From 951782d340ef07cb9889ead910e210263fa178d4 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Wed, 24 Aug 2022 10:18:07 -0400 Subject: [PATCH] Add support for importing generic cloud images ***DEPENDS ON:*** https://github.com/containers/automation_images/pull/178 Downstream CI needs dictate early testing on new Fedora releases at the Beta stage or earlier. Unfortunately at the time of this commit, the Fedora cloud-sig does not provide ready-made beta images in AWS EC2. Add a new image-build stage called `import_images`, that takes care of bringing the generic images into AWS. Update the `base_images` stage such that it will locate and use the imported images. Unify all the build-stage wrapper scripts into a single/common `ci/make.sh` wrapper. Finally, make a few semi-related comment/readability improvements in various places. Signed-off-by: Chris Evich --- .cirrus.yml | 56 ++++++++++++++----- Makefile | 20 ++++--- base_images/cloud.yml | 44 ++++++++++----- ci/{make_base_images.sh => make.sh} | 25 ++++++--- ci/make_cache_images.sh | 34 ------------ ci/make_image_builder.sh | 30 ---------- image_info.yml | 18 +++--- import_images/cloud.yml | 85 +++++++++++++++++++++++++++++ import_images/handle_image.sh | 24 ++++++++ 9 files changed, 219 insertions(+), 117 deletions(-) rename ci/{make_base_images.sh => make.sh} (58%) delete mode 100755 ci/make_cache_images.sh delete mode 100755 ci/make_image_builder.sh create mode 100644 import_images/cloud.yml create mode 100644 import_images/handle_image.sh diff --git a/.cirrus.yml b/.cirrus.yml index 47f8e7c8..11049e75 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -32,6 +32,7 @@ validate_task: - "make clean" - "make help" - "make image_builder/gce.json" + - "make import_images/cloud.json" - "make base_images/cloud.json" - "make cache_images/cloud.json" @@ -49,7 +50,7 @@ image_builder_task: auto_cancellation: $CI != "true" stateful: true timeout_in: 40m - container: + container: &image_builder_container dockerfile: "image_builder/Containerfile" cpu: 2 memory: "2G" @@ -60,8 +61,7 @@ image_builder_task: # Google Application Credentials (JSON) with access to create VM images GAC_JSON: ENCRYPTED[7fba7fb26ab568ae39f799ab58a476123206576b0135b3d1019117c6d682391370c801e149f29324ff4b50133012aed9] AWS_SHARED_CREDENTIALS_FILE: notused - - script: "ci/make_image_builder.sh" + script: "ci/make.sh image_builder" manifest_artifacts: path: image_builder/manifest.json type: application/json @@ -133,14 +133,43 @@ tooling_images_task: fingerprint_key: "tooling-cache-version-1" +import_images_task: + name: "Build VM import-images" + alias: "import_images" + only_if: *is_pr + skip: *ci_docs_tooling + depends_on: + - container_images + - image_builder + # Packer needs time to clean up partially created VM images + auto_cancellation: $CI != "true" + stateful: true + timeout_in: 30m + container: *image_builder_container + matrix: + - &import_image + name: "${PACKER_BUILDS} Import Image" + env: + PACKER_BUILDS: "fedora-aws" + - <<: *import_image + env: + PACKER_BUILDS: "fedora-aws-arm64" + env: + AWS_INI: &awsini ENCRYPTED[4cd69097cd29a9899e51acf3bbacceeb83cb5c907d272ca1e2a8ccd515b03f2368a0680870c0d120fc32bc578bb0a930] + GAC_JSON: &gacjson ENCRYPTED[7fba7fb26ab568ae39f799ab58a476123206576b0135b3d1019117c6d682391370c801e149f29324ff4b50133012aed9] + script: "ci/make.sh import_images" + manifest_artifacts: &manifest_artifacts + path: import_images/manifest.json + type: application/json + + base_images_task: name: "Build VM Base-images" alias: "base_images" only_if: *is_pr skip: *ci_docs_tooling depends_on: - - container_images - - image_builder + - import_images # Packer needs time to clean up partially created VM images auto_cancellation: $CI != "true" stateful: true @@ -170,12 +199,10 @@ base_images_task: env: PACKER_BUILDS: "ubuntu" env: - GAC_JSON: ENCRYPTED[7fba7fb26ab568ae39f799ab58a476123206576b0135b3d1019117c6d682391370c801e149f29324ff4b50133012aed9] - AWS_INI: ENCRYPTED[4cd69097cd29a9899e51acf3bbacceeb83cb5c907d272ca1e2a8ccd515b03f2368a0680870c0d120fc32bc578bb0a930] - script: "ci/make_base_images.sh" - manifest_artifacts: - path: base_images/manifest.json - type: application/json + GAC_JSON: *gacjson + AWS_INI: *awsini + script: "ci/make.sh base_images" + manifest_artifacts: *manifest_artifacts cache_images_task: @@ -228,10 +255,8 @@ cache_images_task: env: GAC_JSON: ENCRYPTED[7fba7fb26ab568ae39f799ab58a476123206576b0135b3d1019117c6d682391370c801e149f29324ff4b50133012aed9] AWS_INI: ENCRYPTED[4cd69097cd29a9899e51acf3bbacceeb83cb5c907d272ca1e2a8ccd515b03f2368a0680870c0d120fc32bc578bb0a930] - script: "ci/make_cache_images.sh" - manifest_artifacts: - path: cache_images/manifest.json - type: application/json + script: "ci/make.sh cache_images" + manifest_artifacts: *manifest_artifacts # Test metadata addition to images (built or not) to ensure container functions @@ -459,6 +484,7 @@ success_task: - image_builder - container_images - tooling_images + - import_images - base_images - cache_images - test_imgts diff --git a/Makefile b/Makefile index 1ef7f24b..8dbf6606 100644 --- a/Makefile +++ b/Makefile @@ -85,8 +85,8 @@ export PACKER_CACHE_DIR = $(call err_if_empty,_TEMPDIR) override _fedora_release = $(call get_image_info,fedora.release) override _fedora_image_url = $(call get_image_info,fedora.image_url) override _fedora_csum_url = $(call get_image_info,fedora.csum_url) -override _fedora_ami = $(call get_image_info,fedora.ami) -override _fedora_arm64_ami = $(call get_image_info,fedora.arm64_ami) +override _fedora_arm64_image_url = $(call get_image_info,fedora.arm64_image_url) +override _fedora_arm64_csum_url = $(call get_image_info,fedora.arm64_csum_url) override _prior_fedora_release = $(call get_image_info,prior_fedora.release) override _prior_fedora_image_url = $(call get_image_info,prior_fedora.image_url) override _prior_fedora_csum_url = $(call get_image_info,prior_fedora.csum_url) @@ -189,8 +189,8 @@ define packer_build FEDORA_RELEASE="$(call err_if_empty,_fedora_release)" \ FEDORA_IMAGE_URL="$(call err_if_empty,_fedora_image_url)" \ FEDORA_CSUM_URL="$(call err_if_empty,_fedora_csum_url)" \ - FEDORA_AMI="$(call err_if_empty,_fedora_ami)" \ - FEDORA_ARM64_AMI="$(call err_if_empty,_fedora_arm64_ami)" \ + FEDORA_ARM64_IMAGE_URL="$(call err_if_empty,_fedora_arm64_image_url)" \ + FEDORA_ARM64_CSUM_URL="$(call err_if_empty,_fedora_arm64_csum_url)" \ PRIOR_FEDORA_RELEASE="$(call err_if_empty,_prior_fedora_release)" \ PRIOR_FEDORA_IMAGE_URL="$(call err_if_empty,_prior_fedora_image_url)" \ PRIOR_FEDORA_CSUM_URL="$(call err_if_empty,_prior_fedora_csum_url)" \ @@ -233,15 +233,21 @@ image_builder_debug: $(_TEMPDIR)/image_builder_debug.tar ## Build and enter cont $(_TEMPDIR)/image_builder_debug.tar: $(_TEMPDIR)/.cache/centos $(wildcard image_builder/*) $(call podman_build,$@,image_builder_debug,image_builder,centos) +.PHONY: import_images +import_images: import_images/manifest.json ## Import generic Fedora cloud images into AWS EC2. + +import_images/manifest.json: image_info.json import_images/cloud.json + $(call packer_build,import_images/cloud.json,$(call err_if_empty,AWS_SHARED_CREDENTIALS_FILE)) + .PHONY: