From 6a76ecfe81a73903c40307b4e3c9e58d3429475e Mon Sep 17 00:00:00 2001
From: Christian Berendt <berendt@osism.tech>
Date: Sat, 9 Sep 2023 12:31:21 +0200
Subject: [PATCH] zuul: add build jobs (pt. 1) (#59)

Signed-off-by: Christian Berendt <berendt@osism.tech>
---
 .github/workflows/build-image.yml |  2 -
 .zuul.yaml                        | 76 ++++++++++++++++++++++++++++++-
 README.md                         |  7 ++-
 playbooks/build.yml               | 39 ++++++++++++++++
 playbooks/pre.yml                 | 29 ++++++++++++
 5 files changed, 147 insertions(+), 6 deletions(-)
 create mode 100644 playbooks/build.yml
 create mode 100644 playbooks/pre.yml

diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml
index e6d3eff..7302e67 100644
--- a/.github/workflows/build-image.yml
+++ b/.github/workflows/build-image.yml
@@ -18,8 +18,6 @@ jobs:
           - '1'
           - '2'
           - '3'
-          - 'cloud-in-a-box-1'
-          - 'cloud-in-a-box-2'
           - 'osism-1'
           - 'osism-2'
           - 'osism-3'
diff --git a/.zuul.yaml b/.zuul.yaml
index 62f6aa8..92b481c 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -1,12 +1,84 @@
 ---
+- secret:
+    name: SECRET_NODE_IMAGE
+    data:
+      MINIO_ACCESS_KEY: !encrypted/pkcs1-oaep
+        - GPW0jzCECrTIbEuWqznGUkg/xB/iI1LBegX8YGRmh8wK6Qmt4yd6oLEJvV5s5KoVembso
+          UA+tynbjuC/2Ash7dXMiNgjFzcvNPBXo8OLgudD6anNXSOlRbaypiXHApm1wXW9rpHY4P
+          TcMDehS4rMk2110uLFCeTGuStS3ymhf7geqgUKpeKjqKGFkBz9c2/5enYDHyuF699B033
+          5Lj064IijI0lGadvVVueIF0jcvLxoPHKyO88yU1NY4PDg1+yB0BZZiLq4MZ2mRutpYiah
+          0PAOXh0F900OfNp8gQMTuAAqpIC5C00s3PpzMvIpjS91ujAkl554dhOvx1BpjtMJVYRNY
+          3KCI2szoO3pErcdWIXqE/ZpOxV6VnwSaNCU+kVJL+A5ndFCg86dLdONB+v8Bffs3cSeM9
+          1dtdgC8+x+uUo31pis1oQ/4fpSD92vT0cx9LKyQIBv7ltKH/tlY6/pCVQO41Bw3wPfevT
+          RIYl2PcoGrkYPX41GLQ0btzKc5ps7+MX3BzR7d5bT+0Bqj6/h/58qbBkzFU+kNXXwW8EP
+          4uv6BF6br2am8M5Kh/tbQcqsf1VaGAxNaTG0LROBgFIA2j/XzBKRj+OmbM2Rfyl+P7UCI
+          DLxWo91wHBXCVlaXuv5AsA1rBesPXf1l8Bq3s9mKlVh10KAQ0bkOnJuZuFlSnw=
+      MINIO_SECRET_KEY: !encrypted/pkcs1-oaep
+        - gRvbtBGNlvUbPxdJxa2Bcszx9ZImcIW3bQd6gC3Dl2PsMyorlOnWaLMuocV1xiYvkNbUQ
+          BocDdc271cuTHZYId1cA2xpjHQJiD+w2M1/kKOs/ofaQ5RY/+ljyC9MSEbFPKk04Ae3KS
+          KO7THu2K2OOnC6KxRSqVDAqKEVTncEYCoYBy7Om7MJPsWhZDWqiZN1Ijf0j9btzsFTIQQ
+          34a8W9AGSCDY9zoZKZcxT0hdHvzU+6eKGd6klb/o5jB+lkNnkvywg9I3sOf/t2VhpqgLa
+          kCH48SSiH6OTVMmL8n5eSm/e2xiGTpr4JgJaYcDBS8SLnYy3k8mgTZnAeDsinZxbC+RQE
+          fqocQ660GPvP6+QNU5lRXDOpE29eDKIumVlkvr+hm/qAgPMh+XIWeGY8OyzCr+wTk+FkM
+          yC76qmxDMEEbSO6yic5D5M4eHFyuqxhTb5RKQFyi1MwT0VzZRccqVGNXyUtyfLvrji0R7
+          qnt8RNKozzve0aX/xF1O4mmrku451SIvwRZ+icGjmY5B2Yn7jWtMXkDgVc3YVZYzMaRKb
+          e/Zsv0Jnt2mBBwZJWojpqmtaYlCEEOK0ZfLbICUkxz/oXsS9OX1DEXpzgEih+jfy6VFuy
+          OR61DtzeNhw5KaY1fuTpXufWTyrcwUswAY4+GftrjauNXQxlGxiD42lqp1ur6M=
+
+- job:
+    name: node-image-build
+    abstract: true
+    pre-run: playbooks/pre.yml
+    run: playbooks/build.yml
+    timeout: 1800
+    vars:
+      upload_image: false
+
+- job:
+    name: node-image-build-cloud-in-a-box-1
+    parent: node-image-build
+    vars:
+      name: cloud-in-a-box-1
+
+- job:
+    name: node-image-build-cloud-in-a-box-2
+    parent: node-image-build
+    vars:
+      name: cloud-in-a-box-2
+
+- job:
+    name: node-image-publish-cloud-in-a-box-1
+    parent: node-image-build-cloud-in-a-box-1
+    vars:
+      upload_image: true
+    secrets:
+      - name: minio
+        secret: SECRET_NODE_IMAGE
+        pass-to-parent: true
+
+- job:
+    name: node-image-publish-cloud-in-a-box-2
+    parent: node-image-build-cloud-in-a-box-2
+    vars:
+      upload_image: true
+    secrets:
+      - name: minio
+        secret: SECRET_NODE_IMAGE
+        pass-to-parent: true
+
 - project:
     merge-mode: squash-merge
     check:
       jobs:
+        - node-image-build-cloud-in-a-box-1
+        - node-image-build-cloud-in-a-box-2
         - yamllint
-    gate:
+    post:
       jobs:
-        - yamllint
+        - node-image-publish-cloud-in-a-box-1:
+            branches: main
+        - node-image-publish-cloud-in-a-box-2:
+            branches: main
     periodic-daily:
       jobs:
         - yamllint
diff --git a/README.md b/README.md
index ed2c391..901d67d 100644
--- a/README.md
+++ b/README.md
@@ -11,8 +11,11 @@
 
