Add AMI building to the release pipeline (#130)

t-aleksander · web-flow · commit 09c1cd27834f · 2025-07-25T16:51:28.000+02:00
* proxy ami building

* Update release.yml

* build ami for multiple regions

* revert proxy changes

* Update release.yml

* tokyo region
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -95,6 +95,10 @@ jobs:
           target: ${{ matrix.target }}
           override: true
 
+      - name: Setup `packer`
+        uses: hashicorp/setup-packer@main
+        id: setup
+
       - name: Set up Docker BuildX
         uses: docker/setup-buildx-action@v3
         with:
@@ -168,6 +172,26 @@ jobs:
           asset_name: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb
           asset_content_type: application/octet-stream
 
+      - name: Run `packer init`
+        if: matrix.build == 'linux' && matrix.arch == 'amd64'
+        id: init
+        run: "packer init ./images/ami/proxy.pkr.hcl"
+
+      - name: Build AMI images for multiple regions
+        if: matrix.build == 'linux' && matrix.arch == 'amd64'
+        run: |
+          regions=(us-east-1 eu-west-1 ap-northeast-1)
+          for region in "${regions[@]}"; do
+            echo "Building AMI for region: $region"
+            echo "Running packer validate for $region..."
+            packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
+            echo "Building AMI image for $region..."
+            packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
+          done
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
       - name: Build RPM package
         if: matrix.build == 'linux'
         uses: bpicode/github-action-fpm@master
diff --git a/images/ami/proxy.pkr.hcl b/images/ami/proxy.pkr.hcl
@@ -0,0 +1,62 @@
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 1.2.8"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+variable "package_version" {
+  type = string
+}
+
+variable "region" {
+  type    = string
+  default = "eu-north-1"
+}
+
+variable "instance_type" {
+  type    = string
+  default = "t3.micro"
+}
+
+source "amazon-ebs" "defguard-proxy" {
+  ami_name      = "defguard-proxy-${var.package_version}-amd64"
+  instance_type = var.instance_type
+  region        = var.region
+  source_ami_filter {
+    filters = {
+      name                = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"
+      root-device-type    = "ebs"
+      virtualization-type = "hvm"
+    }
+    most_recent = true
+    owners      = ["099720109477"]
+  }
+  ssh_username = "ubuntu"
+}
+
+build {
+  name = "defguard-proxy"
+  sources = [
+    "source.amazon-ebs.defguard-proxy"
+  ]
+
+  provisioner "file" {
+    source      = "defguard-proxy-${var.package_version}-x86_64-unknown-linux-gnu.deb"
+    destination = "/tmp/defguard-proxy.deb"
+  }
+
+  provisioner "shell" {
+    script = "./images/ami/proxy.sh"
+  }
+
+  provisioner "shell" {
+    inline = ["rm /home/ubuntu/.ssh/authorized_keys"]
+  }
+
+  provisioner "shell" {
+    inline = ["sudo rm /root/.ssh/authorized_keys"]
+  }
+}
diff --git a/images/ami/proxy.sh b/images/ami/proxy.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -e
+
+echo "Updating apt repositories..."
+sudo apt update
+
+echo "Installing Defguard Proxy package..."
+sudo dpkg -i /tmp/defguard-proxy.deb 
+
+echo "Cleaning up..."
+sudo rm -f /tmp/defguard-proxy.deb
+
+echo "Defguard Proxy installation completed successfully."
