From 9927272c1905a6d418e9e9402a5e4074ce4a4eba Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 10:19:00 -0400 Subject: [PATCH 01/41] add id-token permission --- .github/workflows/build-runner-images.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 9ee70bb4..325cb0d5 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -13,6 +13,9 @@ jobs: defaults: run: working-directory: packer/github-actions-runner + permissions: + id-token: write + contents: read steps: - name: Checkout uses: actions/checkout@v4 From 221de6ce29fbe1a298776f300ca08d1d4610f074 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 10:25:10 -0400 Subject: [PATCH 02/41] add runner version variable --- packer/github-actions-runner/variables.pkr.hcl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packer/github-actions-runner/variables.pkr.hcl b/packer/github-actions-runner/variables.pkr.hcl index 12858cf3..60ee7c9e 100644 --- a/packer/github-actions-runner/variables.pkr.hcl +++ b/packer/github-actions-runner/variables.pkr.hcl @@ -4,6 +4,11 @@ variable "region" { default = "us-east-1" } +variable "runner_version" { + description = "The version (no v prefix) of the runner software to install https://github.com/actions/runner/releases. The latest release will be fetched from GitHub if not provided." + default = null +} + variable "instance_type" { description = "The instance type Packer will use for the builder" type = string From 6ec79ac8a7e668ab77b07b73f73b91158e060187 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 10:28:40 -0400 Subject: [PATCH 03/41] add stashed changes --- packer/github-actions-runner/sources.pkr.hcl | 5 ++--- packer/github-actions-runner/variables.pkr.hcl | 10 +++++----- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 03ac1206..fac0cce3 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -8,9 +8,8 @@ source "amazon-ebs" "github-actions-runner" { temporary_security_group_source_public_ip = var.temporary_security_group_source_public_ip source_ami_filter { - ami_filter = { name = ["${ vars.AMI_FILTER }"] } - ami_owners = ["${ vars.AMI_ACCOUNT }"] - enable_userdata = false + filters = { name = "${ vars.AMI_FILTER }" } + owners = ["${ vars.AMI_ACCOUNT }"] } ssh_username = "ec2-user" diff --git a/packer/github-actions-runner/variables.pkr.hcl b/packer/github-actions-runner/variables.pkr.hcl index 60ee7c9e..e9c6fc18 100644 --- a/packer/github-actions-runner/variables.pkr.hcl +++ b/packer/github-actions-runner/variables.pkr.hcl @@ -4,11 +4,6 @@ variable "region" { default = "us-east-1" } -variable "runner_version" { - description = "The version (no v prefix) of the runner software to install https://github.com/actions/runner/releases. The latest release will be fetched from GitHub if not provided." - default = null -} - variable "instance_type" { description = "The instance type Packer will use for the builder" type = string @@ -63,6 +58,11 @@ variable "custom_shell_commands" { default = [] } +variable "runner_version" { + description = "The version (no v prefix) of the runner software to install https://github.com/actions/runner/releases. The latest release will be fetched from GitHub if not provided." + default = null +} + data "http" github_runner_release_json { url = "https://github.com/repos/actions/runner/releases/latest" request_headers = { From 8df2618d81c961481049fc1eb7a9fbb4c983d83f Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 11:01:18 -0400 Subject: [PATCH 04/41] add ami_account and ami_filter variables --- .github/workflows/build-runner-images.yml | 5 ++++- packer/github-actions-runner/sources.pkr.hcl | 4 ++-- packer/github-actions-runner/variables.pkr.hcl | 12 ++++++++++++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 325cb0d5..3aaff604 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -1,6 +1,9 @@ name: Build Runner EC2 Images on: + pull_request: + paths: + - .github/workflows/build-runner-images.yml schedule: # 00:00 on Monday each week - cron: "0 0 * * 1" @@ -42,4 +45,4 @@ jobs: - name: Packer Build id: build - run: packer build -color=false -on-error=cleanup build.pkr.hcl + run: packer build -color=false -on-error=cleanup --var ami_account=${{ vars.AMI_ACCOUNT }} --var ami_filter=${{ vars.AMI_FILTER }} build.pkr.hcl diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index fac0cce3..908be4cd 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -8,8 +8,8 @@ source "amazon-ebs" "github-actions-runner" { temporary_security_group_source_public_ip = var.temporary_security_group_source_public_ip source_ami_filter { - filters = { name = "${ vars.AMI_FILTER }" } - owners = ["${ vars.AMI_ACCOUNT }"] + filters = { name = var.ami_filter } + owners = [ var.ami_account ] } ssh_username = "ec2-user" diff --git a/packer/github-actions-runner/variables.pkr.hcl b/packer/github-actions-runner/variables.pkr.hcl index e9c6fc18..da197a6a 100644 --- a/packer/github-actions-runner/variables.pkr.hcl +++ b/packer/github-actions-runner/variables.pkr.hcl @@ -4,6 +4,18 @@ variable "region" { default = "us-east-1" } +variable "ami_filter" { + description = "The filter for searching the AMI" + type = string + default = null +} + +variable "ami_account" { + description = "The target AMI account" + type = string + default = null +} + variable "instance_type" { description = "The instance type Packer will use for the builder" type = string From 214b924dd97c2bf6237a6aaefe4036aa3d128588 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 11:04:16 -0400 Subject: [PATCH 05/41] fix var flag --- .github/workflows/build-runner-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 3aaff604..11ff037e 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -45,4 +45,4 @@ jobs: - name: Packer Build id: build - run: packer build -color=false -on-error=cleanup --var ami_account=${{ vars.AMI_ACCOUNT }} --var ami_filter=${{ vars.AMI_FILTER }} build.pkr.hcl + run: packer build -color=false -on-error=cleanup -var ami_account=${{ vars.AMI_ACCOUNT }} -var ami_filter=${{ vars.AMI_FILTER }} build.pkr.hcl From 94c64c74c3ce26d37ce609438498631fe1f82bae Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 11:09:42 -0400 Subject: [PATCH 06/41] add quotes --- .github/workflows/build-runner-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 11ff037e..35718be4 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -45,4 +45,4 @@ jobs: - name: Packer Build id: build - run: packer build -color=false -on-error=cleanup -var ami_account=${{ vars.AMI_ACCOUNT }} -var ami_filter=${{ vars.AMI_FILTER }} build.pkr.hcl + run: packer build -color=false -on-error=cleanup -var "ami_account=${{ vars.AMI_ACCOUNT }}" -var "ami_filter=${{ vars.AMI_FILTER }}" build.pkr.hcl From 3c5119ef0b5daecb9967662acb0655ec5915fd54 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 11:17:10 -0400 Subject: [PATCH 07/41] build entire directory --- .github/workflows/build-runner-images.yml | 2 +- packer/github-actions-runner/sources.pkr.hcl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 35718be4..7a0f2d35 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -45,4 +45,4 @@ jobs: - name: Packer Build id: build - run: packer build -color=false -on-error=cleanup -var "ami_account=${{ vars.AMI_ACCOUNT }}" -var "ami_filter=${{ vars.AMI_FILTER }}" build.pkr.hcl + run: packer build -color=false -on-error=cleanup -var ami_account=${{ vars.AMI_ACCOUNT }} -var ami_filter=${{ vars.AMI_FILTER }} . diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 908be4cd..51569f2e 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -9,7 +9,7 @@ source "amazon-ebs" "github-actions-runner" { source_ami_filter { filters = { name = var.ami_filter } - owners = [ var.ami_account ] + owners = [var.ami_account] } ssh_username = "ec2-user" From a134de7bfcfc6872a927557315524026b7834a8d Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 11:20:18 -0400 Subject: [PATCH 08/41] attempt to populate ami account and filter --- packer/github-actions-runner/sources.pkr.hcl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 51569f2e..bdef9986 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -8,8 +8,8 @@ source "amazon-ebs" "github-actions-runner" { temporary_security_group_source_public_ip = var.temporary_security_group_source_public_ip source_ami_filter { - filters = { name = var.ami_filter } - owners = [var.ami_account] + filters = { name = "${var.ami_filter}" } + owners = ["${var.ami_account}"] } ssh_username = "ec2-user" From d26ac983b398dcb3616f53187b8c5a4a3fff5a5d Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 11:31:43 -0400 Subject: [PATCH 09/41] add vars to environment and validate with vars --- .github/workflows/build-runner-images.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 7a0f2d35..6f0c7013 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -19,6 +19,9 @@ jobs: permissions: id-token: write contents: read + env: + AMI_ACCOUNT: ${{ vars.AMI_ACCOUNT }} + AMI_FILTER: ${{ vars.AMI_FILTER }} steps: - name: Checkout uses: actions/checkout@v4 @@ -41,8 +44,8 @@ jobs: - name: Run `packer validate` id: validate - run: packer validate . + run: packer validate -var ami_account="$AMI_ACCOUNT" -var ami_filter="$AMI_FILTER" . - name: Packer Build id: build - run: packer build -color=false -on-error=cleanup -var ami_account=${{ vars.AMI_ACCOUNT }} -var ami_filter=${{ vars.AMI_FILTER }} . + run: packer build -color=false -on-error=cleanup -var ami_account="$AMI_ACCOUNT" -var ami_filter="$AMI_FILTER" . From fe58704b9960ba87cb7dac96edd524d2c95ba1c6 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 11:44:46 -0400 Subject: [PATCH 10/41] add datasources in validation --- .github/workflows/build-runner-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 6f0c7013..55f89d38 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -44,7 +44,7 @@ jobs: - name: Run `packer validate` id: validate - run: packer validate -var ami_account="$AMI_ACCOUNT" -var ami_filter="$AMI_FILTER" . + run: packer validate -var ami_account="$AMI_ACCOUNT" -var ami_filter="$AMI_FILTER" -evaluate-datasources . - name: Packer Build id: build From 085a5cb79ea0e4331bd584ba7b33bf2d2bc1e6e9 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 