Skip to content

marketplace_image

marketplace_image #349

#
# Copyright (c) Microsoft Corporation
# Licensed under the MIT License.
#
name : marketplace_image
# Allow only a single instance of this workflow to run at a time
concurrency: ${{ github.workflow }}
on:
pull_request:
types: [ closed ]
branches:
- main
paths:
- 'packer/**'
workflow_dispatch:
inputs:
publish:
description: 'Publish images on the marketplace'
required: false
default: 'false' # use it with ${{ github.event.inputs.publish }}
env:
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
AZHOP_STATE_CONTAINER: environments
AZHOP_STATE_ACCOUNT: azhopstates
RESOURCE_GROUP: azhop_build_images
defaults:
run:
shell: bash
jobs:
set_image_list:
name: set_image_list
runs-on: ubuntu-latest
permissions:
contents: read
container:
image: azhop.azurecr.io/hpcrover:latest
credentials:
username: ${{ env.ARM_CLIENT_ID }}
password: ${{ env.ARM_CLIENT_SECRET }}
options: --user 0
steps:
- uses: actions/checkout@v4
- name: Login azure
run: |
source /miniconda/bin/activate
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
- name: list all images to be built
id: set-image-matrix
run: |
source /miniconda/bin/activate
RESOURCE_GROUP=${{ env.RESOURCE_GROUP }}
rg_exists=$(az group exists -n $RESOURCE_GROUP)
if [ "$rg_exists" = "true" ]; then
./azhop_state.sh download ${{ env.AZHOP_STATE_ACCOUNT }} ${{ env.AZHOP_STATE_CONTAINER }} $RESOURCE_GROUP
else
echo "Resource group $RESOURCE_GROUP does not exist"
exit 1
fi
# Build the list of images from the config file
images=$(yq eval ".images[].name" config.yml | jq -cRn '[inputs]')
echo "matrix=$images" >> $GITHUB_OUTPUT
# save the list into the outputs
outputs:
matrix: ${{ steps.set-image-matrix.outputs.matrix }}
build_image:
name: build_image
runs-on: self-hosted
permissions:
contents: read
continue-on-error: true
needs: [set_image_list]
strategy:
fail-fast: false
matrix:
images: ${{ fromJson(needs.set_image_list.outputs.matrix) }}
container:
image: azhop.azurecr.io/hpcrover:latest
credentials:
username: ${{ env.ARM_CLIENT_ID }}
password: ${{ env.ARM_CLIENT_SECRET }}
options: --user 0
steps:
- uses: actions/checkout@v4
- name: Login azure
run: |
source /miniconda/bin/activate
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
- name: Build Images
run: |
source /miniconda/bin/activate
RESOURCE_GROUP=${{ env.RESOURCE_GROUP }}
./azhop_state.sh download ${{ env.AZHOP_STATE_ACCOUNT }} ${{ env.AZHOP_STATE_CONTAINER }} $RESOURCE_GROUP
cd packer
./build_image.sh -i ${{matrix.images}}.json -k
copy_disk:
name: copy_disk
runs-on: ubuntu-latest
permissions:
contents: read
continue-on-error: true
if: inputs.publish == 'true'
needs: [set_image_list, build_image]
strategy:
fail-fast: false
matrix:
images: ${{ fromJson(needs.set_image_list.outputs.matrix) }}
container:
image: azhop.azurecr.io/hpcrover:latest
credentials:
username: ${{ env.ARM_CLIENT_ID }}
password: ${{ env.ARM_CLIENT_SECRET }}
options: --user 0
steps:
- uses: actions/checkout@v4
- name: Login azure
run: |
source /miniconda/bin/activate
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
- name: Copy Disk
run: |
source /miniconda/bin/activate
set -e
RESOURCE_GROUP=${{ env.RESOURCE_GROUP }}
ANSIBLE_VARIABLES=./playbooks/group_vars/all.yml
CONFIG_FILE=config.yml
image_name=${{matrix.images}}
./azhop_state.sh download ${{ env.AZHOP_STATE_ACCOUNT }} ${{ env.AZHOP_STATE_CONTAINER }} $RESOURCE_GROUP
key_vault_name=$(yq eval ".key_vault" $ANSIBLE_VARIABLES)
echo "key_vault_name=$key_vault_name"
eval_str=".images[] | select(.name == "\"$image_name"\") | .offer"
offer=$(yq eval "$eval_str" $CONFIG_FILE)
eval_str=".images[] | select(.name == "\"$image_name"\") | .publisher"
publisher=$(yq eval "$eval_str" $CONFIG_FILE)
eval_str=".images[] | select(.name == "\"$image_name"\") | .sku"
sku=$(yq eval "$eval_str" $CONFIG_FILE)
echo "offer=$offer"
echo "publisher=$publisher"
echo "sku=$sku"
cd ./marketplace
./copyosdisk.sh ${offer}-${sku} $RESOURCE_GROUP
put_offer:
name: put_offer
runs-on: ubuntu-latest
permissions:
contents: read
continue-on-error: true
if: inputs.publish == 'true'
needs: [set_image_list, copy_disk]
strategy:
max-parallel: 1
fail-fast: false
matrix:
images: ${{ fromJson(needs.set_image_list.outputs.matrix) }}
container:
image: azhop.azurecr.io/hpcrover:latest
credentials:
username: ${{ env.ARM_CLIENT_ID }}
password: ${{ env.ARM_CLIENT_SECRET }}
options: --user 0
steps:
- uses: actions/checkout@v4
- name: Login azure
run: |
source /miniconda/bin/activate
az login --service-principal -u '${{ env.ARM_CLIENT_ID }}' -p '${{ env.ARM_CLIENT_SECRET }}' --tenant '${{ env.ARM_TENANT_ID }}'
az account set -s ${{ env.ARM_SUBSCRIPTION_ID }}
- name: Push Offer Update
run: |
source /miniconda/bin/activate
set -e
RESOURCE_GROUP=${{ env.RESOURCE_GROUP }}
ANSIBLE_VARIABLES=./playbooks/group_vars/all.yml
CONFIG_FILE=config.yml
image_name=${{matrix.images}}
./azhop_state.sh download ${{ env.AZHOP_STATE_ACCOUNT }} ${{ env.AZHOP_STATE_CONTAINER }} $RESOURCE_GROUP
key_vault_name=$(yq eval ".key_vault" $ANSIBLE_VARIABLES)
echo "key_vault_name=$key_vault_name"
eval_str=".images[] | select(.name == "\"$image_name"\") | .offer"
offer=$(yq eval "$eval_str" $CONFIG_FILE)
eval_str=".images[] | select(.name == "\"$image_name"\") | .publisher"
publisher=$(yq eval "$eval_str" $CONFIG_FILE)
eval_str=".images[] | select(.name == "\"$image_name"\") | .sku"
sku=$(yq eval "$eval_str" $CONFIG_FILE)
echo "offer=$offer"
echo "publisher=$publisher"
echo "sku=$sku"
cd ./marketplace
. auth.sh $key_vault_name
echo "authenticate_legacy"
authenticate_legacy
echo "get_offer_by_id"
get_offer_by_id $publisher $offer > $image_name.json
ls -alt
cat $image_name.json
echo "build_offer_file"
rm -f $image_name-final.json
./build_offer_file.sh $offer $sku
if [ -e $image_name-final.json ]; then
echo "New version added, push the new offer"
put_offer $publisher $offer $image_name-final.json
get_offer_by_id $publisher $offer
fi