1- name : Build nightly image
1+ name : Build fat image
22on :
33 workflow_dispatch :
44 inputs :
1010 - LEAFCLOUD
1111 - SMS
1212 - ARCUS
13- schedule :
14- - cron : ' 0 0 * * *' # Run at midnight
1513
1614jobs :
1715 openstack :
@@ -27,16 +25,16 @@ jobs:
2725 - RL8
2826 - RL9
2927 build :
30- - openstack.rocky-latest
31- - openstack.rocky-latest -cuda
28+ - openstack.openhpc
29+ - openstack.openhpc -cuda
3230 exclude :
3331 - os_version : RL8
34- build : openstack.rocky-latest -cuda
32+ build : openstack.openhpc -cuda
3533
3634 env :
3735 ANSIBLE_FORCE_COLOR : True
3836 OS_CLOUD : openstack
39- CI_CLOUD : ${{ github.event.inputs.ci_cloud || vars.CI_CLOUD }}
37+ CI_CLOUD : ${{ github.event.inputs.ci_cloud }}
4038 steps :
4139 - uses : actions/checkout@v2
4240
@@ -79,12 +77,18 @@ jobs:
7977 cd packer/
8078 packer init .
8179
80+ if [[ "${{ matrix.build }}" == *"cuda"* ]]; then
81+ SOURCE_IMAGE_NAME="rocky-latest-cuda"
82+ else
83+ SOURCE_IMAGE_NAME="rocky-latest"
84+ fi
85+
8286 PACKER_LOG=1 packer build \
8387 -on-error=${{ vars.PACKER_ON_ERROR }} \
8488 -only=${{ matrix.build }} \
8589 -var-file=$PKR_VAR_environment_root/${{ env.CI_CLOUD }}.pkrvars.hcl \
90+ -var "source_image_name={\"${{ matrix.os_version }}\":\"${SOURCE_IMAGE_NAME}-${{ matrix.os_version }}\"}" \
8691 openstack.pkr.hcl
87-
8892env :
8993 PKR_VAR_os_version : ${{ matrix.os_version }}
9094
@@ -105,8 +109,7 @@ jobs:
105109 . venv/bin/activate
106110 sudo mkdir /mnt/images
107111 sudo chmod 777 /mnt/images
108- openstack image unset --property signature_verified "${{ steps.manifest.outputs.image-id }}"
109- openstack image save --file /mnt/images/${{ steps.manifest.outputs.image-name }}.qcow2 ${{ steps.manifest.outputs.image-id }}
112+ openstack image save --file /mnt/images/${{ steps.manifest.outputs.image-name }}.qcow2 ${{ steps.manifest.outputs.image-name }}
110113
111114name : Set up QEMU
112115 uses : docker/setup-qemu-action@v3
@@ -131,8 +134,6 @@ jobs:
131134 format : sarif
132135 output : " ${{ steps.manifest.outputs.image-name }}.sarif"
133136 # turn off secret scanning to speed things up
134- env :
135- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
136137
137138 - name : Upload Trivy scan results to GitHub Security tab
138139 uses : github/codeql-action/upload-sarif@v3
@@ -150,108 +151,3 @@ jobs:
150151 exit-code : ' 1'
151152 severity : ' CRITICAL'
152153 ignore-unfixed : true
153- env :
154- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
155-
156- - name : Delete new image if Trivy scan fails
157- if : failure() && steps.packer_build.outcome == 'success' # Runs if the Trivy scan found crit vulnerabilities or failed
158- run : |
159- . venv/bin/activate
160- echo "Deleting new image due to critical vulnerabilities..."