14:48:19 -0400 Subject: [PATCH 11/41] add most_recent flag --- packer/github-actions-runner/sources.pkr.hcl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index bdef9986..0c876c10 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -11,6 +11,7 @@ source "amazon-ebs" "github-actions-runner" { filters = { name = "${var.ami_filter}" } owners = ["${var.ami_account}"] } - + + most_recent = true ssh_username = "ec2-user" } From 853fa78a1c2db6a4962def8149494120512e31e0 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 2 Nov 2023 14:49:23 -0400 Subject: [PATCH 12/41] move to correct spot --- packer/github-actions-runner/sources.pkr.hcl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 0c876c10..bebaeabc 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -10,8 +10,8 @@ source "amazon-ebs" "github-actions-runner" { source_ami_filter { filters = { name = "${var.ami_filter}" } owners = ["${var.ami_account}"] + most_recent = true } - - most_recent = true + ssh_username = "ec2-user" } From e856fa13820ecd61c8348c19811488b185546b82 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Tue, 14 Nov 2023 16:05:52 -0500 Subject: [PATCH 13/41] grab vpc id from data --- packer/github-actions-runner/sources.pkr.hcl | 2 +- packer/github-actions-runner/variables.pkr.hcl | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index bebaeabc..9caae0f2 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -3,7 +3,7 @@ source "amazon-ebs" "github-actions-runner" { instance_type = var.instance_type region = var.region security_group_id = var.security_group_id - subnet_id = var.subnet_id + subnet_id = local.subnet_id associate_public_ip_address = var.associate_public_ip_address temporary_security_group_source_public_ip = var.temporary_security_group_source_public_ip diff --git a/packer/github-actions-runner/variables.pkr.hcl b/packer/github-actions-runner/variables.pkr.hcl index da197a6a..62ca8f1b 100644 --- a/packer/github-actions-runner/variables.pkr.hcl +++ b/packer/github-actions-runner/variables.pkr.hcl @@ -28,12 +28,6 @@ variable "security_group_id" { default = null } -variable "subnet_id" { - description = "If using VPC, the ID of the subnet, such as subnet-12345def, where Packer will launch the EC2 instance. This field is required if you are using an non-default VPC" - type = string - default = null -} - variable "associate_public_ip_address" { description = "If using a non-default VPC, there is no public IP address assigned to the EC2 instance. If you specified a public subnet, you probably want to set this to true. Otherwise the EC2 instance won't have access to the internet" type = string @@ -75,6 +69,13 @@ variable "runner_version" { default = null } +data "aws_vpc" "managed" { + filter { + name = "tag:Name" + values = ["bcda-managed-vpc"] + } +} + data "http" github_runner_release_json { url = "https://github.com/repos/actions/runner/releases/latest" request_headers = { @@ -85,4 +86,5 @@ data "http" github_runner_release_json { locals { runner_version = coalesce(var.runner_version, trimprefix(jsondecode(data.http.github_runner_release_json.body).tag_name, "v")) + subnet_id = data.aws_vpc.managed.id } From 3de8a8eb866e0934f1267b374d37402be4679dc3 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Tue, 14 Nov 2023 16:35:35 -0500 Subject: [PATCH 14/41] attempt to filter for vpc_id --- .github/workflows/build-runner-images.yml | 13 ++++++++++-- packer/github-actions-runner/sources.pkr.hcl | 3 ++- .../github-actions-runner/variables.pkr.hcl | 20 +++++++++++-------- 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 55f89d38..4d1ed111 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -32,6 +32,15 @@ jobs: role-to-assume: arn:aws:iam::${{ vars.RUNNER_ACCOUNT }}:role/github-to-aws-oidc aws-region: us-east-1 + - name: Retrieve default VPC ID and subnet + id: vpc + run: | + VPC_ID=`aws ec2 describe-vpcs --filters "Name=bcda-managed-vpc, Values=true" --query 'Vpcs[].VpcId' --output text` + echo "VPC_ID=$VPC_ID" >> "$GITHUB_ENV" + + SUBNET_ID=`aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" --query 'Subnets[0].SubnetId' --output text` + echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" + - name: Setup `packer` uses: hashicorp/setup-packer@main id: setup @@ -44,8 +53,8 @@ jobs: - name: Run `packer validate` id: validate - run: packer validate -var ami_account="$AMI_ACCOUNT" -var ami_filter="$AMI_FILTER" -evaluate-datasources . + run: packer validate -var ami_account="$AMI_ACCOUNT" -var ami_filter="$AMI_FILTER" -var vpc_id="$VPC_ID" -var subnet_id="$SUBNET_ID" -evaluate-datasources . - name: Packer Build id: build - run: packer build -color=false -on-error=cleanup -var ami_account="$AMI_ACCOUNT" -var ami_filter="$AMI_FILTER" . + run: packer build -color=false -on-error=cleanup -var ami_account="$AMI_ACCOUNT" -var ami_filter="$AMI_FILTER" -var vpc_id="$VPC_ID" -var subnet_id="$SUBNET_ID" . diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 9caae0f2..002d867d 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -3,7 +3,8 @@ source "amazon-ebs" "github-actions-runner" { instance_type = var.instance_type region = var.region security_group_id = var.security_group_id - subnet_id = local.subnet_id + vpc_id = var.vpc_id + subnet_id = var.subnet_id associate_public_ip_address = var.associate_public_ip_address temporary_security_group_source_public_ip = var.temporary_security_group_source_public_ip diff --git a/packer/github-actions-runner/variables.pkr.hcl b/packer/github-actions-runner/variables.pkr.hcl index 62ca8f1b..59fe5ccb 100644 --- a/packer/github-actions-runner/variables.pkr.hcl +++ b/packer/github-actions-runner/variables.pkr.hcl @@ -28,6 +28,18 @@ variable "security_group_id" { default = null } +variable "vpc_id" { + description = "The name of the VPC where the instance will be launched" + type = string + default = null +} + +variable "subnet_id" { + description = "If using VPC, the ID of the subnet, such as subnet-12345def, where Packer will launch the EC2 instance. This field is required if you are using an non-default VPC" + type = string + default = null +} + variable "associate_public_ip_address" { description = "If using a non-default VPC, there is no public IP address assigned to the EC2 instance. If you specified a public subnet, you probably want to set this to true. Otherwise the EC2 instance won't have access to the internet" type = string @@ -69,13 +81,6 @@ variable "runner_version" { default = null } -data "aws_vpc" "managed" { - filter { - name = "tag:Name" - values = ["bcda-managed-vpc"] - } -} - data "http" github_runner_release_json { url = "https://github.com/repos/actions/runner/releases/latest" request_headers = { @@ -86,5 +91,4 @@ data "http" github_runner_release_json { locals { runner_version = coalesce(var.runner_version, trimprefix(jsondecode(data.http.github_runner_release_json.body).tag_name, "v")) - subnet_id = data.aws_vpc.managed.id } From d0b6a88aff278856fe780a364bea33ad7c9b0c3b Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Tue, 14 Nov 2023 16:38:25 -0500 Subject: [PATCH 15/41] use correct tag --- .github/workflows/build-runner-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 4d1ed111..ff14123d 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -35,7 +35,7 @@ jobs: - name: Retrieve default VPC ID and subnet id: vpc run: | - VPC_ID=`aws ec2 describe-vpcs --filters "Name=bcda-managed-vpc, Values=true" --query 'Vpcs[].VpcId' --output text` + VPC_ID=`aws ec2 describe-vpcs --filters "Name=tag:Name, Values=bcda-managed-vpc" --query 'Vpcs[].VpcId' --output text` echo "VPC_ID=$VPC_ID" >> "$GITHUB_ENV" SUBNET_ID=`aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" --query 'Subnets[0].SubnetId' --output text` From 87d5c612c6c1f0bf7b7290cd983b00c33110ecc5 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Tue, 14 Nov 2023 16:42:03 -0500 Subject: [PATCH 16/41] change var name to match repo vars --- .github/workflows/build-runner-images.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index ff14123d..83097bf2 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -20,8 +20,8 @@ jobs: id-token: write contents: read env: - AMI_ACCOUNT: ${{ vars.AMI_ACCOUNT }} - AMI_FILTER: ${{ vars.AMI_FILTER }} + AMI_ACCOUNT: ${{ vars.RUNNER_AMI_ACCOUNT }} + AMI_FILTER: ${{ vars.RUNNER_AMI_FILTER }} steps: - name: Checkout uses: actions/checkout@v4 @@ -29,7 +29,7 @@ jobs: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v3 with: - role-to-assume: arn:aws:iam::${{ vars.RUNNER_ACCOUNT }}:role/github-to-aws-oidc + role-to-assume: ${{ vars.RUNNER_ACCOUNT_ROLE }} aws-region: us-east-1 - name: Retrieve default VPC ID and subnet From 0247b494ee0b14160216cfa4331df808aed5dcc1 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 14:07:16 -0500 Subject: [PATCH 17/41] add security group to setup --- .github/workflows/build-runner-images.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 83097bf2..3d136018 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -41,6 +41,9 @@ jobs: SUBNET_ID=`aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" --query 'Subnets[0].SubnetId' --output text` echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" + SECURITY_GROUP_ID=`aws ec2 describe-ssecurity-groups --filters "Name=vpc-id,Values=$VPC_ID" "Name=description,Values=bcda-managed-remote-management" --query 'SecurityGroups[].GroupId' --output text` + echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" + - name: Setup `packer` uses: hashicorp/setup-packer@main id: setup @@ -53,8 +56,20 @@ jobs: - name: Run `packer validate` id: validate - run: packer validate -var ami_account="$AMI_ACCOUNT" -var ami_filter="$AMI_FILTER" -var vpc_id="$VPC_ID" -var subnet_id="$SUBNET_ID" -evaluate-datasources . + run: packer validate \ + -var ami_account="$AMI_ACCOUNT" \ + -var ami_filter="$AMI_FILTER" \ + -var vpc_id="$VPC_ID" \ + -var subnet_id="$SUBNET_ID" \ + -var security_group_id="$SECURITY_GROUP_ID" \ + -evaluate-datasources . - name: Packer Build id: build - run: packer build -color=false -on-error=cleanup -var ami_account="$AMI_ACCOUNT" -var ami_filter="$AMI_FILTER" -var vpc_id="$VPC_ID" -var