Fix Digital Ocean Release Workflow (#114)

3 years ago · 86d5ddbdfc
3 changed files with 134 additions and 106 deletions
--- a/.github/workflows/release-digital-ocean.yml
+++ b/.github/workflows/release-digital-ocean.yml
@ -39,6 +39,9 @@ jobs:
				@@ -39,6 +39,9 @@ jobs:
            | sed -e 's/,$//' -e 's/^"//' -e 's/"$//')
          echo "version=$VERSION" >> $GITHUB_OUTPUT

+      - name: Set up Hashicorp Packer
+        uses: hashicorp/setup-packer@ae6b3ed3bec089bbfb576ab7d714df7cbc4b88a4 # v2.0.0
+
      - name: Build Digital Ocean Image
        env:
          DIGITALOCEAN_TOKEN: ${{ steps.retrieve-secrets.outputs.digital-ocean-api-key }}
@ -46,21 +49,18 @@ jobs:
				@@ -46,21 +49,18 @@ jobs:
        working-directory: ./DigitalOceanMarketplace
        run: |
          packer version
-          packer build marketplace-image.json
+          packer init -upgrade marketplace-image.pkr.hcl
+          packer build marketplace-image.pkr.hcl

-      - name: Set up Homebrew
-        uses: Homebrew/actions/setup-homebrew@bf8757bc21b0cba89461f996ff351821727cf53d # v1.0.0 NB: does not have an official release yet
+      - name: Install doctl
+        uses: digitalocean/action-doctl@ba7726ed64a9c5eb774152b1ea03bf67ee81ad6e # v2.3.0
+        with:
+          token: ${{ steps.retrieve-secrets.outputs.digital-ocean-api-key }}

      - name: Digital Ocean Image Cleanup
-        env:
-          DIGITALOCEAN_TOKEN: ${{ steps.retrieve-secrets.outputs.digital-ocean-api-key }}
        working-directory: ./DigitalOceanMarketplace
        if: ${{ github.event_name != 'release' && github.event_name != 'workflow_dispatch' }}
        run: |
-          brew install doctl
-          # Authenticate to Digital Ocean.
-          doctl auth init -t $DIGITALOCEAN_TOKEN
-
          # Get the ID from the snapshot build.
          DO_ARTIFACT=$(jq -r '.builds[-1].artifact_id' manifest.json | cut -d ":" -f2)

