nat64_appliance image workflow

Add a workflow to build the nat64_appliance on a weekely
schedule and create a uniq release and update the "latest"
tag.

Signed-off-by: Harald Jensås <hjensas@redhat.com>

Author: hjensas

.github/workflows/build-nat64-appliance.yml

@@ -0,0 +1,195 @@
+name: Build NAT64 Appliance Image
+
+on:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+    inputs:
+      release_tag:
+        description: 'Release tag (e.g., v1.0.0)'
+        required: true
+      ci_framework_repo:
+        description: 'ci-framework repository (for testing forks)'
+        required: false
+        default: 'https://github.com/openstack-k8s-operators/ci-framework.git'
+      ci_framework_ref:
+        description: 'ci-framework branch/tag/PR (e.g., main, my-branch, refs/pull/123/head)'
+        required: false
+        default: 'main'
+
+  # Run weekly on Mondays at 00:00 UTC
+  schedule:
+    - cron: '0 0 * * 1'
+
+jobs:
+  build-image:
+    runs-on: ubuntu-22.04
+
+    # Permission needed to create a release and upload assets
+    permissions:
+      contents: write
+
+    env:
+      WORK_DIR: ${{ github.workspace }}/ci-framework-data
+
+    steps:
+      - name: 1. Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: 2. Clone ci-framework Repository
+        run: |
+          CI_REPO="${{ inputs.ci_framework_repo || 'https://github.com/openstack-k8s-operators/ci-framework.git' }}"
+          CI_REF="${{ inputs.ci_framework_ref || 'main' }}"
+          
+          echo "Cloning ci-framework..."
+          echo "  Repository: $CI_REPO"
+          echo "  Reference: $CI_REF"
+          
+          # Check if this is a special ref (like refs/pull/123/head)
+          if [[ "$CI_REF" == refs/* ]]; then
+            echo "Detected special ref, using fetch method..."
+            git clone "$CI_REPO" ${{ github.workspace }}/ci-framework
+            cd ${{ github.workspace }}/ci-framework
+            git fetch origin "$CI_REF"
+            git checkout FETCH_HEAD
+          else
+            echo "Detected branch/tag, using direct clone with shallow history..."
+            git clone --depth 1 --branch "$CI_REF" "$CI_REPO" \
+              ${{ github.workspace }}/ci-framework
+          fi
+          
+          echo "ci-framework cloned successfully"
+          cd ${{ github.workspace }}/ci-framework
+          echo "Current commit: $(git rev-parse HEAD)"
+          echo "Current branch/ref: $(git describe --all)"
+
+      - name: 3. Setup ci-framework Molecule Environment
+        run: |
+          echo "Setting up ci-framework environment with make setup_molecule..."
+          echo "This will create a Python venv at ~/test-python and install all dependencies"
+          
+          cd ${{ github.workspace }}/ci-framework
+          
+          # The setup_molecule target installs everything we need:
+          # - Creates venv at ~/test-python
+          # - Installs system dependencies via bindep
+          # - Installs ansible-core, diskimage-builder, and all collections
+          # - Builds and installs cifmw.general collection properly
+          make setup_molecule
+          
+          echo "Environment setup complete"
+          echo "Installed Ansible version:"
+          ~/test-python/bin/ansible --version
+
+      - name: 4. Create Ansible Playbook for Building NAT64 Image
+        run: |
+          cat > ${{ github.workspace }}/build-nat64.yml << 'EOF'
+          ---
+          - name: Build nat64-appliance image
+            hosts: localhost
+            connection: local
+            gather_facts: true
+            vars:
+              cifmw_basedir: "${{ env.WORK_DIR }}"
+              cifmw_nat64_appliance_run_dib_as_root: false
+            roles:
+              - nat64_appliance
+          EOF
+
+          echo "Ansible playbook created"
+          cat ${{ github.workspace }}/build-nat64.yml
+
+      - name: 5. Run Ansible Playbook to Build Image
+        run: |
