Help debugging issues

.github/workflows/build.yml

@@ -121,11 +121,11 @@ jobs:
             cat "${{ steps.terraform-vm-id.outputs.stdout }}"
             echo "BUILDEOF"
           } >> "$GITHUB_OUTPUT"
-          if grep "SUCCESSFUL BUILD" "${{ steps.terraform-vm-id.outputs.stdout }}"; then
-            echo "outcome=success" >> "$GITHUB_OUTPUT"
-          else
-            echo "outcome=failure" >> "$GITHUB_OUTPUT"
-          fi
+          outcome=$( (grep "^### BUILD-IMAGE: " \
+                           "${{ steps.terraform-vm-id.outputs.stdout }}" \
+                      || echo "ERROR") \
+                    | cut -f2 -d":" | cut -f1 -d"-" | tr -d " ")
+          echo "outcome=$outcome" >> "$GITHUB_OUTPUT"
       - name: Update PR with build status
         uses: actions/github-script@v7
         with:

builder/build-image.sh

@@ -2,11 +2,11 @@
 set -e
 
 error_handler() {
-    echo " Error in line: $1 " >> /var/log/image-build.log 2>&1
+    echo "### BUILD-IMAGE: ERROR - line $1"
     shift
-    echo " Exit status: $1 " >> /var/log/image-build.log 2>&1
+    echo " Exit status: $1"
     shift
-    echo " Command: $* " >> /var/log/image-build.log 2>&1
+    echo " Command: $*"
 }
 
 trap 'error_handler ${LINENO} $? ${BASH_COMMAND}' ERR INT TERM
@@ -17,7 +17,7 @@ FEDCLOUD_SECRET_LOCKER="$2"
 # create a virtual env for fedcloudclient
 python3 -m venv "$PWD/.venv"
 export PATH="$PWD/.venv/bin:$PATH"
-pip install fedcloudclient simplejson yq python-hcl2
+pip install -qqq fedcloudclient simplejson yq python-hcl2
 
 # Get openstack ready
 mkdir -p /etc/openstack/
@@ -31,28 +31,40 @@ systemctl start notify
 
 # get packer
 export PACKER_CONFIG_DIR="$PWD"
-curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo tee /etc/apt/trusted.gpg.d/hashicorp.asc
+curl -fsSL https://apt.releases.hashicorp.com/gpg > /etc/apt/trusted.gpg.d/hashicorp.asc
 apt-add-repository -y "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
-apt-get update && apt-get install -y packer
+apt-get -qq update && apt-get -qq install -y packer
 packer plugins install github.com/hashicorp/qemu
 packer plugins install github.com/hashicorp/ansible
 