161- openstack image delete "${{ steps.manifest.outputs.image-id }}"
162-
163- name : Delete old latest image
164- if : success() # Runs only if Trivy scan passed
165- run : |
166- . venv/bin/activate
167- IMAGE_COUNT=$(openstack image list --name ${{ steps.manifest.outputs.image-name }} -f value -c ID | wc -l)
168- if [ "$IMAGE_COUNT" -gt 1 ]; then
169- OLD_IMAGE_ID=$(openstack image list --sort created_at:asc --name "${{ steps.manifest.outputs.image-name }}" -f value -c ID | head -n 1)
170- echo "Deleting old image ID: $OLD_IMAGE_ID"
171- openstack image delete "$OLD_IMAGE_ID"
172- else
173- echo "Only one image exists, skipping deletion."
174- fi
175-
176- upload :
177- name : upload-nightly-targets
178- needs : openstack
179- concurrency :
180- group : ${{ github.workflow }}-${{ github.ref }}-${{ matrix.os_version }}-${{ matrix.image }}-${{ matrix.target_cloud }}
181- cancel-in-progress : true
182- runs-on : ubuntu-22.04
183- strategy :
184- fail-fast : false
185- matrix :
186- target_cloud :
187- - LEAFCLOUD
188- - SMS
189- - ARCUS
190- os_version :
191- - RL8
192- - RL9
193- image :
194- - rocky-latest
195- - rocky-latest-cuda
196- exclude :
197- - os_version : RL8
198- image : rocky-latest-cuda
199- - target_cloud : LEAFCLOUD
200- env :
201- OS_CLOUD : openstack
202- SOURCE_CLOUD : ${{ github.event.inputs.ci_cloud || vars.CI_CLOUD }}
203- TARGET_CLOUD : ${{ matrix.target_cloud }}
204- IMAGE_NAME : " ${{ matrix.image }}-${{ matrix.os_version }}"
205- steps :
206- - uses : actions/checkout@v2
207-
208- - name : Record settings for CI cloud
209- run : |
210- echo SOURCE_CLOUD: ${{ env.SOURCE_CLOUD }}
211- echo TARGET_CLOUD: ${{ env.TARGET_CLOUD }}
212-
213- name : Install openstackclient
214- run : |
215- python3 -m venv venv
216- . venv/bin/activate
217- pip install -U pip
218- pip install $(grep -o 'python-openstackclient[><=0-9\.]*' requirements.txt)
219- shell : bash
220-
221- - name : Write clouds.yaml
222- run : |
223- mkdir -p ~/.config/openstack/
224- echo "${{ secrets[format('{0}_CLOUDS_YAML', env.SOURCE_CLOUD)] }}" > ~/.config/openstack/source_clouds.yaml
225- echo "${{ secrets[format('{0}_CLOUDS_YAML', env.TARGET_CLOUD)] }}" > ~/.config/openstack/target_clouds.yaml
226- shell : bash
227-
228- - name : Download source image
229- run : |
230- . venv/bin/activate
231- export OS_CLIENT_CONFIG_FILE=~/.config/openstack/source_clouds.yaml
232- openstack image save --file ${{ env.IMAGE_NAME }} ${{ env.IMAGE_NAME }}
233- shell : bash
234-
235- - name : Upload to target cloud
236- run : |
237- . venv/bin/activate
238- export OS_CLIENT_CONFIG_FILE=~/.config/openstack/target_clouds.yaml
239-
240- openstack image create "${{ env.IMAGE_NAME }}" \
241- --file "${{ env.IMAGE_NAME }}" \
242- --disk-format qcow2 \
243- shell : bash
244-
245- - name : Delete old latest image from target cloud
246- run : |
247- . venv/bin/activate
248- export OS_CLIENT_CONFIG_FILE=~/.config/openstack/target_clouds.yaml
249-
250- IMAGE_COUNT=$(openstack image list --name ${{ env.IMAGE_NAME }} -f value -c ID | wc -l)
251- if [ "$IMAGE_COUNT" -gt 1 ]; then
252- OLD_IMAGE_ID=$(openstack image list --sort created_at:asc --name "${{ env.IMAGE_NAME }}" -f value -c ID | head -n 1)
253- openstack image delete "$OLD_IMAGE_ID"
254- else
255- echo "Only one image exists, skipping deletion."
256- fi
257- shell : bash
0 commit comments