feat: bump auth to v2.173.0 (#1599) #125
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build QEMU image | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - release/* | |
| paths: | |
| - '.github/workflows/qemu-image-build.yml' | |
| - 'qemu-arm64-nix.pkr.hcl' | |
| - 'common-nix.vars.pkr.hcl' | |
| - 'ansible/vars.yml' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v3 | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| - name: Set PostgreSQL versions - only builds pg17 atm | |
| id: set-versions | |
| run: | | |
| VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[2]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') | |
| echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT | |
| build: | |
| needs: prepare | |
| strategy: | |
| matrix: | |
| postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} | |
| runs-on: arm-native-runner | |
| timeout-minutes: 150 | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v3 | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| - name: Run checks if triggered manually | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| run: | | |
| SUFFIX=$(sudo nix run nixpkgs#yq -- ".postgres_release[\"postgres${{ matrix.postgres_version }}\"]" ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/') | |
| if [[ -z $SUFFIX ]] ; then | |
| echo "Version must include non-numeric characters if built manually." | |
| exit 1 | |
| fi | |
| - name: enable KVM support | |
| run: | | |
| sudo chown runner /dev/kvm | |
| sudo chmod 666 /dev/kvm | |
| - name: Set PostgreSQL version environment variable | |
| run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> $GITHUB_ENV | |
| - name: Generate common-nix.vars.pkr.hcl | |
| run: | | |
| curl -L https://github.com/mikefarah/yq/releases/download/v4.45.1/yq_linux_arm64 -o yq && chmod +x yq | |
| PG_VERSION=$(./yq '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) | |
| PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes | |
| echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl | |
| echo 'postgres-major-version = "'$POSTGRES_MAJOR_VERSION'"' >> common-nix.vars.pkr.hcl | |
| # Ensure there's a newline at the end of the file | |
| echo "" >> common-nix.vars.pkr.hcl | |
| # TODO (darora): not quite sure why I'm having to uninstall and re-install these deps, but the build fails w/o this | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get remove -y qemu-efi-aarch64 cloud-image-utils qemu-system-arm qemu-utils | |
| sudo apt-get install -y qemu-efi-aarch64 cloud-image-utils qemu-system-arm qemu-utils | |
| - name: Build QEMU artifact | |
| run: | | |
| make init | |
| GIT_SHA=${{github.sha}} | |
| export PACKER_LOG=1 | |
| packer build -var "git_sha=${GIT_SHA}" -var-file="common-nix.vars.pkr.hcl" qemu-arm64-nix.pkr.hcl | |
| - name: Grab release version | |
| id: process_release_version | |
| run: | | |
| VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g') | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| - name: configure aws credentials - staging | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.CONTROL_PLANE_DEV_ROLE }} | |
| aws-region: "us-east-1" | |
| - name: Login to Amazon ECR | |
| id: login-ecr-private-dev | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build image | |
| env: | |
| IMAGE_TAG: ${{ steps.process_release_version.outputs.version }} | |
| run: | | |
| docker build -f Dockerfile-kubernetes -t "postgres:$IMAGE_TAG" . | |
| - name: Push docker image to Amazon ECR | |
| env: | |
| REGISTRY: 812073016711.dkr.ecr.us-east-1.amazonaws.com | |
| REPOSITORY: postgres-vm-image | |
| IMAGE_TAG: ${{ steps.process_release_version.outputs.version }} | |
| run: | | |
| docker tag "postgres:$IMAGE_TAG" "$REGISTRY/$REPOSITORY:$IMAGE_TAG" | |
| docker push "$REGISTRY/$REPOSITORY:$IMAGE_TAG" | |
| # TODO (darora): temporarily also push to prod account from here - add a guard to only publish proper tagged releases to prod? | |
| - name: configure aws credentials - prod | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.CONTROL_PLANE_PROD_ROLE }} | |
| aws-region: "us-east-1" | |
| - name: Login to Amazon ECR | |
| id: login-ecr-private-prod | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Push docker image to Amazon ECR | |
| env: | |
| REGISTRY: 156470330064.dkr.ecr.us-east-1.amazonaws.com | |
| REPOSITORY: postgres-vm-image | |
| IMAGE_TAG: ${{ steps.process_release_version.outputs.version }} | |
| run: | | |
| docker tag "postgres:$IMAGE_TAG" "$REGISTRY/$REPOSITORY:$IMAGE_TAG" | |
| docker push "$REGISTRY/$REPOSITORY:$IMAGE_TAG" | |
| - name: Cleanup resources after build | |
| if: ${{ always() }} | |
| run: | | |
| aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids | |
| - name: Cleanup resources on build cancellation | |
| if: ${{ cancelled() }} | |
| run: | | |
| aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids |