Add Packer support for MacOS 13 test images in Orka

.github/workflows/orka-templates.yml

@@ -30,11 +30,15 @@ jobs:
       env:
         ORKA_ENDPOINT: 'https://mock-orka-endpoint'
         ORKA_AUTH_TOKEN: 'mock-orka-auth-token'
-        SSH_USERNAME: 'mock-ssh-username'
-        SSH_PASSWORD: 'mock-ssh-password'
+        SSH_DEFAULT_USERNAME: 'mock-ssh-default-username'
+        SSH_DEFAULT_PASSWORD: 'mock-ssh-default-password'
+        SSH_TEST_PASSWORD: 'mock-ssh-test-password'
+        SSH_TEST_PUBLIC_KEY: 'mock-ssh-test-public-key'
       run: |
         packer validate -var "orka_endpoint=$ORKA_ENDPOINT" \
                         -var "orka_auth_token=$ORKA_AUTH_TOKEN" \
-                        -var "ssh_username=$SSH_USERNAME" \
-                        -var "ssh_password=$SSH_PASSWORD" .
+                        -var "ssh_default_username=$SSH_DEFAULT_USERNAME" \
+                        -var "ssh_default_password=$SSH_DEFAULT_PASSWORD" \
+                        -var "ssh_test_public_key=$SSH_TEST_PASSWORD" \
+                        -var "ssh_userssh_test_passwordname=$SSH_TEST_PUBLIC_KEY" .
       working-directory: orka/templates

orka/templates/README.md

@@ -38,36 +38,38 @@ You need to load the environment variables:
     ```shell
     echo $ORKA_ENDPOINT
     echo $ORKA_AUTH_TOKEN
-    echo $SSH_USERNAME
-    echo $SSH_PASSWORD
+    echo $SSH_DEFAULT_USERNAME
+    echo $SSH_DEFAULT_PASSWORD
+    echo $SSH_TEST_PASSWORD
+    echo $SSH_TEST_PUBLIC_KEY
     ```
 
 ## Validate the template
 
 You can validate all the templates by running the following command:
 
 ```shell
-packer validate -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_username=$SSH_USERNAME" -var "ssh_password=$SSH_PASSWORD" .
+packer validate -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_default_username=$SSH_DEFAULT_USERNAME" -var "ssh_default_password=$SSH_DEFAULT_PASSWORD" -var "ssh_test_password=$SSH_TEST_PASSWORD" -var "ssh_test_puclic_key=$SSH_TEST_PUBLIC_KEY" .
 ```
 
 You can validate a specific template by running the following command:
 
 ```shell
-packer validate -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_username=$SSH_USERNAME" -var "ssh_password=$SSH_PASSWORD" <template_name>
+packer validate -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_default_username=$SSH_DEFAULT_USERNAME" -var "ssh_default_password=$SSH_DEFAULT_PASSWORD" -var "ssh_test_password=$SSH_TEST_PASSWORD" -var "ssh_test_puclic_key=$SSH_TEST_PUBLIC_KEY" <template_name>
 ```
 
 ## Build the image
 
 You can build all the templates by running the following command:
 
 ```shell
-packer build -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_username=$SSH_USERNAME" -var "ssh_password=$SSH_PASSWORD" .
+packer build -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_default_username=$SSH_DEFAULT_USERNAME" -var "ssh_default_password=$SSH_DEFAULT_PASSWORD" -var "ssh_test_password=$SSH_TEST_PASSWORD" -var "ssh_test_puclic_key=$SSH_TEST_PUBLIC_KEY" .
 ```
 
 You can build a specific template by running the following command:
 
 ```shell
-packer build -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_username=$SSH_USERNAME" -var "ssh_password=$SSH_PASSWORD" <template_name>
+packer build -var "orka_endpoint=$ORKA_ENDPOINT" -var "orka_auth_token=$ORKA_AUTH_TOKEN" -var "ssh_default_username=$SSH_DEFAULT_USERNAME" -var "ssh_default_password=$SSH_DEFAULT_PASSWORD" -var "ssh_test_password=$SSH_TEST_PASSWORD" -var "ssh_test_puclic_key=$SSH_TEST_PUBLIC_KEY" <template_name>
 ```
 
