openpreserve · darrendignam · Dec 22, 2022 · Jun 13, 2024 · Jun 13, 2024 · Jun 13, 2024
diff --git a/.github/workflows/build-ova.yml b/.github/workflows/build-ova.yml
@@ -0,0 +1,234 @@
+name: Build ViPER OVA
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+      - 'release-*'
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4.2.2
+
+      - name: Install build dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y qemu-system-x86 qemu-utils ansible python3-pip wget unzip
+          pip3 install jmespath
+
+      - name: Install Packer
+        run: |
+          PACKER_VERSION="1.11.2"
+          wget -q https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip
+          unzip packer_${PACKER_VERSION}_linux_amd64.zip
+          sudo mv packer /usr/local/bin/
+          packer version
+
+      - name: Initialize Packer plugins
+        env:
+          PACKER_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: packer init viper.pkr.hcl
+
+      - name: Enable KVM
+        run: |
+          sudo apt-get install -y cpu-checker
+          sudo kvm-ok || echo "KVM not available, will use software emulation"
+          # Set KVM permissions for current user without requiring group membership
+          if [ -c /dev/kvm ]; then
+            sudo chmod 666 /dev/kvm
+            echo "KVM permissions set"
+          else
+            echo "KVM device not available"
+          fi
+
+      - name: Validate Packer template
+        run: packer validate viper.pkr.hcl
+
+      - name: Free up disk space before build
+        run: |
+          echo "Disk space before cleanup:"
+          df -h
+          # Remove unnecessary packages
+          sudo apt-get clean
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /opt/ghc
+          sudo rm -rf /usr/local/share/boost
+          sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+          echo "Disk space after cleanup:"
+          df -h
+
+      - name: Build VM with Packer
+        run: |
+          # Check if KVM is available
+          if [ -c /dev/kvm ] && [ -r /dev/kvm ] && [ -w /dev/kvm ]; then
+            echo "KVM is available, using hardware acceleration"
+            ACCELERATOR="kvm"
+          else
+            echo "KVM not available, using software emulation (TCG)"
+            ACCELERATOR="tcg"
+          fi
+
+          # Run packer build (without sudo to avoid Ansible file transfer issues)
+          packer build \
+            -var 'headless=true' \
+            -var "accelerator=${ACCELERATOR}" \
+            viper.pkr.hcl
+        timeout-minutes: 60
+
+      - name: Convert to OVA
+        run: ./scripts/convert-to-ova.sh
+
+      - name: Get version from tag
+        id: version
+        run: |
+          VERSION="${GITHUB_REF#refs/tags/}"
+          # Sanitize version for filesystem safety (remove/replace special chars)
+          VERSION_SAFE=$(echo "$VERSION" | tr '/' '-' | tr ':' '-')
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "VERSION_SAFE=$VERSION_SAFE" >> $GITHUB_OUTPUT
+          echo "Original version: $VERSION"
+          echo "Safe version: $VERSION_SAFE"
+
+      - name: Parse repository info
+        id: repo
+        run: |
+          # Sanitize repo name for filesystem-safe paths (openpreserve/ViPER -> openpreserve-ViPER)
+          REPO_SAFE=$(echo "${{ github.repository }}" | tr '/' '-')
+          echo "REPO_SAFE=${REPO_SAFE}" >> $GITHUB_OUTPUT
+          echo "REPO_FULL=${{ github.repository }}" >> $GITHUB_OUTPUT
+          echo "Repository: ${{ github.repository }}"
+          echo "Safe name: ${REPO_SAFE}"
+
+      - name: Get commit info
+        id: commit
+        run: |
+          echo "HASH=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+          echo "SHORT_HASH=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+          echo "MESSAGE<<EOF" >> $GITHUB_OUTPUT
+          git log -1 --pretty=%B >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Upload tag metadata
+        run: |
+          WORKFLOW_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+
+          cat > tag-metadata.json <<EOF
+          {
+            "repo_url": "https://github.com/${{ github.repository }}",
+            "tag": "${{ steps.version.outputs.VERSION }}",
+            "tag_message": ${{ toJSON(steps.commit.outputs.MESSAGE) }},
+            "commit_hash": "${{ steps.commit.outputs.HASH }}",
+            "commit_url": "https://github.com/${{ github.repository }}/commit/${{ steps.commit.outputs.HASH }}",
+            "build_date": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
+            "description": "ViPER VM images built from GitHub Actions",
+            "workflow_url": "${WORKFLOW_URL}"
+          }
+          EOF
+
+          # Try to upload metadata, but don't fail build if endpoint doesn't exist yet
+          curl -X POST "https://artifacts.opf-labs.org/upload/${{ steps.repo.outputs.REPO_SAFE }}/${{ steps.version.outputs.VERSION_SAFE }}/metadata" \
+            -H "Authorization: Bearer ${{ secrets.ARTIFACT_UPLOAD_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d @tag-metadata.json \
+            --fail-with-body || echo "Metadata upload failed (endpoint may not be available yet), continuing..."
