Test dependencies

scripts/ci-azure-e2e.sh

@@ -0,0 +1,122 @@
+#!/bin/bash
+
+# Copyright 2020 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+###############################################################################
+
+# This script is executed by presubmit `pull-cluster-api-provider-azure-e2e`
+# To run locally, set AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_TENANT_ID
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+CAPI_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+cd "${CAPI_ROOT}" || exit 1
+
+export ARTIFACTS="${ARTIFACTS:-${PWD}/_artifacts}"
+mkdir -p "${ARTIFACTS}/azure-sigs" "${ARTIFACTS}/azure-vhds"
+
+# Get list of Azure target names from common file
+source azure_targets.sh
+
+# Convert single line entries into arrays
+IFS=' ' read -r -a VHD_CI_TARGETS <<< "${VHD_CI_TARGETS}"
+IFS=' ' read -r -a SIG_CI_TARGETS <<< "${SIG_CI_TARGETS}"
+IFS=' ' read -r -a SIG_GEN2_CI_TARGETS <<< "${SIG_GEN2_CI_TARGETS}"
+
+# Append the "gen2" targets to the original SIG list
+for element in "${SIG_GEN2_CI_TARGETS[@]}"
+do
+    SIG_CI_TARGETS+=("${element}-gen2")
+done
+
+# shellcheck source=parse-prow-creds.sh
+source "packer/azure/scripts/parse-prow-creds.sh"
+
+# Verify the required Environment Variables are present.
+: "${AZURE_SUBSCRIPTION_ID:?Environment variable empty or not defined.}"
+: "${AZURE_TENANT_ID:?Environment variable empty or not defined.}"
+: "${AZURE_CLIENT_ID:?Environment variable empty or not defined.}"
+: "${AZURE_CLIENT_SECRET:?Environment variable empty or not defined.}"
+
+get_random_region() {
+    local REGIONS=("eastus" "eastus2" "southcentralus" "westus2" "westeurope")
+    echo "${REGIONS[${RANDOM} % ${#REGIONS[@]}]}"
+}
+
+export PATH=${PWD}/.local/bin:$PATH
+export PATH=${PYTHON_BIN_DIR:-"/root/.local/bin"}:$PATH
+
+export AZURE_LOCATION="${AZURE_LOCATION:-$(get_random_region)}"
+export RESOURCE_GROUP_NAME="image-builder-e2e-$(head /dev/urandom | LC_ALL=C tr -dc a-z0-9 | head -c 6 ; echo '')"
+
+# timestamp is in RFC-3339 format to match kubetest
+export TIMESTAMP="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
+export JOB_NAME="${JOB_NAME:-"image-builder-e2e"}"
+export TAGS="creationTimestamp=${TIMESTAMP} jobName=${JOB_NAME}"
+
+cleanup() {
+    az group delete -n ${RESOURCE_GROUP_NAME} --yes --no-wait || true
+}
+
+trap cleanup EXIT
+
+make deps-azure
+
+# Latest Flatcar version is often available on Azure with a delay, so resolve ourselves
+az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID}
+get_flatcar_version() {
+    az vm image show --urn kinvolk:flatcar-container-linux-free:stable:latest --query 'name' -o tsv
+}
+export FLATCAR_VERSION="$(get_flatcar_version)"
+
+# Pre-pulling windows images takes 10-20 mins
+# Disable them for CI runs so don't run into timeouts
+export PACKER_VAR_FILES="packer/azure/scripts/disable-windows-prepull.json scripts/ci-disable-goss-inspect.json"
+
+declare -A PIDS
+if [[ "${AZURE_BUILD_FORMAT:-vhd}" == "sig" ]]; then
+    for target in ${SIG_CI_TARGETS[@]};
+    do
+        make build-azure-sig-${target} > ${ARTIFACTS}/azure-sigs/${target}.log 2>&1 &
+        PIDS["sig-${target}"]=$!
+    done
+else
+    for target in ${VHD_CI_TARGETS[@]};
+    do
+        make build-azure-vhd-${target} > ${ARTIFACTS}/azure-vhds/${target}.log 2>&1 &
+        PIDS["vhd-${target}"]=$!
+    done
+fi
+
+# need to unset errexit so that failed child tasks don't cause script to exit
+set +o errexit
+exit_err=false
+for target in "${!PIDS[@]}"; do
+  wait ${PIDS[$target]}
+  if [[ $? -ne 0 ]]; then
+    exit_err=true
+    echo "${target}: FAILED. See logs in the artifacts folder."
+  else
+    echo "${target}: SUCCESS"
+  fi
+done
+
+if [[ "${exit_err}" = true ]]; then
+  exit 1
+fi