+          echo "Building NAT64 appliance image using Ansible..."
+          echo "Using ci-framework role defaults for DIB configuration"
+          
+          cd ${{ github.workspace }}/ci-framework
+          
+          # Activate the venv created by setup_molecule and run the playbook
+          # The venv has ansible-core, cifmw.general collection, and all dependencies
+          source ~/test-python/bin/activate
+          
+          ANSIBLE_ROLES_PATH=${{ github.workspace }}/ci-framework/roles \
+            ansible-playbook -v \
+              ${{ github.workspace }}/build-nat64.yml
+          
+          echo "Image build completed successfully"
+
+      - name: 6. Verify Built Image
+        run: |
+          IMAGE_PATH="${{ env.WORK_DIR }}/nat64_appliance/nat64-appliance.qcow2"
+
+          if [ -f "$IMAGE_PATH" ]; then
+            echo "Built image details:"
+            ls -lh "$IMAGE_PATH"
+            qemu-img info "$IMAGE_PATH"
+          else
+            echo "ERROR: Image file not found at $IMAGE_PATH"
+            echo "Checking work directory contents:"
+            ls -laR "${{ env.WORK_DIR }}"
+            exit 1
+          fi
+
+      - name: 7. Create Unique Release Tag and Rename Image
+        id: release_tag
+        run: |
+          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
+            # Manual run: use provided tag
+            RELEASE_TAG="${{ inputs.release_tag }}"
+          else
+            # Scheduled run: generate timestamp-based tag
+            RELEASE_TAG="build-$(date +%Y%m%d-%H%M%S)"
+          fi
+
+          echo "release_tag=$RELEASE_TAG" >> $GITHUB_OUTPUT
+          echo "Release tag: $RELEASE_TAG"
+
+          # Rename image to include the release tag
+          TAGGED_IMAGE="nat64-appliance-${RELEASE_TAG}.qcow2"
+          mv ${{ env.WORK_DIR }}/nat64_appliance/nat64-appliance.qcow2 \
+             ${{ github.workspace }}/${TAGGED_IMAGE}
+
+          echo "tagged_image=$TAGGED_IMAGE" >> $GITHUB_OUTPUT
+          echo "Image renamed to: $TAGGED_IMAGE"
+          ls -lh ${{ github.workspace }}/${TAGGED_IMAGE}
+
+      - name: 8. Create Versioned GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ steps.release_tag.outputs.release_tag }}
+          name: "NAT64 Appliance ${{ steps.release_tag.outputs.release_tag }}"
+          body: |
+            NAT64 Appliance image built by GitHub Actions.
+
+            ## Build Configuration
+
+            - **ci-framework repository**: `${{ inputs.ci_framework_repo || 'https://github.com/openstack-k8s-operators/ci-framework.git' }}`
+            - **ci-framework reference**: `${{ inputs.ci_framework_ref || 'main' }}`
+            - **Build type**: ${{ github.event_name == 'schedule' && 'Scheduled (weekly)' || 'Manual dispatch' }}
+
+            DIB configuration uses defaults from the ci-framework nat64_appliance role.
+
+            ## Usage
+
+            For usage instructions and deployment examples, see the
+            [nat64_appliance README](https://github.com/openstack-k8s-operators/ci-framework/blob/main/roles/nat64_appliance/README.md).
+          files: ${{ steps.release_tag.outputs.tagged_image }}
+
+      - name: 9. Update 'latest' Release Tag
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: latest
+          name: "NAT64 Appliance (Latest)"
+          prerelease: true
+          body: |
+            This is the latest NAT64 Appliance build. This release is automatically updated.
+
+            **Latest Build**: ${{ steps.release_tag.outputs.release_tag }}
+
+            For a specific version or to pin your CI to a known-good build, use one of the versioned releases.
+
+            ## Usage
+
+            For usage instructions and deployment examples, see the
+            [nat64_appliance README](https://github.com/openstack-k8s-operators/ci-framework/blob/main/roles/nat64_appliance/README.md).
+          files: ${{ steps.release_tag.outputs.tagged_image }}