actions/runner-images-sangeeth
1
0
Fork 0
mirror of https://github.com/actions/runner-images-sangeeth.git synced 2025-12-26 03:17:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
869adbbd1cecedccc2f9fa28f66aa7a2d03dc5d8
runner-images-sangeeth/.github/workflows/macos-generation.yml
ilia-shipitsin 869adbbd1c hide builds using dedicated runners from forks (#7377)
2023-04-05 14:02:45 +02:00

217 lines
8.0 KiB
YAML
Raw Blame History

name: macOS image generation
on:
workflow_call:
inputs:
image_label:
type: string
description: macOS codename
required: true
base_image_name:
type: string
description: Base clean image
required: true
template_path:
type: string
description: Packer template path
required: true
target_datastore:
type: string
description: Image datastore
required: true
custom_repo:
type: string
description: Custom repo to checkout
required: false
custom_repo_commit_hash:
type: string
description: Custom repo commit hash
required: false
env:
KEYVAULT: imagegeneration
ESXI_CLUSTER: mcv2-build-unstable
VCENTER_DATACENTER: imagegen
OUTPUT_FOLDER: mms-output
BUILD_DATASTORE: ds-image
defaults:
run:
shell: pwsh
jobs:
build:
#
# "macos-vmware" is dedicated runner not available in forks.
# to reduce undesired run attempts in forks, stick jobs to "actions" organization only
#
runs-on: macos-vmware
if: ${{ github.repository_owner == 'actions' }}
timeout-minutes: 1200
steps:
- uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Set image variables
run: |
$currentDate = Get-Date -Format "yyyyMMdd"
$templatePath = "${{ inputs.template_path }}"
$osName = $(($templatePath.Split("/")[-1]).Split(".")[0])
$virtualMachineName = "${osName}_${currentDate}_unstable.${{ github.run_id }}.${{ github.run_attempt }}"
$GitHubFeed = az keyvault secret show -n "github-feed-token" --vault-name "${{ env.KEYVAULT }}" --query value -o tsv
$VIUserName = az keyvault secret show -n "vcenter-username-v2" --vault-name "${{ env.KEYVAULT }}" --query value -o tsv
$VIPassword = az keyvault secret show -n "vcenter-password-v2" --vault-name "${{ env.KEYVAULT }}" --query value -o tsv
$XcodeUser = az keyvault secret show -n "xcode-installation-user" --vault-name "${{ env.KEYVAULT }}" --query value -o tsv
$XcodePassword = az keyvault secret show -n "xcode-installation-password" --vault-name "${{ env.KEYVAULT }}" --query value -o tsv
echo "::add-mask::$GitHubFeed"
echo "::add-mask::$VIUserName"
echo "::add-mask::$VIPassword"
echo "::add-mask::$XcodeUser"
echo "::add-mask::$XcodePassword"
"GH_FEED=$GitHubFeed" | Out-File -Append -FilePath $env:GITHUB_ENV
"VI_USER_NAME=$VIUserName" | Out-File -Append -FilePath $env:GITHUB_ENV
"VI_PASSWORD=$VIPassword" | Out-File -Append -FilePath $env:GITHUB_ENV
"XCODE_USER=$XcodeUser" | Out-File -Append -FilePath $env:GITHUB_ENV
"XCODE_PASSWORD=$XcodePassword" | Out-File -Append -FilePath $env:GITHUB_ENV
"VM_NAME=$virtualMachineName" | Out-File -Append -FilePath $env:GITHUB_ENV
- name: Determine checkout type
run: |
if ("${{ inputs.custom_repo }}" -and "${{ inputs.custom_repo_commit_hash }}") {
$checkoutType = "custom_repo"
} elseif (("${{ github.event_name }}" -eq "pull_request_target") -and ("${{ github.event.action }}" -eq "labeled" )) {
$checkoutType = "pull_request"
} else {
$checkoutType = "main"
}
"CHECKOUT_TYPE=$checkoutType" | Out-File -Append $env:GITHUB_ENV
- name: Checkout repository
if: ${{ env.CHECKOUT_TYPE == 'main' }}
uses: actions/checkout@v3
with:
repository: actions/runner-images
- name: Checkout PR
if: ${{ env.CHECKOUT_TYPE == 'pull_request' }}
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout custom repository
