[WIP] Config Cleanup #112
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Packer build | |
| # prevent mutliple concurrent workflow executions to avoid hcloud resources interfering with each other | |
| concurrency: hcloud | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| docker-build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Build and save Docker image | |
| run: | | |
| docker build -t ghcr.io/enowars/bambictf:latest . | |
| docker save --output /tmp/bambictf.tar ghcr.io/enowars/bambictf:latest | |
| - name: Upload docker image artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bambictf | |
| path: /tmp/bambictf.tar | |
| ansible-lint: | |
| runs-on: ubuntu-latest | |
| needs: docker-build | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: bambictf | |
| path: /tmp | |
| - name: Load Docker image | |
| run: docker load --input /tmp/bambictf.tar | |
| - name: start docker compose setup | |
| run: docker compose up -d | |
| - name: run ansible-lint | |
| run: docker compose exec -T bambictf sh -c 'cd ansible && ansible-lint' | |
| configgen: | |
| runs-on: ubuntu-latest | |
| needs: docker-build | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: bambictf | |
| path: /tmp | |
| - name: Load Docker image | |
| run: docker load --input /tmp/bambictf.tar | |
| - name: start docker compose setup | |
| env: | |
| HCLOUD_TOKEN: ${{ secrets.HCLOUD_TOKEN }} | |
| run: docker compose up -d | |
| - name: prepare ansible config | |
| run: docker compose exec -T bambictf sh -c 'cp ansible/config_bambi.yml.sample ansible/config_bambi.yml' | |
| - name: generate config files | |
| run: docker compose exec -T bambictf sh -c 'cd configgen; poetry install; poetry run configgen --teams 4 --routers 2 --dns ci-${{ github.sha }}.bambi.ovh' | |
| - name: tar config files | |
| run: sudo tar cf /tmp/config.tar config | |
| - name: Upload config artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: config | |
| path: /tmp/config.tar | |
| packer-build: | |
| strategy: | |
| # fail-fast needs to be disabled, otherwise packer processes may be ungracefully killed and leave stale builder VMs | |
| fail-fast: false | |
| matrix: | |
| image: | |
| [ | |
| "bambichecker", | |
| "bambielk", | |
| "bambiengine", | |
| "bambirouter", | |
| "bambivulnbox", | |
| ] | |
| runs-on: ubuntu-latest | |
| needs: configgen | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download docker image artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: bambictf | |
| path: /tmp | |
| - name: Load Docker image | |
| run: docker load --input /tmp/bambictf.tar | |
| - name: Download config artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: config | |
| path: /tmp | |
| - name: untar config files | |
| run: tar xf /tmp/config.tar | |
| - name: start docker compose setup | |
| env: | |
| HCLOUD_TOKEN: ${{ secrets.HCLOUD_TOKEN }} | |
| run: docker compose up -d | |
| - name: prepare ansible config | |
| run: docker compose exec -T bambictf sh -c 'cp ansible/config_bambi.yml.sample ansible/config_bambi.yml' | |
| - name: build packer image | |
| run: docker compose exec -T bambictf sh -c 'cd packer; packer build ${{ matrix.image }}.json' | |
| terraform-apply: | |
| runs-on: ubuntu-latest | |
| needs: packer-build | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download docker image artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: bambictf | |
| path: /tmp | |
| - name: Load Docker image | |
| run: docker load --input /tmp/bambictf.tar | |
| - name: Download config artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: config | |
| path: /tmp | |
| - name: untar config files | |
| run: tar xf /tmp/config.tar | |
| - name: copy terraform sample config | |
| run: cp terraform/terraform.tfvars.sample terraform/terraform.tfvars | |
| - name: prepare terraform config | |
| run: sed -i s/prod/ci-${{ github.sha }}/ terraform/terraform.tfvars | |
| - name: setup hcloud | |
| run: | | |
| curl -o hcloud-linux-amd64.tar.gz -L https://github.com/hetznercloud/cli/releases/download/v1.34.0/hcloud-linux-amd64.tar.gz | |
| sudo tar xf hcloud-linux-amd64.tar.gz -C /usr/bin hcloud | |
| sudo chmod +x /usr/bin/hcloud | |
| - name: generate admin SSH key | |
| run: ssh-keygen -t ed25519 -N "" -f adminkey | |
| - name: add hcloud ssh key | |
| env: | |
| HCLOUD_TOKEN: ${{ secrets.HCLOUD_TOKEN }} | |
| run: hcloud ssh-key create --name adminkey-${{ github.sha }} --label type=admin --public-key-from-file adminkey.pub | |
| - name: start docker compose setup | |
| env: | |
| HCLOUD_TOKEN: ${{ secrets.HCLOUD_TOKEN }} | |
| HETZNERDNS_TOKEN: ${{ secrets.HETZNERDNS_TOKEN }} | |
| run: docker compose up -d | |
| - name: perform terraform init | |
| run: docker compose exec -T bambictf sh -c 'cd terraform ; terraform init' | |
| - name: perform terraform apply | |
| run: docker compose exec -T bambictf sh -c 'cd terraform ; terraform plan' | |
| publish-docker-image: | |
| runs-on: ubuntu-latest | |
| needs: terraform-apply | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download docker image artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: bambictf | |
| path: /tmp | |
| - name: Load Docker image | |
| run: docker load --input /tmp/bambictf.tar | |
| - name: Log into GitHub Container Registry | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Push image to GitHub Container Registry | |
| run: docker image push ghcr.io/enowars/bambictf:latest |