summaryrefslogtreecommitdiff
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/nightly-build.yml109
1 files changed, 64 insertions, 45 deletions
diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml
index 76a616f..ca9fceb 100644
--- a/.github/workflows/nightly-build.yml
+++ b/.github/workflows/nightly-build.yml
@@ -67,6 +67,8 @@ jobs:
build_version: ${{ steps.set_env_variables.outputs.build_version }}
TIMESTAMP: ${{ steps.set_env_variables.outputs.TIMESTAMP }}
PREVIOUS_SUCCESS_BUILD_TIMESTAMP: ${{ steps.set_env_variables.outputs.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}
+ generic_image_iso: ${{ steps.build_generic_iso.outputs.generic_image_iso }}
+ generic_image_name: ${{ steps.build_generic_iso.outputs.generic_image_name }}
steps:
### Initialization ###
@@ -87,9 +89,11 @@ jobs:
echo "PREVIOUS_SUCCESS_BUILD_TIMESTAMP=$(cat version.json | jq -r '.[0].timestamp')" >> $GITHUB_OUTPUT
echo "BUILD_BY=$BUILD_BY" >> $GITHUB_OUTPUT
- - name: Clone vyos-build source code
+ - name: Clone vyos-build repo
uses: actions/checkout@v4
with:
+ # Clone to sub-path required for minisign binary shipped in this repo
+ # This might change with future Debian versions when they ship minisign
repository: vyos/vyos-build
path: vyos-build
@@ -98,31 +102,33 @@ jobs:
run: |
cd vyos-build
sudo --preserve-env ./build-vyos-image \
- --architecture amd64 \
- --build-by $BUILD_BY \
- --build-type release \
- --custom-package vyos-1x-smoketest \
- --debian-mirror $DEBIAN_MIRROR \
- --debian-security-mirror $DEBIAN_SECURITY_MIRROR \
- --version ${{ steps.set_env_variables.outputs.build_version }} \
- --vyos-mirror $VYOS_MIRROR \
- generic
- # move artifact one level up for minisign
- mv build/vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso ..
-
- - name: Sign generic ISO image
- shell: bash
- run: |
- echo "${{ secrets.minisign_private_key }}" > /tmp/minisign.key
- echo ${{ secrets.minisign_password }} | $GITHUB_WORKSPACE/bin/minisign -s /tmp/minisign.key -Sm vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso
+ --architecture amd64 \
+ --build-by $BUILD_BY \
+ --build-type release \
+ --custom-package vyos-1x-smoketest \
+ --debian-mirror $DEBIAN_MIRROR \
+ --debian-security-mirror $DEBIAN_SECURITY_MIRROR \
+ --version ${{ steps.set_env_variables.outputs.build_version }} \
+ --vyos-mirror $VYOS_MIRROR \
+ generic
+ cd build
+ GENERIC_IMAGE_NAME=$(jq --raw-output .artifacts[0] manifest.json | sed -e 's/.iso//')
+ GENERIC_IMAGE_ISO=$(jq --raw-output .artifacts[0] manifest.json)
+ echo "generic_image_iso=${GENERIC_IMAGE_ISO}" >> $GITHUB_OUTPUT
+ echo "generic_image_name=${GENERIC_IMAGE_NAME}" >> $GITHUB_OUTPUT
+ # Sign build artifact
echo "${{ secrets.minisign_public_key }}" > /tmp/minisign.pub
- $GITHUB_WORKSPACE/bin/minisign -Vm vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso -x vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso.minisig -p /tmp/minisign.pub
- rm /tmp/minisign.key /tmp/minisign.pub
+ echo "${{ secrets.minisign_private_key }}" > /tmp/minisign.key
+ echo "${{ secrets.minisign_password }}" | $GITHUB_WORKSPACE/bin/minisign -s /tmp/minisign.key -Sm ${GENERIC_IMAGE_ISO}
+ $GITHUB_WORKSPACE/bin/minisign -Vm ${GENERIC_IMAGE_ISO} -x ${GENERIC_IMAGE_ISO}.minisig -p /tmp/minisign.pub
+ rm -f /tmp/minisign.key /tmp/minisign.pub
- uses: actions/upload-artifact@v4
with:
- name: vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64
- path: vyos-${{ steps.set_env_variables.outputs.build_version }}-*
+ name: ${{ steps.build_generic_iso.outputs.generic_image_name }}
+ path: |
+ **/${{ steps.build_generic_iso.outputs.generic_image_iso }}
+ **/${{ steps.build_generic_iso.outputs.generic_image_iso }}.minisig
retention-days: 30
if-no-files-found: error
@@ -135,20 +141,22 @@ jobs:
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
steps:
# We need the test script from vyos-build repo
- - name: Clone vyos-build source code
+ - name: Clone vyos-build repo
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
- uses: actions/download-artifact@v4
with:
- name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
+ name: ${{ needs.build_iso.outputs.generic_image_name }}
path: build
- name: VyOS CLI smoketests (no interfaces)
id: test
shell: bash
run: |
set -e
- ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso
+ # extract ISO image from artifact
+ find build -type f -exec cp {} build \;
+ ln -s ${{ needs.build_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso
sudo make test-no-interfaces | tee smoketest_make_test_no_interfaces.log
- uses: actions/upload-artifact@v4
with:
@@ -166,20 +174,22 @@ jobs:
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
steps:
# We need the test script from vyos-build repo
- - name: Clone vyos-build source code
+ - name: Clone vyos-build repo
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
- uses: actions/download-artifact@v4
with:
- name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
+ name: ${{ needs.build_iso.outputs.generic_image_name }}