-# do the build
-if tools/build.sh "$IMAGE" >/var/log/image-build.log 2>&1; then
-    # compress the resulting image
-    QEMU_SOURCE_ID=$(hcl2tojson "$IMAGE" | jq -r '.source[0].qemu | keys[]')
-    VM_NAME=$(hcl2tojson "$IMAGE" | jq -r '.source[0].qemu.'"$QEMU_SOURCE_ID"'.vm_name')
-    QCOW_FILE="$VM_NAME.qcow2"
-    builder/refresh.sh vo.access.egi.eu "$(cat /var/tmp/egi/.refresh_token)" images
-    OS_TOKEN="$(yq -r '.clouds.images.auth.token' /etc/openstack/clouds.yaml)"
-    OUTPUT_DIR="$(dirname "$IMAGE")/output-$QEMU_SOURCE_ID"
-    cd "$OUTPUT_DIR"
-    qemu-img convert -O qcow2 -c "$VM_NAME" "$QCOW_FILE"
-    openstack --os-cloud images --os-token "$OS_TOKEN" \
-        object create egi_endorsed_vas "$QCOW_FILE"
-    ls -lh "$QCOW_FILE"
-    SHA="$(sha512sum -z "$QCOW_FILE" | cut -f1 -d" ")"
-    echo "SUCCESSFUL BUILD - $QCOW_FILE - $SHA" >>/var/log/image-build.log
+QEMU_SOURCE_ID=$(hcl2tojson "$IMAGE" | jq -r '.source[0].qemu | keys[]')
+VM_NAME=$(hcl2tojson "$IMAGE" \
+	| jq -r '.source[0].qemu.'"$QEMU_SOURCE_ID"'.vm_name')
+QCOW_FILE="$VM_NAME.qcow2"
+
+# Check if the image is already there
+builder/refresh.sh vo.access.egi.eu "$(cat /var/tmp/egi/.refresh_token)" images
+OS_TOKEN="$(yq -r '.clouds.images.auth.token' /etc/openstack/clouds.yaml)"
+if openstack --os-cloud images --os-token "$OS_TOKEN" \
+	object show egi_endorsed_vas \
+	"$QCOW_FILE"  > /dev/null ; then
+	# skip
+	echo "### BUILD-IMAGE: SKIP - Image $QCOW_FILE is already uploaded"
+else
+	if tools/build.sh "$IMAGE"; then
+	    # compress the resulting image
+	    OUTPUT_DIR="$(dirname "$IMAGE")/output-$QEMU_SOURCE_ID"
+	    cd "$OUTPUT_DIR"
+	    qemu-img convert -O qcow2 -c "$VM_NAME" "$QCOW_FILE"
+	    # upload the image
+	    builder/refresh.sh vo.access.egi.eu "$(cat /var/tmp/egi/.refresh_token)" images
+	    OS_TOKEN="$(yq -r '.clouds.images.auth.token' /etc/openstack/clouds.yaml)"
+	    openstack --os-cloud images --os-token "$OS_TOKEN" \
+		object create egi_endorsed_vas "$QCOW_FILE"
+	    ls -lh "$QCOW_FILE"
+	    SHA="$(sha512sum -z "$QCOW_FILE" | cut -f1 -d" ")"
+	    echo "### BUILD-IMAGE: SUCCESS - qcow: $QCOW_FILE sha512sum: $SHA"
+	fi
 fi
 
-echo "BUILD ENDED" >>/var/log/image-build.log
+echo "### BUILD ENDED"

builder/cloud-init.yaml

@@ -46,7 +46,7 @@ write_files:
       ansible-galaxy role install -p /var/tmp/egi/ubuntu/provisioners/roles/ grycap.docker
 
       # build image
-      builder/build-image.sh "$IMAGE" "$FEDCLOUD_LOCKER_TOKEN"
+      builder/build-image.sh "$IMAGE" "$FEDCLOUD_LOCKER_TOKEN" > /var/log/image-build.log 2>&1
     path: /var/lib/cloud/scripts/per-boot/build.sh
     permissions: '0755'
   - content: |

builder/refresh.sh

@@ -5,7 +5,7 @@
 # 2 --> the refresh token
 # 3 --> the list of clouds to update
 #
-# Will throw the OIDC TOKEN to output!
+# Will throw the OIDC TOKEN to output if $GITHUB_ACTION is defined!
 
 set -e
 
@@ -27,13 +27,13 @@ SCOPE="$SCOPE%20eduperson_entitlement:urn:mace:egi.eu:group:$VO:role=member#aai.
 OIDC_TOKEN=$(curl -X POST "https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token" \
                   -d "grant_type=refresh_token&client_id=token-portal&scope=$SCOPE&refresh_token=$REFRESH_TOKEN" \
                   | jq -r ".access_token")
-echo "::add-mask::$OIDC_TOKEN"
+[ -n "$GITHUB_ACTION" ] &&  echo "::add-mask::$OIDC_TOKEN"
 for cloud in "$@" ; do
 	SITE="$(yq -r ".clouds.$cloud.site" $CLOUDS_YAML)"
 	VO="$(yq -r ".clouds.$cloud.vo" $CLOUDS_YAML)"
 	OS_TOKEN="$(fedcloud openstack token issue --oidc-access-token "$OIDC_TOKEN" \
         			--site "$SITE" --vo "$VO" -j | jq -r '.[0].Result.id')"
-	echo "::add-mask::$OS_TOKEN"
+	[ -n "$GITHUB_ACTION" ] &&  echo "::add-mask::$OIDC_TOKEN"
 	yq -y -i '.clouds.'"$cloud"'.auth.token="'"$OS_TOKEN"'"'  $CLOUDS_YAML
 done