Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

re-enable AMI deploys #446

Draft
wants to merge 11 commits into
base: master
Choose a base branch
from
Draft

re-enable AMI deploys #446

wants to merge 11 commits into from

Conversation

rcooke-warwick
Copy link
Contributor

@rcooke-warwick rcooke-warwick commented Nov 6, 2024
edited by ab77
Loading

Change-type: patch

Required by:

Initial check to see how far it gets and start debugging

@rcooke-warwick rcooke-warwick force-pushed the ryan/fix-ami branch 2 times, most recently from 459a162 to 6ed3ab7 Compare November 12, 2024 12:06
@rcooke-warwick
re-enable AMI deploys
d990b05 
Change-type: patch
Signed-off-by: Ryan Cooke <[email protected]>
@rcooke-warwick
propogate yocto-scripts-version env var to AMI step
ad6d012 
Change-type: patch
Signed-off-by: Ryan Cooke <[email protected]>
@rcooke-warwick
propogate aws credentials to AMI step
dd51fea 
Required to give the scripts running in the AMI helper image AWS access

Change-type: patch
Signed-off-by: Ryan Cooke <[email protected]>
@rcooke-warwick
assume AWS role if deploy-ami is enabled
e1de9d3 
Change-type: patch
Signed-off-by: Ryan Cooke <[email protected]>
@rcooke-warwick
check device type arch correctly
6806280 
Change-type: patch
Signed-off-by: Ryan Cooke <[email protected]>
@rcooke-warwick
add deploy path to AMI publish image volume
36d3a48 
Change-type: patch
Signed-off-by: Ryan Cooke <[email protected]>
@rcooke-warwick
fix reference to config app
52fb278 
Change-type: patch
Signed-off-by: Ryan Cooke <[email protected]>
@rcooke-warwick
try using aws session token for auth
05a99bd 
Change-type: patch
Signed-off-by: Ryan Cooke <[email protected]>
@rcooke-warwick
add os version to ami name
ab9f49c 
Change-type: patch
Signed-off-by: Ryan Cooke <[email protected]>
@rcooke-warwick
replace "+" chars in AMI names
2972875 
AMI names with a + (e.g +rev) aren't  permitted

Change-type: patch
Signed-off-by: Ryan Cooke <[email protected]>
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 19, 2024
View reviewed changes
.github/workflows/yocto-build-deploy.yml
DT_ARCH: ${{ steps.balena-lib.outputs.dt_arch }}
run: |
if [ "${DT_ARCH}" = "amd64" ]; then
echo "string=x86_64" >>"${GITHUB_OUTPUT}"

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
.github/workflows/yocto-build-deploy.yml
if [ "${DT_ARCH}" = "amd64" ]; then
echo "string=x86_64" >>"${GITHUB_OUTPUT}"
elif [ "${DT_ARCH}" = "aarch64" ]; then
echo "string=arm64" >>"${GITHUB_OUTPUT}"

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
.github/workflows/yocto-build-deploy.yml
VERSION: "${{ steps.balena-lib.outputs.os_version }}"
run: |
if [ "${{ inputs.sign-image }}" = "true" ]; then
echo "string=balenaOS-secureboot-${VERSION}-${MACHINE}" | sed 's/+/-/g' >>"${GITHUB_OUTPUT}"

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
.github/workflows/yocto-build-deploy.yml
if [ "${{ inputs.sign-image }}" = "true" ]; then
echo "string=balenaOS-secureboot-${VERSION}-${MACHINE}" | sed 's/+/-/g' >>"${GITHUB_OUTPUT}"
else
echo "string=balenaOS-${VERSION}-${MACHINE}" | sed 's/+/-/g' >>"${GITHUB_OUTPUT}"

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
.github/workflows/yocto-build-deploy.yml
# image_id="$(docker images --format "{{.ID}}" "${image_tag}")"
# echo "id=${image_id}" >>"${GITHUB_OUTPUT}"
image_id="$(docker images --format "{{.ID}}" "${image_tag}")"
echo "id=${image_id}" >>"${GITHUB_OUTPUT}"

Check failure

Code scanning / octoscan

Write to "$GITHUB_OUTPUT" in a bash script. Error

Write to "$GITHUB_OUTPUT" in a bash script.
.github/workflows/yocto-build-deploy.yml
AWS_ACCESS_KEY_ID: ${{ steps.aws-creds.outputs.aws-access-key-id }}
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-creds.outputs.aws-secret-access-key }}
run: |
docker run --rm -t \

Check failure

Code scanning / octoscan

Expression injection, "steps..outputs." is potentially untrusted. Error

Expression injection, "steps.**.outputs.**" is potentially untrusted.
@rcooke-warwick
DEBUG: try using generic-amd64
509d395 
Change-type: patch
Signed-off-by: Ryan Cooke <[email protected]>
@rcooke-warwick rcooke-warwick deployed to balena-staging.com November 25, 2024 20:26 — with GitHub Actions Active
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klutchell klutchell Awaiting requested review from klutchell

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rcooke-warwick