diff --git a/.github/workflows/run_automated_builder.yml b/.github/workflows/run_automated_builder.yml index 99177f861..bc54a0cf1 100644 --- a/.github/workflows/run_automated_builder.yml +++ b/.github/workflows/run_automated_builder.yml @@ -1,7 +1,6 @@ -name: Build VMs - +--- +name: Run automated builder on: push - concurrency: group: ${{ github.workflow }} cancel-in-progress: true @@ -9,35 +8,40 @@ concurrency: jobs: build: runs-on: ubuntu-latest - env: + env: ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }} REPO_URL: ${{ github.repository }} steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Set up Python 3.8 - uses: actions/setup-python@v4 - with: - python-version: 3.8 - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install ansible - - - name: Run automated builder - run: | - ./automated_builder/scripts/run_automated_builder.sh $ANSIBLE_VAULT_PASSWORD - - - name: Handle artifacts - if: always() - run: | - ./automated_builder/scripts/handle_artifacts.sh $ANSIBLE_VAULT_PASSWORD - - - name: Upload artifacts - uses: actions/upload-artifact@v3 - if: always() - with: - name: logs - path: ./automated_builder/logs/ + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Python 3.8 + uses: actions/setup-python@v4 + with: + python-version: 3.8 + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install ansible + + - name: Run automated builder + run: | + ./automated_builder/scripts/run_automated_builder.sh $ANSIBLE_VAULT_PASSWORD + + - name: Handle artifacts + if: always() + run: | + ./automated_builder/scripts/handle_artifacts.sh $ANSIBLE_VAULT_PASSWORD + + - name: Upload artifacts + uses: actions/upload-artifact@v3 + if: always() + with: + name: logs + path: ./automated_builder/logs/ + + - name: Teardown build + if: always() + run: | + ./automated_builder/scripts/teardown_build.sh $ANSIBLE_VAULT_PASSWORD diff --git a/automated_builder/gather_build_logs.yml b/automated_builder/gather_build_logs.yml new file mode 100644 index 000000000..28a8651c3 --- /dev/null +++ b/automated_builder/gather_build_logs.yml @@ -0,0 +1,43 @@ +--- +- name: Gather build logs + hosts: vps_runner + gather_facts: false + vars_files: + - ./roles/common/vars/main.yml + - ./roles/common/vars/secrets.yml + + tasks: + - name: Get droplet IP + community.digitalocean.digital_ocean_droplet_info: + oauth_token: "{{ DO_API_TOKEN }}" + name: "automated-builder-vps" + delegate_to: localhost + register: automated_builder_vps + + - name: Set VPS_IP + set_fact: + VPS_IP: "{{ automated_builder_vps.data[0].networks.v4 | selectattr('type', 'equalto', 'public') | map(attribute='ip_address') | first }}" + delegate_to: localhost + + - name: Gather facts + setup: + + - name: Copy install_source log + fetch: + src: "/home/ansible/install_source.log" + dest: "./logs/install_source.log" + + - name: Check logs + shell: "ls" + register: pwd + delegate_to: 127.0.0.1 + + - name: Copy gateway_build log + fetch: + src: "/home/ansible/gateway_build.log" + dest: "./logs/gateway_build.log" + + - name: Copy workstation_build log + fetch: + src: "/home/ansible/workstation_build.log" + dest: "./logs/workstation_build.log" diff --git a/automated_builder/main.yml b/automated_builder/main.yml new file mode 100644 index 000000000..d83abcdd0 --- /dev/null +++ b/automated_builder/main.yml @@ -0,0 +1,22 @@ +--- +- name: Run automated_builder + hosts: vps_runner + gather_facts: false + vars_files: + - ./roles/common/vars/main.yml + - ./roles/common/vars/secrets.yml + + tasks: + - name: Include common role + include_role: + name: common + + - name: Include headless-build role + include_role: + name: headless-build + when: REF_TYPE != 'tag' + + - name: Include gui-build role + include_role: + name: gui-build + when: REF_TYPE == 'tag' diff --git a/automated_builder/roles/common/tasks/bootstrap_vps.yml b/automated_builder/roles/common/tasks/bootstrap_vps.yml new file mode 100644 index 000000000..7fe0011d0 --- /dev/null +++ b/automated_builder/roles/common/tasks/bootstrap_vps.yml @@ -0,0 +1,35 @@ +--- +- name: Bootstrap VPS + become: true + vars: + ansible_ssh_user: root + + block: + - name: Create ansible user + user: + name: ansible + + - name: Create ansible user ssh directory + file: + path: /home/ansible/.ssh + state: directory + owner: ansible + group: ansible + mode: 0700 + + - name: Copy authorized_keys + copy: + src: /root/.ssh/authorized_keys + dest: /home/ansible/.ssh/authorized_keys + owner: ansible + group: ansible + mode: 0600 + remote_src: true + + - name: Allow passwordless sudo commands + community.general.sudoers: + name: ansible-passwordless-sudo + state: present + user: ansible + commands: ALL + nopassword: true diff --git a/automated_builder/tasks/clean_existing_vbox_vms.yml b/automated_builder/roles/common/tasks/clean_existing_vbox_vms.yml similarity index 100% rename from automated_builder/tasks/clean_existing_vbox_vms.yml rename to automated_builder/roles/common/tasks/clean_existing_vbox_vms.yml diff --git a/automated_builder/tasks/configure_local_environment.yml b/automated_builder/roles/common/tasks/configure_local_environment.yml similarity index 80% rename from automated_builder/tasks/configure_local_environment.yml rename to automated_builder/roles/common/tasks/configure_local_environment.yml index 9de979d45..e640dff24 100644 --- a/automated_builder/tasks/configure_local_environment.yml +++ b/automated_builder/roles/common/tasks/configure_local_environment.yml @@ -1,12 +1,7 @@ --- - name: Configure local environment - hosts: 127.0.0.1 - connection: local - vars_files: - - ../vars/main.yml - - ../vars/secrets.yml - - tasks: + delegate_to: 127.0.0.1 + block: - name: Create local_ssh directory file: path: ~/.ssh diff --git a/automated_builder/roles/common/tasks/delete_inventory.yml b/automated_builder/roles/common/tasks/delete_inventory.yml new file mode 100644 index 000000000..8605f67b6 --- /dev/null +++ b/automated_builder/roles/common/tasks/delete_inventory.yml @@ -0,0 +1,22 @@ +--- +- name: Destroy any existing droplets + hosts: 127.0.0.1 + vars_files: + - ../vars/secrets.yml + tasks: + - name: Check for existing inventory + community.digitalocean.digital_ocean_droplet_info: + oauth_token: "{{ DO_API_TOKEN }}" + register: droplets + + - name: Count existing droplets + set_fact: + droplet_count: "{{ droplets.data | length }}" + + - name: Delete existing droplets + community.digitalocean.digital_ocean_droplet: + state: absent + oauth_token: "{{ DO_API_TOKEN }}" + id: "{{ item.id }}" + loop: "{{ droplets.data }}" + when: droplet_count != "0" diff --git a/automated_builder/roles/common/tasks/generate_inventory.yml b/automated_builder/roles/common/tasks/generate_inventory.yml new file mode 100644 index 000000000..32ad54cbe --- /dev/null +++ b/automated_builder/roles/common/tasks/generate_inventory.yml @@ -0,0 +1,28 @@ +--- +- name: Create VPS resource + delegate_to: 127.0.0.1 + block: + - name: Create SSH key + community.digitalocean.digital_ocean_sshkey: + oauth_token: "{{ DO_API_TOKEN }}" + name: "Ansible Key" + ssh_pub_key: "{{ SSH_PUBLIC_KEY }}" + state: present + register: public_key + + - name: Create automated builder VPS + community.digitalocean.digital_ocean_droplet: + state: present + oauth_token: "{{ DO_API_TOKEN }}" + name: automated-builder-vps + size: s-4vcpu-8gb + region: nyc3 + image: debian-11-x64 + wait_timeout: 500 + ssh_keys: ["{{ public_key.data.ssh_key.id }}"] + project: "Automated Builder" + register: automated_builder_vps + + - name: set VPS_IP + set_fact: + VPS_IP: "{{ automated_builder_vps.data.droplet.networks.v4 | selectattr('type', 'equalto', 'public') | map(attribute='ip_address') | first }}" diff --git a/automated_builder/roles/common/tasks/install_dependencies.yml b/automated_builder/roles/common/tasks/install_dependencies.yml new file mode 100644 index 000000000..1863929df --- /dev/null +++ b/automated_builder/roles/common/tasks/install_dependencies.yml @@ -0,0 +1,36 @@ +--- +- name: Install dependencies + become: true + block: + - name: Install apt packages + apt: + pkg: + - git + - time + - curl + - lsof + - apt-cacher-ng + - lsb-release + - fakeroot + - dpkg-dev + - fasttrack-archive-keyring + - dnsutils + - software-properties-common + update_cache: true + + - name: Install VirtualBox + include_tasks: install_virtualbox.yml + + - name: Register LSB release + shell: "lsb_release -cs" + register: lsb_release + + - name: Add VirtualBox apt repository + apt_repository: + repo: "deb [arch=amd64 signed-by=/usr/share/keyrings/{{ VBOX_ASC_KEY.name }}.asc.gpg] http://download.virtualbox.org/virtualbox/debian {{ lsb_release.stdout }} contrib" + state: present + + - name: Install VirtualBox apt repository + apt: + name: "virtualbox-6.1" + update_cache: true diff --git a/automated_builder/roles/common/tasks/install_virtualbox.yml b/automated_builder/roles/common/tasks/install_virtualbox.yml new file mode 100644 index 000000000..155ce7588 --- /dev/null +++ b/automated_builder/roles/common/tasks/install_virtualbox.yml @@ -0,0 +1,18 @@ +--- +- name: Install VirtualBox + become: true + + block: + - name: Import VirtualBox GPG key + get_url: + dest: "/root/{{ VBOX_ASC_KEY.name }}.asc" + url: "{{ VBOX_ASC_KEY.url }}" + + - name: Create gpg file + shell: "gpg --dearmor /root/{{ VBOX_ASC_KEY.name }}.asc > {{ VBOX_ASC_KEY.name }}.gpg" + + - name: Move gpg key to shared keyrings + copy: + src: "/root/{{ VBOX_ASC_KEY.name }}.asc.gpg" + dest: "/usr/share/keyrings/{{ VBOX_ASC_KEY.name }}.asc.gpg" + remote_src: true diff --git a/automated_builder/roles/common/tasks/main.yml b/automated_builder/roles/common/tasks/main.yml new file mode 100644 index 000000000..c525c069c --- /dev/null +++ b/automated_builder/roles/common/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- name: Configure local environment + include_tasks: configure_local_environment.yml + +- name: Generate inventory + include_tasks: generate_inventory.yml + +- name: Bootstrap VPS + include_tasks: bootstrap_vps.yml + +- name: Gather facts + setup: + +- name: Install dependencies + include_tasks: install_dependencies.yml + +- name: Clean existing VirtualBox VMs + include_tasks: clean_existing_vbox_vms.yml diff --git a/automated_builder/templates/ansible_key.j2 b/automated_builder/roles/common/templates/ansible_key.j2 similarity index 100% rename from automated_builder/templates/ansible_key.j2 rename to automated_builder/roles/common/templates/ansible_key.j2 diff --git a/automated_builder/templates/ansible_key.pub.j2 b/automated_builder/roles/common/templates/ansible_key.pub.j2 similarity index 100% rename from automated_builder/templates/ansible_key.pub.j2 rename to automated_builder/roles/common/templates/ansible_key.pub.j2 diff --git a/automated_builder/templates/install_verified_source.sh b/automated_builder/roles/common/templates/install_source.sh similarity index 100% rename from automated_builder/templates/install_verified_source.sh rename to automated_builder/roles/common/templates/install_source.sh diff --git a/automated_builder/vars/main.yml b/automated_builder/roles/common/vars/main.yml similarity index 57% rename from automated_builder/vars/main.yml rename to automated_builder/roles/common/vars/main.yml index 67210bcac..4a704165d 100644 --- a/automated_builder/vars/main.yml +++ b/automated_builder/roles/common/vars/main.yml @@ -1,3 +1,6 @@ REF_TYPE: "{{ lookup('env', 'GITHUB_REF_TYPE') }}" GIT_REPO: "{{ lookup('env', 'REPO_URL') }}" REF_NAME: "{{ lookup('env', 'GITHUB_REF_NAME') }}" +VBOX_ASC_KEY: + name: 'oracle_vbox_2016' + url: 'https://www.virtualbox.org/download/oracle_vbox_2016.asc' diff --git a/automated_builder/roles/common/vars/secrets.yml b/automated_builder/roles/common/vars/secrets.yml new file mode 100644 index 000000000..f298bfef7 --- /dev/null +++ b/automated_builder/roles/common/vars/secrets.yml @@ -0,0 +1,38 @@ +$ANSIBLE_VAULT;1.1;AES256 +36613161353462363665326163373733653932646233663737356636623834366566386235313435 +3365383733393738383863306661353339653261623533340a343537323738663234306265316238 +32646364633136353664356631613436616462343962336264613761366638363364383133386531 +3361303831616636340a663839653265353263323766353932333962343235343631653265316665 +64613665356538363036666336633633323765326338623637323335613932616536633262356134 +30653466336366646162313634326136366364656635303764336263313530373735653239393433 +64306236333365303466616263626437363635323037626662613665303834396539306230303530 +64383463653663613936626236353936616332383065643962353763313335353665333762313036 +37326164663239623233643364383238616134393537316566326165623363323161656435623965 +32386138666635323033383036643337663231363164306664366230323763626338366261373335 +37643064633734386535393430346564366638303763313165663765646135353737333430396166 +30613461343036376163636636353534613039616631313361333363383634643166643363633131 +31353437376639356138366662383565663535323833356163373134323934663938333134393466 +37383063336338656132376336623437626438316232313736313932646166383735303961636636 +62383635653832393030343433333464343935306161373632336338666136323132623036623833 +39373663633238623833643734623764313233306533393862653837326462666561366530626135 +62333365623336613163633538303765343931346230613231613462653734363566383739646236 +31656534613036646233306234336163616638366265643730346533343832613661386433326430 +34353964303937373864343433653439643239646630633863333561663266623735326437393532 +30636431643636623830643638363831393935616636386138343434353832653065663639363965 +30343139303866383130653261323538623033353237623262353463663236613965316631623533 +64356239323538616338323265613233666636376634613566643934356661393338343338333734 +38333763663366396266663530356361626664663832363232623130383631616530383337343662 +39623738386164663666386363653265386338616363373239386265306539346163643866666637 +36303161623038376536626432393264613736393032613464643238343837643664386538643564 +66386361393835613737363037636630613134333830653036643037343165663332356464623162 +35653938653066666432633563393933626437313237383837663038623062363739306635303964 +38333939626330396533613133623061343061343635643665393532326361323933646132386464 +31383630323362306366366638646432633466393963356232363438353866343665336364656534 +32326666653665663566636332366365613061613963376138336164656435386238353437666435 +62396134313661336163363838313939326438353232306339313762393964376164613336633663 +38353062663266326335633433336639633934333964376665663761636664643563316362313664 +37363834656534383330303465313237386264303661393862646532313431323030316331393436 +32656230326138663434336561663931633739393435383065363636626563353865616562353966 +66303738613332333631333965663934643961633839306466663338656461636634373439646130 +36393533316538646664363166303434343738373661393034373738313966663566363462393266 +6434 diff --git a/automated_builder/roles/gui-build/tasks/build_vms_from_tag.yml b/automated_builder/roles/gui-build/tasks/build_vms_from_tag.yml new file mode 100644 index 000000000..340c9d575 --- /dev/null +++ b/automated_builder/roles/gui-build/tasks/build_vms_from_tag.yml @@ -0,0 +1,9 @@ +--- +- name: Install build_vms_from_tag script + template: + src: ../templates/build_vms_from_tag.sh + dest: /home/ansible/build_vms_from_tag.sh + mode: 0744 + +- name: Run build_vms_from_tag scripts + shell: "/home/ansible/build_vms_from_tag.sh" diff --git a/automated_builder/roles/gui-build/tasks/install_source.yml b/automated_builder/roles/gui-build/tasks/install_source.yml new file mode 100644 index 000000000..d42c2c814 --- /dev/null +++ b/automated_builder/roles/gui-build/tasks/install_source.yml @@ -0,0 +1,9 @@ +--- +- name: Create install_source script + template: + src: ./roles/common/templates/install_source.sh + dest: /home/ansible/install_source.sh + mode: 0744 + +- name: Run install_source script for tag + shell: "/home/ansible/install_source.sh {{ GIT_REPO }} {{ REF_NAME }} {{ REF_NAME }} > /home/ansible/install_source.log 2>&1" diff --git a/automated_builder/roles/gui-build/tasks/main.yml b/automated_builder/roles/gui-build/tasks/main.yml new file mode 100644 index 000000000..cd383d1ce --- /dev/null +++ b/automated_builder/roles/gui-build/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Install source code for commit + include_tasks: install_source.yml + +- name: Build VMs from tag + include_tasks: build_vms_from_tag.yml diff --git a/automated_builder/roles/gui-build/tasks/start_new_vbox_vms.yml b/automated_builder/roles/gui-build/tasks/start_new_vbox_vms.yml new file mode 100644 index 000000000..1eb3248e4 --- /dev/null +++ b/automated_builder/roles/gui-build/tasks/start_new_vbox_vms.yml @@ -0,0 +1,16 @@ +--- +- name: Start new VirtualBox VMs + environment: + DISPLAY: "localhost:1" + block: + - name: Start VNC display + shell: "vncserver" + + - name: Add xhost + shell: "xhost +" + + - name: Start gateway VM + shell: "VBoxManage startvm Whonix-Gateway-XFCE" + + - name: Start workstation VM + shell: "VBoxManage startvm Whonix-Workstation-XFCE" diff --git a/automated_builder/roles/gui-build/templates/build_vms_from_tag.sh b/automated_builder/roles/gui-build/templates/build_vms_from_tag.sh new file mode 100755 index 000000000..b1619665b --- /dev/null +++ b/automated_builder/roles/gui-build/templates/build_vms_from_tag.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +export dist_build_non_interactive=true + +main() { + build_gateway_vm >> /home/ansible/gateway_build.log 2>&1 + build_workstation_vm >> /home/ansible/workstation_build.log 2>&1 +} + +build_gateway_vm() { + /home/ansible/derivative-maker/derivative-maker \ + --flavor whonix-gateway-xfce \ + --target virtualbox \ + --build +} + +build_workstation_vm() { + /home/ansible/derivative-maker/derivative-maker \ + --flavor whonix-workstation-xfce \ + --target virtualbox \ + --build +} + +main diff --git a/automated_builder/roles/headless-build/tasks/build_vms_from_commit.yml b/automated_builder/roles/headless-build/tasks/build_vms_from_commit.yml new file mode 100644 index 000000000..d2a55a1ac --- /dev/null +++ b/automated_builder/roles/headless-build/tasks/build_vms_from_commit.yml @@ -0,0 +1,9 @@ +--- +- name: Install build_vms_from_commit script + template: + src: ../templates/build_vms_from_commit.sh + dest: /home/ansible/build_vms_from_commit.sh + mode: 0744 + +- name: Run build_vms_from_commit scripts + shell: "/home/ansible/build_vms_from_commit.sh" diff --git a/automated_builder/roles/headless-build/tasks/install_source.yml b/automated_builder/roles/headless-build/tasks/install_source.yml new file mode 100644 index 000000000..693a55651 --- /dev/null +++ b/automated_builder/roles/headless-build/tasks/install_source.yml @@ -0,0 +1,9 @@ +--- +- name: Create install_source script + template: + src: ./roles/common/templates/install_source.sh + dest: /home/ansible/install_source.sh + mode: 0744 + +- name: Run install_source script for commit + shell: "/home/ansible/install_source.sh {{ GIT_REPO }} {{ REF_NAME }} > /home/ansible/install_source.log 2>&1" diff --git a/automated_builder/roles/headless-build/tasks/main.yml b/automated_builder/roles/headless-build/tasks/main.yml new file mode 100644 index 000000000..9f94ecd3f --- /dev/null +++ b/automated_builder/roles/headless-build/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Install source code for commit + include_tasks: install_source.yml + +- name: Build VMs from commit + include_tasks: build_vms_from_commit.yml diff --git a/automated_builder/roles/headless-build/templates/build_vms_from_commit.sh b/automated_builder/roles/headless-build/templates/build_vms_from_commit.sh new file mode 100755 index 000000000..b88ef2688 --- /dev/null +++ b/automated_builder/roles/headless-build/templates/build_vms_from_commit.