diff options
| author | Christian Breunig <christian@breunig.cc> | 2025-02-05 20:36:42 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2025-02-05 20:36:42 +0100 |
| commit | 81e5d300fb1ca32bef447858dcdb7ce0e079098a (patch) | |
| tree | d750ddcb295f299453c9454829e1fa135987cd36 /.github | |
| parent | d5b77bbe56db2681fb1b2ee1502391b1fe7add73 (diff) | |
| download | vyos-nightly-build-test.tar.gz vyos-nightly-build-test.zip | |
De-nest build artifact archivetest
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/nightly-build.yml | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml index 73bce4c..2b04186 100644 --- a/.github/workflows/nightly-build.yml +++ b/.github/workflows/nightly-build.yml @@ -108,24 +108,27 @@ jobs: --vyos-mirror $VYOS_MIRROR \ generic cd build + # Determine image name and iso file GENERIC_IMAGE_NAME=$(jq --raw-output .artifacts[0] manifest.json | sed -e 's/.iso//') GENERIC_IMAGE_ISO=$(jq --raw-output .artifacts[0] manifest.json) echo "generic_image_name=${GENERIC_IMAGE_NAME}" >> $GITHUB_OUTPUT echo "generic_image_iso=${GENERIC_IMAGE_ISO}" >> $GITHUB_OUTPUT - # Sign build artifact + # Cryptographically sign the image echo "${{ secrets.minisign_public_key }}" > /tmp/minisign.pub echo "${{ secrets.minisign_private_key }}" > /tmp/minisign.key echo "${{ secrets.minisign_password }}" | $GITHUB_WORKSPACE/bin/minisign -s /tmp/minisign.key -Sm ${GENERIC_IMAGE_ISO} $GITHUB_WORKSPACE/bin/minisign -Vm ${GENERIC_IMAGE_ISO} -x ${GENERIC_IMAGE_ISO}.minisig -p /tmp/minisign.pub rm -f /tmp/minisign.key /tmp/minisign.pub + # Move artifacts to workspace to avoid nested path in artifact archive + mv manifest.json ${GENERIC_IMAGE_ISO} ${GENERIC_IMAGE_ISO}.minisig $GITHUB_WORKSPACE - uses: actions/upload-artifact@v4 with: name: ${{ steps.build_generic_iso.outputs.generic_image_name }} path: | - **/manifest.json - **/${{ steps.build_generic_iso.outputs.generic_image_iso }} - **/${{ steps.build_generic_iso.outputs.generic_image_iso }}.minisig + manifest.json + ${{ steps.build_generic_iso.outputs.generic_image_iso }} + ${{ steps.build_generic_iso.outputs.generic_image_iso }}.minisig retention-days: 15 if-no-files-found: error @@ -151,6 +154,7 @@ jobs: shell: bash run: | set -e + ls -al # extract ISO image from artifact find build -type f -exec cp {} build \; ln -s ${{ needs.build_generic_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso @@ -486,8 +490,8 @@ jobs: tag_name: ${{ needs.build_generic_iso.outputs.build_version }} fail_on_unmatched_files: true files: | - vyos-build/build/${{ needs.build_generic_iso.outputs.generic_image_iso }} - vyos-build/build/${{ needs.build_generic_iso.outputs.generic_image_iso }}.minisig + ${{ needs.build_generic_iso.outputs.generic_image_iso }} + ${{ needs.build_generic_iso.outputs.generic_image_iso }}.minisig - uses: Nats-ji/delete-old-releases@v1.0.1 with: |