base_images # This needs to run in a virt/nested-virt capable environment -base_images: base_images/manifest.json ## Create, prepare, and import base-level images into GCE. Optionally, set PACKER_BUILDS= to select builder(s). +base_images: base_images/manifest.json ## Create, prepare, and import base-level images into GCE. base_images/manifest.json: image_info.json base_images/cloud.json $(wildcard base_images/*.sh) cidata $(_TEMPDIR)/cidata.ssh $(PACKER_INSTALL_DIR)/packer $(call packer_build,base_images/cloud.json) .PHONY: cache_images -cache_images: cache_images/manifest.json ## Create, prepare, and import top-level images into GCE. Optionally, set PACKER_BUILDS= to select builder(s). +cache_images: cache_images/manifest.json ## Create, prepare, and import top-level images into GCE. cache_images/manifest.json: image_info.json cache_images/cloud.json $(wildcard cache_images/*.sh) $(PACKER_INSTALL_DIR)/packer $(call packer_build,cache_images/cloud.json) @@ -333,5 +339,5 @@ clean: ## Remove all generated files referenced in this Makefile -rm -rf $(_TEMPDIR) -rm -f image_info.json -rm -f image_builder/*.json - -rm -f base_images/{*.json,cidata*,*-data} + -rm -f *_images/{*.json,cidata*,*-data} -rm -f ci_debug.tar diff --git a/base_images/cloud.yml b/base_images/cloud.yml index 5e3293f9..f5ffe23c 100644 --- a/base_images/cloud.yml +++ b/base_images/cloud.yml @@ -21,8 +21,6 @@ variables: # Empty value means it must be passed in on command-line FEDORA_RELEASE: "{{env `FEDORA_RELEASE`}}" FEDORA_IMAGE_URL: "{{env `FEDORA_IMAGE_URL`}}" FEDORA_CSUM_URL: "{{env `FEDORA_CSUM_URL`}}" - FEDORA_AMI: "{{env `FEDORA_AMI`}}" - FEDORA_ARM64_AMI: "{{env `FEDORA_ARM64_AMI`}}" PRIOR_FEDORA_RELEASE: "{{env `PRIOR_FEDORA_RELEASE`}}" PRIOR_FEDORA_IMAGE_URL: "{{env `PRIOR_FEDORA_IMAGE_URL`}}" @@ -108,8 +106,24 @@ builders: - &fedora-aws name: 'fedora-aws' type: 'amazon-ebs' - source_ami: '{{user `FEDORA_AMI`}}' instance_type: 'm5zn.metal' + source_ami_filter: # Will fail if >1 or no AMI found + owners: + # Docs are wrong, specifying the Account ID required to make AMIs private. + # The Account ID is hard-coded here out of expediency, since passing in + # more packer args from the command-line (in Makefile) is non-trivial. + - &accountid '449134212816' + # It's necessary to 'search' for the base-image by these criteria. If + # more than one image is found, Packer will fail the build (and display + # the conflicting AMI IDs). + filters: &ami_filters + architecture: 'x86_64' + image-type: 'machine' + is-public: 'false' + name: '{{build_name}}-i{{user `IMG_SFX`}}' + root-device-type: 'ebs' + state: 'available' + virtualization-type: 'hvm' # In case of packer problem or ungraceful exit, don't wait for shutdown. # This doesn't always work properly, sometimes leaving EC2 instances in # a 'stopped' instead of terminated state :( @@ -120,7 +134,7 @@ builders: # Required for network access, must be the 'default' group used by Cirrus-CI security_group_id: "sg-042c75677872ef81c" # Prefix IMG_SFX with "b" so this is never confused with a cache_image - ami_name: 'fedora-aws-b{{user `IMG_SFX`}}' + ami_name: &ami_name '{{build_name}}-b{{user `IMG_SFX`}}' ami_description: 'Built in https://cirrus-ci.com/task/{{user `CIRRUS_TASK_ID`}}' ebs_optimized: true launch_block_device_mappings: @@ -133,19 +147,17 @@ builders: tags: &awstags <<: *imgcpylabels # EC2 expects "Name" to be capitalized - Name: 'fedora-aws-b{{user `IMG_SFX`}}' - src: '{{user `FEDORA_AMI`}}' + Name: *ami_name + src: '{{.SourceAMI}}' automation: 'true' release: 