+
+          echo "Tag metadata upload attempted"
+
+      - name: Upload QCOW2 to artifact server
+        run: |
+          QCOW2_FILE="output-qemu/viper-v1.2-alpha.qcow2"
+          if [ -f "$QCOW2_FILE" ]; then
+            echo "Uploading QCOW2 image..."
+            MD5_HASH=$(md5sum "$QCOW2_FILE" | awk '{print $1}')
+            SHA256_HASH=$(sha256sum "$QCOW2_FILE" | awk '{print $1}')
+
+            curl -X POST "https://artifacts.opf-labs.org/upload/${{ steps.repo.outputs.REPO_SAFE }}/${{ steps.version.outputs.VERSION_SAFE }}" \
+              -H "Authorization: Bearer ${{ secrets.ARTIFACT_UPLOAD_TOKEN }}" \
+              -F "file=@${QCOW2_FILE}" \
+              -F "md5=${MD5_HASH}" \
+              -F "sha256=${SHA256_HASH}" \
+              -F "file_type=QCOW2 Disk Image" \
+              --max-time 18000 \
+              --fail-with-body
+
+            echo "QCOW2 uploaded successfully, removing to free space..."
+            rm -f "$QCOW2_FILE"
+            df -h
+          else
+            echo "QCOW2 file not found, skipping upload"
+          fi
+
+      - name: Upload OVA to artifact server
+        run: |
+          OVA_FILE="output/viper-v1.2-alpha.ova"
+          if [ -f "$OVA_FILE" ]; then
+            echo "Uploading OVA package..."
+            MD5_HASH=$(md5sum "$OVA_FILE" | awk '{print $1}')
+            SHA256_HASH=$(sha256sum "$OVA_FILE" | awk '{print $1}')
+
+            curl -X POST "https://artifacts.opf-labs.org/upload/${{ steps.repo.outputs.REPO_SAFE }}/${{ steps.version.outputs.VERSION_SAFE }}" \
+              -H "Authorization: Bearer ${{ secrets.ARTIFACT_UPLOAD_TOKEN }}" \
+              -F "file=@${OVA_FILE}" \
+              -F "md5=${MD5_HASH}" \
+              -F "sha256=${SHA256_HASH}" \
+              -F "file_type=OVA Package" \
+              --max-time 18000 \
+              --fail-with-body
+
+            echo "OVA uploaded successfully"
+            echo "Download URL: https://artifacts.opf-labs.org/browse/${{ steps.repo.outputs.REPO_SAFE }}/${{ steps.version.outputs.VERSION_SAFE }}"
+          else
+            echo "OVA file not found, skipping upload"
+          fi
+
+      - name: Create release with download links
+        uses: softprops/action-gh-release@v2
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          draft: false
+          prerelease: false
+          body: |
+            ViPER VM Build ${{ steps.version.outputs.VERSION }}
+
+            ## Download Artifacts
+
+            Large build artifacts are hosted on our artifact server:
+
+            **Browse all files:** https://artifacts.opf-labs.org/browse/${{ steps.repo.outputs.REPO_SAFE }}/${{ steps.version.outputs.VERSION_SAFE }}
+
+            **Direct downloads:**
+            - QCOW2: https://artifacts.opf-labs.org/download/${{ steps.repo.outputs.REPO_SAFE }}/${{ steps.version.outputs.VERSION_SAFE }}/viper-v1.2-alpha.qcow2
+            - OVA: https://artifacts.opf-labs.org/download/${{ steps.repo.outputs.REPO_SAFE }}/${{ steps.version.outputs.VERSION_SAFE }}/viper-v1.2-alpha.ova
+
+            ## Installation
+
+            1. Download the OVA file from the link above
+            2. Import into VirtualBox, VMware, or other OVF-compatible virtualization platform
+            3. Start the VM
+
+            ## Available Formats
+
+            - **QCOW2**: For QEMU/KVM environments (native format, best performance)
+            - **OVA**: Universal OVF package for VirtualBox/VMware (recommended for most users)
