From 1e39547ee8c59a493a4e6692e4f93af76d2afdba Mon Sep 17 00:00:00 2001
From: "Gustav F. Lasko" <gustav.lasko@gmail.com>
Date: Mon, 20 May 2024 12:50:20 +0000
Subject: [PATCH] feat: create Azure flavor

Create a flavor of the image that contains the azcli. This will be
useful for stacks that want to use ansible and need Azure credentials -
i.e. connecting to AKS with `kubelogin` requires the Azure CLI.
---
 .github/workflows/build.yml  |  6 ++++-
 .github/workflows/deploy.yml | 45 +++++++++++++++++++++++++++++++++++-
 README.md                    |  3 ++-
 azure/Dockerfile             |  5 ++++
 4 files changed, 56 insertions(+), 3 deletions(-)
 create mode 100644 azure/Dockerfile

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f84792d..ce5209e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,7 +16,7 @@ jobs:
       fail-fast: false
       max-parallel: 2 # ECR has pretty aggressive rate limiting 😪
       matrix:
-        folder: [base, aws, gcp]
+        folder: [base, aws, gcp, azure]
         arch: [amd64, arm64]
     env:
       IMAGE_NAME: ansible-test-${{ matrix.folder }}-${{ matrix.arch }}:${{ github.sha }}
@@ -58,3 +58,7 @@ jobs:
           if [ "${{ matrix.folder }}" == "gcp" ]; then
             docker run --rm ${{ env.IMAGE_NAME }} sh -c "python3 -c \"import google.auth; print(google.auth.__version__)\""
           fi
+
+          if [ "${{ matrix.folder }}" == "azure" ]; then
+            docker run --rm ${{ env.IMAGE_NAME }} sh -c "az --version"
+          fi
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 71874a1..2b5e8cc 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -154,4 +154,47 @@ jobs:
           push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
           tags: |
             ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_GCP }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
-    
\ No newline at end of file
+
+  azure:
+    needs: base
+    name: Build and deploy the alpine base Azure image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@main
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/arm64
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
+        with:
+          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-duration-seconds: 900
+
+      - name: Install latest AWS CLI
+        uses: unfor19/install-aws-cli-action@v1
+
+      - name: Login to Amazon ECR
+        if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
+        run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${REPOSITORY_PATH}
+        env:
+          REPOSITORY_PATH: ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_AZURE }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push the image
+        uses: docker/build-push-action@v5
+        with:
+          build-args: |
+            REPOSITORY_BASE_PATH=${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}
+          context: aws
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
+          tags: |
+            ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_AZURE }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
diff --git a/README.md b/README.md
index ba6a361..7b02e12 100644
--- a/README.md
+++ b/README.md
@@ -12,11 +12,12 @@ to use `public.ecr.aws/spacelift/runner-ansible` as the runner image for the sta
 The image is pushed to the `public.ecr.aws/spacelift/runner-ansible` public repository. It is also pushed to the
 `ghcr.io/spacelift-io/runner-ansible` repository as a backup in case of issues with ECR.
 
-Altogether we have 3 flavors of the image:
+Altogether we have 4 flavors of the image:
 
 - `public.ecr.aws/spacelift/runner-ansible` - built on top of the [Spacelift Terraform runner image](https://github.com/spacelift-io/runner-terraform), with Ansible installed.
 - `public.ecr.aws/spacelift/runner-ansible-aws` - built on top of `runner-ansible`, with `boto3` installed.
 - `public.ecr.aws/spacelift/runner-ansible-gcp` - built on top of `runner-ansible`, with `google-auth` installed.
+- `public.ecr.aws/spacelift/runner-ansible-azure` - built on top of `runner-ansible`, with `azure-cli` installed.
 
 ## Branch Model
 
diff --git a/azure/Dockerfile b/azure/Dockerfile
new file mode 100644
index 0000000..196076e
--- /dev/null
+++ b/azure/Dockerfile
@@ -0,0 +1,5 @@
+ARG REPOSTORY_BASE_PATH
+
+FROM ${REPOSITORY_BASE_PATH}:latest
+
+RUN pip install azure-cli
\ No newline at end of file