scripts/ci-container-image.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+###############################################################################
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+CAPI_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+cd "${CAPI_ROOT}" || exit 1
+
+make docker-build

scripts/ci-disable-goss-inspect.json

@@ -0,0 +1,3 @@
+{
+  "goss_inspect_mode": "false"
+}

scripts/ci-gce-nightly.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+################################################################################
+# usage: ci-gce-nightly.sh
+# This program build all images for capi gce for the nightly build
+################################################################################
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+CAPI_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+cd "${CAPI_ROOT}" || exit 1
+
+# Verify the required Environment Variables are present.
+: "${GCP_PROJECT:?Environment variable empty or not defined.}"
+
+# to list and check if have the properly access to the service account
+gcloud auth list
+
+# assume we are running in the CI environment as root
+# Add a user for ansible to work properly
+groupadd -r packer && useradd -m -s /bin/bash -r -g packer packer
+chown -R packer:packer /home/prow/go/src/sigs.k8s.io/image-builder
+# use the packer user to run the build
+
+# build image for 1.23
+# using PACKER_FLAGS=-force to overwrite the previous image and keep the same name
+su - packer -c "bash -c 'cd /home/prow/go/src/sigs.k8s.io/image-builder/images/capi && PATH=$PATH:~packer/.local/bin:/home/prow/go/src/sigs.k8s.io/image-builder/images/capi/.local/bin GCP_PROJECT_ID=$GCP_PROJECT PACKER_VAR_FILES=packer/gce/ci/nightly/overwrite-1-23.json PACKER_FLAGS=-force make deps-gce build-gce-all'"
+
+# build image for 1.24
+# using PACKER_FLAGS=-force to overwrite the previous image and keep the same name
+su - packer -c "bash -c 'cd /home/prow/go/src/sigs.k8s.io/image-builder/images/capi && PATH=$PATH:~packer/.local/bin:/home/prow/go/src/sigs.k8s.io/image-builder/images/capi/.local/bin GCP_PROJECT_ID=$GCP_PROJECT PACKER_VAR_FILES=packer/gce/ci/nightly/overwrite-1-24.json PACKER_FLAGS=-force make deps-gce build-gce-all'"
+
+# build image for 1.25
+# using PACKER_FLAGS=-force to overwrite the previous image and keep the same name
+su - packer -c "bash -c 'cd /home/prow/go/src/sigs.k8s.io/image-builder/images/capi && PATH=$PATH:~packer/.local/bin:/home/prow/go/src/sigs.k8s.io/image-builder/images/capi/.local/bin GCP_PROJECT_ID=$GCP_PROJECT PACKER_VAR_FILES=packer/gce/ci/nightly/overwrite-1-25.json PACKER_FLAGS=-force make deps-gce build-gce-all'"
+
+# build image for 1.26
+# using PACKER_FLAGS=-force to overwrite the previous image and keep the same name
+su - packer -c "bash -c 'cd /home/prow/go/src/sigs.k8s.io/image-builder/images/capi && PATH=$PATH:~packer/.local/bin:/home/prow/go/src/sigs.k8s.io/image-builder/images/capi/.local/bin GCP_PROJECT_ID=$GCP_PROJECT PACKER_VAR_FILES=packer/gce/ci/nightly/overwrite-1-26.json PACKER_FLAGS=-force make deps-gce build-gce-all'"
+
+echo "Displaying the generated image information"
+filter="name~cluster-api-ubuntu-*"
+gcloud compute images list --project "$GCP_PROJECT" \
+  --no-standard-images --filter="${filter}"
+
+echo "Making images public to use in CI"
+(gcloud compute images list --project "$GCP_PROJECT" --no-standard-images --filter="${filter}" --format="value(name[])" | \
+awk '{print "gcloud compute images add-iam-policy-binding --project '"$GCP_PROJECT"' " $1 " --member='"'allAuthenticatedUsers'"' --role='"'roles/compute.imageUser'"' \n"}' | bash)

