AUFN KIDDIN' ME?! #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # | |
| name: AUFN KIDDIN' ME?! | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| deployment_type: | |
| description: Type of deployment | |
| type: choice | |
| options: | |
| - Test | |
| - Deployment | |
| default: Test | |
| lab_vm_count: | |
| description: Total number of Lab VMs to deploy | |
| type: number | |
| required: true | |
| default: 1 | |
| bas_pwd: # When using in workflow use ::add-mask::$ to mask the password | |
| description: Password for bastion access | |
| type: string | |
| default: "" # NOTE: This needs to be set at runtime via secrets | |
| os_image: | |
| description: Host OS image | |
| type: choice | |
| options: | |
| - Ubuntu | |
| - Rocky9 | |
| default: 'Rocky9' | |
| aufn_branch: | |
| description: Which branch of AUFN to use #Need to use this to alter a-seed-from-nothing.sh | |
| type: string | |
| default: smslab/2023.1 | |
| au_from_seed: | |
| description: Run 'A Universe From Seed'? | |
| type: boolean | |
| default: false | |
| debug_mode: | |
| description: Keep 'Test' up to debug? | |
| type: boolean | |
| default: false | |
| taint_rebuild: | |
| description: Taint and rebuild failed Lab VMs? | |
| type: boolean | |
| default: false | |
| secrets: | |
| BASTION_TEST_PASSWORD: | |
| required: true | |
| CLOUDS_YAML: | |
| required: true | |
| OS_APPLICATION_CREDENTIAL_ID: | |
| required: true | |
| OS_APPLICATION_CREDENTIAL_SECRET: | |
| required: true | |
| jobs: | |
| deploy-aufn: | |
| name: Set up variables and deploy AUFN | |
| environment: ${{ inputs.deployment_type }} | |
| runs-on: arc-aufn-runner-sms | |
| steps: | |
| - name: Install Package | |
| uses: ConorMacBride/install-package@main | |
| with: | |
| apt: git unzip nodejs python3-pip python3-venv openssh-server openssh-client jq sshpass | |
| - name: Start the SSH service | |
| run: | | |
| sudo /etc/init.d/ssh start | |
| # - name: Check if 'Deployment' Lab is already deployed | |
| # uses: softwareforgood/check-artifact-v4-existence@v0 | |
| # with: | |
| # name: ${{ inputs.deployment_type }}-terraform-artifacts | |
| # | |
| # or use a ping command to check if the bastion is up | |
| # | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| - name: Initialise terraform | |
| run: terraform init | |
| - name: Generate clouds.yaml | |
| run: | | |
| cat << EOF > clouds.yaml | |
| ${{ secrets.CLOUDS_YAML }} | |
| EOF | |
| - name: Generate terraform.tfvars | |
| run: | | |
| cat << EOF > terraform.tfvars | |
| lab_count = ${{ inputs.lab_vm_count }} | |
| lab_net_ipv4 = "${{ vars.LAB_NETWORK }}" | |
| image_id = "${{ env.LAB_IMAGE_ID }}" | |
| image_name = "${{ env.LAB_IMAGE_NAME }}" | |
| lab_flavor = "aufn.v1.large" | |
| registry_flavor = "general.v1.medium" | |
| boot_labs_from_volume = true | |
| image_user = "${{ env.LAB_IMAGE_USER }}" | |
| allocate_floating_ips = false | |
| create_bastion = "${{ env.LAB_CREATE_BASTION }}" | |
| EOF | |
| # Conditionally append bastion_floating_ip | |
| if [ "${{ inputs.deployment_type }}" = "Deployment" ]; then | |
| echo 'bastion_floating_ip = "185.45.78.149"' >> terraform.tfvars | |
| fi | |
| if [ "${{ inputs.deployment_type }}" = "Test" ]; then | |
| echo 'reg_sec_grp = ["default","aufn-lab-rules"]' >> terraform.tfvars | |
| fi | |
| env: | |
| LAB_IMAGE_ID: ${{ inputs.os_image == 'Rocky9' && vars.LAB_OS_IMAGE_ROCKY || inputs.os_image == 'Ubuntu' && vars.LAB_OS_IMAGE_UBUNTU }} | |
