constellation/.github/actions/os_build_variables/action.yml
2022-11-18 10:37:45 +01:00

285 lines
12 KiB
YAML

name: Determine OS image upload variables
description: "Determine parameters used for image upload to various CSPs."
inputs:
csp:
description: "Cloud Service Provider"
required: true
uploadVariant:
description: "Upload variant"
required: true
basePath:
description: "Base path to the image build directory"
required: true
imageVersion:
description: "Semantic version including patch e.g. v<major>.<minor>.<patch> (only used for releases)"
required: false
imageType:
description: "Type of image to build"
required: true
debug:
description: "Build debug image"
required: false
default: "false"
outputs:
awsRegion:
description: "Primary AWS region"
value: ${{ steps.aws.outputs.region }}
awsReplicationRegions:
description: "AWS regions to replicate the image to"
value: ${{ steps.aws.outputs.replicationRegions }}
awsBucket:
description: "AWS S3 bucket to upload the image to"
value: ${{ steps.aws.outputs.bucket }}
awsEfivarsPath:
description: "AWS efivars path"
value: ${{ steps.aws.outputs.efivarsPath }}
awsImagePath:
description: "AWS image path"
value: ${{ steps.aws.outputs.imagePath }}
awsJsonOutput:
description: "AWS ami json output path"
value: ${{ steps.aws.outputs.jsonOutput }}
awsImageFilename:
description: "AWS raw image filename"
value: ${{ steps.aws.outputs.imageFilename }}
awsImageName:
description: "AWS image name"
value: ${{ steps.aws.outputs.imageName }}
awsPublish:
description: "Should AWS AMI be published"
value: ${{ steps.aws.outputs.publish }}
azureResourceGroupName:
description: "Azure resource group name"
value: ${{ steps.azure.outputs.resourceGroupName }}
azureRegion:
description: "Primary Azure region"
value: ${{ steps.azure.outputs.region }}
azureReplicationRegions:
description: "Azure regions to replicate the image to"
value: ${{ steps.azure.outputs.replicationRegions }}
azureVmgsRegion:
description: "Azure VMGS region (AWS S3 bucket region where VMGS blob is stored)"
value: ${{ steps.azure.outputs.vmgsRegion }}
azureSku:
description: "Azure SIG SKU"
value: ${{ steps.azure.outputs.sku }}
azurePublisher:
description: "Azure SIG publisher"
value: ${{ steps.azure.outputs.publisher }}
azureRawImagePath:
description: "Azure raw image path"
value: ${{ steps.azure.outputs.rawImagePath }}
azureImagePath:
description: "Azure image path"
value: ${{ steps.azure.outputs.imagePath }}
azureJsonOutput:
description: "Azure image json output path"
value: ${{ steps.azure.outputs.jsonOutput }}
azureSecurityType:
description: "Azure security type"
value: ${{ steps.azure.outputs.securityType }}
azureDiskName:
description: "Azure disk name"
value: ${{ steps.azure.outputs.diskName }}
azureImageDefinition:
description: "Azure image definition"
value: ${{ steps.azure.outputs.imageDefinition }}
azureImageOffer:
description: "Azure image offer"
value: ${{ steps.azure.outputs.imageOffer }}
azureImageVersion:
description: "Azure image version"
value: ${{ steps.azure.outputs.imageVersion }}
azureGalleryName:
description: "Azure gallery name"
value: ${{ steps.azure.outputs.galleryName }}
azureVmgsPath:
description: "Azure VMGS path"
value: ${{ steps.azure.outputs.vmgsPath }}
gcpProject:
description: "GCP project"
value: ${{ steps.gcp.outputs.project }}
gcpBucket:
description: "GCP bucket"
value: ${{ steps.gcp.outputs.bucket }}
gcpRegion:
description: "GCP region"
value: ${{ steps.gcp.outputs.region }}
gcpRawImagePath:
description: "GCP raw image path"
value: ${{ steps.gcp.outputs.rawImagePath }}
