md

@@ -4,7 +4,7 @@
 
 This is a generic skeleton project that can be used to quickly get a
 new [cisagov](https://github.com/cisagov) GitHub
-[packer](https://packer.io) project started.  This skeleton project
+[Packer](https://packer.io) project started.  This skeleton project
 contains [licensing information](LICENSE), as well as
 [pre-commit hooks](https://pre-commit.com) and
 [GitHub Actions](https://github.com/features/actions) configurations
@@ -23,76 +23,79 @@ terraform init --upgrade=true
 terraform apply
 ```
 
-Once the user is created you will need to update the `.travis.yml` file with the
-new encrypted environment variables.
+Once the user is created you will need to update the
+[repository's secrets](https://github.com/cisagov/skeleton-packer/settings/secrets)
+with the new encrypted environment variables.
 
 ```console
 terraform state show module.iam_user.aws_iam_access_key.key
 ```
 
-Take the `id` and `secret` fields from the above command's output and [encrypt
-and place in the `.travis.yml` file](https://docs.travis-ci.com/user/encryption-keys/).
-
-Here is an example of encrypting the credentials for Travis:
-
-```console
- travis encrypt --com --no-interactive "AWS_ACCESS_KEY_ID=AKIAxxxxxxxxxxxxxxxx"
- travis encrypt --com --no-interactive "AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
- travis encrypt --com --no-interactive "GITHUB_ACCESS_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-```
+Take the `id` and `secret` fields from the above command's output and create the
+`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables in the
+[repository's secrets](https://github.com/cisagov/skeleton-packer/settings/secrets).
 
 ## Building the Image ##
 
-### Using Travis-CI ###
+### Using GitHub Actions ###
 
 1. Create a [new release](https://help.github.com/en/articles/creating-releases)
    in GitHub.
 1. There is no step 2!
 
-Travis-CI can build this project in three different modes depending on
+GitHub Actions can build this project in three different modes depending on
 how the build was triggered from GitHub.
 
-1. **Non-release test**: After a normal commit or pull request Travis
+1. **Non-release test**: After a normal commit or pull request GitHub Actions
    will build the project, and run tests and validation on the
    packer configuration.  It will __not__ build an image.
 1. **Pre-release deploy**: Publish a GitHub release
    with the "This is a pre-release" checkbox checked.  An image will be built
-   and deployed to the single region defined by the `PACKER_BUILD_REGION`
-   environment variable.
+   and deployed using the [`prerelease`](.github/workflows/prerelease.yml)
+   workflow.  This should be configured to deploy the image to a single region
+   using a non-production account.
 1. **Production release deploy**: Publish a GitHub release with
    the "This is a pre-release" checkbox unchecked.  An image will be built
-   in the `PACKER_BUILD_REGION` and copied to each region listed in the
-   `PACKER_DEPLOY_REGION_KMS_MAP` environment variable.
+   and deployed using the [`release`](.github/workflows/release.yml)
+   workflow.  This should be configured to deploy the image to multiple regions
+   using a production account.
 
 ### Using Your Local Environment ###
 
-The following environment variables are used by Packer:
+Packer will use your
+[standard AWS environment](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html)
+to build the image.
+
+The [Packer template](src/packer.json) requires one environment variable to be defined:
+
+- `BUILD_REGION`: the region in which to build the image.
+
+Additionally, the following optional environment variables can be used
+by the [Packer template](src/packer.json) to tag the final image:
 
-- Required
-  - `PACKER_BUILD_REGION`: the region in which to build the image.
-  - `PACKER_DEPLOY_REGION_KMS_MAP`: a map of deploy regions to KMS keys.
-- Optional
-  - `GITHUB_ACCESS_TOKEN`: a personal GitHub token to use for API access.
-  - `PACKER_IMAGE_VERSION`: the version tag applied to the final image.
+- `GITHUB_IS_PRERELEASE`: boolean pre-release status
+- `GITHUB_RELEASE_TAG`: image version
+- `GITHUB_RELEASE_URL`: URL pointing to the related GitHub release
 
 Here is an example of how to kick off a pre-release build:
 
 ```console
 pip install --requirement requirements-dev.txt
-export PACKER_BUILD_REGION="us-east-2"
-export PACKER_DEPLOY_REGION_KMS_MAP="us-east-1:alias/cool/ebs,us-east-2:alias/cool/ebs,us-west-1:alias/cool/ebs,us-west-2:alias/cool/ebs"
-export PACKER_IMAGE_VERSION=$(./bump_version.sh show)
 ansible-galaxy install --force --force-with-deps --role-file src/requirements.yml
-./patch_packer_config.py pre-release src/packer.json
+export BUILD_REGION="us-east-2"
+export GITHUB_RELEASE_TAG=$(./bump_version.sh show)
+echo "us-east-2:alias/cool/ebs" | ./patch_packer_config.py src/packer.json
 packer build --timestamp-ui src/packer.json
 ```
 
 If you are satisfied with your pre-release image, you can easily create a release
-that deploys to all regions by changing the `pre-release` command of
-`patch_packer_config.py` to `release` and rerunning packer:
+that deploys to all regions by changing the input to
+`patch_packer_config.py` to include additional comma-separated regions:kms_keys
+and rerunning packer:
 
 ```console
-./patch_packer_config.py release src/packer.json
+echo "us-east-1:alias/cool/ebs,us-east-2:alias/cool/ebs,us-west-1:alias/cool/ebs,\
+us-west-2:alias/cool/ebs" | ./patch_packer_config.py src/packer.json
 packer build --timestamp-ui src/packer.json
 ```