summaryrefslogtreecommitdiff
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/vyos-rolling-nightly-build.yml160
1 files changed, 107 insertions, 53 deletions
diff --git a/.github/workflows/vyos-rolling-nightly-build.yml b/.github/workflows/vyos-rolling-nightly-build.yml
index a12fbb0..34dc1d7 100644
--- a/.github/workflows/vyos-rolling-nightly-build.yml
+++ b/.github/workflows/vyos-rolling-nightly-build.yml
@@ -52,7 +52,6 @@ env:
BUILD_BY: autobuild@vyos.net
DEBIAN_MIRROR: http://deb.debian.org/debian/
VYOS_MIRROR: https://rolling-packages.vyos.net/current/
- DOCKER_CALL_ON_KVM_HOST_WITH_IMAGE_PULL: docker run --rm --privileged --pull=always -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current
jobs:
build_iso:
@@ -107,12 +106,10 @@ jobs:
- name: Sign generic ISO image
shell: bash
run: |
- ls -al
echo "${{ secrets.minisign_private_key }}" > /tmp/minisign.key
echo ${{ secrets.minisign_password }} | $GITHUB_WORKSPACE/bin/minisign -s /tmp/minisign.key -Sm vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso
echo "${{ secrets.minisign_public_key }}" > /tmp/minisign.pub
$GITHUB_WORKSPACE/bin/minisign -Vm vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso -x vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso.minisig -p /tmp/minisign.pub
- ls -al
rm /tmp/minisign.key /tmp/minisign.pub
- uses: actions/upload-artifact@v4
@@ -126,6 +123,9 @@ jobs:
needs: build_iso
runs-on: ubuntu-24.04
if: ${{ !inputs.SKIP_SMOKETEST_SYSTEM }}
+ container:
+ image: vyos/vyos-build:current
+ options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
steps:
# We need the test script from vyos-build repo
- name: Clone vyos-build source code
@@ -137,22 +137,26 @@ jobs:
name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
path: build
- name: VyOS CLI smoketests
- uses: appleboy/ssh-action@v1.0.3
+ id: test
+ shell: bash
+ run: |
+ set -e
+ ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso
+ sudo make test | tee smoketest_make_test.log
+ - uses: actions/upload-artifact@v4
with:
- host: ${{ secrets.SSH_HOST }}
- username: ${{ secrets.SSH_USER }}
- port: ${{ secrets.SSH_PORT }}
- key: ${{ secrets.SSH_KEY }}
- timeout: 15m
- command_timeout: 180m
- script_stop: true
- script: |
- ${{ env.DOCKER_CALL_ON_KVM_HOST_WITH_IMAGE_PULL }} /bin/bash -c "sudo make test | tee smoketest_system.log"
+ name: smoketest_make_test
+ path: smoketest_make_test.log
+ retention-days: 30
+ if-no-files-found: error
test_config_load:
needs: build_iso
runs-on: ubuntu-24.04
if: ${{ !inputs.SKIP_SMOKETEST_CONFIG }}
+ container:
+ image: vyos/vyos-build:current
+ options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
steps:
# We need the test script from vyos-build repo
- name: Clone vyos-build source code
@@ -164,22 +168,26 @@ jobs:
name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
path: build
- name: VyOS config load tests
- uses: appleboy/ssh-action@v1.0.3
+ id: test
+ shell: bash
+ run: |
+ set -e
+ ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso
+ sudo make testc | tee smoketest_make_testc.log
+ - uses: actions/upload-artifact@v4
with:
- host: ${{ secrets.SSH_HOST }}
- username: ${{ secrets.SSH_USER }}
- port: ${{ secrets.SSH_PORT }}
- key: ${{ secrets.SSH_KEY }}
- timeout: 15m
- command_timeout: 180m
- script_stop: true
- script: |
- ${{ env.DOCKER_CALL_ON_KVM_HOST_WITH_IMAGE_PULL }} /bin/bash -c "sudo make testc | tee smoketest_configuration.log"
+ name: smoketest_make_testc
+ path: smoketest_make_testc.log
+ retention-days: 30
+ if-no-files-found: error
test_raid1_install:
needs: build_iso
runs-on: ubuntu-24.04
if: ${{ !inputs.SKIP_SMOKETEST_RAID1 }}
+ container:
+ image: vyos/vyos-build:current
+ options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
steps:
# We need the test script from vyos-build repo
- name: Clone vyos-build source code
@@ -190,27 +198,62 @@ jobs:
with:
name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
path: build
- - name: RAID1 installation tests
- uses: appleboy/ssh-action@v1.0.3
+ - name: VyOS RAID1 installation tests
+ id: test
+ shell: bash
+ run: |
+ set -e
+ ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso
+ sudo make testraid | tee smoketest_make_testraid.log
+ - uses: actions/upload-artifact@v4
with:
- host: ${{ secrets.SSH_HOST }}
- username: ${{ secrets.SSH_USER }}
- port: ${{ secrets.SSH_PORT }}
- key: ${{ secrets.SSH_KEY }}
- timeout: 15m
- command_timeout: 180m
- script_stop: true
- script: |
- ${{ env.DOCKER_CALL_ON_KVM_HOST_WITH_IMAGE_PULL }} /bin/bash -c "set -o pipefail && sudo make testraid | tee smoketest_raid.log"
+ name: smoketest_make_testraid
+ path: smoketest_make_testraid.log
+ retention-days: 30
+ if-no-files-found: error
+
+ test_encrypted_config_tpm:
+ needs: build_iso
+ runs-on: ubuntu-24.04
+ if: ${{ !inputs.SKIP_SMOKETEST_RAID1 }}
+ container:
+ image: vyos/vyos-build:current
