From 2efa3083dc9044276630b188deaaa1baad9c347b Mon Sep 17 00:00:00 2001 From: Malte Poll Date: Thu, 27 Apr 2023 11:37:37 +0200 Subject: [PATCH] ci: use native go code for os image upload --- .github/actions/os_build_variables/action.yml | 304 ------------------ .github/workflows/build-os-image.yml | 148 +++------ 2 files changed, 50 insertions(+), 402 deletions(-) delete mode 100644 .github/actions/os_build_variables/action.yml diff --git a/.github/actions/os_build_variables/action.yml b/.github/actions/os_build_variables/action.yml deleted file mode 100644 index 60dd0e867..000000000 --- a/.github/actions/os_build_variables/action.yml +++ /dev/null @@ -1,304 +0,0 @@ -name: Determine OS image upload variables -description: "Determine parameters used for image upload to various CSPs." -inputs: - csp: - description: "Cloud Service Provider" - required: true - uploadVariant: - description: "Upload variant" - required: true - basePath: - description: "Base path to the image build directory" - required: true - ref: - description: "Branch of the image to be built (or '-' for releases)" - required: true - stream: - description: "Image stream / type. (Use 'stable' for releases, 'nightly' for regular non-release images and 'debug' for debug builds)" - required: true - imageVersion: - description: "Semantic version including patch e.g. v.. or pseudo version" - required: false - imageType: - description: "Type of image to build" - required: true - debug: - description: "Build debug image" - required: false - default: "false" -outputs: - awsRegion: - description: "Primary AWS region" - value: ${{ steps.aws.outputs.region }} - awsReplicationRegions: - description: "AWS regions to replicate the image to" - value: ${{ steps.aws.outputs.replicationRegions }} - awsBucket: - description: "AWS S3 bucket to upload the image to" - value: ${{ steps.aws.outputs.bucket }} - awsEfivarsPath: - description: "AWS efivars path" - value: ${{ steps.aws.outputs.efivarsPath }} - awsImagePath: - description: "AWS image path" - value: ${{ steps.aws.outputs.imagePath }} - awsJsonOutput: - description: "AWS ami json output path" - value: ${{ steps.aws.outputs.jsonOutput }} - awsImageFilename: - description: "AWS raw image filename" - value: ${{ steps.aws.outputs.imageFilename }} - awsImageName: - description: "AWS image name" - value: ${{ steps.aws.outputs.imageName }} - awsPublish: - description: "Should AWS AMI be published" - value: ${{ steps.aws.outputs.publish }} - azureResourceGroupName: - description: "Azure resource group name" - value: ${{ steps.azure.outputs.resourceGroupName }} - azureRegion: - description: "Primary Azure region" - value: ${{ steps.azure.outputs.region }} - azureReplicationRegions: - description: "Azure regions to replicate the image to" - value: ${{ steps.azure.outputs.replicationRegions }} - azureVmgsRegion: - description: "Azure VMGS region (AWS S3 bucket region where VMGS blob is stored)" - value: ${{ steps.azure.outputs.vmgsRegion }} - azureSku: - description: "Azure SIG SKU" - value: ${{ steps.azure.outputs.sku }} - azurePublisher: - description: "Azure SIG publisher" - value: ${{ steps.azure.outputs.publisher }} - azureRawImagePath: - description: "Azure raw image path" - value: ${{ steps.azure.outputs.rawImagePath }} - azureImagePath: - description: "Azure image path" - value: ${{ steps.azure.outputs.imagePath }} - azureJsonOutput: - description: "Azure image json output path" - value: ${{ steps.azure.outputs.jsonOutput }} - azureSecurityType: - description: "Azure security type" - value: ${{ steps.azure.outputs.securityType }} - azureDiskName: - description: "Azure disk name" - value: ${{ steps.azure.outputs.diskName }} - azureImageDefinition: - description: "Azure image definition" - value: ${{ steps.azure.outputs.imageDefinition }} - azureImageOffer: - description: "Azure image offer" - value: ${{ steps.azure.outputs.imageOffer }} - azureImageVersion: - description: "Azure image version" - value: ${{ steps.azure.outputs.imageVersion }} - azureGalleryName: - description: "Azure gallery name" - value: ${{ steps.azure.outputs.galleryName }} - azureVmgsPath: - description: "Azure VMGS path" - value: ${{ steps.azure.outputs.vmgsPath }} - gcpProject: - description: "GCP project" - value: ${{ steps.gcp.outputs.project }} - gcpBucket: - description: "GCP bucket" - value: ${{ steps.gcp.outputs.bucket }} - gcpRegion: - description: "GCP region" - value: ${{ steps.gcp.outputs.region }} - gcpRawImagePath: - description: "GCP raw image path" - value: ${{ steps.gcp.outputs.rawImagePath }} - gcpImagePath: - description: "GCP image path" - value: ${{ steps.gcp.outputs.imagePath }} - gcpJsonOutput: - description: "GCP image json output path" - value: ${{ steps.gcp.outputs.jsonOutput }} - gcpImageName: - description: "GCP image name" - value: ${{ steps.gcp.outputs.imageName }} - gcpImageFilename: - description: "GCP image filename" - value: ${{ steps.gcp.outputs.imageFilename }} - gcpImageFamily: - description: "GCP image family" - value: ${{ steps.gcp.outputs.imageFamily }} - openStackJsonOutput: - description: "OpenStack image json output path" - value: ${{ steps.openstack.outputs.jsonOutput }} - openStackBucket: - description: "OpenStack S3 bucket" - value: ${{ steps.openstack.outputs.bucket }} - openStackBaseUrl: - description: "OpenStack raw image base URL" - value: ${{ steps.openstack.outputs.baseUrl }} - openStackImagePath: - description: "OpenStack image path" - value: ${{ steps.openstack.outputs.imagePath }} - qemuJsonOutput: - description: "QEMU image json output path" - value: ${{ steps.qemu.outputs.jsonOutput }} - qemuBucket: - description: "QEMU S3 bucket" - value: ${{ steps.qemu.outputs.bucket }} - qemuBaseUrl: - description: "QEMU raw image base URL" - value: ${{ steps.qemu.outputs.baseUrl }} - qemuImagePath: - description: "QEMU image path" - value: ${{ steps.qemu.outputs.imagePath }} - -runs: - using: "composite" - steps: - - name: Determine version - id: version - uses: ./.github/actions/pseudo_version - - - name: Configure AWS input variables - id: aws - if: inputs.csp == 'aws' - shell: bash - env: - basePath: ${{ inputs.basePath }} - ref: ${{ inputs.ref }} - stream: ${{ inputs.stream }} - imageVersion: ${{ inputs.imageVersion }} - imageType: ${{ inputs.imageType }} - timestamp: ${{ steps.version.outputs.timestamp }} - semver: ${{ steps.version.outputs.semanticVersion }} - run: | - echo "region=eu-central-1" | tee -a "$GITHUB_OUTPUT" - echo "replicationRegions=us-east-2 ap-south-1" | tee -a "$GITHUB_OUTPUT" - echo "bucket=constellation-images" | tee -a "$GITHUB_OUTPUT" - echo "efivarsPath=${basePath}/mkosi.output.aws/fedora~37/efivars.bin" | tee -a "$GITHUB_OUTPUT" - echo "imagePath=${basePath}/mkosi.output.aws/fedora~37/image.raw" | tee -a "$GITHUB_OUTPUT" - echo "jsonOutput=${basePath}/mkosi.output.aws/fedora~37/image-upload.json" | tee -a "$GITHUB_OUTPUT" - echo "imageFilename=image-$(date +%s).raw" | tee -a "$GITHUB_OUTPUT" - if [[ "${stream}" = "stable" ]] - then - echo "imageName=constellation-${imageVersion}" | tee -a "$GITHUB_OUTPUT" - echo "publish=true" | tee -a "$GITHUB_OUTPUT" - else - echo "imageName=constellation-${ref}-${stream}-${semver}-${timestamp}" | tee -a "$GITHUB_OUTPUT" - echo "publish=false" | tee -a "$GITHUB_OUTPUT" - fi - - # gallery name may include alphanumeric characters, dots and underscores. Must end and begin with an alphanumeric character - # image definition may include alphanumeric characters, dots, dashes and underscores. Must end and begin with an alphanumeric character - # image version has to be semantic version in the form .. . uint may not be larger than 2,147,483,647 - - name: Configure Azure input variables - id: azure - if: inputs.csp == 'azure' - shell: bash - env: - basePath: ${{ inputs.basePath }} - ref: ${{ inputs.ref }} - stream: ${{ inputs.stream }} - imageVersion: ${{ inputs.imageVersion }} - imageType: ${{ inputs.imageType }} - timestamp: ${{ steps.version.outputs.timestamp }} - semver: ${{ steps.version.outputs.semanticVersion }} - uploadVariant: ${{ inputs.uploadVariant }} - run: | - echo "resourceGroupName=constellation-images" | tee -a "$GITHUB_OUTPUT" - echo "region=northeurope" | tee -a "$GITHUB_OUTPUT" - echo "vmgsRegion=eu-central-1" | tee -a "$GITHUB_OUTPUT" - echo "replicationRegions=northeurope eastus westeurope westus" | tee -a "$GITHUB_OUTPUT" - echo "sku=constellation" | tee -a "$GITHUB_OUTPUT" - echo "publisher=edgelesssys" | tee -a "$GITHUB_OUTPUT" - echo "rawImagePath=${basePath}/mkosi.output.azure/fedora~37/image.raw" | tee -a "$GITHUB_OUTPUT" - echo "imagePath=${basePath}/mkosi.output.azure/fedora~37/image.vhd" | tee -a "$GITHUB_OUTPUT" - echo "jsonOutput=${basePath}/mkosi.output.azure/fedora~37/image-upload${uploadVariant}.json" | tee -a "$GITHUB_OUTPUT" - # TODO: set default security type to "ConfidentialVM" once replication is possible - securityType=${{ inputs.uploadVariant }} - if [[ -z "${securityType}" ]]; then - securityType=ConfidentialVMSupported - fi - echo "securityType=${securityType}" | tee -a "$GITHUB_OUTPUT" - echo "diskName=constellation-${stream}-${timestamp}-${securityType,,}" | tee -a "$GITHUB_OUTPUT" - if [[ "${stream}" = "stable" ]] - then - echo "imageDefinition=constellation" | tee -a "$GITHUB_OUTPUT" - echo "imageOffer=constellation" | tee -a "$GITHUB_OUTPUT" - echo "imageVersion=${imageVersion:1}" | tee -a "$GITHUB_OUTPUT" - galleryName=Constellation - elif [[ "${imageType}" = "debug" && ( "${ref}" = "-" || "${ref}" = "main" ) ]] - then - echo "imageDefinition=${semver}" | tee -a "$GITHUB_OUTPUT" - echo "imageOffer=${semver}" | tee -a "$GITHUB_OUTPUT" - echo "imageVersion=${timestamp:0:4}.