| LAB_IMAGE_NAME: ${{ inputs.os_image == 'Ubuntu' && 'Ubuntu-22.04' || inputs.os_image }} | |
| LAB_IMAGE_USER: ${{ inputs.os_image == 'Ubuntu' && 'ubuntu' || inputs.os_image == 'Rocky9' && 'rocky' }} | |
| LAB_CREATE_BASTION: ${{ inputs.deployment_type == 'Deployment' && 'true' || 'false' }} | |
| - name: Terraform Plan | |
| run: terraform plan | |
| env: | |
| OS_CLOUD: ${{ vars.OS_CLOUD }} | |
| - name: Terraform Apply | |
| id: tf_apply | |
| run: | | |
| for attempt in $(seq 5); do | |
| if terraform apply -auto-approve; then | |
| echo "Created infrastructure on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Failed to create infrastructure on attempt $attempt" | |
| sleep 10 | |
| # Need to add a check to see which part failed and then | |
| # taint and retry once more before declating failure | |
| sleep 60 | |
| done | |
| echo "Failed to create infrastructure after $attempt attempts" | |
| exit 1 | |
| env: | |
| OS_CLOUD: ${{ vars.OS_CLOUD }} | |
| - name: Get Terraform outputs | |
| id: tf_outputs | |
| run: | | |
| terraform output -json | |
| - name: Write Terraform outputs | |
| run: | | |
| cat << EOF > tf-outputs.yml | |
| ${{ steps.tf_outputs.outputs.stdout }} | |
| EOF | |
| - name: Write out Lab VMs info | |
| run: | | |
| terraform output labs | sed '1d;$d' > ssh_list.txt | |
| - name: Echo Lab VMs info | |
| run: | | |
| echo "Lab VMs info:" | |
| cat ssh_list.txt | |
| - name: Write bastion ssh config file entry | |
| run: | | |
| printf "\nHost bastion\n User ${{ env.LAB_IMAGE_USER }}\n HostName 185.45.78.151\n IdentityFile ~/default.pem" >> ~/.ssh/config | |
| env: | |
| LAB_IMAGE_USER: ${{ inputs.os_image == 'Ubuntu' && 'ubuntu' || inputs.os_image == 'Rocky9' && 'rocky' }} | |
| if: ${{ inputs.deployment_type == 'Deployment' }} | |
| - name: Run tests on Lab VMs (Test) | |
| if: ${{ inputs.deployment_type == 'Test' }} | |
| uses: ./.github/actions/aufn-test | |
| with: | |
| au_from_seed: ${{ inputs.au_from_seed }} | |
| os_image: ${{ inputs.os_image }} | |
| taint_rebuild: ${{ inputs.taint_rebuild }} | |
| working_dir: ${{ github.workspace }} | |
| - name: Run tests on Lab VMs (Deployment) | |
| if: ${{ inputs.deployment_type == 'Deployment' }} | |
| uses: ./.github/actions/aufn-deployment | |
| with: | |
| bas_pwd: ${{ env.bas_pwd_var }} | |
| au_from_seed: ${{ inputs.au_from_seed }} | |
| os_image: ${{ inputs.os_image }} | |
| taint_rebuild: ${{ inputs.taint_rebuild }} | |
| working_dir: ${{ github.workspace }} | |
| env: | |
| bas_pwd_var: ${{ inputs.bas_pwd == '' && secrets.BASTION_TEST_PASSWORD || inputs.bas_pwd }} | |
| # - name: Upload Terraform outputs | |
| # if: ${{ inputs.deployment_type == 'Deployment' || inputs.debug_mode == true }} | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: ${{ inputs.deployment_type }}-terraform-artifacts | |
| - name: Pause for debugging (cancel workflow to clean up) | |
| if: always() && ${{ inputs.debug_mode == 'true' }} && ${{ inputs.deployment_type == 'Test' }} | |
| run: | | |
| echo "Pausing for 7d for debugging... cancel manually to proceed." | |
| if true; then sleep 7d; done | |
| - name: Destroy Failed or Test Lab VMs | |
| run: terraform destroy -auto-approve | |
| env: | |
| OS_CLOUD: ${{ vars.OS_CLOUD }} | |
| OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }} | |
| OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} | |
| if: always() #&& ${{ inputs.deployment_type }} == 'Test' |