subnet_id="$SUBNET_ID" . + run: packer build \ + -var ami_account="$AMI_ACCOUNT" \ + -var ami_filter="$AMI_FILTER" \ + -var vpc_id="$VPC_ID" \ + -var subnet_id="$SUBNET_ID" \ + -var security_group_id="$SECURITY_GROUP_ID" \ + -color=false -on-error=cleanup . From 282b28c0b3b0e95da99d450864caecc8466d4c02 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 14:08:33 -0500 Subject: [PATCH 18/41] spelling --- .github/workflows/build-runner-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 3d136018..7f138489 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -41,7 +41,7 @@ jobs: SUBNET_ID=`aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" --query 'Subnets[0].SubnetId' --output text` echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" - SECURITY_GROUP_ID=`aws ec2 describe-ssecurity-groups --filters "Name=vpc-id,Values=$VPC_ID" "Name=description,Values=bcda-managed-remote-management" --query 'SecurityGroups[].GroupId' --output text` + SECURITY_GROUP_ID=`aws ec2 describe-security-groups --filters "Name=vpc-id,Values=$VPC_ID" "Name=description,Values=bcda-managed-remote-management" --query 'SecurityGroups[].GroupId' --output text` echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" - name: Setup `packer` From ee6a52a2c91a6eba006adf2541c5fdff036ae499 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 14:11:21 -0500 Subject: [PATCH 19/41] multiline command fix --- .github/workflows/build-runner-images.yml | 30 ++++++++++++----------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 7f138489..fe3d35e6 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -56,20 +56,22 @@ jobs: - name: Run `packer validate` id: validate - run: packer validate \ - -var ami_account="$AMI_ACCOUNT" \ - -var ami_filter="$AMI_FILTER" \ - -var vpc_id="$VPC_ID" \ - -var subnet_id="$SUBNET_ID" \ - -var security_group_id="$SECURITY_GROUP_ID" \ - -evaluate-datasources . + run: | + packer validate \ + -var ami_account="$AMI_ACCOUNT" \ + -var ami_filter="$AMI_FILTER" \ + -var vpc_id="$VPC_ID" \ + -var subnet_id="$SUBNET_ID" \ + -var security_group_id="$SECURITY_GROUP_ID" \ + -evaluate-datasources . - name: Packer Build id: build - run: packer build \ - -var ami_account="$AMI_ACCOUNT" \ - -var ami_filter="$AMI_FILTER" \ - -var vpc_id="$VPC_ID" \ - -var subnet_id="$SUBNET_ID" \ - -var security_group_id="$SECURITY_GROUP_ID" \ - -color=false -on-error=cleanup . + run: | + packer build \ + -var ami_account="$AMI_ACCOUNT" \ + -var ami_filter="$AMI_FILTER" \ + -var vpc_id="$VPC_ID" \ + -var subnet_id="$SUBNET_ID" \ + -var security_group_id="$SECURITY_GROUP_ID" \ + -color=false -on-error=cleanup . From aca19e27e41e552aaba29ae4ac2797d1ce1d4288 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 14:13:13 -0500 Subject: [PATCH 20/41] security_group instead of subnet --- .github/workflows/build-runner-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index fe3d35e6..140d218e 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -42,7 +42,7 @@ jobs: echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" SECURITY_GROUP_ID=`aws ec2 describe-security-groups --filters "Name=vpc-id,Values=$VPC_ID" "Name=description,Values=bcda-managed-remote-management" --query 'SecurityGroups[].GroupId' --output text` - echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" + echo "SECURITY_GROUP_ID=$SECURITY_GROUP_ID" >> "$GITHUB_ENV" - name: Setup `packer` uses: hashicorp/setup-packer@main From 803aa2e4e21be3c4f20d89de7480a16bb0c7a102 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 14:26:30 -0500 Subject: [PATCH 21/41] specify subnet --- .github/workflows/build-runner-images.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 140d218e..4c16cfb4 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -38,10 +38,20 @@ jobs: VPC_ID=`aws ec2 describe-vpcs --filters "Name=tag:Name, Values=bcda-managed-vpc" --query 'Vpcs[].VpcId' --output text` echo "VPC_ID=$VPC_ID" >> "$GITHUB_ENV" - SUBNET_ID=`aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPC_ID" --query 'Subnets[0].SubnetId' --output text` + SUBNET_ID=`aws ec2 describe-subnets \ + --filters \ + "Name=vpc-id,Values=$VPC_ID" \ + "Name=Layer,Values=management" + --query 'Subnets[0].SubnetId' \ + --output text` echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" - SECURITY_GROUP_ID=`aws ec2 describe-security-groups --filters "Name=vpc-id,Values=$VPC_ID" "Name=description,Values=bcda-managed-remote-management" --query 'SecurityGroups[].GroupId' --output text` + SECURITY_GROUP_ID=`aws ec2 describe-security-groups \ + --filters \ + "Name=vpc-id,Values=$VPC_ID" \ + "Name=description,Values=bcda-managed-remote-management" \ + --query 'SecurityGroups[].GroupId' \ + --output text` echo "SECURITY_GROUP_ID=$SECURITY_GROUP_ID" >> "$GITHUB_ENV" - name: Setup `packer` From 8db0fa3d6c89962529f13bd7c25973802c8757c4 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 14:29:38 -0500 Subject: [PATCH 22/41] layer is a tag --- .github/workflows/build-runner-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 4c16cfb4..67e7abfd 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -41,7 +41,7 @@ jobs: SUBNET_ID=`aws ec2 describe-subnets \ --filters \ "Name=vpc-id,Values=$VPC_ID" \ - "Name=Layer,Values=management" + "Name=tag:Layer,Values=management" --query 'Subnets[0].SubnetId' \ --output text` echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" From b2d90304150631f842d6bbd1fbc19234ec59df5f Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 14:38:00 -0500 Subject: [PATCH 23/41] convert to old style substitution --- .github/workflows/build-runner-images.