vms/.github/workflows/packer-build.yaml

name: Build Ubuntu Noble Image

on:
  push:
    branches:
      - master
    paths:
      - 'packer/**'
      - '.github/workflows/packer-build.yaml'
  pull_request:
    branches:
      - master

jobs:
  packer:
    runs-on: ubuntu-latest
    name: Build QEMU Image
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: gitleaks/gitleaks-action@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Cache Dependencies
        id: cache
        uses: actions/cache@v4
        with:
          path: |
            ~/.config/packer/plugins/
            /opt/hostedtoolcache/packer_linux/
          key: ${{ runner.os }}-20260307-${{ hashFiles('~/.config/packer/plugins/**','/opt/hostedtoolcache/packer_linux/**') }}
          restore-keys: ${{ runner.os }}-20260307-

      - name: Packer install plugins
        if: steps.cache.outputs.cache-hit != 'true'
        run: |
          packer plugins install github.com/hashicorp/qemu

      - name: Install QEMU and Dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y qemu-system-x86 qemu-utils xorriso
          [ -e /dev/kvm ] && sudo chmod 666 /dev/kvm || echo "KVM not available Use TCG"

      - name: Generate ssh key pair
        run: |
          mkdir -pv packer/key
          ssh-keygen -f packer/key/packer -t ed25519 -N ""
          echo "SSH_PUBLIC_KEY=$(cat packer/key/packer.pub)" >> $GITHUB_ENV

      - name: Packer Init
        env:
          PACKER_LOG: 1
        run: |
          cd packer
          packer init .
          packer validate .

      - name: Build Image
        env:
          PACKER_LOG: 1
        run: |
          cd packer
          packer build -var ssh_public_key="$SSH_PUBLIC_KEY" .

      - name: Cleanup temporary ssh key
        if: always()
        run: |
          rm -f packer/key/packer packer/key/packer.pub

      - name: Upload Artifact
        run: |
          echo "sha256sum: $(cat packer/output/ubuntu-noble.qcow2.sha256.checksum)"
          NAME=ubuntu-noble-$(date +%Y-%m-%d-%H%M)
          curl -f -sS -u "${{ secrets.NEXUS_USERNAME }}:${{ secrets.NEXUS_PASSWORD }}" \
            -X POST  \
            "${{ vars.NEXUS_URL }}/service/rest/v1/components?repository=releases" \
            -F raw.directory=/releases/cloud/ \
            -F raw.asset1=@packer/output/ubuntu-noble.qcow2 \
            -F raw.asset1.filename=$NAME.qcow2
            #-F raw.asset2=@packer/output/ubuntu-noble.qcow2.sha256.checksum \
            #-F raw.asset2.filename=$NAME.qcow2.sha256.checksum