 ## Continuous Integration

orka/templates/macos-13-arm-test.pkr.hcl

@@ -0,0 +1,84 @@
+source "macstadium-orka" "macos13-arm-test-image" {
+  source_image      = "macos13-arm-base.orkasi"
+  image_name        = "macos13-arm-test-latest.orkasi"
+  image_description = "The MacOS 13 ARM test image"
+  orka_endpoint     = var.orka_endpoint
+  orka_auth_token   = var.orka_auth_token
+  ssh_username      = var.ssh_default_username
+  ssh_password      = var.ssh_default_password
+}
+
+build {
+  sources = [
+    "macstadium-orka.macos13-arm-test-image"
+  ]
+  // Change the password of the default user.
+  provisioner "shell" {
+    inline = [
+      "echo 'Changing default user password...'",
+      "sudo sysadminctl -adminUser ${var.ssh_default_username} -adminPassword ${var.ssh_default_password} -resetPasswordFor ${var.ssh_default_username} -newPassword ${var.ssh_test_password}"
+    ]
+  }
+  // Add SSH key access.
+  provisioner "shell" {
+    inline = [
+      "echo 'Adding SSH key access...'",
+      "mkdir -p /Users/${var.ssh_default_username}/.ssh",
+      "echo '${var.ssh_test_public_key}' >> /Users/${var.ssh_default_username}/.ssh/authorized_keys",
+      "chown -R ${var.ssh_default_username}:staff /Users/${var.ssh_default_username}/.ssh",
+      "chmod 700 /Users/${var.ssh_default_username}/.ssh",
+      "chmod 600 /Users/${var.ssh_default_username}/.ssh/authorized_keys"
+    ]
+  } 
+
+  // Disable SSH password authentication.
+  // @TODO: Review fallback to password authentication.
+  provisioner "shell" {
+    inline = [
+      "echo 'Disabling SSH password authentication...'",
+      "sudo sed -i '' 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config",
+      "sudo sed -i '' 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config",
+      "sudo sed -i '' 's/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config",
+      "sudo sed -i '' 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config",
+      "sudo systemsetup -f -setremotelogin on",
+      "sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist",
+      "sudo launchctl load /System/Library/LaunchDaemons/ssh.plist",
+    ]
+  }
+
+  // Install Homebrew.
+  provisioner "shell" {
+    inline = [
+      "echo 'Installing Homebrew...'",
+      "/bin/bash -c \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"",
+      "eval \"$(/opt/homebrew/bin/brew shellenv)\"",
+      "(echo; echo 'eval \"$($(brew --prefix)/bin/brew shellenv)\"') >> /Users/admin/.zprofile",
+      "eval \"$($(brew --prefix)/bin/brew shellenv)\""
+    ]
+  }
+  // Check Homebrew. Ignore errors because we are not using the last version of Xcode.
+  provisioner "shell" {
+    inline = [
+      "echo 'Checking Homebrew...'",
+      "eval \"$(/opt/homebrew/bin/brew shellenv)\"",
+      "/opt/homebrew/bin/brew doctor || true"
+    ]
+  }
+  // Install dependencies using Homebrew.
+  provisioner "shell" {
+    inline = [
+      "echo 'Installing packages using Homebrew...'",
+      "eval \"$(/opt/homebrew/bin/brew shellenv)\"",
+      "/opt/homebrew/bin/brew install git automake bash libtool cmake python ccache"
+    ]
+  }
+
+  // Print the version of the installed packages.
+  provisioner "shell" {
+    inline = [
+      "echo 'Printing the version of the installed packages...'",
+      "eval \"$(/usr/local/bin/brew shellenv)\"",
+      "/opt/homebrew/bin/brew list --versions"
+    ]
+  }
+}