+
+            ## Default Credentials
+            - Username: vagrant
+            - Password: vagrant
+
+            ## VM Specifications
+            - OS: Debian 12 (Bookworm)
+            - CPUs: 2
+            - Memory: 4GB
+            - Disk: 50GB
+
+            ## Checksums
+
+            MD5 and SHA256 checksums are displayed on the browse page:
+            https://artifacts.opf-labs.org/browse/${{ steps.repo.outputs.REPO_SAFE }}/${{ steps.version.outputs.VERSION_SAFE }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -0,0 +1,112 @@
+name: Build and Push ViPER Docker Image
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+      - 'release-*'
+  workflow_dispatch:
+
+env:
+  REGISTRY_DOCKERHUB: docker.io
+  REGISTRY_GHCR: ghcr.io
+  IMAGE_NAME: opf-cloud-viper
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY_DOCKERHUB }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY_GHCR }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.REGISTRY_DOCKERHUB }}/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}
+            ${{ env.REGISTRY_GHCR }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install Ansible and Python dependencies
+        run: |
+          python3 -m pip install --upgrade pip
+          pip3 install ansible docker requests
+
+      - name: Install Ansible collections
+        run: |
+          ansible-galaxy collection install community.docker
+
+      - name: Build Docker image with Ansible provisioning
+        run: |
+          cd ansible
+          ansible-playbook docker-viper.yml -i inventory.docker.yml
+
+      - name: Get container ID
+        id: container
+        run: |
+          CONTAINER_ID=$(docker ps -aqf "name=docker-viper")
+          echo "container_id=$CONTAINER_ID" >> $GITHUB_OUTPUT
+
+      - name: Commit container to image
+        run: |
+          docker commit ${{ steps.container.outputs.container_id }} viper-build:latest
+
+      - name: Tag and push to Docker Hub and GHCR
+        run: |
+          # Tag for Docker Hub
+          docker tag viper-build:latest ${{ env.REGISTRY_DOCKERHUB }}/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:latest
+          docker push ${{ env.REGISTRY_DOCKERHUB }}/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:latest
+
+          # Tag for GitHub Container Registry
+          docker tag viper-build:latest ${{ env.REGISTRY_GHCR }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest
+          docker push ${{ env.REGISTRY_GHCR }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest
+
+          # If this is a tagged release, also push the version tag
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            # Extract version from v1.2.0 -> 1.2.0
+            VERSION=${GITHUB_REF#refs/tags/v}
+            docker tag viper-build:latest ${{ env.REGISTRY_DOCKERHUB }}/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${VERSION}
+            docker push ${{ env.REGISTRY_DOCKERHUB }}/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${VERSION}
+            docker tag viper-build:latest ${{ env.REGISTRY_GHCR }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${VERSION}
+            docker push ${{ env.REGISTRY_GHCR }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${VERSION}
+          fi
+
+      - name: Clean up
+        if: always()
+        run: |
+          docker rm -f docker-viper || true
+          docker rmi viper-build:latest || true