Compare commits
No commits in common. "544f98a8fb143181e0100a3b112440d94e97e292" and "88e37bb706bf532c8aaea7f95f05c638274a3e1c" have entirely different histories.
544f98a8fb
...
88e37bb706
.drone.yml
.gitea/workflows
ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks
packer
226
.drone.yml
Normal file
226
.drone.yml
Normal file
@ -0,0 +1,226 @@
|
|||||||
|
kind: pipeline
|
||||||
|
type: kubernetes
|
||||||
|
name: 'Packer Build'
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: output
|
||||||
|
claim:
|
||||||
|
name: flexvolsmb-drone-output
|
||||||
|
- name: scratch
|
||||||
|
claim:
|
||||||
|
name: flexvolsmb-drone-scratch
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
event:
|
||||||
|
exclude:
|
||||||
|
- tag
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Debugging information
|
||||||
|
image: bv11-cr01.bessems.eu/library/packer-extended
|
||||||
|
pull: always
|
||||||
|
commands:
|
||||||
|
- ansible --version
|
||||||
|
- ovftool --version
|
||||||
|
- packer --version
|
||||||
|
- yamllint --version
|
||||||
|
|
||||||
|
- name: Linting
|
||||||
|
image: bv11-cr01.bessems.eu/library/packer-extended
|
||||||
|
pull: always
|
||||||
|
commands:
|
||||||
|
- |
|
||||||
|
yamllint -d "{extends: relaxed, rules: {line-length: disable}}" \
|
||||||
|
ansible \
|
||||||
|
packer/preseed/UbuntuServer22.04/user-data \
|
||||||
|
scripts
|
||||||
|
|
||||||
|
- name: Semantic Release (Dry-run)
|
||||||
|
image: bv11-cr01.bessems.eu/proxy/library/node:20-slim
|
||||||
|
pull: always
|
||||||
|
commands:
|
||||||
|
- |
|
||||||
|
apt-get update
|
||||||
|
- |
|
||||||
|
apt-get install -y --no-install-recommends \
|
||||||
|
curl \
|
||||||
|
git-core \
|
||||||
|
jq \
|
||||||
|
ca-certificates
|
||||||
|
- |
|
||||||
|
curl -L https://api.github.com/repos/mikefarah/yq/releases/latest | \
|
||||||
|
jq -r '.assets[] | select(.name | endswith("yq_linux_amd64")) | .browser_download_url' | \
|
||||||
|
xargs -I {} curl -L -o /bin/yq {} && \
|
||||||
|
chmod +x /bin/yq
|
||||||
|
- |
|
||||||
|
npm install \
|
||||||
|
semantic-release \
|
||||||
|
@semantic-release/commit-analyzer \
|
||||||
|
@semantic-release/exec \
|
||||||
|
- |
|
||||||
|
export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
|
||||||
|
export GIT_CREDENTIALS=$${GIT_USERNAME}:$${GIT_APIKEY}
|
||||||
|
- |
|
||||||
|
npx semantic-release \
|
||||||
|
--package @semantic-release/exec \
|
||||||
|
--package semantic-release \
|
||||||
|
--branches ${DRONE_BRANCH} \
|
||||||
|
--tag-format "K8s_$${K8S_VERSION}-v\$${version}" \
|
||||||
|
--dry-run \
|
||||||
|
--plugins @semantic-release/commit-analyzer,@semantic-release/exec \
|
||||||
|
--analyzeCommits @semantic-release/commit-analyzer \
|
||||||
|
--verifyRelease @semantic-release/exec \
|
||||||
|
--verifyReleaseCmd 'echo "$${nextRelease.version}" > .version'
|
||||||
|
environment:
|
||||||
