From a78d8c1e81fe6d21277589c8727d2e15341bb41f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Sat, 7 Sep 2024 18:06:22 +0200 Subject: [PATCH 1/5] feat: add macos13 arm release template --- orka/templates/macos-13-arm-release.pkr.hcl | 125 ++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 orka/templates/macos-13-arm-release.pkr.hcl diff --git a/orka/templates/macos-13-arm-release.pkr.hcl b/orka/templates/macos-13-arm-release.pkr.hcl new file mode 100644 index 000000000..f706ee31c --- /dev/null +++ b/orka/templates/macos-13-arm-release.pkr.hcl @@ -0,0 +1,125 @@ +variable "orka_endpoint" { + type = string + default = "" +} + +variable "orka_auth_token" { + type = string + default = "" +} + +variable "ssh_default_username" { + type = string + default = "" +} + +variable "ssh_default_password" { + type = string + default = "" +} + +variable "ssh_release_public_key" { + type = string + default = "" +} + +variable "ssh_release_password" { + type = string + default = "" +} + +packer { + required_plugins { + macstadium-orka = { + version = "~> 3.0" + source = "github.com/macstadium/macstadium-orka" + } + } +} + +source "macstadium-orka" "macos13-arm-release-image" { + source_image = "macos13-arm-release-base.orkasi" + image_name = "macos13-arm-release-latest.orkasi" + image_description = "The MacOS 13 ARM release image" + orka_endpoint = var.orka_endpoint + orka_auth_token = var.orka_auth_token + ssh_username = var.ssh_default_username + ssh_password = var.ssh_release_password +} + +build { + sources = [ + "macstadium-orka.macos13-arm-release-image" + ] + + // Add SSH key access. + provisioner "shell" { + inline = [ + "echo 'Adding SSH key access...'", + "mkdir -p /Users/${var.ssh_default_username}/.ssh", + "echo '${var.ssh_release_public_key}' >> /Users/${var.ssh_default_username}/.ssh/authorized_keys", + "chown -R ${var.ssh_default_username}:staff /Users/${var.ssh_default_username}/.ssh", + "chmod 700 /Users/${var.ssh_default_username}/.ssh", + "chmod 600 /Users/${var.ssh_default_username}/.ssh/authorized_keys" + ] + } + + // Disable SSH password authentication. + // @TODO: Review fallback to password authentication. + provisioner "shell" { + inline = [ + "echo 'Disabling SSH password authentication...'", + "sudo sed -i '' 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config", + "sudo sed -i '' 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config", + "sudo sed -i '' 's/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config", + "sudo sed -i '' 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config", + "sudo systemsetup -f -setremotelogin on", + "sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist", + "sudo launchctl load /System/Library/LaunchDaemons/ssh.plist", + ] + } + + // Install Homebrew. + provisioner "shell" { + inline = [ + "echo 'Installing Homebrew...'", + "/bin/bash -c \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"", + "eval \"$(/opt/homebrew/bin/brew shellenv)\"", + "(echo; echo 'eval \"$($(brew --prefix)/bin/brew shellenv)\"') >> /Users/admin/.zprofile", + "eval \"$($(brew --prefix)/bin/brew shellenv)\"" + ] + } + // Check Homebrew. Ignore errors because we are not using the last version of Xcode. + provisioner "shell" { + inline = [ + "echo 'Checking Homebrew...'", + "eval \"$(/opt/homebrew/bin/brew shellenv)\"", + "/opt/homebrew/bin/brew doctor || true" + ] + } + // Install dependencies for build and release. + provisioner "shell" { + inline = [ + "echo 'Installing packages using Homebrew...'", + "eval \"$(/opt/homebrew/bin/brew shellenv)\"", + "/opt/homebrew/bin/brew install git automake bash libtool cmake python ccache" + ] + } + // Install Java 17 for Jenkins. + provisioner "shell" { + inline = [ + "echo 'Installing JRE...'", + "eval \"$(/opt/homebrew/bin/brew shellenv)\"", + "/opt/homebrew/bin/brew install --cask temurin@17", + ] + } + // Print the version of the installed packages. + provisioner "shell" { + inline = [ + "echo 'Printing the version of the installed packages...'", + "eval \"$(/opt/homebrew/bin/brew shellenv)\"", + "/opt/homebrew/bin/brew list --versions", + "java -version" + ] + } +} \ No newline at end of file From 0e14f802fdb9508504a2e1de07ee9c9b6b746b3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Sat, 7 Sep 2024 18:06:31 +0200 Subject: [PATCH 2/5] feat: add macos13 intel release template --- orka/templates/macos-13-intel-release.pkr.hcl | 123 ++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 orka/templates/macos-13-intel-release.pkr.hcl diff --git a/orka/templates/macos-13-intel-release.pkr.hcl b/orka/templates/macos-13-intel-release.pkr.hcl new file mode 100644 index 000000000..b3f84e9b6 --- /dev/null +++ b/orka/templates/macos-13-intel-release.pkr.hcl @@ -0,0 +1,123 @@ +variable "orka_endpoint" { + type = string + default = "" +} + +variable "orka_auth_token" { + type = string + default = "" +} + +variable "ssh_default_username" { + type = string + default = "" +} + +variable "ssh_default_password" { + type = string + default = "" +} + +variable "ssh_release_public_key" { + type = string + default = "" +} + +variable "ssh_release_password" { + type = string + default = "" +} + +packer { + required_plugins { + macstadium-orka = { + version = "~> 3.0" + source = "github.com/macstadium/macstadium-orka" + } + } +} + +source "macstadium-orka" "macos13-intel-release-image" { + source_image = "macos13-intel-release-base.img" + image_name = "macos13-intel-release-latest.img" + image_description = "The MacOS 13 Intel release image" + orka_endpoint = var.orka_endpoint + orka_auth_token = var.orka_auth_token + ssh_username = var.ssh_default_username + ssh_password = var.ssh_release_password +} + +build { + sources = [ + "macstadium-orka.macos13-intel-release-image" + ] + // Add SSH key access. + provisioner "shell" { + inline = [ + "echo 'Adding SSH key access...'", + "mkdir -p /Users/${var.ssh_default_username}/.ssh", + "echo '${var.ssh_release_public_key}' >> /Users/${var.ssh_default_username}/.ssh/authorized_keys", + "chown -R ${var.ssh_default_username}:staff /Users/${var.ssh_default_username}/.ssh", + "chmod 700 /Users/${var.ssh_default_username}/.ssh", + "chmod 600 /Users/${var.ssh_default_username}/.ssh/authorized_keys" + ] + } + + // Disable SSH password authentication. + // @TODO: Review fallback to password authentication. + provisioner "shell" { + inline = [ + "echo 'Disabling SSH password authentication...'", + "sudo sed -i '' 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config", + "sudo sed -i '' 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config", + "sudo sed -i '' 's/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config", + "sudo sed -i '' 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config", + "sudo systemsetup -f -setremotelogin on", + "sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist", + "sudo launchctl load /System/Library/LaunchDaemons/ssh.plist", + ] + } + // Install Homebrew. + provisioner "shell" { + inline = [ + "echo 'Installing Homebrew...'", + "/bin/bash -c \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"", + "eval \"$(/usr/local/bin/brew shellenv)\"", + "(echo; echo 'eval \"$($(brew --prefix)/bin/brew shellenv)\"') >> /Users/admin/.zprofile", + "eval \"$($(brew --prefix)/bin/brew shellenv)\"" + ] + } + // Check Homebrew. Ignore errors because we are not using the last version of Xcode. + provisioner "shell" { + inline = [ + "echo 'Checking Homebrew...'", + "eval \"$(/usr/local/bin/brew shellenv)\"", + "/usr/local/bin/brew doctor || true" + ] + } + // Install dependencies for build and release. + provisioner "shell" { + inline = [ + "echo 'Installing packages using Homebrew...'", + "eval \"$(/usr/local/bin/brew shellenv)\"", + "/usr/local/bin/brew install git automake bash libtool cmake python ccache" + ] + } + // Install Java 17 for Jenkins. + provisioner "shell" { + inline = [ + "echo 'Installing JRE...'", + "eval \"$(/usr/local/bin/brew shellenv)\"", + "/usr/local/bin/brew install --cask temurin@17", + ] + } + // Print the version of the installed packages. + provisioner "shell" { + inline = [ + "echo 'Printing the version of the installed packages...'", + "eval \"$(/usr/local/bin/brew shellenv)\"", + "/usr/local/bin/brew list --versions", + "java -version" + ] + } +} \ No newline at end of file From f40cdb3e25c2e1cd572110a09c37ca938f5e1975 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Sat, 7 Sep 2024 18:07:53 +0200 Subject: [PATCH 3/5] docs: added new environmental variables references --- orka/templates/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/orka/templates/README.md b/orka/templates/README.md index d96c658b8..4d9b82a10 100644 --- a/orka/templates/README.md +++ b/orka/templates/README.md @@ -49,7 +49,7 @@ You need to load the environment variables: You can validate a specific template by running the following