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 67e7abfd..2286b69f 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -35,23 +35,23 @@ jobs: - name: Retrieve default VPC ID and subnet id: vpc run: | - VPC_ID=`aws ec2 describe-vpcs --filters "Name=tag:Name, Values=bcda-managed-vpc" --query 'Vpcs[].VpcId' --output text` + VPC_ID=$(aws ec2 describe-vpcs --filters "Name=tag:Name, Values=bcda-managed-vpc" --query 'Vpcs[].VpcId' --output text) echo "VPC_ID=$VPC_ID" >> "$GITHUB_ENV" - SUBNET_ID=`aws ec2 describe-subnets \ + SUBNET_ID=$(aws ec2 describe-subnets \ --filters \ "Name=vpc-id,Values=$VPC_ID" \ "Name=tag:Layer,Values=management" --query 'Subnets[0].SubnetId' \ - --output text` + --output text) echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" - SECURITY_GROUP_ID=`aws ec2 describe-security-groups \ + SECURITY_GROUP_ID=$(aws ec2 describe-security-groups \ --filters \ "Name=vpc-id,Values=$VPC_ID" \ "Name=description,Values=bcda-managed-remote-management" \ --query 'SecurityGroups[].GroupId' \ - --output text` + --output text) echo "SECURITY_GROUP_ID=$SECURITY_GROUP_ID" >> "$GITHUB_ENV" - name: Setup `packer` From b27307d155ad33c3194b5345e17346024491b220 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 14:39:11 -0500 Subject: [PATCH 24/41] missing backslash --- .github/workflows/build-runner-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 2286b69f..70ae7ac0 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -41,7 +41,7 @@ jobs: SUBNET_ID=$(aws ec2 describe-subnets \ --filters \ "Name=vpc-id,Values=$VPC_ID" \ - "Name=tag:Layer,Values=management" + "Name=tag:Layer,Values=management" \ --query 'Subnets[0].SubnetId' \ --output text) echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" From 4201c1b3dcc99151887e1adaf4029258401a5c7c Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 14:49:36 -0500 Subject: [PATCH 25/41] set ssh_interface to session manager --- packer/github-actions-runner/sources.pkr.hcl | 1 + 1 file changed, 1 insertion(+) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 002d867d..f615defc 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -15,4 +15,5 @@ source "amazon-ebs" "github-actions-runner" { } ssh_username = "ec2-user" + ssh_interface = "session_manager" } From 47620817eaf36c6574db23d393c86f171abc527e Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 14:51:10 -0500 Subject: [PATCH 26/41] try private_ip before setting up ssm --- packer/github-actions-runner/sources.pkr.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index f615defc..72252878 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -15,5 +15,5 @@ source "amazon-ebs" "github-actions-runner" { } ssh_username = "ec2-user" - ssh_interface = "session_manager" + ssh_interface = "private_ip" } From 2e6bea24f76cca02e07354a647ed45008ee42a58 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 15:03:13 -0500 Subject: [PATCH 27/41] add instance profile, go back to ssm --- packer/github-actions-runner/sources.pkr.hcl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 72252878..23e42f74 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -15,5 +15,6 @@ source "amazon-ebs" "github-actions-runner" { } ssh_username = "ec2-user" - ssh_interface = "private_ip" + ssh_interface = "session_manager" + iam_instance_profile = "bcda_packer" } From cee197e650f9e41c900e0ce915b8bfa836692050 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 15:05:39 -0500 Subject: [PATCH 28/41] fix hyphen --- packer/github-actions-runner/sources.pkr.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 23e42f74..126e4cbf 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -16,5 +16,5 @@ source "amazon-ebs" "github-actions-runner" { ssh_username = "ec2-user" ssh_interface = "session_manager" - iam_instance_profile = "bcda_packer" + iam_instance_profile = "bcda-packer" } From d728fb6d560e3f4f85001ba8d0577215fa8f4155 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 15:35:21 -0500 Subject: [PATCH 29/41] bump timeout --- packer/github-actions-runner/sources.pkr.hcl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 126e4cbf..87436057 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -16,5 +16,10 @@ source "amazon-ebs" "github-actions-runner" { ssh_username = "ec2-user" ssh_interface = "session_manager" + ssh_timeout = "1h" iam_instance_profile = "bcda-packer" + aws_polling { + delay_seconds = 60 + max_attempts = 60 + } } From e4517f94bb2cc652b1d92a346144c77231fb7f6b Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 16 Nov 2023 16:30:06 -0500 Subject: [PATCH 30/41] remove session_manager --- packer/github-actions-runner/sources.pkr.