'fedora-{{user `FEDORA_RELEASE`}}' run_tags: *awstags run_volume_tags: *awstags snapshot_tags: *awstags - # Docs are wrong, specifying the Account ID required to make AMIs private. # This is necessary for security - The CI service accounts are not permitted - # to use AMI's from any other account, including public ones. The Account - # ID is hard-coded here out of expediency, since passing in more packer args - # from the command-line (in Makefile) is non-trivial. - ami_users: ["449134212816"] + # to use AMI's from any other account, including public ones. + ami_users: + - *accountid ssh_username: 'fedora' ssh_clear_authorized_keys: true # N/B: Required Packer >= 1.8.0 @@ -154,12 +166,15 @@ builders: - <<: *fedora-aws name: 'fedora-aws-arm64' - source_ami: '{{user `FEDORA_ARM64_AMI`}}' + source_ami_filter: + owners: + - *accountid + filters: + <<: *ami_filters + architecture: 'arm64' instance_type: 't4g.medium' # arm64 type - ami_name: 'fedora-aws-arm64-b{{user `IMG_SFX`}}' # must be unique tags: &awsarm64tags <<: *awstags - src: '{{user `FEDORA_ARM64_AMI`}}' arch: 'arm64' run_tags: *awsarm64tags run_volume_tags: *awsarm64tags @@ -213,6 +228,7 @@ post-processors: only: ['prior-fedora'] image_name: "prior-fedora-b{{user `IMG_SFX`}}" image_family: '{{build_name}}-base' + image_description: '{{user `PRIOR_FEDORA_IMAGE_URL`}}' image_labels: <<: *imgcpylabels src: 'fedoraproject' diff --git a/ci/make_base_images.sh b/ci/make.sh similarity index 58% rename from ci/make_base_images.sh rename to ci/make.sh index 582c2c4e..65758567 100755 --- a/ci/make_base_images.sh +++ b/ci/make.sh @@ -1,9 +1,12 @@ #!/bin/bash +set -eo pipefail + # This script is intended to be used by Cirrus-CI, from the VM -# built by the 'image_builder' makefile target in this repo. Use -# of this script in any other context/environment is unlikely to -# function as intended. +# built by the 'image_builder' Makefile target in this repo. +# It's purpose is simply to verify & configure the runtime +# environment from data provided by CI, and call the make +# with the first argument passed to this script. SCRIPT_FILEPATH=$(realpath "${BASH_SOURCE[0]}") SCRIPT_DIRPATH=$(dirname "$SCRIPT_FILEPATH") @@ -17,17 +20,25 @@ if [[ -z "$CI" ]] || [[ "$CI" != "true" ]] || [[ "$CIRRUS_CI" != "$CI" ]]; then die "Unexpected \$CI=$CI and/or \$CIRRUS_CI=$CIRRUS_CI" elif [[ -z "$IMG_SFX" ]] || [[ -z "$PACKER_BUILDS" ]]; then die "Required non-empty values for \$IMG_SFX=$IMG_SFX and \$PACKER_BUILDS=$PACKER_BUILDS" +elif [[ -z "$1" ]]; then + die "Build stage name is required as the first argument" fi if skip_on_pr_label; then exit 0 # skip build fi -set_gac_filepath -set_aws_filepath +# In case we're running under -x, don't expose secret values +if [[ "${#GAC_JSON}" -gt 0 ]]; then + set_gac_filepath +fi + +if [[ "${#AWS_INI}" -gt 0 ]]; then + set_aws_filepath +fi -set -exo pipefail +set -x cd "$REPO_DIRPATH" export IMG_SFX=$IMG_SFX export PACKER_BUILDS=$PACKER_BUILDS -make base_images +make ${1} diff --git a/ci/make_cache_images.sh b/ci/make_cache_images.sh deleted file mode 100755 index 45bbbc79..00000000 --- a/ci/make_cache_images.