Skip to content

Commit

Permalink
Add generateConfig action, updates to check-update-security and gener…
Browse files Browse the repository at this point in the history
…ate-release-vars.sh (#174)

* Modify generate-release-vars.sh to include ecs init, docker, and containerd versions similar to previously existing release vars

* Add generateConfig action, small updates to check-update-security
  • Loading branch information
hozkaya2000 authored Dec 6, 2023
1 parent adac2ad commit e45e658
Show file tree
Hide file tree
Showing 5 changed files with 89 additions and 6 deletions.
37 changes: 37 additions & 0 deletions .github/workflows/generateconfig.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: GenerateConfig

on: workflow_dispatch

jobs:
GenerateConfig:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
env:
IAM_INSTANCE_PROFILE_ARN: ${{secrets.IAM_INSTANCE_PROFILE_ARN}}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install xmllint
run: sudo apt-get update && sudo apt-get install libxml2-utils
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.AMI_GENERATE_CONFIG_ROLE}}
aws-region: us-west-2
- name: Configure prereqs
run: |
git config --global user.name "GenerateConfig Action"
git config --global user.email "[email protected]"
- name: Check AL1 Updates
run: ./scripts/check-update.sh al1
- name: Check AL2 Base AMI Update
run: ./scripts/check-update.sh al2
- name: Check AL2023 Base AMI Update
run: ./scripts/check-update.sh al2023
- name: Commit and Push Changes if Update Is Required
run: |
git commit -m "Release Kickoff"
git status
git push
2 changes: 1 addition & 1 deletion generate-release-vars.sh
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ EOF

readonly ecs_agent_version=$(sed -n '/variable "ecs_agent_version" {/,/}/p' variables.pkr.hcl | grep "default" | awk -F '"' '{ print $2 }')
readonly ecs_init_rev=$(sed -n '/variable "ecs_init_rev" {/,/}/p' variables.pkr.hcl | grep "default" | awk -F '"' '{ print $2 }')
readonly docker_version_2023=$(sed -n '/variable "docker_version_al2023" {/,/}/p' variables.pkr.hcl | grep "default" | awk -F '"' '{ print $2 }')
readonly docker_version_al2023=$(sed -n '/variable "docker_version_al2023" {/,/}/p' variables.pkr.hcl | grep "default" | awk -F '"' '{ print $2 }')
readonly containerd_version_al2023=$(sed -n '/variable "containerd_version_al2023" {/,/}/p' variables.pkr.hcl | grep "default" | awk -F '"' '{ print $2 }')
readonly exec_ssm_version=$(sed -n '/variable "exec_ssm_version" {/,/}/p' variables.pkr.hcl | grep "default" | awk -F '"' '{ print $2 }')

Expand Down
7 changes: 5 additions & 2 deletions release-al1.auto.pkrvars.hcl
Original file line number Diff line number Diff line change
@@ -1,2 +1,5 @@
ami_version = "20231024"
source_ami_al1 = "amzn-ami-minimal-hvm-2018.03.0.20231002.0-x86_64-ebs"
ami_version = "20231205"
ecs_version_al1 = "1.51.0"
docker_version_al1 = "20.10.13"
exec_ssm_version = "3.2.1630.0"
source_ami_al1 = "amzn-ami-minimal-hvm-2018.03.0.20231106.0-x86_64-ebs"
6 changes: 3 additions & 3 deletions check-update-security.sh → scripts/check-update-security.sh
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ esac
# Query ssm to get latest ecs optimized ami
ami_id=$(aws ssm get-parameters --names $ami_path --region us-west-2 | jq -r '.Parameters[0].Value' | jq -r '.image_id')

user_data=$(mktemp user_data.txt)
user_data=$(touch user_data.txt)
if [ "$install_and_start_ssm_agent" -eq 1 ]; then

cat <<EOT >>user_data.txt
Expand Down Expand Up @@ -153,7 +153,7 @@ check_wait_response $(echo $?)
# Instance has been launched, terminate in case of an error
trap 'failure_cleanup' ERR

rm "$user_data"
rm user_data.txt

# Assert that ssm agent is running before moving forward
ssm_agent_status() {
Expand Down Expand Up @@ -195,12 +195,12 @@ command_status() {
max_retries=20
success=0
for ((r = 0; r < max_retries; r++)); do
sleep 5
cmd_status=$(command_status)
if [ "$cmd_status" = "Failed" ] || [ "$cmd_status" = "Success" ]; then
success=1
break
fi
sleep 5
done
if [ $success -ne 1 ]; then
echo "Command execution timed out"
Expand Down
43 changes: 43 additions & 0 deletions scripts/check-update.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
#!/usr/bin/env bash
set -io pipefail

usage() {
echo "Usage:"
echo " $0 AMI_TYPE"
echo "Example:"
echo " $0 al2"
echo "AMI_TYPE Must be one of: al1, al2, al2023"
}

error() {
local msg="$1"
echo "ERROR: $msg"
usage
exit 1
}

readonly ami_type="$1"
if [ -z "$ami_type" ]; then
error "AMI_TYPE must be provided"
fi

cp release-$ami_type.auto.pkrvars.hcl release-$ami_type.old.hcl
./generate-release-vars.sh $ami_type
diff_val=$(diff <(grep -v ami_version release-$ami_type.old.hcl) <(grep -v ami_version release-$ami_type.auto.pkrvars.hcl))
if [ -z "$diff_val" ]; then
Update=$(./scripts/check-update-security.sh $ami_type)
if [ "$Update" != "true" ] && [ "$ami_type" != "al1" ]; then
Update=$(./scripts/check-update-security.sh "$ami_type"_arm)
fi
else
Update="true"
fi

rm "release-$ami_type.old.hcl"

if [ "$Update" = "true" ]; then
echo "Update exists for $ami_type"
git add release-$ami_type.auto.pkrvars.hcl
else
echo "Update does not exist for $ami_type"
fi

0 comments on commit e45e658

Please sign in to comment.