gcpImagePath:
description: "GCP image path"
value: ${{ steps.gcp.outputs.imagePath }}
gcpJsonOutput:
description: "GCP image json output path"
value: ${{ steps.gcp.outputs.jsonOutput }}
gcpImageName:
description: "GCP image name"
value: ${{ steps.gcp.outputs.imageName }}
gcpImageFilename:
description: "GCP image filename"
value: ${{ steps.gcp.outputs.imageFilename }}
gcpImageFamily:
description: "GCP image family"
value: ${{ steps.gcp.outputs.imageFamily }}
qemuJsonOutput:
description: "QEMU image json output path"
value: ${{ steps.qemu.outputs.jsonOutput }}
qemuBucket:
description: "QEMU S3 bucket"
value: ${{ steps.qemu.outputs.bucket }}
qemuBaseUrl:
description: "QEMU raw image base URL"
value: ${{ steps.qemu.outputs.baseUrl }}
qemuImagePath:
description: "QEMU image path"
value: ${{ steps.qemu.outputs.imagePath }}
runs:
using: "composite"
steps:
- name: Determine version
id: version
uses: ./.github/actions/pseudo_version
- name: Configure AWS input variables
id: aws
if: ${{ inputs.csp == 'aws' }}
shell: bash
env:
basePath: ${{ inputs.basePath }}
imageVersion: ${{ inputs.imageVersion }}
imageType: ${{ inputs.imageType }}
timestamp: ${{ steps.version.outputs.timestamp }}
semver: ${{ steps.version.outputs.semanticVersion }}
branchName: ${{ steps.version.outputs.branchName }}
run: |
echo "region=eu-central-1" >> $GITHUB_OUTPUT
echo "replicationRegions=us-east-2 ap-south-1" >> $GITHUB_OUTPUT
echo "bucket=constellation-images" >> $GITHUB_OUTPUT
echo "efivarsPath=${basePath}/mkosi.output.aws/fedora~37/efivars.bin" >> $GITHUB_OUTPUT
echo "imagePath=${basePath}/mkosi.output.aws/fedora~37/image.raw" >> $GITHUB_OUTPUT
echo "jsonOutput=${basePath}/mkosi.output.aws/fedora~37/image-upload.json" >> $GITHUB_OUTPUT
echo "imageFilename=image-$(date +%s).raw" >> $GITHUB_OUTPUT
if [ "${imageType}" = release ]
then
echo "imageName=constellation-${imageVersion}" >> $GITHUB_OUTPUT
echo "publish=true" >> $GITHUB_OUTPUT
elif [ "${imageType}" = debug ]
then
echo "imageName=constellation-debug-${semver}-${timestamp}" >> $GITHUB_OUTPUT
echo "publish=false" >> $GITHUB_OUTPUT
else
echo "imageName=constellation-${branchName}-${timestamp}" >> $GITHUB_OUTPUT
echo "publish=false" >> $GITHUB_OUTPUT
fi
# gallery name may include alphanumeric characters, dots and underscores. Must end and begin with an alphanumeric character
# image definition may include alphanumeric characters, dots, dashes and underscores. Must end and begin with an alphanumeric character
# image version has to be semantic version in the form <uint>.<uint>.<uint> . uint may not be larger than 2,147,483,647
- name: Configure Azure input variables
id: azure
if: ${{ inputs.csp == 'azure' }}
shell: bash
env:
basePath: ${{ inputs.basePath }}
imageVersion: ${{ inputs.imageVersion }}
imageType: ${{ inputs.imageType }}
timestamp: ${{ steps.version.outputs.timestamp }}
semver: ${{ steps.version.outputs.semanticVersion }}
pseudover: ${{ steps.version.outputs.pseudoVersion }}
branchName: ${{ steps.version.outputs.branchName }}
uploadVariant: ${{ inputs.uploadVariant }}
run: |
echo "resourceGroupName=constellation-images" >> $GITHUB_OUTPUT
echo "region=northeurope" >> $GITHUB_OUTPUT
echo "vmgsRegion=eu-central-1" >> $GITHUB_OUTPUT
echo "replicationRegions=northeurope eastus westeurope westus" >> $GITHUB_OUTPUT
echo "sku=constellation" >> $GITHUB_OUTPUT
echo "publisher=edgelesssys" >> $GITHUB_OUTPUT
echo "rawImagePath=${basePath}/mkosi.output.azure/fedora~37/image.raw" >> $GITHUB_OUTPUT
echo "imagePath=${basePath}/mkosi.output.azure/fedora~37/image.vhd" >> $GITHUB_OUTPUT