 ### Cloud-in-a-box images
 
-* https://minio.services.osism.tech/node-image/ubuntu-autoinstall-cloud-in-a-box-1.iso
-* https://minio.services.osism.tech/node-image/ubuntu-autoinstall-cloud-in-a-box-2.iso
+* https://swift.services.a.regiocloud.tech/swift/v1/AUTH_b182637428444b9aa302bb8d5a5a418c/osism-node-image/ubuntu-autoinstall-cloud-in-a-box-1.iso
+* https://swift.services.a.regiocloud.tech/swift/v1/AUTH_b182637428444b9aa302bb8d5a5a418c/osism-node-image/ubuntu-autoinstall-cloud-in-a-box-1.iso.CHECKSUM
+
+* https://swift.services.a.regiocloud.tech/swift/v1/AUTH_b182637428444b9aa302bb8d5a5a418c/osism-node-image/ubuntu-autoinstall-cloud-in-a-box-2.iso
+* https://swift.services.a.regiocloud.tech/swift/v1/AUTH_b182637428444b9aa302bb8d5a5a418c/osism-node-image/ubuntu-autoinstall-cloud-in-a-box-2.iso.CHECKSUM
 
 ### Other
 
diff --git a/playbooks/build.yml b/playbooks/build.yml
new file mode 100644
index 0000000..a5bb9ab
--- /dev/null
+++ b/playbooks/build.yml
@@ -0,0 +1,39 @@
+---
+- name: Build image
+  hosts: all
+
+  vars:
+    name: cloud-in-a-box-1
+
+  tasks:
+    - name: Run build script
+      ansible.builtin.shell:
+        executable: /bin/bash
+        chdir: "{{ zuul.project.src_dir }}"
+        cmd: |
+          set -e
+          set -x
+
+          cp variants/disk-layout-{{ name }}.yml include.d/disk-layout.yml
+          cp variants/runcmd-{{ name }}.yml include.d/runcmd.yml
+
+          pipenv run python3 render-user-data.py > user-data
+          # cloud-init schema --config-file user-data
+
+          bash image-create.sh -r -a -k -u user-data -n jammy
+
+          mv ubuntu-autoinstall.iso ubuntu-autoinstall-{{ name }}.iso
+          sha256sum ubuntu-autoinstall-{{ name }}.iso > ubuntu-autoinstall-{{ name }}.iso.CHECKSUM
+
+    - name: Run upload script
+      ansible.builtin.shell:
+        executable: /bin/bash
+        chdir: "{{ zuul.project.src_dir }}"
+        cmd: |
+          wget https://dl.min.io/client/mc/release/linux-amd64/mc
+          chmod +x mc
+          ./mc alias set minio https://swift.services.a.regiocloud.tech {{ minio.MINIO_ACCESS_KEY | trim }} {{ minio.MINIO_SECRET_KEY | trim }}
+          ./mc cp ubuntu-autoinstall-{{ name }}.iso minio/osism-node-image
+          ./mc cp ubuntu-autoinstall-{{ name }}.iso.CHECKSUM minio/osism-node-image
+      when: upload_image|bool
+      no_log: true
diff --git a/playbooks/pre.yml b/playbooks/pre.yml
new file mode 100644
index 0000000..3c2de25
--- /dev/null
+++ b/playbooks/pre.yml
@@ -0,0 +1,29 @@
+---
+- name: Pre
+  hosts: all
+
+  roles:
+    - ensure-pip
+
+  tasks:
+    - name: Run install script
+      ansible.builtin.shell:
+        executable: /bin/bash
+        chdir: "{{ zuul.project.src_dir }}"
+        cmd: |
+          set -e
+          set -x
+
+          sudo apt-get update
+          sudo apt-get install -y \
+            cloud-init \
+            curl \
+            fdisk \
+            gpg \
+            isolinux \
+            sed \
+            wget \
+            xorriso
+
+          sudo pip3 install pipenv
+          pipenv install