${timestamp:4:4}.${timestamp:8}" | tee -a "$GITHUB_OUTPUT" - galleryName=Constellation_Debug - else - echo "imageDefinition=${ref}-${stream}" | tee -a "$GITHUB_OUTPUT" - echo "imageOffer=${ref}-${stream}" | tee -a "$GITHUB_OUTPUT" - echo "imageVersion=${timestamp:0:4}.${timestamp:4:4}.${timestamp:8}" | tee -a "$GITHUB_OUTPUT" - galleryName=Constellation_Testing - fi - # TODO: enable VMGS upload for ConfidentialVM images once replication is possible - if [[ "${securityType}" == "ConfidentialVMSupported" ]]; then - echo "galleryName=${galleryName}_CVM" | tee -a "$GITHUB_OUTPUT" - echo "vmgsPath=" | tee -a "$GITHUB_OUTPUT" - else - echo "galleryName=${galleryName}" | tee -a "$GITHUB_OUTPUT" - echo "vmgsPath=${basePath}/pki/${securityType}.vmgs" | tee -a "$GITHUB_OUTPUT" - fi - - # image family and image name may include lowercase alphanumeric characters and dashes. - # Must not end or begin with a dash - - name: Configure GCP input variables - id: gcp - if: inputs.csp == 'gcp' - shell: bash - env: - basePath: ${{ inputs.basePath }} - ref: ${{ inputs.ref }} - stream: ${{ inputs.stream }} - imageVersion: ${{ inputs.imageVersion }} - imageType: ${{ inputs.imageType }} - timestamp: ${{ steps.version.outputs.timestamp }} - run: | - echo "project=constellation-images" | tee -a "$GITHUB_OUTPUT" - echo "bucket=constellation-images" | tee -a "$GITHUB_OUTPUT" - echo "region=europe-west3" | tee -a "$GITHUB_OUTPUT" - echo "rawImagePath=${basePath}/mkosi.output.gcp/fedora~37/image.raw" | tee -a "$GITHUB_OUTPUT" - echo "imagePath=${basePath}/mkosi.output.gcp/fedora~37/image.tar.gz" | tee -a "$GITHUB_OUTPUT" - echo "jsonOutput=${basePath}/mkosi.output.gcp/fedora~37/image-upload.json" | tee -a "$GITHUB_OUTPUT" - echo "imageName=${imageVersion//./-}-${stream}" | tee -a "$GITHUB_OUTPUT" - echo "imageFilename=${imageVersion//./-}-${stream}.tar.gz" | tee -a "$GITHUB_OUTPUT" - if [[ "${stream}" = "stable" ]] - then - echo "imageFamily=constellation" | tee -a "$GITHUB_OUTPUT" - else - echo "imageFamily=constellation-${ref::45}" | tee -a "$GITHUB_OUTPUT" - fi - - - name: Configure OpenStack input variables - id: openstack - if: inputs.csp == 'openstack' - shell: bash - env: - basePath: ${{ inputs.basePath }} - run: | - echo "bucket=cdn-constellation-backend" | tee -a "$GITHUB_OUTPUT" - echo "baseUrl=https://cdn.confidential.cloud" | tee -a "$GITHUB_OUTPUT" - echo "imagePath=${basePath}/mkosi.output.openstack/fedora~37/image.raw" | tee -a "$GITHUB_OUTPUT" - echo "jsonOutput=${basePath}/mkosi.output.openstack/fedora~37/image-upload.json" | tee -a "$GITHUB_OUTPUT" - - - name: Configure QEMU input variables - id: qemu - if: inputs.csp == 'qemu' - shell: bash - env: - basePath: ${{ inputs.basePath }} - run: | - echo "bucket=cdn-constellation-backend" | tee -a "$GITHUB_OUTPUT" - echo "baseUrl=https://cdn.confidential.cloud" | tee -a "$GITHUB_OUTPUT" - echo "imagePath=${basePath}/mkosi.output.qemu/fedora~37/image.raw" | tee -a "$GITHUB_OUTPUT" - echo "jsonOutput=${basePath}/mkosi.output.qemu/fedora~37/image-upload.json" | tee -a "$GITHUB_OUTPUT" diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index a2ef87ef6..9ef5c74fb 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -370,9 +370,20 @@ jobs: matrix: csp: [aws, azure, gcp, openstack, qemu] upload-variant: [""] - # include: - # - csp: azure - # upload-variant: TrustedLaunch + env: + AWS_IMAGE_PATH: mkosi.output.aws/fedora~37/image.raw + AWS_JSON_OUTPUT: mkosi.output.aws/fedora~37/image-upload.json + AZURE_IMAGE_PATH: mkosi.output.azure/fedora~37/image.vhd + AZURE_JSON_OUTPUT: mkosi.output.azure/fedora~37/image-upload.json + AZURE_RAW_IMAGE_PATH: mkosi.output.azure/fedora~37/image.raw + GCP_IMAGE_PATH: mkosi.output.gcp/fedora~37/image.tar.gz + GCP_JSON_OUTPUT: mkosi.output.gcp/fedora~37/image-upload.json + GCP_RAW_IMAGE_PATH: mkosi.output.gcp/fedora~37/image.raw + OPENSTACK_IMAGE_PATH: mkosi.output.openstack/fedora~37/image.raw + OPENSTACK_JSON_OUTPUT: mkosi.output.openstack/fedora~37/image-upload.json + QEMU_IMAGE_PATH: mkosi.output.qemu/fedora~37/image.raw + QEMU_JSON_OUTPUT: mkosi.output.qemu/fedora~37/image-upload.json + SHORTNAME: ${{ needs.build-settings.outputs.imageNameShort }} steps: - name: Checkout uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 @@ -385,19 +396,6 @@ jobs: name: image-${{ matrix.csp }} path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37 - - name: Configure input variables - id: vars - uses: ./.github/actions/os_build_variables - with: - csp: ${{ matrix.csp }} - uploadVariant: ${{ matrix.upload-variant }} - basePath: ${{ github.workspace }}/image - ref: ${{ needs.build-settings.outputs.ref }} - stream: ${{ needs.build-settings.outputs.stream }} - imageVersion: ${{ needs.build-settings.outputs.imageVersion }} - imageType: ${{ needs.build-settings.outputs.imageType }} - debug: ${{ needs.build-settings.outputs.imageType == 'debug' }} - - name: Install tools shell: bash run: | @@ -407,14 +405,9 @@ jobs: pigz \ qemu-utils \ python3-pip - pip install google_crc32c echo "::endgroup::" - name: Login to AWS - # on AWS, login is required to upload the image as AMI - # on Azure, login is done to download the VMGS from S3 - # on QEMU, login is done to upload the image to S3 - if: matrix.csp == 'aws' || matrix.csp == 'azure' || matrix.csp == 'openstack' || matrix.csp == 'qemu' uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 with: role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline @@ -439,39 +432,19 @@ jobs: run: | ln -s ${{ needs.build-settings.outputs.pkiSet }} pki - - name: Download VMGS blob - if: matrix.csp == 'azure' && !endsWith(env.AZURE_SECURITY_TYPE, 'Supported') - working-directory: ${{ github.workspace }}/image - env: - PKI_SET: ${{ needs.build-settings.outputs.pkiSet }} - AZURE_VMGS_REGION: ${{ steps.vars.outputs.azureVmgsRegion }} - AZURE_SECURITY_TYPE: ${{ steps.vars.outputs.azureSecurityType }} - run: | - aws s3 cp \ - --region "${AZURE_VMGS_REGION}" \ - "s3://constellation-secure-boot/${PKI_SET}/${AZURE_SECURITY_TYPE}.vmgs" \ - "${PKI_SET}/${AZURE_SECURITY_TYPE}.vmgs" \ - --no-progress - - name: Upload AWS image if: matrix.csp == 'aws' shell: bash working-directory: ${{ github.workspace }}/image - env: - PKI: ${{ github.workspace }}/image/pki - AWS_JSON_OUTPUT: ${{ steps.vars.outputs.awsJsonOutput }} - AWS_BUCKET: ${{ steps.vars.outputs.awsBucket }} - AWS_EFIVARS_PATH: ${{ steps.vars.outputs.awsEfivarsPath }} - AWS_IMAGE_FILENAME: ${{ steps.vars.outputs.awsImageFilename }} - AWS_IMAGE_NAME: ${{ steps.vars.outputs.awsImageName }} - AWS_IMAGE_PATH: ${{ steps.vars.outputs.awsImagePath }} - AWS_REGION: ${{ steps.vars.outputs.awsRegion }} - AWS_REPLICATION_REGIONS: ${{ steps.vars.outputs.awsReplicationRegions }} - AWS_PUBLISH: ${{ steps.vars.outputs.awsPublish }} run: | echo "::group::Upload AWS image" - secure-boot/aws/create_uefivars.sh "${AWS_EFIVARS_PATH}" - upload/upload_aws.sh + bazel run //image/upload -- \ + aws \ + --verbose \ + --raw-image "${AWS_IMAGE_PATH}" \ + --variant "" \ + --version "${SHORTNAME}" \ + --out "${AWS_JSON_OUTPUT}" echo -e "Uploaded AWS image: \n\n\`\`\`\n$(jq < "${AWS_JSON_OUTPUT}")\n\`\`\`\n" >> "$GITHUB_STEP_SUMMARY" echo "::endgroup::" @@ -479,21 +452,16 @@ jobs: if: matrix.csp == 'gcp' shell: bash working-directory: ${{ github.workspace }}/image - env: - PKI: ${{ github.workspace }}/image/pki - GCP_JSON_OUTPUT: ${{ steps.vars.outputs.gcpJsonOutput }} - GCP_BUCKET: ${{ steps.vars.outputs.gcpBucket }} - GCP_IMAGE_FAMILY: ${{ steps.vars.outputs.gcpImageFamily }} - GCP_IMAGE_FILENAME: ${{ steps.vars.outputs.gcpImageFilename }} - GCP_IMAGE_NAME: ${{ steps.vars.outputs.gcpImageName }} - GCP_IMAGE_PATH: ${{ steps.vars.outputs.gcpImagePath }} - GCP_PROJECT: ${{ steps.vars.outputs.gcpProject }} - GCP_RAW_IMAGE_PATH: ${{ steps.vars.outputs.gcpRawImagePath }} - GCP_REGION: ${{ steps.vars.outputs.gcpRegion }} run: | echo "::group::Upload GCP image" upload/pack.sh gcp "${GCP_RAW_IMAGE_PATH}" "${GCP_IMAGE_PATH}" - upload/upload_gcp.sh + bazel run //image/upload -- \ + gcp \ + --verbose \ + --raw-image "${GCP_IMAGE_PATH}" \ + --variant sev-es \ + --version "${SHORTNAME}" \ + --out "${GCP_JSON_OUTPUT}" echo -e "Uploaded GCP image: \n\n\`\`\`\n$(jq < "${GCP_JSON_OUTPUT}")\n\`\`\`\n" >> "$GITHUB_STEP_SUMMARY" echo "::endgroup::" @@ -501,46 +469,32 @@ jobs: if: matrix.csp == 'azure' shell: bash working-directory: ${{ github.workspace }}/image - env: - PKI: ${{ github.workspace }}/image/pki - AZURE_JSON_OUTPUT: ${{ steps.vars.outputs.azureJsonOutput }} - AZURE_DISK_NAME: ${{ steps.vars.outputs.azureDiskName }} - AZURE_GALLERY_NAME: ${{ steps.vars.outputs.azureGalleryName }} - AZURE_IMAGE_DEFINITION: ${{ steps.vars.outputs.azureImageDefinition }} - AZURE_IMAGE_OFFER: ${{ steps.vars.outputs.azureImageOffer }} - AZURE_IMAGE_PATH: ${{ steps.vars.outputs.azureImagePath }} - AZURE_IMAGE_VERSION: ${{ steps.vars.outputs.azureImageVersion }} - AZURE_PUBLISHER: ${{ steps.vars.outputs.azurePublisher }} - AZURE_RAW_IMAGE_PATH: ${{ steps.vars.outputs.azureRawImagePath }} - AZURE_REGION: ${{ steps.vars.outputs.azureRegion }} - AZURE_REPLICATION_REGIONS: ${{ steps.vars.outputs.azureReplicationRegions }} - AZURE_VMGS_REGION: ${{ steps.vars.outputs.azureVmgsRegion }} - AZURE_RESOURCE_GROUP_NAME: ${{ steps.vars.outputs.azureResourceGroupName }} - AZURE_SECURITY_TYPE: ${{ steps.vars.outputs.azureSecurityType }} - AZURE_SKU: ${{ steps.vars.outputs.azureSku }} - AZURE_VMGS_PATH: ${{ steps.vars.outputs.azureVmgsPath }} run: | echo "::group::Upload Azure image" upload/pack.sh azure "${AZURE_RAW_IMAGE_PATH}" "${AZURE_IMAGE_PATH}" - upload/upload_azure.sh -g --disk-name "${AZURE_DISK_NAME}" "${AZURE_VMGS_PATH}" - echo -e "Uploaded Azure ${AZURE_SECURITY_TYPE} image: \n\n\`\`\`\n$(jq < "${AZURE_JSON_OUTPUT}")\n\`\`\`\n" >> "$GITHUB_STEP_SUMMARY" + bazel run //image/upload -- \ + azure \ + --verbose \ + --raw-image "${AZURE_IMAGE_PATH}" \ + --variant cvm \ + --version "${SHORTNAME}" \ + --out "${AZURE_JSON_OUTPUT}" + echo -e "Uploaded Azure image: \n\n\`\`\`\n$(jq < "${AZURE_JSON_OUTPUT}")\n\`\`\`\n" >> "$GITHUB_STEP_SUMMARY" echo "::endgroup::" - name: Upload OpenStack image if: matrix.csp == 'openstack' shell: bash working-directory: ${{ github.workspace }}/image - env: - OPENSTACK_JSON_OUTPUT: ${{ steps.vars.outputs.openStackJsonOutput }} - OPENSTACK_BUCKET: ${{ steps.vars.outputs.openStackBucket }} - OPENSTACK_BASE_URL: ${{ steps.vars.outputs.openStackBaseUrl }} - OPENSTACK_IMAGE_PATH: ${{ steps.vars.outputs.openStackImagePath }} - REF: ${{needs.build-settings.outputs.ref }} - STREAM: ${{needs.build-settings.outputs.stream }} - IMAGE_VERSION: ${{needs.build-settings.outputs.imageVersion }} run: | echo "::group::Upload OpenStack image" - upload/upload_openstack.sh + bazel run //image/upload -- \ + openstack \ + --verbose \ + --raw-image "${OPENSTACK_IMAGE_PATH}" \ + --variant sev \ + --version "${SHORTNAME}" \ + --out "${OPENSTACK_JSON_OUTPUT}" echo -e "Uploaded OpenStack image: \n\n\`\`\`\n$(jq < "${OPENSTACK_JSON_OUTPUT}")\n\`\`\`\n" >> "$GITHUB_STEP_SUMMARY" echo "::endgroup::" @@ -548,17 +502,15 @@ jobs: if: matrix.csp == 'qemu' shell: bash working-directory: ${{ github.workspace }}/image - env: - QEMU_JSON_OUTPUT: ${{ steps.vars.outputs.qemuJsonOutput }} - QEMU_BUCKET: ${{ steps.vars.outputs.qemuBucket }} - QEMU_BASE_URL: ${{ steps.vars.outputs.qemuBaseUrl }} - QEMU_IMAGE_PATH: ${{ steps.vars.outputs.qemuImagePath }} - REF: ${{needs.build-settings.outputs.ref }} - STREAM: ${{needs.build-settings.outputs.stream }} - IMAGE_VERSION: ${{needs.build-settings.outputs.imageVersion }} run: | echo "::group::Upload QEMU image" - upload/upload_qemu.sh + bazel run //image/upload -- \ + qemu \ + --verbose \ + --raw-image "${QEMU_IMAGE_PATH}" \ + --variant default \ + --version "${SHORTNAME}" \ + --out "${QEMU_JSON_OUTPUT}" echo -e "Uploaded QEMU image: \n\n\`\`\`\n$(jq < "${QEMU_JSON_OUTPUT}")\n\`\`\`\n" >> "$GITHUB_STEP_SUMMARY" echo "::endgroup::"