scripts/ci-gce.sh

@@ -0,0 +1,94 @@
+#!/bin/bash
+
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+################################################################################
+# usage: ci-gce.sh
+# This program build all images for capi gce
+################################################################################
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+CAPI_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+cd "${CAPI_ROOT}" || exit 1
+
+# shellcheck source=ensure-go.sh
+source "./hack/ensure-go.sh"
+# shellcheck source=ensure-boskosctl.sh
+source "./hack/ensure-boskosctl.sh"
+
+# Verify the required Environment Variables are present.
+: "${GOOGLE_APPLICATION_CREDENTIALS:?Environment variable empty or not defined.}"
+
+function boskosctlwrapper() {
+  boskosctl --server-url http://"${BOSKOS_HOST}" --owner-name "cluster-api-provider-gcp" "${@}"
+}
+
+cleanup() {
+  echo "Cleaning up image"
+  filter="name~cluster-api-ubuntu-*"
+  (gcloud compute images list --project "$GCP_PROJECT" \
+    --no-standard-images --format="table[no-heading](name)" --filter="${filter}" \
+    | awk '{print "gcloud compute images delete --quiet --project '"$GCP_PROJECT"' "$1" " "\n"}' \
+    | bash ) || true
+
+  # stop boskos heartbeat
+  if [ -n "${BOSKOS_HOST:-}" ]; then
+    boskosctlwrapper release --name "${RESOURCE_NAME}" --target-state used
+  fi
+
+  exit "${test_status}"
+}
+trap cleanup EXIT
+
+if [[ -z "$GOOGLE_APPLICATION_CREDENTIALS" ]]; then
+  cat <<EOF
+GOOGLE_APPLICATION_CREDENTIALS is not set.
+Please set this to the path of the service account used to run this script.
+EOF
+  return 2
+else
+  gcloud auth activate-service-account --key-file="${GOOGLE_APPLICATION_CREDENTIALS}"
+fi
+
+# If BOSKOS_HOST is set then acquire an GCP account from Boskos.
+if [ -n "${BOSKOS_HOST:-}" ]; then
+  echo "Boskos acquire - ${BOSKOS_HOST}"
+  export BOSKOS_RESOURCE="$( boskosctlwrapper acquire --type gce-project --state free --target-state busy --timeout 1h )"
+  export RESOURCE_NAME=$(echo $BOSKOS_RESOURCE | jq  -r ".name")
+  export GCP_PROJECT=$(echo $BOSKOS_RESOURCE | jq  -r ".name")
+
+  # send a heartbeat in the background to keep the lease while using the resource
+  echo "Starting Boskos HeartBeat"
+  boskosctlwrapper heartbeat --resource "${BOSKOS_RESOURCE}" &
+fi
+
+# assume we are running in the CI environment as root
+# Add a user for ansible to work properly
+groupadd -r packer && useradd -m -s /bin/bash -r -g packer packer
+chown -R packer:packer /home/prow/go/src/sigs.k8s.io/image-builder
+# use the packer user to run the build
+su - packer -c "bash -c 'cd /home/prow/go/src/sigs.k8s.io/image-builder/images/capi && PATH=$PATH:~packer/.local/bin:/home/prow/go/src/sigs.k8s.io/image-builder/images/capi/.local/bin GCP_PROJECT_ID=$GCP_PROJECT GOOGLE_APPLICATION_CREDENTIALS=$GOOGLE_APPLICATION_CREDENTIALS PACKER_VAR_FILES=scripts/ci-disable-goss-inspect.json make deps-gce build-gce-all'"
+test_status="${?}"
+
+echo "Displaying the generated image information"
+filter="name~cluster-api-ubuntu-*"
+gcloud compute images list --project "$GCP_PROJECT" --no-standard-images --filter="${filter}"
+
+exit "${test_status}"

scripts/ci-goss-populate.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+###############################################################################
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+CAPI_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+cd "${CAPI_ROOT}" || exit 1
+
+source hack/utils.sh
+ensure_py3
+
+_version="v0.3.16"
+_bin_url="https://github.com/aelsabbahy/goss/releases/download/${_version}/goss-linux-amd64"
+
+if ! command -v goss >/dev/null 2>&1; then
+  if [[ ${HOSTOS} == "linux" ]]; then
+    curl -SsL "${_bin_url}" -o goss
+    chmod +x goss
+    mkdir -p "${PWD}/.local/bin"
+    mv goss "${PWD}/.local/bin"
+    export PATH=${PWD}/.local/bin:$PATH
+  fi
+fi
+
+export GOSS_USE_ALPHA=1
+hack/generate-goss-specs.py