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +export dist_build_non_interactive=true + +main() { + build_gateway_vm >> /home/ansible/gateway_build.log 2>&1 + build_workstation_vm >> /home/ansible/workstation_build.log 2>&1 +} + +build_gateway_vm() { + /home/ansible/derivative-maker/derivative-maker \ + --flavor whonix-gateway-xfce \ + --target virtualbox \ + --remote-derivative-packages true \ + --allow-untagged true \ + --build +} + +build_workstation_vm() { + /home/ansible/derivative-maker/derivative-maker \ + --flavor whonix-workstation-xfce \ + --target virtualbox \ + --remote-derivative-packages true \ + --allow-untagged true \ + --build +} + +main diff --git a/automated_builder/scripts/functions.bash b/automated_builder/scripts/functions.bash index 1b8ab2002..e505bae26 100755 --- a/automated_builder/scripts/functions.bash +++ b/automated_builder/scripts/functions.bash @@ -4,7 +4,7 @@ decrypt_vault() { check_vault_value if [ "$ANSIBLE_VAULT_VALUE" == "ANSIBLE_VAULT" ]; then write_password - ansible-vault decrypt --vault-password-file ansible_vault_password automated_builder/vars/secrets.yml + ansible-vault decrypt --vault-password-file ansible_vault_password automated_builder/roles/common/vars/secrets.yml rm ansible_vault_password fi } @@ -13,7 +13,7 @@ encrypt_vault() { check_vault_value if [ "$ANSIBLE_VAULT_VALUE" != "ANSIBLE_VAULT" ]; then write_password - ansible-vault encrypt --vault-password-file ansible_vault_password automated_builder/vars/secrets.yml + ansible-vault encrypt --vault-password-file ansible_vault_password automated_builder/roles/common/vars/secrets.yml rm ansible_vault_password fi } @@ -23,5 +23,5 @@ write_password() { } check_vault_value() { - ANSIBLE_VAULT_VALUE=$(head -n 1 automated_builder/vars/secrets.yml | cut -d ';' -f1 | sed 's/\$//g') + ANSIBLE_VAULT_VALUE=$(head -n 1 automated_builder/roles/common/vars/secrets.yml | cut -d ';' -f1 | sed 's/\$//g') } diff --git a/automated_builder/scripts/handle_artifacts.sh b/automated_builder/scripts/handle_artifacts.sh index b0a20264b..a4e62fb36 100755 --- a/automated_builder/scripts/handle_artifacts.sh +++ b/automated_builder/scripts/handle_artifacts.sh @@ -12,7 +12,7 @@ main() { } gather_logs() { - ansible-playbook -i automated_builder/inventory automated_builder/tasks/gather_build_logs.yml + ansible-playbook -i automated_builder/inventory automated_builder/gather_build_logs.yml } main diff --git a/automated_builder/scripts/run_automated_builder.sh b/automated_builder/scripts/run_automated_builder.sh index 7bbbc129c..32194d8a9 100755 --- a/automated_builder/scripts/run_automated_builder.sh +++ b/automated_builder/scripts/run_automated_builder.sh @@ -12,8 +12,9 @@ main() { } run_builder() { - ansible-playbook -i automated_builder/inventory automated_builder/tasks/configure_local_environment.yml - ansible-playbook -i automated_builder/inventory automated_builder/tasks/build_vms.yml + ansible-galaxy collection install community.digitalocean community.general + ansible-playbook automated_builder/roles/common/tasks/delete_inventory.yml + ansible-playbook -i automated_builder/inventory automated_builder/main.yml } main diff --git a/automated_builder/scripts/teardown_build.sh b/automated_builder/scripts/teardown_build.sh new file mode 100755 index 000000000..9799f1d1e --- /dev/null +++ b/automated_builder/scripts/teardown_build.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +set -e +export ANSIBLE_VAULT_PASSWORD=$1 +export ANSIBLE_HOST_KEY_CHECKING=False +source ./automated_builder/scripts/functions.bash + +main() { + decrypt_vault + run_builder + encrypt_vault +} + +run_builder() { + ansible-playbook automated_builder/roles/common/tasks/delete_inventory.yml +} + +main diff --git a/automated_builder/tasks/build_vms.yml b/automated_builder/tasks/build_vms.yml deleted file mode 100644 index 993e1a204..000000000 --- a/automated_builder/tasks/build_vms.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- name: Build VMs - hosts: vps_runner - gather_facts: true - vars_files: - - ../vars/secrets.yml - - ../vars/main.yml - - tasks: - - name: Install dependencies - block: - - name: Install dependencies - include_tasks: install_dependencies.yml - become: true - - - name: Install source and submodules - block: - - name: Install source - include_tasks: install_source.yml - - - name: Clean existing VirtualBox VMs - block: - - name: Clean existing vbox VMs - include_tasks: clean_existing_vbox_vms.yml - - - name: Create VMs from tag - block: - - name: Create VMs from tag - include_tasks: create_vms_from_tag.yml - when: REF_TYPE == 'tag' - - - name: Create VMs from commit - block: - - name: Create VMs from commit - include_tasks: create_vms_from_commit.yml - when: REF_TYPE != 'tag' - - - name: Start new VirtualBox VMs - block: - - name: Start new vbox VMs - include_tasks: start_new_vbox_vms.yml - environment: - DISPLAY: "localhost:1" diff --git a/automated_builder/tasks/create_vms_from_commit.yml b/automated_builder/tasks/create_vms_from_commit.yml deleted file mode 100644 index 2b2560665..000000000 --- a/automated_builder/tasks/create_vms_from_commit.