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 87436057..dae7ed08 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -14,8 +14,8 @@ source "amazon-ebs" "github-actions-runner" { most_recent = true } + communicator = "ssh" ssh_username = "ec2-user" - ssh_interface = "session_manager" ssh_timeout = "1h" iam_instance_profile = "bcda-packer" aws_polling { From 891a6ff9fafc21d44997f502af2d098ede34512d Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Tue, 28 Nov 2023 13:46:07 -0500 Subject: [PATCH 31/41] self-hosted --- .github/workflows/build-runner-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 70ae7ac0..7ae4f74d 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -12,7 +12,7 @@ on: jobs: build-image: name: Build - runs-on: ubuntu-latest + runs-on: self-hosted defaults: run: working-directory: packer/github-actions-runner From 7378e2222a77a4076a2698e0c4dcc4c8d49388d5 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Tue, 28 Nov 2023 15:13:58 -0500 Subject: [PATCH 32/41] checkout to v3 from v4, node issue --- .github/workflows/build-runner-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 7ae4f74d..671c91d8 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -24,7 +24,7 @@ jobs: AMI_FILTER: ${{ vars.RUNNER_AMI_FILTER }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v3 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v3 From 1451c0fdee4c37771650672c3cddfb5ae8111b96 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Tue, 28 Nov 2023 15:23:30 -0500 Subject: [PATCH 33/41] move to session manager --- packer/github-actions-runner/sources.pkr.hcl | 1 + 1 file changed, 1 insertion(+) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index dae7ed08..d7a8cb5b 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -17,6 +17,7 @@ source "amazon-ebs" "github-actions-runner" { communicator = "ssh" ssh_username = "ec2-user" ssh_timeout = "1h" + ssh_interface = "session_manager" iam_instance_profile = "bcda-packer" aws_polling { delay_seconds = 60 From 460da1053924e249542d44273779227ecfd79579 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Tue, 28 Nov 2023 15:40:17 -0500 Subject: [PATCH 34/41] build over private ip, ssm isnt connecting --- packer/github-actions-runner/sources.pkr.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index d7a8cb5b..7e51cd21 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -17,7 +17,7 @@ source "amazon-ebs" "github-actions-runner" { communicator = "ssh" ssh_username = "ec2-user" ssh_timeout = "1h" - ssh_interface = "session_manager" + ssh_interface = "private_ip" iam_instance_profile = "bcda-packer" aws_polling { delay_seconds = 60 From 644b08e2768f8ebb93197c25de07da38ea1f5237 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Wed, 29 Nov 2023 16:03:48 -0500 Subject: [PATCH 35/41] add tags and name to image --- packer/github-actions-runner/sources.pkr.hcl | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 7e51cd21..0ef55d3c 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -19,8 +19,12 @@ source "amazon-ebs" "github-actions-runner" { ssh_timeout = "1h" ssh_interface = "private_ip" iam_instance_profile = "bcda-packer" - aws_polling { - delay_seconds = 60 - max_attempts = 60 - } + + tags = merge( + var.global_tags, + var.ami_tags, + { + Name = "github-actions-runner-ami-build" + Base_AMI_Name = "{{ .SourceAMIName }}" + }) } From dbfadcb3eb8358f77df1d2ee7d27d52e22592f48 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 30 Nov 2023 12:50:42 -0500 Subject: [PATCH 36/41] remove management sg --- .github/workflows/build-runner-images.yml | 12 +----------- packer/github-actions-runner/sources.pkr.hcl | 19 +++++++++++-------- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 671c91d8..7f5a62de 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -41,19 +41,11 @@ jobs: SUBNET_ID=$(aws ec2 describe-subnets \ --filters \ "Name=vpc-id,Values=$VPC_ID" \ - "Name=tag:Layer,Values=management" \ + "Name=tag:Layer,Values=app" \ --query 'Subnets[0].SubnetId' \ --output text) echo "SUBNET_ID=$SUBNET_ID" >> "$GITHUB_ENV" - SECURITY_GROUP_ID=$(aws ec2 describe-security-groups \ - --filters \ - "Name=vpc-id,Values=$VPC_ID" \ - "Name=description,Values=bcda-managed-remote-management" \ - --query 'SecurityGroups[].GroupId' \ - --output text) - echo "SECURITY_GROUP_ID=$SECURITY_GROUP_ID" >> "$GITHUB_ENV" - - name: Setup `packer` uses: hashicorp/setup-packer@main id: setup @@ -72,7 +64,6 @@ jobs: -var ami_filter="$AMI_FILTER" \ -var vpc_id="$VPC_ID" \ -var subnet_id="$SUBNET_ID" \ - -var security_group_id="$SECURITY_GROUP_ID" \ -evaluate-datasources . - name: Packer Build @@ -83,5 +74,4 @@ jobs: -var ami_filter="$AMI_FILTER" \ -var vpc_id="$VPC_ID" \ -var subnet_id="$SUBNET_ID" \ - -var security_group_id="$SECURITY_GROUP_ID" \ -color=false -on-error=cleanup . diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 0ef55d3c..87c139cb 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -14,17 +14,20 @@ source "amazon-ebs" "github-actions-runner" { most_recent = true } + security_group_filter { + filters = { + "tag:Name": "packer_sg" + } + } + communicator = "ssh" ssh_username = "ec2-user" ssh_timeout = "1h" - ssh_interface = "private_ip" + ssh_pty = true iam_instance_profile = "bcda-packer" - tags = merge( - var.global_tags, - var.ami_tags, - { - Name = "github-actions-runner-ami-build" - Base_AMI_Name = "{{ .SourceAMIName }}" - }) + tags = { + Name = "github-actions-runner-ami-build", + Base_AMI_Name = "{{ .SourceAMIName }}" + } } From 554776184ec8ac1a02dcb8334cd1ed0c63378be7 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 30 Nov 2023 14:09:49 -0500 Subject: [PATCH 37/41] add debug flag --- .github/workflows/build-runner-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 7f5a62de..76797ea0 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -74,4 +74,4 @@ jobs: -var ami_filter="$AMI_FILTER" \ -var vpc_id="$VPC_ID" \ -var subnet_id="$SUBNET_ID" \ - -color=false -on-error=cleanup . + -debug -color=false -on-error=cleanup . From 22c1e474096568280762d83eb76bee6fb409838b Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 30 Nov 2023 14:30:31 -0500 Subject: [PATCH 38/41] add verbose logging --- .github/workflows/build-runner-images.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-runner-images.yml b/.github/workflows/build-runner-images.yml index 76797ea0..d57a28a5 100644 --- a/.github/workflows/build-runner-images.yml +++ b/.github/workflows/build-runner-images.yml @@ -69,9 +69,9 @@ jobs: - name: Packer Build id: build run: | - packer build \ + PACKER_LOG=1 packer build \ -var ami_account="$AMI_ACCOUNT" \ -var ami_filter="$AMI_FILTER" \ -var vpc_id="$VPC_ID" \ -var subnet_id="$SUBNET_ID" \ - -debug -color=false -on-error=cleanup . + -color=false -on-error=cleanup . From 53b25a72df2fcd428fca5d4597f49fc15038dc58 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Fri, 1 Dec 2023 09:31:59 -0500 Subject: [PATCH 39/41] switch to dnf over yum --- packer/github-actions-runner/build.pkr.hcl | 6 +++--- packer/github-actions-runner/sources.pkr.hcl | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packer/github-actions-runner/build.pkr.hcl b/packer/github-actions-runner/build.pkr.hcl index e6f815af..3a3c84a0 100644 --- a/packer/github-actions-runner/build.pkr.hcl +++ b/packer/github-actions-runner/build.pkr.hcl @@ -16,9 +16,9 @@ build { provisioner "shell" { environment_vars = [] inline = concat([ - "sudo yum update -y", - "sudo yum install -y amazon-cloudwatch-agent curl jq git", - "sudo amazon-linux-extras install docker", + "sudo dnf upgrade-minimal -y", + "sudo dnf install -y amazon-cloudwatch-agent jq git docker", + "sudo dnf install -y --allowerasing curl", "sudo systemctl enable docker.service", "sudo systemctl enable containerd.service", "sudo service docker start", diff --git a/packer/github-actions-runner/sources.pkr.hcl b/packer/github-actions-runner/sources.pkr.hcl index 87c139cb..724beba2 100644 --- a/packer/github-actions-runner/sources.pkr.hcl +++ b/packer/github-actions-runner/sources.pkr.hcl @@ -27,7 +27,7 @@ source "amazon-ebs" "github-actions-runner" { iam_instance_profile = "bcda-packer" tags = { - Name = "github-actions-runner-ami-build", + Name = "github-actions-runner-ami", Base_AMI_Name = "{{ .SourceAMIName }}" } } From e28f162d1cfc411d6784e8494ad3e0468cddda26 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Wed, 6 Dec 2023 16:01:50 -0500 Subject: [PATCH 40/41] remove dnf, just use yum for docker --- packer/github-actions-runner/build.pkr.hcl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packer/github-actions-runner/build.pkr.hcl b/packer/github-actions-runner/build.pkr.hcl index 3a3c84a0..0700559e 100644 --- a/packer/github-actions-runner/build.pkr.hcl +++ b/packer/github-actions-runner/build.pkr.hcl @@ -16,9 +16,9 @@ build { provisioner "shell" { environment_vars = [] inline = concat([ - "sudo dnf upgrade-minimal -y", - "sudo dnf install -y amazon-cloudwatch-agent jq git docker", - "sudo dnf install -y --allowerasing curl", + "sudo yum -y upgrade-minimal", + "sudo yum -y install amazon-cloudwatch-agent jq git docker", + "sudo yum -y install --allowerasing curl", "sudo systemctl enable docker.service", "sudo systemctl enable containerd.service", "sudo service docker start", From 0230a47301a929ac6da7d67c885982278f451343 Mon Sep 17 00:00:00 2001 From: Grant Freeman Date: Thu, 7 Dec 2023 13:02:32 -0500 Subject: [PATCH 41/41] remove curl command with error --- packer/github-actions-runner/build.pkr.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/github-actions-runner/build.pkr.hcl b/packer/github-actions-runner/build.pkr.hcl index 0700559e..6995e8e2 100644 --- a/packer/github-actions-runner/build.pkr.hcl +++ b/packer/github-actions-runner/build.pkr.hcl @@ -18,7 +18,7 @@ build { inline = concat([ "sudo yum -y upgrade-minimal", "sudo yum -y install amazon-cloudwatch-agent jq git docker", - "sudo yum -y install --allowerasing curl", + "sudo yum -y install curl", "sudo systemctl enable docker.service", "sudo systemctl enable containerd.service", "sudo service docker start",