diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d79eb0474..dab060299 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -322,6 +322,37 @@ jobs: IMAGE=$(cat release/IMAGE) docker push "$IMAGE" cosign sign $(docker image inspect --format='{{index .RepoDigests 0}}' "$IMAGE") + + # https://github.com/aws-actions/configure-aws-credentials?tab=readme-ov-file#assumerole-with-static-iam-credentials-in-repository-secrets + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-central-1 + #role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + #role-external-id: ${{ secrets.AWS_ROLE_EXTERNAL_ID }} + role-duration-seconds: 1200 + role-session-name: AWSCIPush + - name: Build and push AWS image + if: matrix.flavor == 'ubuntu' && matrix.flavorRelease == '24.04' && matrix.variant == 'core' && matrix.model == 'generic' && matrix.arch == 'amd64' + env: + AWS_S3_BUCKET: kairos-cloud-images + AWS_REGION: eu-central-1 + run: | + containerImage=$(cat release/IMAGE) + docker run -v /var/run/docker.sock:/var/run/docker.sock --net host \ + --privileged \ + -v $PWD:/aurora --rm quay.io/kairos/auroraboot \ + --debug \ + --set "disable_http_server=true" \ + --set "container_image=docker:${containerImage}" \ + --set "disable_netboot=true" \ + --set "disk.raw=true" \ + --set "state_dir=/aurora" + + .github/upload-image-to-aws.sh $(ls *.raw) + - name: Prepare files for release run: | mkdir sarif @@ -340,94 +371,3 @@ jobs: with: files: | release/* - - build-aws-image: - runs-on: ubuntu-latest - needs: - - get-standard-matrix - - build-standard - permissions: - id-token: write # OIDC support - contents: write - actions: read - security-events: write - strategy: - matrix: - include: - # We don't publish AWS images for all combinations so we go hardcoded here - - flavor: ubuntu - flavor_release: 24.04 - family: ubuntu - base_image: ubuntu:24.04 - variant: standard - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - run: | - git fetch --prune --unshallow - - name: Install kairos-agent (for versioneer) - uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1 - with: - repository: quay.io/kairos/packages - packages: system/kairos-agent - - name: Build 🔧 - run: | - # Keep maximum k3s version (by semver) - # add a "v" in front and a "-k3s1" at the end to match the k3s versioning - k3s_version=$(echo '${{ needs.get-standard-matrix.outputs.matrix }}' | \ - jq -r '.include | map(.k3s_version | split("+")[0]) | unique | - map( - capture("^(?[0-9]+)\\.(?[0-9]+)\\.(?[0-9]+)(-(?
.*))?$") |
-              {
-                major: (.major | tonumber),
-                minor: (.minor | tonumber),
-                patch: (.patch | tonumber),
-                is_stable: (if .pre == null then 1 else 0 end),
-                pre: (.pre // "")
-              }
-            ) | max_by(.major, .minor, .patch, .is_stable, .pre) |
-              "\(.major).\(.minor).\(.patch)\(.pre | if . == "" then "" else "-"+. end)"' | \
-            sed -E 's/^/v/; s/$/-k3s1/')
-
-          version=$(git describe --always --tags --dirty)
-
-          containerImage=$(kairos-agent versioneer container-artifact-name \
-            --flavor ${{ matrix.flavor }} \
-            --flavor-release ${{ matrix.flavor_release }} \
-            --variant ${{ matrix.variant }} \
-            --model generic \
-            --arch amd64 \
-            --software-version-prefix k3s \
-            --registry-and-org quay.io/kairos \
-            --software-version "$k3s_version" \
-            --version "$version"
-          )
-          echo "Using $containerImage to build a cloud image"
-
-          docker run -v /var/run/docker.sock:/var/run/docker.sock --net host \
-            --privileged \
-            -v $PWD:/aurora --rm quay.io/kairos/auroraboot \
-            --debug \
-            --set "disable_http_server=true" \
-            --set "container_image=docker:${containerImage}" \
-            --set "disable_netboot=true" \
-            --set "disk.raw=true" \
-            --set "state_dir=/aurora"
-
-      # https://github.com/aws-actions/configure-aws-credentials?tab=readme-ov-file#assumerole-with-static-iam-credentials-in-repository-secrets
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: eu-central-1
-          #role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
-          #role-external-id: ${{ secrets.AWS_ROLE_EXTERNAL_ID }}
-          role-duration-seconds: 1200
-          role-session-name: AWSCIPush
-
-      - name: Push to AWS
-        env:
-          AWS_S3_BUCKET: kairos-cloud-images
-          AWS_REGION: eu-central-1
-        run: |
-          .github/upload-image-to-aws.sh $(ls *.raw)