diff --git a/.github/workflows/create-amis.yml b/.github/workflows/create-amis.yml index d6c33255..8837b5cd 100644 --- a/.github/workflows/create-amis.yml +++ b/.github/workflows/create-amis.yml @@ -14,10 +14,7 @@ on: build_nr: required: true type: number - -permissions: - id-token: write - contents: read + description: hydra.nixos.org image build number env: AWS_REGION: "eu-west-1" @@ -43,11 +40,14 @@ jobs: - working-directory: amis id: get-store-path run: | - echo ${{steps.get-build.outputs.build_json}} \ + echo '${{steps.get-build.outputs.build_json}}' \ | nix develop --command jq '.buildoutputs|.out|"store_path=\(.path)"' -r > "$GITHUB_OUTPUT" - run: nix-store -r ${{steps.get-store-path.outputs.store_path}} - run: nix develop --command jq -f regions.jq regions.json > copy.tf.json working-directory: amis + - run: | + nix develop --command terraform init + working-directory: amis - run: | nix develop --command \ terraform workspace select -or-create \ @@ -56,3 +56,4 @@ jobs: - run: | nix develop --command \ terraform plan -var image_store_path=${{steps.get-store-path.outputs.store_path}} + working-directory: amis diff --git a/.github/workflows/release-amis.yml b/.github/workflows/release-amis.yml new file mode 100644 index 00000000..5a90d3a2 --- /dev/null +++ b/.github/workflows/release-amis.yml @@ -0,0 +1,25 @@ +name: Push current NixOS release AMIs + +on: + workflow_dispatch: + # TODO: just for testing, switch to workflow_dispatch only + push: + branches: ["terraform-create-amis"] + +permissions: + id-token: write + contents: read + +jobs: + x86_64-amis: + uses: ./.github/workflows/create-amis.yml + with: + build_nr: 222822268 + architecture: x86_64 + release: "23.05" + aarch64-amis: + uses: ./.github/workflows/create-amis.yml + with: + build_nr: 222822272 + architecture: aarch64 + release: "23.05" diff --git a/.gitignore b/.gitignore index 44ba2f80..fee603ed 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,6 @@ # Terraform .terraform* -!.terraform.lock.hcl *tfstate *tfstate.backup *.aarch64.*.tfvars diff --git a/amis/.terraform.lock.hcl b/amis/.terraform.lock.hcl deleted file mode 100644 index 40ae7df3..00000000 --- a/amis/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.0.1" - hashes = [ - "h1:Jz41xV1uwYaT5TQGW05seb2vHrwMtRJh19K7MArqoYc=", - "zh:006daf4060087b5f0c13562beed33f524a6f9e04ebd72a782bfe60502076368f", - "zh:0f49636550aadd373c7e5c710600901c2f153ddd71b6c50482e1afdbb3f8d95d", - "zh:1999d2fad0a7a884aab0d191507cf895df0ea7201369a2ef37529f4253ce1065", - "zh:1b51774866cddca5a2da5a09a316e9ca078fc821f47611a184245ca892e9335d", - "zh:2875579acceba1403563c4281c76a3a9b53b970ed6494e5370e27efb6430bb50", - "zh:349eb9ab7c026b72154ce55c7bf9a69ebb3c3a4745ecfdb0c593400762ed1b0c", - "zh:38f96c14db5b3beb80748010c0a97dd097a303b24c8478a1286ce1f48a1a0375", - "zh:3d212e6e4fc54584e47faeccf501e5a68266c7fe9e36d89ad787c2e1f0e86197", - "zh:3ea61ab960ef34ff66457319b9083c8645a9f801f7b5578e7e3f616e26945f90", - "zh:584db6d88a07cac639f746104ccd5ed5c517ed99f892a143dad3bb64023098fc", - "zh:653def88ffa17b628459f942e743d30ab9fc2194af464d88258a784d9282f9f9", - "zh:9737008fea7ffbf5782fceb0108a283e91992c47bfcb93ec55ef43deaa7e509d", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:ce3ba0cabc1704c584cc46bf1432b14ba1d34b1a30e03a5694b5940cf1673ab8", - "zh:de3e6d4e1defc6032359fc229000a1458d777adb07974293f194dde069adcc04", - ] -} diff --git a/amis/Makefile b/amis/Makefile index ab4a60d6..e298da88 100644 --- a/amis/Makefile +++ b/amis/Makefile @@ -2,11 +2,12 @@ arch=x86_64 version=23.05 +build-nr= tfvarsFile=$(version).$(arch).current.tfvars $(tfvarsFile) .current-workspace: - ./pull-latest $(version) $(arch) + ./pull-latest $(version) $(arch) $(build-nr) copy.tf.json: regions.jq regions.json @jq -f regions.jq regions.json > copy.tf.json diff --git a/amis/pull-latest b/amis/pull-latest index 350778a1..d0247c44 100755 --- a/amis/pull-latest +++ b/amis/pull-latest @@ -1,14 +1,22 @@ #! /usr/bin/env bash # -version="$1" -arch="$2" hydraJob="nixos.amazonImage" baseUrl="https://hydra.nixos.org/job/nixos" -build=$(curl -sL \ - -H 'Content-type: application/json' \ - "${baseUrl}/release-${version}-small/${hydraJob}.${arch}-linux/latest") +version="$1" +arch="$2" +buildNr="$3" + +if [[ -z "$buildNr" ]] +then + buildUrl="${baseUrl}/release-${version}-small/${hydraJob}.${arch}-linux/latest" +else + buildUrl="${baseUrl}/build/${buildNr}" +fi + + +build=$(curl -sL -H 'Content-type: application/json' "$buildUrl") storePath=$(echo "$build" | jq '.buildoutputs|.out|.path' -r) buildId=$(echo "$build" | jq .id -r)