if: ${{ env.CHECKOUT_TYPE == 'custom_repo' }}
uses: actions/checkout@v3
with:
repository: '${{ inputs.custom_repo }}'
ref: '${{ inputs.custom_repo_commit_hash }}'
- name: Validate contributor permissions
if: ${{ github.event_name == 'pull_request_target' }}
run: |
[string]$contributorAllowList = "${{ vars.CONTRIBUTOR_ALLOWLIST }}"
./images.CI/macos/validate-contributor.ps1 `
-RepositoryName ${{ github.repository }} `
-AccessToken ${{ env.GH_FEED }} `
-SourceBranch "refs/pull/${{ github.event.pull_request.number }}/merge" `
-ContributorAllowList $contributorAllowList
- name: Select datastore
run: |
./images.CI/macos/select-datastore.ps1 `
-VMName "${{ env.VM_NAME }}" `
-VIServer ${{ secrets.VISERVER_V2 }} `
-VIUserName ${{ env.VI_USER_NAME }} `
-VIPassword ${{ env.VI_PASSWORD }} `
-Cluster ${{ env.ESXI_CLUSTER }}
- name: Build VM
run: |
$SensitiveData = @(
'IP address:',
'Using ssh communicator to connect:'
)
packer build -on-error=abort `
-var="vcenter_server=${{ secrets.VISERVER_V2 }}" `
-var="vcenter_username=${{ env.VI_USER_NAME }}" `
-var="vcenter_password=${{ env.VI_PASSWORD }}" `
-var="vcenter_datacenter=${{ env.VCENTER_DATACENTER }}" `
-var="cluster_or_esxi_host=${{ env.ESXI_CLUSTER }}" `
-var="esxi_datastore=${{ env.BUILD_DATASTORE }}" `
-var="output_folder=${{ env.OUTPUT_FOLDER }}" `
-var="vm_username=${{ secrets.VM_USERNAME }}" `
-var="vm_password=${{ secrets.VM_PASSWORD }}" `
-var="github_api_pat=${{ secrets.GH_FEED_TOKEN }}" `
-var="build_id=${{ env.VM_NAME }}" `
-var="baseimage_name=${{ inputs.base_image_name }}" `
-var="xcode_install_user=${{ env.XCODE_USER }}" `
-var="xcode_install_password=${{ env.XCODE_PASSWORD }}" `
-color=false `
${{ inputs.template_path }} `
| Where-Object {
#Filter sensitive data from Packer logs
$currentString = $_
$sensitiveString = $SensitiveData | Where-Object { $currentString -match $_ }
$sensitiveString -eq $null
}
working-directory: images/macos
env:
PACKER_LOG: 1
PACKER_LOG_PATH: ${{ runner.temp }}/packer-log.txt
- name: Prepare artifact
shell: bash
run: |
echo "Preparing artifact directory"
mkdir -p ${{ runner.temp }}/artifacts
echo "Copy image output files"
cp -R "images/image-output/software-report/." "${{ runner.temp }}/artifacts"
echo "Put VM name to 'VM_Done_Name' file"
echo "${{ env.VM_NAME }}" > "${{ runner.temp }}/artifacts/VM_Done_Name"
- name: Print markdown software report
run: |
Get-Content "${{ runner.temp }}/artifacts/systeminfo.md"
- name: Print json software report
run: |
Get-Content "${{ runner.temp }}/artifacts/systeminfo.json"
- name: Publish Artifacts
uses: actions/upload-artifact@v3
with:
name: Built_VM_Artifacts
path: ${{ runner.temp }}/artifacts/
- name: Print provisioners duration
run: |
./images.CI/measure-provisioners-duration.ps1 `
-PackerLogPath "${{ runner.temp }}/packer-log.txt" `
-PrintTopNLongest 25
- name: Move vm to cold storage and clear datastore tag
run: |
$cpuCount = 3
$coresPerSocketCount = 3
$memory = 14336
./images.CI/macos/move-vm.ps1 `
-VMName "${{ env.VM_NAME }}" `
-TargetDataStore "${{ inputs.target_datastore }}" `
-VIServer "${{ secrets.VISERVER_V2 }}" `
-VIUserName "${{ env.VI_USER_NAME }}" `
-VIPassword "${{ env.VI_PASSWORD }}" `
-CpuCount "$cpuCount" `
-CoresPerSocketCount "$coresPerSocketCount" `
-Memory "$memory"
- name: Destroy VM (if build canceled only)
if: ${{ cancelled() }}
run: |
./images.CI/macos/destroy-vm.ps1 `
-VMName "${{ env.VM_NAME }}" `
-VIServer "${{ secrets.VISERVER_V2 }}" `
-VIUserName "${{ env.VI_USER_NAME }}" `
-VIPassword "${{ env.VI_PASSWORD }}"
Reference in New Issue View Git Blame Copy Permalink