+ options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged
+ steps:
+ # We need the test script from vyos-build repo
+ - name: Clone vyos-build source code
+ uses: actions/checkout@v4
+ with:
+ repository: vyos/vyos-build
+ - uses: actions/download-artifact@v4
+ with:
+ name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
+ path: build
+ - name: VyOS TPM encryption tests
+ id: test
+ shell: bash
+ run: |
+ set -e
+ ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso
+ sudo make testtpm | tee smoketest_make_testtpm.log
+ - uses: actions/upload-artifact@v4
+ with:
+ name: smoketest_make_testtpm
+ path: smoketest_make_testtpm.log
+ retention-days: 30
+ if-no-files-found: error
publish:
needs:
- test_config_load
- test_raid1_install
- test_smoketest_cli
+ - test_encrypted_config_tpm
+ - build_iso
runs-on: ubuntu-24.04
permissions:
contents: write
+ if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
steps:
- uses: actions/checkout@v4
- name: Clone vyos-build source code
@@ -227,19 +270,18 @@ jobs:
shell: bash
run: |
cd vyos-build
- echo "CHANGELOG_COMMIT_build=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT
+ echo "CHANGELOG_COMMIT_VYOS_BUILD=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT
cd ../vyos-1x
- echo "CHANGELOG_COMMIT_1x=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT
+ echo "CHANGELOG_COMMIT_VYOS_1X=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT
- name: "Release publishing: generate changelog for vyos-1x"
- if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
id: generate_changelog_for_vyos-1x
uses: mikepenz/release-changelog-builder-action@v4.1.0
with:
owner: "vyos"
repo: "vyos-1x"
fetchReviewers: false
- fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_1x }}
+ fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_VYOS_1X }}
toTag: HEAD
configurationJson: |
{
@@ -249,14 +291,13 @@ jobs:
}
- name: "Release publishing: generate changelog for vyos-build"
- if: ${{ !inputs.SKIP_RELEASE_PUBLISHING && env.CHANGELOG_COMMIT_build }}
id: generate_changelog_for_vyos-build
uses: mikepenz/release-changelog-builder-action@v4.1.0
with:
owner: "vyos"
repo: "vyos-build"
fetchReviewers: false
- fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_build }}
+ fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_VYOS_BUILD }}
toTag: HEAD
configurationJson: |
{
@@ -266,20 +307,16 @@ jobs:
}
- name: "Release publishing: generate CHANGELOG.md"
- id: generate_changelog_md
- if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
run: |
cat <<EOF > CHANGELOG.md
## vyos-1x
${{ steps.generate_changelog_for_vyos-1x.outputs.changelog }}
## vyos-build
- ${{ steps.generate-build-changelog.outputs.changelog }}
+ ${{ steps.generate_changelog_for_vyos-build.outputs.changelog }}
EOF
cat CHANGELOG.md
- name: "Release publishing: create version.json"
- if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
- id: create_version_json
uses: jsdaniell/create-json@v1.2.3
with:
name: "version.json"
@@ -294,23 +331,23 @@ jobs:
- name: "Release publishing: check if the repository was modified during runtime to prevent autocommit failure"
id: check_if_the_repository_was_modified_during_runtime
- if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
run: |
sudo chown -R $(whoami):$(whoami) ./*
git pull --autostash --rebase
- name: "Release publishing: create autocommit and tag"
- id: create_autocommit_and_tag
- if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
uses: stefanzweifel/git-auto-commit-action@v5
with:
- tagging_message: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
- commit_message: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
+ tagging_message: ${{ needs.build_iso.outputs.build_version }}
+ commit_message: ${{ needs.build_iso.outputs.build_version }}
+ commit_author: "vyosbot <${{ env.BUILD_BY }}>"
+
+ - uses: actions/download-artifact@v4
+ with:
+ name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64
- name: "Release publishing: publish release"
- id: publish_release
- if: github.ref == 'refs/heads/main'
- uses: softprops/action-gh-release@v1
+ uses: softprops/action-gh-release@v2
with:
body_path: CHANGELOG.md
tag_name: ${{ needs.build_iso.outputs.build_version }}
@@ -318,3 +355,20 @@ jobs:
files: |
./vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso
./vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso.minisig
+
+ - uses: Nats-ji/delete-old-releases@v1.0.1
+ with:
+ token: ${{ secrets.CUSTOM_GITHUB_TOKEN }}
+ keep-count: 30
+ keep-old-minor-releases: false
+
+ update_download_page:
+ if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
+ needs:
+ - publish
+ uses: vyos/community.vyos.net/.github/workflows/main.yml@production
+ with:
+ branch: production
+ secrets:
+ NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
+ GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}