|
GIT_APIKEY:
|
||||||
|
from_secret: git_apikey
|
||||||
|
GIT_USERNAME: djpbessems
|
||||||
|
|
||||||
|
- name: Install Ansible Galaxy collections
|
||||||
|
image: bv11-cr01.bessems.eu/library/packer-extended
|
||||||
|
pull: always
|
||||||
|
commands:
|
||||||
|
- |
|
||||||
|
ansible-galaxy collection install \
|
||||||
|
-r ansible/requirements.yml \
|
||||||
|
-p ./ansible/collections
|
||||||
|
|
||||||
|
- name: Kubernetes Bootstrap Appliance
|
||||||
|
image: bv11-cr01.bessems.eu/library/packer-extended
|
||||||
|
pull: always
|
||||||
|
commands:
|
||||||
|
- |
|
||||||
|
sed -i -e "s/<<img-password>>/$${SSH_PASSWORD}/g" \
|
||||||
|
packer/preseed/UbuntuServer22.04/user-data
|
||||||
|
- |
|
||||||
|
export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
|
||||||
|
export APPLIANCE_VERSION=$(cat .version)
|
||||||
|
- |
|
||||||
|
packer init -upgrade \
|
||||||
|
./packer
|
||||||
|
- |
|
||||||
|
packer validate \
|
||||||
|
-only=vsphere-iso.bootstrap \
|
||||||
|
-var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
|
||||||
|
-var docker_username=$${DOCKER_USERNAME} \
|
||||||
|
-var docker_password=$${DOCKER_PASSWORD} \
|
||||||
|
-var repo_username=$${REPO_USERNAME} \
|
||||||
|
-var repo_password=$${REPO_PASSWORD} \
|
||||||
|
-var ssh_password=$${SSH_PASSWORD} \
|
||||||
|
-var vsphere_password=$${VSPHERE_PASSWORD} \
|
||||||
|
-var k8s_version=$K8S_VERSION \
|
||||||
|
-var appliance_version=$APPLIANCE_VERSION \
|
||||||
|
./packer
|
||||||
|
- |
|
||||||
|
packer build \
|
||||||
|
-on-error=cleanup -timestamp-ui \
|
||||||
|
-only=vsphere-iso.bootstrap \
|
||||||
|
-var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
|
||||||
|
-var docker_username=$${DOCKER_USERNAME} \
|
||||||
|
-var docker_password=$${DOCKER_PASSWORD} \
|
||||||
|
-var repo_username=$${REPO_USERNAME} \
|
||||||
|
-var repo_password=$${REPO_PASSWORD} \
|
||||||
|
-var ssh_password=$${SSH_PASSWORD} \
|
||||||
|
-var vsphere_password=$${VSPHERE_PASSWORD} \
|
||||||
|
-var k8s_version=$K8S_VERSION \
|
||||||
|
-var appliance_version=$APPLIANCE_VERSION \
|
||||||
|
./packer
|
||||||
|
environment:
|
||||||
|
DOCKER_USERNAME:
|
||||||
|
from_secret: docker_username
|
||||||
|
DOCKER_PASSWORD:
|
||||||
|
from_secret: docker_password
|
||||||
|
# PACKER_LOG: 1
|
||||||
|
REPO_USERNAME:
|
||||||
|
from_secret: repo_username
|
||||||
|
REPO_PASSWORD:
|
||||||
|
from_secret: repo_password
|
||||||
|
SSH_PASSWORD:
|
||||||
|
from_secret: ssh_password
|
||||||
|
VSPHERE_PASSWORD:
|
||||||
|
from_secret: vsphere_password
|
||||||
|
volumes:
|
||||||
|
- name: output
|
||||||
|
path: /output
|
||||||
|
- name: scratch
|
||||||
|
path: /scratch
|
||||||
|
|
||||||
|
- name: Kubernetes Upgrade Appliance
|
||||||
|
image: bv11-cr01.bessems.eu/library/packer-extended
|
||||||
|
pull: alwaysquery(
|
||||||
|
commands:
|
||||||
|
- |
|
||||||
|
