From f02d3f1f962946afba44d7852f59f36656606d77 Mon Sep 17 00:00:00 2001
From: akashrajguru <akash.rajguru@est.tech>
Date: Fri, 23 Feb 2024 09:02:44 +0000
Subject: [PATCH] Adding packer to build Nephio pre-baked image

---
 .github/workflows/nephio-packer-gcp.yaml      | 51 +++++++++++++++
 e2e/packer/gcp/nephio-packer.pkr.hcl          | 63 +++++++++++++++++++
 e2e/packer/gcp/varibles.pkrvars.hcl           |  5 ++
 e2e/terraform/main.tf                         |  8 +++
 .../modules/gh_action_resource/main.tf        | 32 ++++++++++
 .../modules/gh_action_resource/output.tf      |  9 +++
 .../modules/gh_action_resource/provider.tf    | 23 +++++++
 .../modules/gh_action_resource/variables.tf   | 38 +++++++++++
 8 files changed, 229 insertions(+)
 create mode 100644 .github/workflows/nephio-packer-gcp.yaml
 create mode 100644 e2e/packer/gcp/nephio-packer.pkr.hcl
 create mode 100644 e2e/packer/gcp/varibles.pkrvars.hcl
 create mode 100644 e2e/terraform/modules/gh_action_resource/main.tf
 create mode 100644 e2e/terraform/modules/gh_action_resource/output.tf
 create mode 100644 e2e/terraform/modules/gh_action_resource/provider.tf
 create mode 100644 e2e/terraform/modules/gh_action_resource/variables.tf

diff --git a/.github/workflows/nephio-packer-gcp.yaml b/.github/workflows/nephio-packer-gcp.yaml
new file mode 100644
index 00000000..d92b4f1b
--- /dev/null
+++ b/.github/workflows/nephio-packer-gcp.yaml
@@ -0,0 +1,51 @@
+name: Nephio Packer GCP Build
+
+on:
+  push:
+    branches: [add_packer_build]
+    paths-ignore: ['**/README.md', 'prow/*', 'tools/*', 'images/*']
+
+env:
+  PRODUCT_VERSION: "1.8.6"
+
+jobs:
+  packer-nephio-pre-backed-image:
+    name: Build Nephio pre-baked image
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./e2e/packer/gcp
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+        
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Authenticate to GCP
+        id: 'auth'
+        uses: 'google-github-actions/auth@v2'
+        with:
+            workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
+            service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
+
+      - name: Setup `packer`
+        uses: hashicorp/setup-packer@main
+        id: setup
+        with:
+          version: ${{ env.PRODUCT_VERSION }}
+
+      - name: Run `packer init`
+        id: init
+        run: "packer init ./nephio-packer.pkr.hcl"
+
+      - name: Run `packer validate`
+        id: validate
+        run: "packer validate -syntax-only -evaluate-datasources ./nephio-packer.pkr.hcl"
+
+      - name: Run `packer build`
+        id: build
+        run: "packer build -force -var 'project_id=${{ vars.GCP_PROJECT_ID }}' -var-file=varibles.pkrvars.hcl ./nephio-packer.pkr.hcl"  
+
+      
diff --git a/e2e/packer/gcp/nephio-packer.pkr.hcl b/e2e/packer/gcp/nephio-packer.pkr.hcl
new file mode 100644
index 00000000..7376bf4e
--- /dev/null
+++ b/e2e/packer/gcp/nephio-packer.pkr.hcl
@@ -0,0 +1,63 @@
+packer {
+  required_plugins {
+    googlecompute = {
+      source  = "github.com/hashicorp/googlecompute"
+      version = "~> 1"
+    }
+  }
+}
+
+# Requires Variables for GCP
+variable "project_id" {}
+variable "zone" {}
+variable "source_image" {}
+variable "image_version" {}
+variable "machine_type" {}
+variable "disk_size" {} 
+
+locals {
+    datestamp = formatdate("YYYYMMDD", timestamp())
+    image_version = replace(var.image_version, ".", "-")
+}
+
+source "googlecompute" "nephio-packer" {
+  project_id        = var.project_id
+  zone              = var.zone
+  machine_type      = var.machine_type
+  source_image      = var.source_image
+  ssh_username      = "ubuntu"
+  use_os_login      = "false"
+  disk_size         = var.disk_size
+  image_name        = "nephio-pre-baked-${local.image_version}-ubuntu-${local.datestamp}"
+  image_description = "Nephio pre-backed ubuntu 20.04 image"  
+
+}
+
+build {
+  sources = ["sources.googlecompute.nephio-packer"]
+  provisioner "shell" {
+    expect_disconnect = "true"
+    inline = [
+      "echo '=============================================='",
+      "echo 'APT INSTALL PACKAGES & UPDATES'",
+      "echo '=============================================='",
+      "sudo apt update",
+      "echo '* libraries/restart-without-asking boolean true' | sudo debconf-set-selections",
+      "sudo apt upgrade -y"
+    ]
+  }
+
+  provisioner "shell" {
+    inline = [
+      "echo '=============================================='",
+      "echo 'INSTALL NEPHIO CORE'",
+      "echo '=============================================='",
+      "git clone https://github.com/nephio-project/test-infra.git",
+      "cd test-infra/e2e/provision",
+      "ANSIBLE_CMD_EXTRA_VAR_LIST='DEBUG=true' ./install_sandbox.sh",
