diff options
| author | Christian Breunig <christian@breunig.cc> | 2025-01-13 18:12:02 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2025-01-13 18:12:02 +0100 |
| commit | e3e8f1925bf111964598e39faa0cd73371637d42 (patch) | |
| tree | d09759cdab52d400a9e12a33d687222c4407da16 /.github/workflows | |
| parent | c8793c2d5b1f6aa7869a32283c118c3a5ca95d74 (diff) | |
| download | vyos-nightly-build-e3e8f1925bf111964598e39faa0cd73371637d42.tar.gz vyos-nightly-build-e3e8f1925bf111964598e39faa0cd73371637d42.zip | |
Add PROXMOX iso build flavor
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/nightly-build.yml | 147 |
1 files changed, 115 insertions, 32 deletions
diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml index 7d21e52..7f55a39 100644 --- a/.github/workflows/nightly-build.yml +++ b/.github/workflows/nightly-build.yml @@ -50,7 +50,7 @@ env: VYOS_MIRROR: https://packages.vyos.net/repositories/current/ jobs: - build_iso: + build_generic_iso: runs-on: ubuntu-24.04 permissions: contents: write @@ -84,7 +84,7 @@ jobs: echo "PREVIOUS_SUCCESS_BUILD_TIMESTAMP=$(cat version.json | jq -r '.[0].timestamp')" >> $GITHUB_OUTPUT echo "BUILD_BY=$BUILD_BY" >> $GITHUB_OUTPUT - - name: Clone vyos-build repo + - name: Checkout vyos-build repo uses: actions/checkout@v4 with: # Clone to sub-path required for minisign binary shipped in this repo @@ -109,8 +109,8 @@ jobs: cd build GENERIC_IMAGE_NAME=$(jq --raw-output .artifacts[0] manifest.json | sed -e 's/.iso//') GENERIC_IMAGE_ISO=$(jq --raw-output .artifacts[0] manifest.json) - echo "generic_image_iso=${GENERIC_IMAGE_ISO}" >> $GITHUB_OUTPUT echo "generic_image_name=${GENERIC_IMAGE_NAME}" >> $GITHUB_OUTPUT + echo "generic_image_iso=${GENERIC_IMAGE_ISO}" >> $GITHUB_OUTPUT # Sign build artifact echo "${{ secrets.minisign_public_key }}" > /tmp/minisign.pub echo "${{ secrets.minisign_private_key }}" > /tmp/minisign.key @@ -128,8 +128,91 @@ jobs: retention-days: 30 if-no-files-found: error + build_proxmox_iso: + runs-on: self-hosted + permissions: + contents: write + container: + image: vyos/vyos-build:current + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged --volume /dev:/dev + outputs: + proxmox_image_iso: ${{ steps.build_proxmox_iso.outputs.proxmox_image_iso }} + proxmox_image_name: ${{ steps.build_proxmox_iso.outputs.proxmox_image_name }} + steps: + ### Initialization ### + - uses: actions/checkout@v4 + - name: "Initialization: set env variables" + id: set_env_variables + run: | + set -x + if [ -n "${{ github.event.inputs.BUILD_BY }}" ]; then + echo "BUILD_BY=${{ github.event.inputs.BUILD_BY }}" >> $GITHUB_ENV + fi + if [ -z "${{ github.event.inputs.build_version }}" ]; then + echo "build_version=1.5-rolling-$(date -u +%Y%m%d%H%M)" >> $GITHUB_OUTPUT + else + echo "build_version=${{ github.event.inputs.build_version }}" >> $GITHUB_OUTPUT + fi + echo "TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT + echo "PREVIOUS_SUCCESS_BUILD_TIMESTAMP=$(cat version.json | jq -r '.[0].timestamp')" >> $GITHUB_OUTPUT + echo "BUILD_BY=$BUILD_BY" >> $GITHUB_OUTPUT + + - name: Checkout vyos-build repo + uses: actions/checkout@v4 + with: + # Clone to sub-path required for minisign binary shipped in this repo + # This might change with future Debian versions when they ship minisign + repository: vyos/vyos-build + path: vyos-build + + - name: Checkout build-flavors repository + uses: actions/checkout@v4 + with: + token: ${{ secrets.PAT }} + repository: VyOS-Networks/release-flavors + path: release-flavors + + - name: Build PROXMOX ISO and qcow2 image + id: build_proxmox_iso + run: | + cd vyos-build + sudo --preserve-env VYOS_BUILD_FLAVORS_DIR=$GITHUB_WORKSPACE/release-flavors/ ./build-vyos-image \ + --architecture amd64 \ + --build-by $BUILD_BY \ + --build-type release \ + --debian-mirror $DEBIAN_MIRROR \ + --debian-security-mirror $DEBIAN_SECURITY_MIRROR \ + --version ${{ steps.set_env_variables.outputs.build_version }} \ + --vyos-mirror $VYOS_MIRROR \ + proxmox + + cd build + PROXMOX_IMAGE_NAME=$(jq --raw-output .artifacts[0] manifest.json | sed -e 's/.iso//') + PROXMOX_IMAGE_ISO=$(jq --raw-output .artifacts[0] manifest.json) + echo "proxmox_image_name=${PROXMOX_IMAGE_NAME}" >> $GITHUB_OUTPUT + echo "proxmox_image_iso=${PROXMOX_IMAGE_ISO}" >> $GITHUB_OUTPUT + # Sign build artifact + echo "${{ secrets.minisign_public_key }}" > /tmp/minisign.pub + echo "${{ secrets.minisign_private_key }}" > /tmp/minisign.key + echo "${{ secrets.minisign_password }}" | $GITHUB_WORKSPACE/bin/minisign -s /tmp/minisign.key -Sm ${PROXMOX_IMAGE_ISO} + $GITHUB_WORKSPACE/bin/minisign -Vm ${PROXMOX_IMAGE_ISO} -x ${PROXMOX_IMAGE_ISO}.minisig -p /tmp/minisign.pub + rm -f /tmp/minisign.key /tmp/minisign.pub + + - uses: actions/upload-artifact@v4 + with: + name: ${{ steps.build_proxmox_iso.outputs.proxmox_image_name }} + path: | + **/manifest.json + **/${{ steps.build_proxmox_iso.outputs.proxmox_image_iso }} + **/${{ steps.build_proxmox_iso.outputs.proxmox_image_iso }}.minisig + retention-days: 30 + if-no-files-found: error + + - uses: eviden-actions/clean-self-hosted-runner@v1.3.6 + if: ${{ always() }} + test_smoketest_cli: - needs: build_iso + needs: build_generic_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_CLI }} container: @@ -143,7 +226,7 @@ jobs: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: - name: ${{ needs.build_iso.outputs.generic_image_name }} + name: ${{ needs.build_generic_iso.outputs.generic_image_name }} path: build - name: VyOS CLI smoketests (no interfaces) id: test @@ -152,7 +235,7 @@ jobs: set -e # extract ISO image from artifact find build -type f -exec cp {} build \; - ln -s ${{ needs.build_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso + ln -s ${{ needs.build_generic_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso sudo make test-no-interfaces | tee smoketest_make_test_no_interfaces.log - uses: actions/upload-artifact@v4 with: @@ -162,7 +245,7 @@ jobs: if-no-files-found: error test_interfaces_cli: - needs: build_iso + needs: build_generic_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_CLI }} container: @@ -176,7 +259,7 @@ jobs: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: - name: ${{ needs.build_iso.outputs.generic_image_name }} + name: ${{ needs.build_generic_iso.outputs.generic_image_name }} path: build - name: VyOS CLI smoketests (interfaces only) id: test @@ -185,7 +268,7 @@ jobs: set -e # extract ISO image from artifact find build -type f -exec cp {} build \; - ln -s ${{ needs.build_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso + ln -s ${{ needs.build_generic_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso sudo make test-interfaces | tee smoketest_make_test_interfaces.log - uses: actions/upload-artifact@v4 with: @@ -195,7 +278,7 @@ jobs: if-no-files-found: error test_config_load: - needs: build_iso + needs: build_generic_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_CONFIG }} container: @@ -209,7 +292,7 @@ jobs: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: - name: ${{ needs.build_iso.outputs.generic_image_name }} + name: ${{ needs.build_generic_iso.outputs.generic_image_name }} path: build - name: VyOS config load tests id: test @@ -218,7 +301,7 @@ jobs: set -e # extract ISO image from artifact find build -type f -exec cp {} build \; - ln -s ${{ needs.build_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso + ln -s ${{ needs.build_generic_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso sudo make testc | tee smoketest_make_testc.log - uses: actions/upload-artifact@v4 with: @@ -228,7 +311,7 @@ jobs: if-no-files-found: error test_raid1_install: - needs: build_iso + needs: build_generic_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_RAID1 }} container: @@ -242,7 +325,7 @@ jobs: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: - name: ${{ needs.build_iso.outputs.generic_image_name }} + name: ${{ needs.build_generic_iso.outputs.generic_image_name }} path: build - name: VyOS RAID1 installation tests id: test @@ -251,7 +334,7 @@ jobs: set -e # extract ISO image from artifact find build -type f -exec cp {} build \; - ln -s ${{ needs.build_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso + ln -s ${{ needs.build_generic_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso sudo make testraid | tee smoketest_make_testraid.log - uses: actions/upload-artifact@v4 with: @@ -261,7 +344,7 @@ jobs: if-no-files-found: error test_encrypted_config_tpm: - needs: build_iso + needs: build_generic_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_TPM }} container: @@ -275,7 +358,7 @@ jobs: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: - name: ${{ needs.build_iso.outputs.generic_image_name }} + name: ${{ needs.build_generic_iso.outputs.generic_image_name }} path: build - name: VyOS TPM encryption tests id: test @@ -284,7 +367,7 @@ jobs: set -e # extract ISO image from artifact find build -type f -exec cp {} build \; - ln -s ${{ needs.build_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso + ln -s ${{ needs.build_generic_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso sudo make testtpm | tee smoketest_make_testtpm.log - uses: actions/upload-artifact@v4 with: @@ -300,7 +383,7 @@ jobs: - test_smoketest_cli - test_interfaces_cli - test_encrypted_config_tpm - - build_iso + - build_generic_iso runs-on: ubuntu-24.04 if: ${{ failure() && (github.ref == 'refs/heads/current') && !inputs.SKIP_SLACK_NOTIFICATIONS }} steps: @@ -381,7 +464,7 @@ jobs: - test_smoketest_cli - test_interfaces_cli - test_encrypted_config_tpm - - build_iso + - build_generic_iso runs-on: ubuntu-24.04 permissions: contents: write @@ -402,9 +485,9 @@ jobs: shell: bash run: | cd vyos-build - echo "CHANGELOG_COMMIT_VYOS_BUILD=$(git log --since "${{ needs.build_iso.outputs.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT + echo "CHANGELOG_COMMIT_VYOS_BUILD=$(git log --since "${{ needs.build_generic_iso.outputs.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT cd ../vyos-1x - echo "CHANGELOG_COMMIT_VYOS_1X=$(git log --since "${{ needs.build_iso.outputs.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT + echo "CHANGELOG_COMMIT_VYOS_1X=$(git log --since "${{ needs.build_generic_iso.outputs.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT - name: "Release publishing: generate changelog for vyos-1x" id: generate_changelog_for_vyos-1x @@ -455,9 +538,9 @@ jobs: json: | [ { - "url": "https://github.com/vyos/vyos-nightly-build/releases/download/${{ needs.build_iso.outputs.build_version }}/${{ needs.build_iso.outputs.generic_image_iso }}", - "version": "${{ needs.build_iso.outputs.build_version }}", - "timestamp": "${{ needs.build_iso.outputs.TIMESTAMP }}" + "url": "https://github.com/vyos/vyos-nightly-build/releases/download/${{ needs.build_generic_iso.outputs.build_version }}/${{ needs.build_generic_iso.outputs.generic_image_iso }}", + "version": "${{ needs.build_generic_iso.outputs.build_version }}", + "timestamp": "${{ needs.build_generic_iso.outputs.TIMESTAMP }}" } ] @@ -470,23 +553,23 @@ jobs: - name: "Release publishing: create autocommit and tag" uses: stefanzweifel/git-auto-commit-action@v5 with: - tagging_message: ${{ needs.build_iso.outputs.build_version }} - commit_message: ${{ needs.build_iso.outputs.build_version }} - commit_author: "vyosbot <${{ needs.build_iso.outputs.BUILD_BY }}>" + tagging_message: ${{ needs.build_generic_iso.outputs.build_version }} + commit_message: ${{ needs.build_generic_iso.outputs.build_version }} + commit_author: "vyosbot <${{ needs.build_generic_iso.outputs.BUILD_BY }}>" - uses: actions/download-artifact@v4 with: - name: ${{ needs.build_iso.outputs.generic_image_name }} + name: ${{ needs.build_generic_iso.outputs.generic_image_name }} - name: "Release publishing: publish release" uses: softprops/action-gh-release@v2 with: body_path: CHANGELOG.md - tag_name: ${{ needs.build_iso.outputs.build_version }} + tag_name: ${{ needs.build_generic_iso.outputs.build_version }} fail_on_unmatched_files: true files: | - vyos-build/build/${{ needs.build_iso.outputs.generic_image_iso }} - vyos-build/build/${{ needs.build_iso.outputs.generic_image_iso }}.minisig + vyos-build/build/${{ needs.build_generic_iso.outputs.generic_image_iso }} + vyos-build/build/${{ needs.build_generic_iso.outputs.generic_image_iso }}.minisig - uses: Nats-ji/delete-old-releases@v1.0.1 with: |