sed -i -e "s/<<img-password>>/$${SSH_PASSWORD}/g" \
|
||||||
|
packer/preseed/UbuntuServer22.04/user-data
|
||||||
|
- |
|
||||||
|
export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
|
||||||
|
export APPLIANCE_VERSION=$(cat .version)
|
||||||
|
- |
|
||||||
|
packer init -upgrade \
|
||||||
|
./packer
|
||||||
|
- |
|
||||||
|
packer validate \
|
||||||
|
-only=vsphere-iso.upgrade \
|
||||||
|
-var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
|
||||||
|
-var docker_username=$${DOCKER_USERNAME} \
|
||||||
|
-var docker_password=$${DOCKER_PASSWORD} \
|
||||||
|
-var repo_username=$${REPO_USERNAME} \
|
||||||
|
-var repo_password=$${REPO_PASSWORD} \
|
||||||
|
-var ssh_password=$${SSH_PASSWORD} \
|
||||||
|
-var vsphere_password=$${VSPHERE_PASSWORD} \
|
||||||
|
-var k8s_version=$K8S_VERSION \
|
||||||
|
-var appliance_version=$APPLIANCE_VERSION \
|
||||||
|
./packer
|
||||||
|
- |
|
||||||
|
packer build \
|
||||||
|
-on-error=cleanup -timestamp-ui \
|
||||||
|
-only=vsphere-iso.upgrade \
|
||||||
|
-var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
|
||||||
|
-var docker_username=$${DOCKER_USERNAME} \
|
||||||
|
-var docker_password=$${DOCKER_PASSWORD} \
|
||||||
|
-var repo_username=$${REPO_USERNAME} \
|
||||||
|
-var repo_password=$${REPO_PASSWORD} \
|
||||||
|
-var ssh_password=$${SSH_PASSWORD} \
|
||||||
|
-var vsphere_password=$${VSPHERE_PASSWORD} \
|
||||||
|
-var k8s_version=$K8S_VERSION \
|
||||||
|
-var appliance_version=$APPLIANCE_VERSION \
|
||||||
|
./packer
|
||||||
|
environment:
|
||||||
|
DOCKER_USERNAME:
|
||||||
|
from_secret: docker_username
|
||||||
|
DOCKER_PASSWORD:
|
||||||
|
from_secret: docker_password
|
||||||
|
# PACKER_LOG: 1
|
||||||
|
REPO_USERNAME:
|
||||||
|
from_secret: repo_username
|
||||||
|
REPO_PASSWORD:
|
||||||
|
from_secret: repo_password
|
||||||
|
SSH_PASSWORD:
|
||||||
|
from_secret: ssh_password
|
||||||
|
VSPHERE_PASSWORD:
|
||||||
|
from_secret: vsphere_password
|
||||||
|
volumes:
|
||||||
|
- name: output
|
||||||
|
path: /output
|
||||||
|
- name: scratch
|
||||||
|
path: /scratch
|
||||||
|
|
||||||
|
- name: Remove temporary resources
|
||||||
|
image: bv11-cr01.bessems.eu/library/packer-extended
|
||||||
|
commands:
|
||||||
|
- |
|
||||||
|
pwsh -file scripts/Remove-Resources.ps1 \
|
||||||
|
-VMName $DRONE_BUILD_NUMBER-${DRONE_COMMIT_SHA:0:10} \
|
||||||
|
-VSphereFQDN 'bv11-vc.bessems.lan' \
|
||||||
|
-VSphereUsername 'administrator@vsphere.local' \
|
||||||
|
-VSpherePassword $${VSPHERE_PASSWORD}
|
||||||
|
environment:
|
||||||
|
VSPHERE_PASSWORD:
|
||||||
|
from_secret: vsphere_password
|
||||||
|
volumes:
|
||||||
|
- name: scratch
|
||||||
|
path: /scratch
|
||||||
|
when:
|
||||||
|
status:
|
||||||
|
- success
|
||||||
|
- failure
|
||||||
@ -83,9 +83,12 @@ jobs:
|
|||||||
|
|
||||||
echo "BUILD_COMMIT=$(echo ${{ gitea.sha }} | cut -c 1-10)" >> $GITHUB_ENV
|
