diff options
| -rw-r--r-- | .github/workflows/vyos-rolling-nightly-build.yml | 91 | ||||
| -rwxr-xr-x | bin/minisign | bin | 0 -> 239496 bytes | |||
| -rw-r--r-- | latest_build.txt | 1 | ||||
| -rw-r--r-- | minisign.pub | 2 |
4 files changed, 94 insertions, 0 deletions
diff --git a/.github/workflows/vyos-rolling-nightly-build.yml b/.github/workflows/vyos-rolling-nightly-build.yml new file mode 100644 index 0000000..aca2742 --- /dev/null +++ b/.github/workflows/vyos-rolling-nightly-build.yml @@ -0,0 +1,91 @@ +name: VyOS rolling nightly build + +on: + schedule: + - cron: "0 0 * * *" + + workflow_dispatch: + +env: + minisign_key: ${{ secrets.minisign_key }} + minisign_password: ${{ secrets.minisign_password }} + +jobs: + build-iso: + runs-on: ubuntu-latest + permissions: + contents: write + steps: + + - name: Set VyOS version + id: set_vyos_version + run: | + echo "VYOS_VERSION=1.4-rolling-$(date -u +%Y%m%d%H%M)" >> $GITHUB_ENV + + - uses: actions/checkout@v3 + + - name: Update latest_build.txt + run: echo $(date -u +%Y%m%d%H%M) > $GITHUB_WORKSPACE/latest_build.txt + + - name: Create autocommit and tag + uses: stefanzweifel/git-auto-commit-action@v4 + with: + tagging_message: ${{ env.VYOS_VERSION }} + commit_message: ${{ env.VYOS_VERSION }} + + - name: Git clone vyos-build + run: git clone -b current --single-branch https://github.com/vyos/vyos-build + + - name: Build ISO + run: | + docker run --rm --privileged -v ./vyos-build/:/vyos -w /vyos vyos/vyos-build:current sudo --preserve-env ./build-vyos-image --architecture amd64 --build-by "autobuild@vyos.net" --debian-mirror http://deb.debian.org/debian/ --build-type release --version "${VYOS_VERSION}" iso + + # - name: Debug + # run: | + # mkdir -p ./vyos-build/build/ + # echo "TEST" > ./vyos-build/build/live-image-amd64.hybrid.iso + + - name: Copy ISO + run: | + cp ./vyos-build/build/live-image-amd64.hybrid.iso ./vyos-$VYOS_VERSION-amd64.iso + + - name: Sign ISO (Minisign) + run: | + echo 'untrusted comment: minisign encrypted secret key' > minisign.key + echo $minisign_key >> minisign.key + shasum minisign.key + echo $minisign_password | $GITHUB_WORKSPACE/bin/minisign -s minisign.key -Sm ./vyos-$VYOS_VERSION-amd64.iso + $GITHUB_WORKSPACE/bin/minisign -Vm ./vyos-$VYOS_VERSION-amd64.iso -x ./vyos-$VYOS_VERSION-amd64.iso.minisig -p $GITHUB_WORKSPACE/minisign.pub + + - name: Upload ISO artifact + uses: actions/upload-artifact@v3 + with: + name: vyos-${{ env.VYOS_VERSION }}-amd64.iso + path: ./vyos-${{ env.VYOS_VERSION }}-amd64.iso + retention-days: 30 + if-no-files-found: error + + - name: Upload ISO's Minisign artifact + uses: actions/upload-artifact@v3 + with: + name: vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig + path: ./vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig + retention-days: 30 + if-no-files-found: error + + - name: Publish release + uses: softprops/action-gh-release@v1 + with: + tag_name: ${{ env.VYOS_VERSION }} + fail_on_unmatched_files: true + files: | + ./vyos-${{ env.VYOS_VERSION }}-amd64.iso + ./vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig + + - name: Remove old releases + uses: dev-drprasad/delete-older-releases@v0.2.1 + with: + keep_latest: 30 + delete_tags: true + env: + GITHUB_TOKEN: ${{ secrets.CUSTOM_GITHUB_TOKEN }}
\ No newline at end of file diff --git a/bin/minisign b/bin/minisign Binary files differnew file mode 100755 index 0000000..031e153 --- /dev/null +++ b/bin/minisign diff --git a/latest_build.txt b/latest_build.txt new file mode 100644 index 0000000..0280c54 --- /dev/null +++ b/latest_build.txt @@ -0,0 +1 @@ +202308111727 diff --git a/minisign.pub b/minisign.pub new file mode 100644 index 0000000..25e05f5 --- /dev/null +++ b/minisign.pub @@ -0,0 +1,2 @@ +untrusted comment: minisign public key 8A5A5BB2CB00584E +RWROWADLsltaihFzgkFaTAHe7NgkTiiEbdLm6oeX+fCDrsylq1mCQKtm |