orka/templates/macos-13-intel-test.pkr.hcl

@@ -0,0 +1,82 @@
+source "macstadium-orka" "macos13-intel-test-image" {
+  source_image      = "macos13-intel-base.img"
+  image_name        = "macos13-intel-test-latest.img"
+  image_description = "The MacOS 13 Intel test image"
+  orka_endpoint     = var.orka_endpoint
+  orka_auth_token   = var.orka_auth_token
+  ssh_username      = var.ssh_default_username
+  ssh_password      = var.ssh_default_password
+}
+
+build {
+  sources = [
+    "macstadium-orka.macos13-intel-test-image"
+  ]
+  // Change the password of the default user.
+  provisioner "shell" {
+    inline = [
+      "echo 'Changing default user password...'",
+      "sudo sysadminctl -adminUser ${var.ssh_default_username} -adminPassword ${var.ssh_default_password} -resetPasswordFor ${var.ssh_default_username} -newPassword ${var.ssh_test_password}"
+    ]
+  }
+  // Add SSH key access.
+  provisioner "shell" {
+    inline = [
+      "echo 'Adding SSH key access...'",
+      "mkdir -p /Users/${var.ssh_default_username}/.ssh",
+      "echo '${var.ssh_test_public_key}' >> /Users/${var.ssh_default_username}/.ssh/authorized_keys",
+      "chown -R ${var.ssh_default_username}:staff /Users/${var.ssh_default_username}/.ssh",
+      "chmod 700 /Users/${var.ssh_default_username}/.ssh",
+      "chmod 600 /Users/${var.ssh_default_username}/.ssh/authorized_keys"
+    ]
+  } 
+
+  // Disable SSH password authentication.
+  // @TODO: Review fallback to password authentication.
+  provisioner "shell" {
+    inline = [
+      "echo 'Disabling SSH password authentication...'",
+      "sudo sed -i '' 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config",
+      "sudo sed -i '' 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config",
+      "sudo sed -i '' 's/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config",
+      "sudo sed -i '' 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config",
+      "sudo systemsetup -f -setremotelogin on",
+      "sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist",
+      "sudo launchctl load /System/Library/LaunchDaemons/ssh.plist",
+    ]
+  }
+  // Install Homebrew.
+  provisioner "shell" {
+    inline = [
+      "echo 'Installing Homebrew...'",
+      "/bin/bash -c \"$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)\"",
+      "eval \"$(/usr/local/bin/brew shellenv)\"",
+      "(echo; echo 'eval \"$($(brew --prefix)/bin/brew shellenv)\"') >> /Users/admin/.zprofile",
+      "eval \"$($(brew --prefix)/bin/brew shellenv)\""
+    ]
+  }
+  // Check Homebrew. Ignore errors because we are not using the last version of Xcode.
+  provisioner "shell" {
+    inline = [
+      "echo 'Checking Homebrew...'",
+      "eval \"$(/usr/local/bin/brew shellenv)\"",
+      "/usr/local/bin/brew doctor || true"
+    ]
+  }
+  // Install dependencies using Homebrew.
+  provisioner "shell" {
+    inline = [
+      "echo 'Installing packages using Homebrew...'",
+      "eval \"$(/usr/local/bin/brew shellenv)\"",
+      "/usr/local/bin/brew install git automake bash libtool cmake python ccache"
+    ]
+  }
+  // Print the version of the installed packages.
+  provisioner "shell" {
+    inline = [
+      "echo 'Printing the version of the installed packages...'",
+      "eval \"$(/usr/local/bin/brew shellenv)\"",
+      "/usr/local/bin/brew list --versions"
+    ]
+  }
+}

orka/templates/plugins.pkr.hcl

@@ -0,0 +1,8 @@
+packer {
+  required_plugins {
+    macstadium-orka = {
+      version = "~> 3.0"
+      source  = "github.com/macstadium/macstadium-orka"
+    }
+  }
+}

orka/templates/variables.pkr.hcl

@@ -0,0 +1,29 @@
+variable "orka_endpoint" {
+  type    = string
+  default = ""
+}
+
+variable "orka_auth_token" {
+  type    = string
+  default = ""
+}
+
+variable "ssh_default_username" {
+  type    = string
+  default = ""
+}
+
+variable "ssh_default_password" {
+  type    = string
+  default = ""
+}
+
+variable "ssh_test_public_key" {
+  type    = string
+  default = ""
+}
+
+variable "ssh_test_password" {
+  type    = string
+  default = ""
+}