scripts/ci-json-sort.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+###############################################################################
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+CAPI_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+cd "${CAPI_ROOT}" || exit 1
+
+cleanup() {
+    returnCode="$?"
+    exit "${returnCode}"
+}
+
+trap cleanup EXIT
+
+json_files=$(find . -type f -name "*.json" | sort -u)
+for f in ${json_files}
+do
+  if ! diff <(jq -S . ${f}) ${f} >> /dev/null; then
+    echo "json files are not sorted!! Please sort them with \"make json-sort\" in \"images/capi\" before commit"
+    echo "Unsorted file: ${f}"
+    exit 1
+  fi
+done

scripts/ci-outscale-nightly.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+PACKER_VAR_FILES=packer/outscale/ci/nightly/overwrite-1-21.json make build-osc-all
+PACKER_VAR_FILES=packer/outscale/ci/nightly/overwrite-1-22.json make build-osc-all
+PACKER_VAR_FILES=packer/outscale/ci/nightly/overwrite-1-23.json make build-osc-all
+PACKER_VAR_FILES=packer/outscale/ci/nightly/overwrite-1-24.json make build-osc-all
+PACKER_VAR_FILES=packer/outscale/ci/nightly/overwrite-1-25.json make build-osc-all

scripts/ci-ova.sh

@@ -0,0 +1,157 @@
+#!/bin/bash
+
+# Copyright 2020 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit  # exits immediately on any unexpected error (does not bypass traps)
+set -o nounset  # will error if variables are used without first being defined
+set -o pipefail # any non-zero exit code in a piped command causes the pipeline to fail with that code
+
+CAPI_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+cd "${CAPI_ROOT}" || exit 1
+
+export ARTIFACTS="${ARTIFACTS:-${PWD}/_artifacts}"
+TARGETS=("ubuntu-1804" "ubuntu-2004" "ubuntu-2204" "photon-3" "photon-4" "centos-7" "rockylinux-8" "flatcar")
+
+on_exit() {
+  # kill the VPN
+  docker kill vpn
+}
+
+cleanup_build_vm() {
+  # Setup govc to delete build VM after
+  curl -L https://github.com/vmware/govmomi/releases/download/v0.23.0/govc_linux_amd64.gz | gunzip > govc
+  chmod +x govc
+  mv govc /usr/local/bin/govc
+
+  for target in ${TARGETS[@]};
+  do
+    govc vm.destroy capv-ci-${target}-${TIMESTAMP}
+  done
+
+}
+
+trap on_exit EXIT
+
+export PATH=${PWD}/.local/bin:$PATH
+export PATH=${PYTHON_BIN_DIR:-"/root/.local/bin"}:$PATH
+export GC_KIND="false"
+export TIMESTAMP="$(date -u '+%Y%m%dT%H%M%S')"
+export GOVC_DATACENTER="SDDC-Datacenter"
+export GOVC_INSECURE=true
+
+cat << EOF > packer/ova/vsphere.json
+{
+    "vcenter_server":"${GOVC_URL}",
+    "insecure_connection": "${GOVC_INSECURE}",
+    "username":"${GOVC_USERNAME}",
+    "password":"${GOVC_PASSWORD}",
+    "datastore":"WorkloadDatastore",
+    "datacenter":"${GOVC_DATACENTER}",
+    "cluster": "Cluster-1",
+    "network": "sddc-cgw-network-8",
+    "folder": "Workloads/ci/imagebuilder"
+}
+EOF
+
+# Since access to esxi is blocked due to firewall rules,
+# `export`, `post-processor` sections from `packer-node.json` are removed.
+cat packer/ova/packer-node.json | jq  'del(.builders[] | select( .name == "vsphere" ).export)' > packer/ova/packer-node.json.tmp && mv packer/ova/packer-node.json.tmp packer/ova/packer-node.json
+cat packer/ova/packer-node.json | jq  'del(.builders[] | select( .name == "vsphere-clone" ).export)' > packer/ova/packer-node.json.tmp && mv packer/ova/packer-node.json.tmp packer/ova/packer-node.json