+      "echo '=============================================='",
+      "echo 'BUILD COMPLETE'",
+      "echo '=============================================='"
+    ]
+  }
+}
\ No newline at end of file
diff --git a/e2e/packer/gcp/varibles.pkrvars.hcl b/e2e/packer/gcp/varibles.pkrvars.hcl
new file mode 100644
index 00000000..70e1be39
--- /dev/null
+++ b/e2e/packer/gcp/varibles.pkrvars.hcl
@@ -0,0 +1,5 @@
+image_version       = "1.0.0"
+zone                = "europe-west1-b"
+source_image        = "ubuntu-2004-focal-v20240209"
+machine_type        = "e2-standard-8"
+disk_size           = 50
\ No newline at end of file
diff --git a/e2e/terraform/main.tf b/e2e/terraform/main.tf
index 2ec206e5..f2306a06 100644
--- a/e2e/terraform/main.tf
+++ b/e2e/terraform/main.tf
@@ -30,3 +30,11 @@ variable "fail_fast" {
   default     = "false"
   type        = string
 }
+
+module "github_action_gcp_resource" {
+  source      = ".//modules/gh_action_resource"
+  project_id  = "pure-faculty-367518"
+  wif_pool_id = "gh-action-wif-pool"
+  github_org  = "nephio-project"
+  github_repo = "test-infra"
+}
\ No newline at end of file
diff --git a/e2e/terraform/modules/gh_action_resource/main.tf b/e2e/terraform/modules/gh_action_resource/main.tf
new file mode 100644
index 00000000..2301f467
--- /dev/null
+++ b/e2e/terraform/modules/gh_action_resource/main.tf
@@ -0,0 +1,32 @@
+# Create service account for Github Actions
+data "google_project" "main" {
+  project_id = var.project_id
+}
+
+resource "google_service_account" "packer_sa" {
+  account_id = "github-action-packer-sa"
+  display_name = "Service account for GitHub Actions"
+}
+
+resource "google_project_iam_member" "packer_sa_iam_member" {
+  project = var.project_id
+  count = length(var.packer_sa_iam_roles_list)
+  role = var.packer_sa_iam_roles_list[count.index]
+  member = "serviceAccount:${google_service_account.packer_sa.email}"
+}
+
+# Create Workload Iddentity Fedetation on GCP for Github actions authentication
+module "gh_oidc" {
+  source = "terraform-google-modules/github-actions-runners/google//modules/gh-oidc"
+  version = "3.1.1"
+  
+  project_id = var.project_id
+  pool_id = var.wif_pool_id
+  provider_id = "github"
+  sa_mapping = {
+    "packer-sa" = {
+      sa_name   = google_service_account.packer_sa.id
+      attribute = format("attribute.repository/%s/%s", var.github_org, var.github_repo)
+    }
+  }
+}
\ No newline at end of file
diff --git a/e2e/terraform/modules/gh_action_resource/output.tf b/e2e/terraform/modules/gh_action_resource/output.tf
new file mode 100644
index 00000000..2943981f
--- /dev/null
+++ b/e2e/terraform/modules/gh_action_resource/output.tf
@@ -0,0 +1,9 @@
+output "wif_provider" {
+  value = module.gh_oidc.provider_name
+  description = "Workload Identity Federation name"
+}
+
+output "wif_service_account" {
+  value = google_service_account.packer_sa.email
+  description = "Service account name"
+}
\ No newline at end of file
diff --git a/e2e/terraform/modules/gh_action_resource/provider.tf b/e2e/terraform/modules/gh_action_resource/provider.tf
new file mode 100644
index 00000000..d15ab342
--- /dev/null
+++ b/e2e/terraform/modules/gh_action_resource/provider.tf
@@ -0,0 +1,23 @@
+terraform {
+  required_version = "~> 1.0"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 4.0" 
+    }
+  }
+}
+
+provider "google" {
+  project = var.project_id
+  region  = var.region
+}
+
+provider "google-beta" {
+  project = var.project_id
+  region  = var.region
+}
\ No newline at end of file
diff --git a/e2e/terraform/modules/gh_action_resource/variables.tf b/e2e/terraform/modules/gh_action_resource/variables.tf
new file mode 100644
index 00000000..9c556e5e
--- /dev/null
+++ b/e2e/terraform/modules/gh_action_resource/variables.tf
@@ -0,0 +1,38 @@
+variable "project_id" {
+  description = "GCP project ID"
+  default     = "pure-faculty-367518"
+  type        = string
+}
+
+variable "region" {
+  description = "Region to deploy GCP resources"
+  type        = string
+  default     = "europe-west1"
+}
+
+variable "wif_pool_id" {
+  description = "Workload Identity Federation pool ID"
+  default     = "nephio_wif_pool_id"
+  type        = string
+}
+
+variable "packer_sa_iam_roles_list" {
+  description = "List of IAM roles to be assigned to Packer WIF service account"
+  type        = list(string)
+  default = [
+    "roles/compute.instanceAdmin.v1",
+    "roles/iam.serviceAccountUser",
+  ]
+}
+
+variable "github_org" {
+  description = "GitHub repo owner name"
+  default     = "nephio-project"
+  type        = string
+}
+
+variable "github_repo" {
+  description = "GitHub repo name"
+  default     = "test-infra"
+  type        = string
+}