--- a/DigitalOceanMarketplace/marketplace-image.json
+++ b/DigitalOceanMarketplace/marketplace-image.json
@ -1,97 +0,0 @@
				@@ -1,97 +0,0 @@
-{
-  "variables": {
-    "do_token": "{{env `DIGITALOCEAN_TOKEN`}}",
-    "image_name": "bitwarden-20-04-snapshot-{{timestamp}}",
-    "apt_packages_1": "fail2ban ca-certificates curl gnupg lsb-release",
-    "apt_packages_2": "docker-ce docker-ce-cli containerd.io",
-    "application_name": "Bitwarden",
-    "application_version": "{{env `DIGITALOCEAN_IMG_VERSION`}}"
-  },
-  "sensitive-variables": [
-    "do_token"
-  ],
-  "builders": [
-    {
-      "type": "digitalocean",
-      "api_token": "{{user `do_token`}}",
-      "image": "ubuntu-20-04-x64",
-      "region": "nyc3",
-      "size": "s-1vcpu-1gb",
-      "ssh_username": "root",
-      "snapshot_name": "{{user `image_name`}}"
-    }
-  ],
-  "provisioners": [
-    {
-      "type": "shell",
-      "inline": [
-        "cloud-init status --wait"
-      ]
-    },
-    {
-      "type": "file",
-      "source": "files/etc/",
-      "destination": "/etc/"
-    },
-    {
-      "type": "file",
-      "source": "files/opt/",
-      "destination": "/opt/"
-    },
-    {
-      "type": "file",
-      "source": "files/var/",
-      "destination": "/var/"
-    },
-    {
-      "type": "shell",
-      "environment_vars": [
-        "DEBIAN_FRONTEND=noninteractive",
-        "LC_ALL=C",
-        "LANG=en_US.UTF-8",
-        "LC_CTYPE=en_US.UTF-8"
-      ],
-      "inline": [
-        "apt -qqy update",
-        "apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' full-upgrade",
-        "apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install {{user `apt_packages_1`}}",
-        "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg",
-        "echo \"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" | tee /etc/apt/sources.list.d/docker.list > /dev/null",
-        "apt -qqy update",
-        "apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install {{user `apt_packages_2`}}",
-        "apt -qqy clean",
-        "curl -L \"https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)\" -o /usr/local/bin/docker-compose",
-        "chmod +x /usr/local/bin/docker-compose",
-        "rm -rf /opt/digitalocean",
-        "echo > /var/log/auth.log",
-        "echo > /var/log/kern.log",
-        "echo > /var/log/ufw.log"
-      ]
-    },
-    {
-      "type": "shell",
-      "environment_vars": [
-        "application_name={{user `application_name`}}",
-        "application_version={{user `application_version`}}",
-        "DEBIAN_FRONTEND=noninteractive",
-        "LC_ALL=C",
-        "LANG=en_US.UTF-8",
-        "LC_CTYPE=en_US.UTF-8"
-      ],
-      "scripts": [
-        "scripts/01-setup-first-run.sh",
-        "scripts/02-ufw-bitwarden.sh",
-        "scripts/03-force-ssh-logout.sh",
-        "scripts/90-cleanup.sh",
-        "scripts/99-img-check.sh"
-      ]
-    }
-  ],
-  "post-processors": [
-    {
-      "type": "manifest",
-      "output": "manifest.json",
-      "strip_path": true
-    }
-  ]
-}
--- a/DigitalOceanMarketplace/marketplace-image.pkr.hcl
+++ b/DigitalOceanMarketplace/marketplace-image.pkr.hcl
@ -0,0 +1,125 @@
				@@ -0,0 +1,125 @@
+packer {
+  required_plugins {
+    digitalocean = {
+      version = ">= 1.0.4"
+      source  = "github.com/digitalocean/digitalocean"
+    }
+  }
+}
+
+variable "application_name" {
+  type    = string
+  default = "Bitwarden"
+}
+
+variable "application_version" {
+  type    = string
+  default = "${env("DIGITALOCEAN_IMG_VERSION")}"
+}
+
+variable "apt_packages" {
+  type    = string
+  default = "fail2ban ca-certificates curl gnupg"
+}
+
+variable "docker_packages" {
+  type    = string
+  default = "docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin"
+}
+
+variable "do_token" {
+  type      = string
+  default   = "${env("DIGITALOCEAN_TOKEN")}"
+  sensitive = true
+}
+
+# "timestamp" template function replacement
+locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }
+
+# All locals variables are generated from variables that uses expressions
+# that are not allowed in HCL2 variables.
+locals {
+  image_name = "bitwarden-22-04-snapshot-${local.timestamp}"
+}
+
+source "digitalocean" "bitwarden_self_host" {
+  api_token     = "${var.do_token}"
+  image         = "ubuntu-22-04-x64"
+  region        = "nyc3"
+  size          = "s-1vcpu-1gb"
+  snapshot_name = "${local.image_name}"
+  ssh_username  = "root"
+}
+
+build {
+  sources = ["source.digitalocean.bitwarden_self_host"]
+
+  provisioner "shell" {
+    inline = ["cloud-init status --wait"]
+  }
+
+  provisioner "file" {
+    destination = "/etc/"
+    source      = "files/etc/"
+  }
+
+  provisioner "file" {
+    destination = "/opt/"
+    source      = "files/opt/"
+  }
+
+  provisioner "file" {
+    destination = "/var/"
+    source      = "files/var/"
+  }
+
+  provisioner "shell" {
+    environment_vars = [
+      "DEBIAN_FRONTEND=noninteractive",
+      "LC_ALL=C",
+      "LANG=en_US.UTF-8",
+      "LC_CTYPE=en_US.UTF-8"
+    ]
+    inline           = [
+      "apt-get -qqy update",
+      "apt-get -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' full-upgrade",
+      "apt-get -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install ${var.apt_packages}",
+      "install -m 0755 -d /etc/apt/keyrings",
+      "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg",
+      "chmod a+r /etc/apt/keyrings/docker.gpg",
+      "echo \"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo \"$VERSION_CODENAME\") stable\" | tee /etc/apt/sources.list.d/docker.list > /dev/null",
+      "apt-get -qqy update",
+      "apt-get -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install ${var.docker_packages}",
+      "apt-get -qqy clean",
+      "rm -rf /opt/digitalocean",
+      "rm -rf /var/log/auth.log",
+      "rm -rf /var/log/kern.log",
+      "rm -rf /var/log/ufw.log",
+      "rm -rf /var/log/ubuntu-advantage.log",
+      "rm -rf /var/log/droplet-agent.update.log"
+    ]
+  }
+
+  provisioner "shell" {
+    environment_vars = [
+      "application_name=${var.application_name}",
+      "application_version=${var.application_version}",
+      "DEBIAN_FRONTEND=noninteractive",
+      "LC_ALL=C",
+      "LANG=en_US.UTF-8",
+      "LC_CTYPE=en_US.UTF-8"
+    ]
+    scripts          = [
+      "scripts/01-setup-first-run.sh",
+      "scripts/02-ufw-bitwarden.sh",
+      "scripts/03-force-ssh-logout.sh",
+      "scripts/90-cleanup.sh",
+      "scripts/99-img-check.sh"
+    ]
+  }
+
+  post-processor "manifest" {
+    output     = "manifest.json"
+    strip_path = true
+  }
+}