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Clean existing gateway VM - shell: "dist_build_non_interactive=true /home/ansible/derivative-maker/derivative-maker --flavor whonix-gateway-xfce --target virtualbox --clean > /home/ansible/build.log 2>&1" - -- name: Clean existing workstation VM - shell: "dist_build_non_interactive=true /home/ansible/derivative-maker/derivative-maker --flavor whonix-workstation-xfce --target virtualbox --clean >> /home/ansible/build.log 2>&1" - -- name: Reboot VPS for stray loop devices - reboot: - reboot_timeout: 60 - become: true - -- name: Build new gateway VM - shell: "dist_build_non_interactive=true /home/ansible/derivative-maker/derivative-maker --flavor whonix-gateway-xfce --target virtualbox --build --remote-derivative-packages true >> /home/ansible/build.log 2>&1" - -- name: Build new workstation VM - shell: "dist_build_non_interactive=true /home/ansible/derivative-maker/derivative-maker --flavor whonix-workstation-xfce --target virtualbox --build --remote-derivative-packages true >> /home/ansible/build.log 2>&1" diff --git a/automated_builder/tasks/create_vms_from_tag.yml b/automated_builder/tasks/create_vms_from_tag.yml deleted file mode 100644 index df01cd544..000000000 --- a/automated_builder/tasks/create_vms_from_tag.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Clean existing gateway VM - shell: "dist_build_non_interactive=true /home/ansible/derivative-maker/derivative-maker --flavor whonix-gateway-xfce --target virtualbox --clean > /home/ansible/build.log 2>&1" - -- name: Clean existing workstation VM - shell: "dist_build_non_interactive=true /home/ansible/derivative-maker/derivative-maker --flavor whonix-workstation-xfce --target virtualbox --clean >> /home/ansible/build.log 2>&1" - -- name: Reboot VPS for stray loop devices - reboot: - reboot_timeout: 60 - become: true - -- name: Build new gateway VM - shell: "dist_build_non_interactive=true /home/ansible/derivative-maker/derivative-maker --flavor whonix-gateway-xfce --target virtualbox --build >> /home/ansible/build.log 2>&1" - -- name: Build new workstation VM - shell: "dist_build_non_interactive=true /home/ansible/derivative-maker/derivative-maker --flavor whonix-workstation-xfce --target virtualbox --build >> /home/ansible/build.log 2>&1" diff --git a/automated_builder/tasks/gather_build_logs.yml b/automated_builder/tasks/gather_build_logs.yml deleted file mode 100644 index 89765a056..000000000 --- a/automated_builder/tasks/gather_build_logs.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Gather build logs - hosts: vps_runner - gather_facts: true - vars_files: - - ../vars/main.yml - - ../vars/secrets.yml - - tasks: - - name: Copy logs - fetch: - src: "/home/ansible/{{ item }}" - dest: "../logs/{{ item }}" - with_items: - - 'install_verified_source.log' - - 'build.log' diff --git a/automated_builder/tasks/install_dependencies.yml b/automated_builder/tasks/install_dependencies.yml deleted file mode 100644 index 06fdb4b38..000000000 --- a/automated_builder/tasks/install_dependencies.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Install apt packages - apt: - pkg: - - git - - time - - curl - - lsof - - apt-cacher-ng - - lsb-release - - fakeroot - - dpkg-dev - - fasttrack-archive-keyring - - dnsutils - update_cache: true - -- name: Upgrade apt packages - apt: - upgrade: full diff --git a/automated_builder/tasks/install_source.yml b/automated_builder/tasks/install_source.yml deleted file mode 100644 index fb1f9937b..000000000 --- a/automated_builder/tasks/install_source.