path: build
- name: VyOS CLI smoketests (interfaces only)
id: test
shell: bash
run: |
set -e
- ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso
+ # extract ISO image from artifact
+ find build -type f -exec cp {} build \;
+ ln -s ${{ needs.build_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso
sudo make test-interfaces | tee smoketest_make_test_interfaces.log
- uses: actions/upload-artifact@v4
with:
@@ -197,20 +207,22 @@ jobs:
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
steps:
# We need the test script from vyos-build repo
- - name: Clone vyos-build source code
+ - name: Clone vyos-build repo
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
- uses: actions/download-artifact@v4
with:
- name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
+ name: ${{ needs.build_iso.outputs.generic_image_name }}
path: build
- name: VyOS config load tests
id: test
shell: bash
run: |
set -e
- ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso
+ # extract ISO image from artifact
+ find build -type f -exec cp {} build \;
+ ln -s ${{ needs.build_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso
sudo make testc | tee smoketest_make_testc.log
- uses: actions/upload-artifact@v4
with:
@@ -228,20 +240,22 @@ jobs:
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
steps:
# We need the test script from vyos-build repo
- - name: Clone vyos-build source code
+ - name: Clone vyos-build repo
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
- uses: actions/download-artifact@v4
with:
- name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
+ name: ${{ needs.build_iso.outputs.generic_image_name }}
path: build
- name: VyOS RAID1 installation tests
id: test
shell: bash
run: |
set -e
- ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso
+ # extract ISO image from artifact
+ find build -type f -exec cp {} build \;
+ ln -s ${{ needs.build_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso
sudo make testraid | tee smoketest_make_testraid.log
- uses: actions/upload-artifact@v4
with:
@@ -259,20 +273,22 @@ jobs:
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
steps:
# We need the test script from vyos-build repo
- - name: Clone vyos-build source code
+ - name: Clone vyos-build repo
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
- uses: actions/download-artifact@v4
with:
- name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
+ name: ${{ needs.build_iso.outputs.generic_image_name }}
path: build
- name: VyOS TPM encryption tests
id: test
shell: bash
run: |
set -e
- ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso
+ # extract ISO image from artifact
+ find build -type f -exec cp {} build \;
+ ln -s ${{ needs.build_iso.outputs.generic_image_iso }} build/live-image-amd64.hybrid.iso
sudo make testtpm | tee smoketest_make_testtpm.log
- uses: actions/upload-artifact@v4
with:
@@ -290,7 +306,7 @@ jobs:
- test_encrypted_config_tpm
- build_iso
runs-on: ubuntu-24.04
- if: failure()
+ if: ${{ failure() && github.ref == 'refs/heads/current' && !inputs.SKIP_SLACK_NOTIFICATIONS }}
steps:
- uses: actions/download-artifact@v4
with:
@@ -373,10 +389,10 @@ jobs:
runs-on: ubuntu-24.04
permissions:
contents: write
- if: ${{ success() && !inputs.SKIP_RELEASE_PUBLISHING }}
+ if: ${{ success() && !inputs.SKIP_RELEASE_PUBLISHING && github.ref == 'refs/heads/current' }}
steps:
- uses: actions/checkout@v4
- - name: Clone vyos-build source code
+ - name: Clone vyos-build repo
uses: actions/checkout@v4
with:
repository: vyos/vyos-build
@@ -443,7 +459,7 @@ jobs:
json: |
[
{
- "url": "https://github.com/vyos/vyos-nightly-build/releases/download/${{ needs.build_iso.outputs.build_version }}/vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso",
+ "url": "https://github.com/vyos/vyos-nightly-build/releases/download/${{ needs.build_iso.outputs.build_version }}/${{ needs.build_iso.outputs.generic_image_iso }}",
"version": "${{ needs.build_iso.outputs.build_version }}",
"timestamp": "${{ needs.build_iso.outputs.TIMESTAMP }}"
}
@@ -464,7 +480,11 @@ jobs:
- uses: actions/download-artifact@v4
with:
- name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
+ name: ${{ needs.build_iso.outputs.generic_image_name }}
+
+ - name: Debug artifact path
+ run: |
+ find . -type f
- name: "Release publishing: publish release"
uses: softprops/action-gh-release@v2
@@ -473,8 +493,8 @@ jobs:
tag_name: ${{ needs.build_iso.outputs.build_version }}
fail_on_unmatched_files: true
files: |
- ./vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso
- ./vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso.minisig
+ ./${{ needs.build_iso.outputs.generic_image_iso }}
+ ./${{ needs.build_iso.outputs.generic_image_iso }}.minisig
- uses: Nats-ji/delete-old-releases@v1.0.1
with:
@@ -483,7 +503,6 @@ jobs:
keep-old-minor-releases: false
update_download_page:
- if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
needs:
- publish
uses: vyos/community.vyos.net/.github/workflows/main.yml@production