+cat packer/ova/packer-node.json | jq  'del(."post-processors"[])' > packer/ova/packer-node.json.tmp && mv packer/ova/packer-node.json.tmp packer/ova/packer-node.json
+
+# Run the vpn client in container
+docker run --rm -d --name vpn -v "${HOME}/.openvpn/:${HOME}/.openvpn/" \
+  -w "${HOME}/.openvpn/" --cap-add=NET_ADMIN --net=host --device=/dev/net/tun \
+  gcr.io/cluster-api-provider-vsphere/extra/openvpn:latest
+
+# Tail the vpn logs
+docker logs vpn
+
+# install deps and build all images
+make deps-ova
+
+declare -A PIDS
+for target in ${TARGETS[@]};
+do
+  export PACKER_VAR_FILES="ci-${target}.json scripts/ci-disable-goss-inspect.json"
+  if [[ "${target}" == 'photon-3' ]]; then
+cat << EOF > ci-${target}.json
+{
+"build_version": "capv-ci-${target}-${TIMESTAMP}",
+"linked_clone": "true",
+"template": "base-photon-3-20220623"
+}
+EOF
+    make build-node-ova-vsphere-clone-${target} > ${ARTIFACTS}/${target}.log 2>&1 &
+
+  elif [[ "${target}" == 'photon-4' ]]; then
+cat << EOF > ci-${target}.json
+{
+"build_version": "capv-ci-${target}-${TIMESTAMP}",
+"linked_clone": "true",
+"template": "base-photon-4"
+}
+EOF
+    make build-node-ova-vsphere-clone-${target} > ${ARTIFACTS}/${target}.log 2>&1 &
+
+  elif [[ "${target}" == 'rockylinux-8' ]]; then
+    cat << EOF > ci-${target}.json
+{
+"build_version": "capv-ci-${target}-${TIMESTAMP}",
+"linked_clone": "true",
+"template": "base-rockylinux-8-20220623"
+}
+EOF
+    make build-node-ova-vsphere-clone-${target} > ${ARTIFACTS}/${target}.log 2>&1 &
+
+  elif [[ "${target}" == 'ubuntu-2204' ]]; then
+    cat << EOF > ci-${target}.json
+{
+"build_version": "capv-ci-${target}-${TIMESTAMP}",
+"linked_clone": "true",
+"template": "base-ubuntu-2204"
+}
+EOF
+    make build-node-ova-vsphere-clone-${target} > ${ARTIFACTS}/${target}.log 2>&1 &
+
+  else
+cat << EOF > ci-${target}.json
+{
+"build_version": "capv-ci-${target}-${TIMESTAMP}"
+}
+EOF
+    make build-node-ova-vsphere-${target} > ${ARTIFACTS}/${target}.log 2>&1 &
+  fi
+  PIDS["${target}"]=$!
+done
+
+# need to unset errexit so that failed child tasks don't cause script to exit
+set +o errexit
+exit_err=false
+for target in "${!PIDS[@]}"; do
+  wait "${PIDS[$target]}"
+  if [[ $? -ne 0 ]]; then
+    exit_err=true
+    echo "${target}: FAILED. See logs in the artifacts folder."
+  else
+    echo "${target}: SUCCESS"
+  fi
+done
+set -o errexit
+
+cleanup_build_vm
+if [[ "${exit_err}" = true ]]; then
+  exit 1
+fi

scripts/ci-packer-validate.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+###############################################################################
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+CAPI_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+cd "${CAPI_ROOT}" || exit 1
+
+export PATH=${PWD}/.local/bin:$PATH
+export PATH=${PYTHON_BIN_DIR:-"${HOME}/.local/bin"}:$PATH
+
+# OCI packer builder requires a valid private key file, hence creating a temporary one
+openssl genrsa -out /tmp/oci_api_key.pem 2048
+
+AZURE_LOCATION=fake RESOURCE_GROUP_NAME=fake STORAGE_ACCOUNT_NAME=fake \
+  DIGITALOCEAN_ACCESS_TOKEN=fake GCP_PROJECT_ID=fake \
+  OCI_AVAILABILITY_DOMAIN=fake OCI_SUBNET_OCID=fake OCI_USER_FINGERPRINT=fake \
+  OCI_TENANCY_OCID=fake OCI_USER_OCID=fake OCI_USER_KEY_FILE=/tmp/oci_api_key.pem \
+  make validate-all