command: ```shell -packer validate -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_default_username=$SSH_DEFAULT_USERNAME" -var "ssh_default_password=$SSH_DEFAULT_PASSWORD" -var "ssh_test_password=$SSH_TEST_PASSWORD" -var "ssh_test_puclic_key=$SSH_TEST_PUBLIC_KEY" +packer validate -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_default_username=$SSH_DEFAULT_USERNAME" -var "ssh_default_password=$SSH_DEFAULT_PASSWORD" -var "ssh_test_password=$SSH_TEST_PASSWORD" -var "ssh_release_password=$SSH_RELEASE_PASSWORD" -var "ssh_release_public_key=$SSH_RELEASE_PUBLIC_KEY" -var "ssh_test_public_key=$SSH_TEST_PUBLIC_KEY" ``` ## Build the image @@ -57,7 +57,7 @@ packer validate -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_ You can build a specific template by running the following command: ```shell -packer build -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_default_username=$SSH_DEFAULT_USERNAME" -var "ssh_default_password=$SSH_DEFAULT_PASSWORD" -var "ssh_test_password=$SSH_TEST_PASSWORD" -var "ssh_test_puclic_key=$SSH_TEST_PUBLIC_KEY" +packer build -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_default_username=$SSH_DEFAULT_USERNAME" -var "ssh_default_password=$SSH_DEFAULT_PASSWORD" -var "ssh_test_password=$SSH_TEST_PASSWORD" -var "ssh_release_password=$SSH_RELEASE_PASSWORD" -var "ssh_release_public_key=$SSH_RELEASE_PUBLIC_KEY" -var "ssh_test_public_key=$SSH_TEST_PUBLIC_KEY" ``` ## Continuous Integration From f6e9e0a5f09b095f4cec568390cb8facf82ff7c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Sat, 7 Sep 2024 18:12:30 +0200 Subject: [PATCH 4/5] ci: added new environmental variables references in Packer templates --- .github/workflows/orka-templates.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/orka-templates.yml b/.github/workflows/orka-templates.yml index be533f46f..e2e4739e1 100644 --- a/.github/workflows/orka-templates.yml +++ b/.github/workflows/orka-templates.yml @@ -37,7 +37,9 @@ jobs: SSH_DEFAULT_USERNAME: 'mock-ssh-default-username' SSH_DEFAULT_PASSWORD: 'mock-ssh-default-password' SSH_TEST_PASSWORD: 'mock-ssh-test-password' + SSH_RELEASE_PASSWORD: 'mock-ssh-release-password' SSH_TEST_PUBLIC_KEY: 'mock-ssh-test-public-key' + SSH_RELEASE_PUBLIC_KEY: 'mock-ssh-release-public-key' run: | for file in $(find . -name '*.pkr.hcl'); do echo "Validating $file" @@ -46,6 +48,9 @@ jobs: -var "ssh_default_username=$SSH_DEFAULT_USERNAME" \ -var "ssh_default_password=$SSH_DEFAULT_PASSWORD" \ -var "ssh_test_public_key=$SSH_TEST_PUBLIC_KEY" \ - -var "ssh_test_password=$SSH_TEST_PASSWORD" $file || exit 1 + -var "ssh_test_password=$SSH_TEST_PASSWORD" \ + -var "ssh_release_password=$SSH_RELEASE_PASSWORD" \ + -var "ssh_release_public_key=$SSH_RELEASE_PUBLIC_KEY" \ + $file || exit 1 done working-directory: orka/templates \ No newline at end of file From a31df8b32a74bebb8e11312034a87aeb6a9ef3f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Sat, 7 Sep 2024 18:33:29 +0200 Subject: [PATCH 5/5] ci: add support for multiple Packer templates types --- .github/workflows/orka-templates.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/orka-templates.yml b/.github/workflows/orka-templates.yml index e2e4739e1..32e1168e6 100644 --- a/.github/workflows/orka-templates.yml +++ b/.github/workflows/orka-templates.yml @@ -43,14 +43,14 @@ jobs: run: | for file in $(find . -name '*.pkr.hcl'); do echo "Validating $file" - packer validate -var "orka_endpoint=$ORKA_ENDPOINT" \ - -var "orka_auth_token=$ORKA_AUTH_TOKEN" \ - -var "ssh_default_username=$SSH_DEFAULT_USERNAME" \ - -var "ssh_default_password=$SSH_DEFAULT_PASSWORD" \ - -var "ssh_test_public_key=$SSH_TEST_PUBLIC_KEY" \ - -var "ssh_test_password=$SSH_TEST_PASSWORD" \ - -var "ssh_release_password=$SSH_RELEASE_PASSWORD" \ - -var "ssh_release_public_key=$SSH_RELEASE_PUBLIC_KEY" \ - $file || exit 1 + vars="-var orka_endpoint=$ORKA_ENDPOINT -var orka_auth_token=$ORKA_AUTH_TOKEN -var ssh_default_username=$SSH_DEFAULT_USERNAME" + + if echo "$file" | grep -q "release"; then + vars="$vars -var ssh_release_password=$SSH_RELEASE_PASSWORD -var ssh_release_public_key=$SSH_RELEASE_PUBLIC_KEY" + elif echo "$file" | grep -q "test"; then + vars="$vars -var ssh_test_password=$SSH_TEST_PASSWORD -var ssh_test_public_key=$SSH_TEST_PUBLIC_KEY -var ssh_default_password=$SSH_DEFAULT_PASSWORD" + fi + + packer validate $vars $file || exit 1 done working-directory: orka/templates \ No newline at end of file