.github/workflows/build.yaml

name: build

on:
  workflow_call:
    inputs:
      upload_artifacts:
        required: true
        type: boolean
      branch_name:
        required: true
        type: string

permissions:
  id-token: write
  contents: read

defaults:
  run:
    shell: bash

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Run tests
        run: ci/image-name/tests.sh
  compute-constants:
    runs-on: ubuntu-latest
    outputs:
      MATRIX: ${{ steps.compute-constants.outputs.MATRIX }}
      TIMESTAMP: ${{ steps.compute-constants.outputs.TIMESTAMP }}
      DEFAULT_AWS_REGION: ${{ steps.compute-constants.outputs.DEFAULT_AWS_REGION }}
      BACKUP_AWS_REGIONS: ${{ steps.compute-constants.outputs.BACKUP_AWS_REGIONS }}
      PUBLIC_ECR_REGION: ${{ steps.compute-constants.outputs.PUBLIC_ECR_REGION }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Compute workflow constants
        id: compute-constants
        run: ci/compute-constants.sh
  build:
    needs: compute-constants
    strategy:
      matrix: ${{ fromJSON(needs.compute-constants.outputs.MATRIX) }}
      fail-fast: false
    runs-on: ${{ matrix.RUNNER_LABEL }}
    env:
      NV_TIMESTAMP: ${{ needs.compute-constants.outputs.TIMESTAMP }}
    steps:
      - name: Configure AWS Credentials
        id: aws-creds
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ vars.VM_IMAGES_AWS_ROLE_ARN }}
          aws-region: ${{ vars.AWS_REGION }}
      - uses: actions/checkout@v4
      - name: Setup `packer`
        uses: hashicorp/setup-packer@main
      - name: Setup QEMU/KVM
        if: matrix.ENV == 'qemu'
        run: ci/setup-qemu-kvm.sh
      - name: Inject computed environment variables
        run: ci/compute-variables.sh
        env:
          ARCH: ${{ matrix.ARCH }}
          BRANCH_NAME: ${{ inputs.branch_name }}
          DRIVER_VERSION: ${{ matrix.DRIVER_VERSION }}
          DRIVER_FLAVOR: ${{ matrix.DRIVER_FLAVOR }}
          OS: ${{ matrix.OS }}
          RUNNER_ENV: ${{ matrix.ENV }}
        # The `exec` command is used to help forward signals to the child process.
        # This helps ensure Packer's AWS resources get removed when the job is cancelled.
        #
        # The `parallel-builds=1` flag ensures that the build jobs are run
        # serially. This allows the "preprovision" builds to run before the
        # actual builds since they are defined first in the templates.
      - name: Build image
        run: |
          packer init .
          exec packer build \
            -parallel-builds=1 \
            -only="*${OS}-${RUNNER_ENV}*" \
            -var "arch=${ARCH}" \
            -var "backup_aws_regions=${BACKUP_AWS_REGIONS}" \
            -var "branch_name=${BRANCH_NAME}" \
            -var "default_aws_region=${DEFAULT_AWS_REGION}" \
            -var "driver_version=${DRIVER_VERSION}" \
            -var "driver_flavor=${DRIVER_FLAVOR}" \
            -var "gh_run_id=${NV_RUN_ID}" \
            -var "gh_token=${GH_TOKEN}" \
            -var "headless=true" \
            -var "image_name=${NV_IMAGE_NAME}" \
            -var "os=${OS}" \
            -var "runner_env=${RUNNER_ENV}" \
            -var "runner_version=${RUNNER_VERSION}" \
            -var "upload_ami=${UPLOAD_ARTIFACTS}" \
            -var "timestamp=${NV_TIMESTAMP}" \
            .
        env:
          ARCH: ${{ matrix.ARCH }}
          BACKUP_AWS_REGIONS: ${{ needs.compute-constants.outputs.BACKUP_AWS_REGIONS }}
          BRANCH_NAME: ${{ inputs.branch_name }}
          DEFAULT_AWS_REGION: ${{ needs.compute-constants.outputs.DEFAULT_AWS_REGION }}
          DRIVER_VERSION: ${{ matrix.DRIVER_VERSION }}
          DRIVER_FLAVOR: ${{ matrix.DRIVER_FLAVOR }}
          GH_TOKEN: ${{ github.token }}
          OS: ${{ matrix.OS }}
          PACKER_GITHUB_API_TOKEN: ${{ github.token }}
          RUNNER_ENV: ${{ matrix.ENV }}
          # renovate: repo=actions/runner
          RUNNER_VERSION: "2.321.0"
          UPLOAD_ARTIFACTS: ${{ inputs.upload_artifacts }}
      - name: Inspect Image Size
        if: matrix.ENV == 'qemu'
        run: du -h output/*
      - name: Clean Up Instance
        if: always() && matrix.ENV == 'aws'
        run: ci/clean-up-instance.sh
      - name: Login to ECR
        if: matrix.ENV == 'qemu' && inputs.upload_artifacts
        id: ecr-login
        uses: aws-actions/amazon-ecr-login@v2
        with:
          registry-type: public
          mask-password: "true"
        env:
          AWS_REGION: ${{ needs.compute-constants.outputs.PUBLIC_ECR_REGION }}
      - name: Build & push runner image
        if: matrix.ENV == 'qemu' && inputs.upload_artifacts
        timeout-minutes: 30
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
          pull: true
          tags: ${{ steps.ecr-login.outputs.registry }}/nv-gha-runners/kubevirt-images:${{ env.NV_IMAGE_NAME }}
      - name: Publish message to image-puller SNS topic
        if: matrix.ENV == 'qemu' && inputs.upload_artifacts
        run: |
          aws sns publish --topic-arn "arn:aws:sns:${{ vars.AWS_REGION }}:${{ steps.aws-creds.outputs.aws-account-id }}:arc-nvks-image-puller" \
            --message ${{ steps.ecr-login.outputs.registry }}/nv-gha-runners/kubevirt-images:${{ env.NV_IMAGE_NAME }}