echo "jsonOutput=${basePath}/mkosi.output.azure/fedora~37/image-upload${uploadVariant}.json" >> $GITHUB_OUTPUT
# TODO: set default security type to "ConfidentialVM" once replication is possible
securityType=${{ inputs.uploadVariant }}
if [ -z "${securityType}" ]; then
securityType=ConfidentialVMSupported
fi
echo "securityType=${securityType}" >> $GITHUB_OUTPUT
echo "diskName=constellation-${pseudover//./-}-${securityType,,}" >> $GITHUB_OUTPUT
if [ "${imageType}" = release ]
then
echo "imageDefinition=constellation" >> $GITHUB_OUTPUT
echo "imageOffer=constellation" >> $GITHUB_OUTPUT
echo "imageVersion=${imageVersion:1}" >> $GITHUB_OUTPUT
galleryName=Constellation
elif [ "${imageType}" = debug ]
then
echo "imageDefinition=${semver}" >> $GITHUB_OUTPUT
echo "imageOffer=${semver}" >> $GITHUB_OUTPUT
echo "imageVersion=${timestamp:0:4}.${timestamp:4:4}.${timestamp:8}" >> $GITHUB_OUTPUT
galleryName=Constellation_Debug
else
echo "imageDefinition=${branchName}" >> $GITHUB_OUTPUT
echo "imageOffer=${branchName}" >> $GITHUB_OUTPUT
echo "imageVersion=${timestamp:0:4}.${timestamp:4:4}.${timestamp:8}" >> $GITHUB_OUTPUT
galleryName=Constellation_Testing
fi
# TODO: enable VMGS upload for ConfidentialVM images once replication is possible
if [ "${securityType}" == "ConfidentialVMSupported" ]; then
echo "galleryName=${galleryName}_CVM" >> $GITHUB_OUTPUT
echo "vmgsPath=" >> $GITHUB_OUTPUT
else
echo "galleryName=${galleryName}" >> $GITHUB_OUTPUT
echo "vmgsPath=${basePath}/pki/${securityType}.vmgs" >> $GITHUB_OUTPUT
fi
# image family and image name may include lowercase alphanumeric characters and dashes.
# Must not end or begin with a dash
- name: Configure GCP input variables
id: gcp
if: ${{ inputs.csp == 'gcp' }}
shell: bash
env:
basePath: ${{ inputs.basePath }}
imageVersion: ${{ inputs.imageVersion }}
imageType: ${{ inputs.imageType }}
timestamp: ${{ steps.version.outputs.timestamp }}
semver: ${{ steps.version.outputs.semanticVersion }}
branchName: ${{ steps.version.outputs.branchName }}
run: |
echo "project=constellation-images" >> $GITHUB_OUTPUT
echo "bucket=constellation-images" >> $GITHUB_OUTPUT
echo "region=europe-west3" >> $GITHUB_OUTPUT
echo "rawImagePath=${basePath}/mkosi.output.gcp/fedora~37/image.raw" >> $GITHUB_OUTPUT
echo "imagePath=${basePath}/mkosi.output.gcp/fedora~37/image.tar.gz" >> $GITHUB_OUTPUT
echo "jsonOutput=${basePath}/mkosi.output.gcp/fedora~37/image-upload.json" >> $GITHUB_OUTPUT
if [ "${imageType}" = release ]
then
echo "imageName=constellation-${imageVersion//./-}" >> $GITHUB_OUTPUT
echo "imageFilename=constellation-${imageVersion//./-}.tar.gz" >> $GITHUB_OUTPUT
echo "imageFamily=constellation" >> $GITHUB_OUTPUT
elif [ "${imageType}" = debug ]
then
echo "imageName=constellation-${timestamp}" >> $GITHUB_OUTPUT
echo "imageFilename=constellation-${timestamp}.tar.gz" >> $GITHUB_OUTPUT
echo "imageFamily=constellation-debug-${semver//./-}" >> $GITHUB_OUTPUT
else
echo "imageName=constellation-${timestamp}" >> $GITHUB_OUTPUT
echo "imageFilename=constellation-${timestamp}.tar.gz" >> $GITHUB_OUTPUT
echo "imageFamily=constellation-${branchName}" >> $GITHUB_OUTPUT
fi
- name: Configure QEMU input variables
id: qemu
if: ${{ inputs.csp == 'qemu' }}
shell: bash
env:
basePath: ${{ inputs.basePath }}
run: |
echo "bucket=cdn-constellation-backend" >> $GITHUB_OUTPUT
echo "baseUrl=https://cdn.confidential.cloud" >> $GITHUB_OUTPUT
echo "imagePath=${basePath}/mkosi.output.qemu/fedora~37/image.raw" >> $GITHUB_OUTPUT
echo "jsonOutput=${basePath}/mkosi.output.qemu/fedora~37/image-upload.json" >> $GITHUB_OUTPUT