diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3540aa572c..a79149cb92 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -84,6 +84,10 @@ jobs: with: submodules: recursive + - name: Setup `packer` + uses: hashicorp/setup-packer@main + id: setup + - name: Install Rust stable uses: actions-rs/toolchain@v1 with: @@ -153,6 +157,26 @@ jobs: fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf" fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.deb" + - name: Run `packer init` + if: matrix.build == 'linux' && matrix.arch == 'amd64' + id: init + run: "packer init ./images/ami/core.pkr.hcl" + + - name: Build AMI images for multiple regions + if: matrix.build == 'linux' && matrix.arch == 'amd64' + run: | + regions=(us-east-1 eu-west-1 ap-northeast-1) + for region in "${regions[@]}"; do + echo "Building AMI for region: $region" + echo "Running packer validate for $region..." + packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl + echo "Building AMI image for $region..." + packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl + done + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + - name: Upload DEB if: matrix.build == 'linux' uses: actions/upload-release-asset@v1.0.2 diff --git a/images/ami/core.pkr.hcl b/images/ami/core.pkr.hcl new file mode 100644 index 0000000000..8bb7d90fdd --- /dev/null +++ b/images/ami/core.pkr.hcl @@ -0,0 +1,62 @@ +packer { + required_plugins { + amazon = { + version = ">= 1.2.8" + source = "github.com/hashicorp/amazon" + } + } +} + +variable "package_version" { + type = string +} + +variable "region" { + type = string + default = "eu-north-1" +} + +variable "instance_type" { + type = string + default = "t3.micro" +} + +source "amazon-ebs" "defguard-core" { + ami_name = "defguard-core-${var.package_version}-amd64" + instance_type = var.instance_type + region = var.region + source_ami_filter { + filters = { + name = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*" + root-device-type = "ebs" + virtualization-type = "hvm" + } + most_recent = true + owners = ["099720109477"] + } + ssh_username = "ubuntu" +} + +build { + name = "defguard-core" + sources = [ + "source.amazon-ebs.defguard-core" + ] + + provisioner "file" { + source = "defguard-${var.package_version}-x86_64-unknown-linux-gnu.deb" + destination = "/tmp/defguard-core.deb" + } + + provisioner "shell" { + script = "./images/ami/core.sh" + } + + provisioner "shell" { + inline = ["rm /home/ubuntu/.ssh/authorized_keys"] + } + + provisioner "shell" { + inline = ["sudo rm /root/.ssh/authorized_keys"] + } +} diff --git a/images/ami/core.sh b/images/ami/core.sh new file mode 100644 index 0000000000..1203c711ae --- /dev/null +++ b/images/ami/core.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash +set -e + +echo "Updating apt repositories..." +sudo apt update + +echo "Installing Defguard package..." +sudo dpkg -i /tmp/defguard-core.deb + +echo "Cleaning up..." +sudo rm -f /tmp/defguard-core.deb + +echo "Defguard installation completed successfully."