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Create install_verified_source script - template: - src: ../templates/install_verified_source.sh - dest: /home/ansible/install_verified_source.sh - mode: 0744 - -- name: Run install_verified_source script for tag - shell: "/home/ansible/install_verified_source.sh {{ GIT_REPO }} {{ REF_NAME }} {{ REF_NAME }} > /home/ansible/install_verified_source.log 2>&1" - when: REF_TYPE == 'tag' - -- name: Run install_verified_source script for commit - shell: "/home/ansible/install_verified_source.sh {{ GIT_REPO }} {{ REF_NAME }} > /home/ansible/install_verified_source.log 2>&1" - when: REF_TYPE != 'tag' diff --git a/automated_builder/tasks/start_new_vbox_vms.yml b/automated_builder/tasks/start_new_vbox_vms.yml deleted file mode 100644 index a90f5321b..000000000 --- a/automated_builder/tasks/start_new_vbox_vms.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Start VNC display - shell: "vncserver" - -- name: Add xhost - shell: "xhost +" - -- name: Start gateway VM - shell: "VBoxManage startvm Whonix-Gateway-XFCE" - -- name: Start workstation VM - shell: "VBoxManage startvm Whonix-Workstation-XFCE" diff --git a/automated_builder/vars/secrets.yml b/automated_builder/vars/secrets.yml deleted file mode 100644 index 5bb0c7f28..000000000 --- a/automated_builder/vars/secrets.yml +++ /dev/null @@ -1,34 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -30656233366135653137643536373830313836306562626634613037323432376561383662613434 -3733393535656662653337373161623635643537613133650a316630333434663861313335323932 -33336233396534323638323164353030346336373235303063666431653163366132613863333232 -3363653139376462350a613430326430316239616262626139643563666462353865666330326433 -36653665393537306438366332333462346436396662336233323233336466373637653861383635 -64626537326363356230393438623261313462363737343865376234666632303334303538393432 -38353531656439383663343662633333353734313435323834656563643534366638303131373933 -35343031343763623537366137643131643866393636376336363231336131643064666235336161 -62633639373838623734336564616437623161353834363631386335653236376431373934353739 -33653164313631316161313132663037643766336664633963643136616566613862376632376230 -31666461383531646237306463323536616562346233353435363866333561353831383861386431 -66313638643633626431333836383764663835326530323739363766376662633135323531643339 -63363539373264663261333632336532623531333337363134353832386661316662633531333136 -66633537626533643937633065333831653132316531313235313736393237373234383035643634 -35393838363636373031633634643364383465643633376462326564346165333165383666396333 -35376464323562623364346333663535303866366332346663383361636437643762363630623665 -66333931363033373362653034643964393539663635323365663561373235373038333632626534 -63643130333534356537306337306331643636313934333731353664643739396464643965346135 -62613263633565616132323136313066663335613361333464646236396533353633643363633637 -61343639366662316334366631353336613733303063303630393336353062346332323134376263 -35643266633064643162643962306566356335373233383236663839313838396264333162316262 -62393664336436666337356437666266613232653235633639656233626161303565623832373061 -65326161303038306534353865623561333561326339333865323338363662363866373862333832 -62373839623166363437333534326137373661623764383730363464326532333663313137636566 -38326563333339393566646665366165383733383134643463623065313262336130366232326261 -33616631396330356535633330373563333765363035333531323933313232646562313764396135 -61323562323033653731316364346136656339393434333965376238396263616135613562336333 -37613662663762393264643030393538376639343930636131336636636637626338643736303162 -33646337363063336133386634343336383263316439336430643663316138613230366436316533 -33636534663131613733336462396631326136336630333164386165366632333561313339386630 -65356361333666336432373239653762313363636635303363366235646163653261653233636463 -35623538313862333334393931353433336430613637393239616330323332616665663735623366 -32386334343166643566333931633933343062623336313037636565353235366263