echo "BUILD_COMMIT=$(echo ${{ gitea.sha }} | cut -c 1-10)" >> $GITHUB_ENV
|
||||||
echo "BUILD_SUFFIX=$(openssl rand -hex 3)" >> $GITHUB_ENV
|
echo "BUILD_SUFFIX=$(openssl rand -hex 3)" >> $GITHUB_ENV
|
||||||
- name: Validate packer template files
|
- name: Run `packer validate`
|
||||||
id: validate
|
id: validate
|
||||||
run: |
|
run: |
|
||||||
|
# BUILD_COMMIT=$(echo "${{ gitea.sha }}" | cut -c 1-10)
|
||||||
|
# BUILD_SUFFIX=$(openssl rand -hex 3)
|
||||||
|
|
||||||
packer validate \
|
packer validate \
|
||||||
-only=vsphere-iso.bootstrap \
|
-only=vsphere-iso.bootstrap \
|
||||||
-var vm_name=${{ gitea.run_number }}-${BUILD_COMMIT}-${BUILD_SUFFIX} \
|
-var vm_name=${{ gitea.run_number }}-${BUILD_COMMIT}-${BUILD_SUFFIX} \
|
||||||
@ -98,10 +101,12 @@ jobs:
|
|||||||
-var k8s_version=${{ steps.get_k8sversion.outputs.result }} \
|
-var k8s_version=${{ steps.get_k8sversion.outputs.result }} \
|
||||||
-var appliance_version=${{ needs.semrel_dryrun.outputs.version }} \
|
-var appliance_version=${{ needs.semrel_dryrun.outputs.version }} \
|
||||||
./packer
|
./packer
|
||||||
- name: Build packer template
|
- name: Run `packer build`
|
||||||
run: |
|
run: |
|
||||||
|
# BUILD_COMMIT=$(echo "${{ gitea.sha }}" | cut -c 1-10)
|
||||||
|
# BUILD_SUFFIX=$(openssl rand -hex 3)
|
||||||
|
|
||||||
packer build \
|
packer build \
|
||||||
-on-error=cleanup -timestamp-ui \
|
|
||||||
-only=vsphere-iso.bootstrap \
|
-only=vsphere-iso.bootstrap \
|
||||||
-var vm_name=${{ gitea.run_number }}-${BUILD_COMMIT}-${BUILD_SUFFIX} \
|
-var vm_name=${{ gitea.run_number }}-${BUILD_COMMIT}-${BUILD_SUFFIX} \
|
||||||
-var docker_username=${{ secrets.DOCKER_USERNAME }} \
|
-var docker_username=${{ secrets.DOCKER_USERNAME }} \
|
||||||
@ -116,6 +121,7 @@ jobs:
|
|||||||
# env:
|
# env:
|
||||||
# PACKER_LOG: 1
|
# PACKER_LOG: 1
|
||||||
|
|
||||||
|
|
||||||
# semrel:
|
# semrel:
|
||||||
# name: Semantic Release
|
# name: Semantic Release
|
||||||
# runs-on: dind-rootless
|
# runs-on: dind-rootless
|
||||||
|
|||||||
@ -6,11 +6,7 @@
|
|||||||
initContainers:
|
initContainers:
|
||||||
- name: volume-permissions
|
- name: volume-permissions
|
||||||
image: busybox:1
|
image: busybox:1
|
||||||
command: ["sh", "-c", "touch /data/acme.json; chown 65532 /data/acme.json; chmod -v 600 /data/acme.json"]
|
command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
|
||||||
securityContext:
|
|
||||||
runAsNonRoot: false
|
|
||||||
runAsGroup: 0
|
|
||||||
runAsUser: 0
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: data
|
- name: data
|
||||||
mountPath: /data
|
mountPath: /data
|
||||||
|
|||||||
@ -58,6 +58,4 @@ source "vsphere-iso" "ubuntu" {
|
|||||||
export {
|
export {
|
||||||
output_directory = "/data/scratch"
|
output_directory = "/data/scratch"
|
||||||
}
|
}
|
||||||
|
|
||||||
destroy = true
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user