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -set -eo pipefail - -# This script is intended to be used by Cirrus-CI, from the container -# built by the ContainerFile in this directory. Use of this script -# in any other context/environment is unlikely to function as intended. - -SCRIPT_FILEPATH=$(realpath "${BASH_SOURCE[0]}") -SCRIPT_DIRPATH=$(dirname "$SCRIPT_FILEPATH") -REPO_DIRPATH=$(realpath "$SCRIPT_DIRPATH/../") - -# shellcheck source=./lib.sh -source "$REPO_DIRPATH/lib.sh" - -# shellcheck disable=SC2154 -if [[ -z "$CI" ]] || [[ "$CI" != "true" ]] || [[ "$CIRRUS_CI" != "$CI" ]]; then - die "Unexpected \$CI=$CI and/or \$CIRRUS_CI=$CIRRUS_CI" -elif [[ -z "$IMG_SFX" ]] || [[ -z "$PACKER_BUILDS" ]]; then - die "Required non-empty values for \$IMG_SFX=$IMG_SFX and \$PACKER_BUILDS=$PACKER_BUILDS" -fi - -if skip_on_pr_label; then - exit 0 # skip build -fi - -set_gac_filepath -set_aws_filepath - -set -x -cd "$REPO_DIRPATH" -export IMG_SFX=$IMG_SFX -export PACKER_BUILDS=$PACKER_BUILDS -make cache_images diff --git a/ci/make_image_builder.sh b/ci/make_image_builder.sh deleted file mode 100755 index 4d3438c5..00000000 --- a/ci/make_image_builder.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# This script is intended to be used by Cirrus-CI, from the container -# built by the ContainerFile in this directory. Use of this script -# in any other context/environment is unlikely to function as intended. - -SCRIPT_FILEPATH=$(realpath "${BASH_SOURCE[0]}") -SCRIPT_DIRPATH=$(dirname "$SCRIPT_FILEPATH") -REPO_DIRPATH=$(realpath "$SCRIPT_DIRPATH/../") - -# shellcheck source=./lib.sh -source "$REPO_DIRPATH/lib.sh" - -# shellcheck disable=SC2154 -if [[ -z "$CI" ]] || [[ "$CI" != "true" ]] || [[ "$CIRRUS_CI" != "$CI" ]]; then - die "Unexpected \$CI=$CI and/or \$CIRRUS_CI=$CIRRUS_CI" -elif [[ -z "$IMG_SFX" ]]; then - die "Required non-empty values for \$IMG_SFX=$IMG_SFX" -fi - -if skip_on_pr_label; then - exit 0 # skip build -fi - -set_gac_filepath - -set -exo pipefail -cd "$REPO_DIRPATH" -export IMG_SFX=$IMG_SFX -make image_builder diff --git a/image_info.yml b/image_info.yml index 697eb45e..4a5f339d 100644 --- a/image_info.yml +++ b/image_info.yml @@ -2,19 +2,17 @@ # Latest Fedora release (qcow and CHECKSUM) download URLs fedora: - release: "36" - image_url: "https://dl.fedoraproject.org/pub/fedora/linux/releases/36/Cloud/x86_64/images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2" - csum_url: "https://dl.fedoraproject.org/pub/fedora/linux/releases/36/Cloud/x86_64/images/Fedora-Cloud-36-1.5-x86_64-CHECKSUM" - # AWS base image in 'US East (N. Virginia)' region - # from https://alt.fedoraproject.org/cloud - ami: "ami-08b7bda26f4071b80" - arm64_ami: "ami-01925eb0821988986" + release: "37" + image_url: "https://dl.fedoraproject.org/pub/fedora/linux/development/37/Cloud/x86_64/images/Fedora-Cloud-Base-37-20220825.n.0.x86_64.qcow2" + csum_url: "https://dl.fedoraproject.org/pub/fedora/linux/development/37/Cloud/x86_64/images/Fedora-Cloud-37-x86_64-20220825.n.0-CHECKSUM" + arm64_image_url: "https://dl.fedoraproject.org/pub/fedora/linux/development/37/Cloud/aarch64/images/Fedora-Cloud-Base-37-20220825.n.0.aarch64.qcow2" + arm64_csum_url: "https://dl.fedoraproject.org/pub/fedora/linux/development/37/Cloud/aarch64/images/Fedora-Cloud-37-aarch64-20220825.n.0-CHECKSUM" # Prior Fedora release (qcow and CHECKSUM) download URLs prior_fedora: - release: "35" - image_url: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" - csum_url: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-35-1.2-x86_64-CHECKSUM" + release: "36" + image_url: "https://dl.fedoraproject.org/pub/fedora/linux/releases/36/Cloud/x86_64/images/Fedora-Cloud-Base-36-1.5.x86_64.qcow2" + csum_url: "https://dl.fedoraproject.org/pub/fedora/linux/releases/36/Cloud/x86_64/images/Fedora-Cloud-36-1.5-x86_64-CHECKSUM" # Upstream GCP image family name for Ubuntu image. ubuntu: diff --git a/import_images/cloud.yml b/import_images/cloud.yml new file mode 100644 index 00000000..65557d65 --- /dev/null +++ b/import_images/cloud.yml @@ -0,0 +1,85 @@ +--- + +# This Packer template is used to import images into AWS EC2. Since +# this must happen in a `post-processor`, it must occur before the +# regular base_images/cloud.yml template is used. + +variables: # Empty value means it must be passed in on command-line + # Required for 'make clean' support and not clobbering a memory-backed /tmp + TEMPDIR: + # Naming suffix for images to prevent clashes + IMG_SFX: + + # Allows providing handy cross-reference to the build log + CIRRUS_TASK_ID: "{{env `CIRRUS_TASK_ID`}}" + + # See image_info.yml + FEDORA_RELEASE: "{{env `FEDORA_RELEASE`}}" + FEDORA_IMAGE_URL: "{{env `FEDORA_IMAGE_URL`}}" + FEDORA_CSUM_URL: "{{env `FEDORA_CSUM_URL`}}" + FEDORA_ARM64_IMAGE_URL: "{{env `FEDORA_IMAGE_URL`}}" + FEDORA_ARM64_CSUM_URL: "{{env `FEDORA_CSUM_URL`}}" + +builders: + - name: 'fedora-aws' + type: null + + - name: 'fedora-aws-arm64' + type: null + +provisioners: + - only: ['fedora-aws'] + type: "shell-local" + inline: + - >- + "/bin/bash import_images/handle_image.sh" + "{{user `TEMPDIR`}}/{{build_name}}.qcow2" + "{{user `FEDORA_IMAGE_URL`}}" + "{{user `FEDORA_CSUM_URL`}}" + + - only: ['fedora-aws-arm64'] + type: "shell-local" + inline: + - >- + "/bin/bash import_images/handle_image.sh" + "{{user `TEMPDIR`}}/{{build_name}}.qcow2" + "{{user `FEDORA_ARM64_IMAGE_URL`}}" + "{{user `FEDORA_ARM64_CSUM_URL`}}" + +post-processors: + # Must be double-nested to guarantee execution order + - - only: ['fedora-aws', 'fedora-aws-arm64'] + type: 'artifice' + keep_input_artifact: false + files: ['{{user `TEMPDIR`}}/{{build_name}}.raw'] + - &aws + only: ['fedora-aws'] + type: 'amazon-import' + region: 'us-east-1' + s3_bucket_name: packer-image-import + ami_description: 'Imported by https://cirrus-ci.com/build/{{user `IMG_SFX`}}' + ami_users: ["449134212816"] + ami_name: &ami_name "{{build_name}}-i{{user `IMG_SFX`}}" + boot_mode: "uefi" + format: "raw" + keep_input_artifact: false + tags: &aws_tags + Name: *ami_name + sfx: '{{user `IMG_SFX`}}' + automation: 'true' + stage: 'import' + arch: 'x86_64' + release: 'fedora-{{user `FEDORA_RELEASE`}}' + - <<: *aws + only: ['fedora-aws-arm64'] + architecture: 'arm64' + tags: + <<: *aws_tags + arch: 'arm64' + - type: 'manifest' + output: 'import_images/manifest.json' # Collected by Cirrus-CI + strip_path: true + custom_data: + IMG_SFX: '{{ user `IMG_SFX` }}' + STAGE: "import" + TASK: '{{user `CIRRUS_TASK_ID`}}' diff --git a/import_images/handle_image.sh b/import_images/handle_image.sh new file mode 100644 index 00000000..0cc2dae5 --- /dev/null +++ b/import_images/handle_image.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# This script is intended to be run by packer, usage under any other +# environment may behave badly. It's purpose is to download a VM +# image and a checksum file. Then verify the image's checksum matches. +# If it does, convert the downloaded image into 'raw' format. +# The first argument is the file path and name for the downloaded image, +# the second argument is the image URL, the third is the checksum URL + +set -eo pipefail + +SCRIPT_FILEPATH=$(realpath "${BASH_SOURCE[0]}") +SCRIPT_DIRPATH=$(dirname "$SCRIPT_FILEPATH") +REPO_DIRPATH=$(realpath "$SCRIPT_DIRPATH/../") + +# shellcheck source=./lib.sh +source "$REPO_DIRPATH/lib.sh" + +[[ "$#" -eq 3 ]] || \ + die "Expected to be called with three arguments, not: $#" + +curl --fail --location "$2" -o "$1" +curl --fail --location "$3" | sha256sum --ignore-missing --check - +qemu-img convert "$1" -O raw "${1%.*}.raw"