From 13b4df252141962847315ce016024ec88d6e8215 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 31 Jul 2024 10:26:37 +0200 Subject: Use public GitHub runners for build process --- .github/workflows/vyos-rolling-nightly-build.yml | 160 +++++++++++++++-------- 1 file changed, 107 insertions(+), 53 deletions(-) diff --git a/.github/workflows/vyos-rolling-nightly-build.yml b/.github/workflows/vyos-rolling-nightly-build.yml index a12fbb0..34dc1d7 100644 --- a/.github/workflows/vyos-rolling-nightly-build.yml +++ b/.github/workflows/vyos-rolling-nightly-build.yml @@ -52,7 +52,6 @@ env: BUILD_BY: autobuild@vyos.net DEBIAN_MIRROR: http://deb.debian.org/debian/ VYOS_MIRROR: https://rolling-packages.vyos.net/current/ - DOCKER_CALL_ON_KVM_HOST_WITH_IMAGE_PULL: docker run --rm --privileged --pull=always -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current jobs: build_iso: @@ -107,12 +106,10 @@ jobs: - name: Sign generic ISO image shell: bash run: | - ls -al echo "${{ secrets.minisign_private_key }}" > /tmp/minisign.key echo ${{ secrets.minisign_password }} | $GITHUB_WORKSPACE/bin/minisign -s /tmp/minisign.key -Sm vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso echo "${{ secrets.minisign_public_key }}" > /tmp/minisign.pub $GITHUB_WORKSPACE/bin/minisign -Vm vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso -x vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso.minisig -p /tmp/minisign.pub - ls -al rm /tmp/minisign.key /tmp/minisign.pub - uses: actions/upload-artifact@v4 @@ -126,6 +123,9 @@ jobs: needs: build_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_SYSTEM }} + container: + image: vyos/vyos-build:current + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged steps: # We need the test script from vyos-build repo - name: Clone vyos-build source code @@ -137,22 +137,26 @@ jobs: name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 path: build - name: VyOS CLI smoketests - uses: appleboy/ssh-action@v1.0.3 + id: test + shell: bash + run: | + set -e + ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso + sudo make test | tee smoketest_make_test.log + - uses: actions/upload-artifact@v4 with: - host: ${{ secrets.SSH_HOST }} - username: ${{ secrets.SSH_USER }} - port: ${{ secrets.SSH_PORT }} - key: ${{ secrets.SSH_KEY }} - timeout: 15m - command_timeout: 180m - script_stop: true - script: | - ${{ env.DOCKER_CALL_ON_KVM_HOST_WITH_IMAGE_PULL }} /bin/bash -c "sudo make test | tee smoketest_system.log" + name: smoketest_make_test + path: smoketest_make_test.log + retention-days: 30 + if-no-files-found: error test_config_load: needs: build_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_CONFIG }} + container: + image: vyos/vyos-build:current + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged steps: # We need the test script from vyos-build repo - name: Clone vyos-build source code @@ -164,22 +168,26 @@ jobs: name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 path: build - name: VyOS config load tests - uses: appleboy/ssh-action@v1.0.3 + id: test + shell: bash + run: | + set -e + ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso + sudo make testc | tee smoketest_make_testc.log + - uses: actions/upload-artifact@v4 with: - host: ${{ secrets.SSH_HOST }} - username: ${{ secrets.SSH_USER }} - port: ${{ secrets.SSH_PORT }} - key: ${{ secrets.SSH_KEY }} - timeout: 15m - command_timeout: 180m - script_stop: true - script: | - ${{ env.DOCKER_CALL_ON_KVM_HOST_WITH_IMAGE_PULL }} /bin/bash -c "sudo make testc | tee smoketest_configuration.log" + name: smoketest_make_testc + path: smoketest_make_testc.log + retention-days: 30 + if-no-files-found: error test_raid1_install: needs: build_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_RAID1 }} + container: + image: vyos/vyos-build:current + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged steps: # We need the test script from vyos-build repo - name: Clone vyos-build source code @@ -190,27 +198,62 @@ jobs: with: name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 path: build - - name: RAID1 installation tests - uses: appleboy/ssh-action@v1.0.3 + - name: VyOS RAID1 installation tests + id: test + shell: bash + run: | + set -e + ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso + sudo make testraid | tee smoketest_make_testraid.log + - uses: actions/upload-artifact@v4 with: - host: ${{ secrets.SSH_HOST }} - username: ${{ secrets.SSH_USER }} - port: ${{ secrets.SSH_PORT }} - key: ${{ secrets.SSH_KEY }} - timeout: 15m - command_timeout: 180m - script_stop: true - script: | - ${{ env.DOCKER_CALL_ON_KVM_HOST_WITH_IMAGE_PULL }} /bin/bash -c "set -o pipefail && sudo make testraid | tee smoketest_raid.log" + name: smoketest_make_testraid + path: smoketest_make_testraid.log + retention-days: 30 + if-no-files-found: error + + test_encrypted_config_tpm: + needs: build_iso + runs-on: ubuntu-24.04 + if: ${{ !inputs.SKIP_SMOKETEST_RAID1 }} + container: + image: vyos/vyos-build:current + options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged + steps: + # We need the test script from vyos-build repo + - name: Clone vyos-build source code + uses: actions/checkout@v4 + with: + repository: vyos/vyos-build + - uses: actions/download-artifact@v4 + with: + name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 + path: build + - name: VyOS TPM encryption tests + id: test + shell: bash + run: | + set -e + ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso + sudo make testtpm | tee smoketest_make_testtpm.log + - uses: actions/upload-artifact@v4 + with: + name: smoketest_make_testtpm + path: smoketest_make_testtpm.log + retention-days: 30 + if-no-files-found: error publish: needs: - test_config_load - test_raid1_install - test_smoketest_cli + - test_encrypted_config_tpm + - build_iso runs-on: ubuntu-24.04 permissions: contents: write + if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} steps: - uses: actions/checkout@v4 - name: Clone vyos-build source code @@ -227,19 +270,18 @@ jobs: shell: bash run: | cd vyos-build - echo "CHANGELOG_COMMIT_build=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT + echo "CHANGELOG_COMMIT_VYOS_BUILD=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT cd ../vyos-1x - echo "CHANGELOG_COMMIT_1x=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT + echo "CHANGELOG_COMMIT_VYOS_1X=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT - name: "Release publishing: generate changelog for vyos-1x" - if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} id: generate_changelog_for_vyos-1x uses: mikepenz/release-changelog-builder-action@v4.1.0 with: owner: "vyos" repo: "vyos-1x" fetchReviewers: false - fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_1x }} + fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_VYOS_1X }} toTag: HEAD configurationJson: | { @@ -249,14 +291,13 @@ jobs: } - name: "Release publishing: generate changelog for vyos-build" - if: ${{ !inputs.SKIP_RELEASE_PUBLISHING && env.CHANGELOG_COMMIT_build }} id: generate_changelog_for_vyos-build uses: mikepenz/release-changelog-builder-action@v4.1.0 with: owner: "vyos" repo: "vyos-build" fetchReviewers: false - fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_build }} + fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_VYOS_BUILD }} toTag: HEAD configurationJson: | { @@ -266,20 +307,16 @@ jobs: } - name: "Release publishing: generate CHANGELOG.md" - id: generate_changelog_md - if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} run: | cat < CHANGELOG.md ## vyos-1x ${{ steps.generate_changelog_for_vyos-1x.outputs.changelog }} ## vyos-build - ${{ steps.generate-build-changelog.outputs.changelog }} + ${{ steps.generate_changelog_for_vyos-build.outputs.changelog }} EOF cat CHANGELOG.md - name: "Release publishing: create version.json" - if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} - id: create_version_json uses: jsdaniell/create-json@v1.2.3 with: name: "version.json" @@ -294,23 +331,23 @@ jobs: - name: "Release publishing: check if the repository was modified during runtime to prevent autocommit failure" id: check_if_the_repository_was_modified_during_runtime - if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} run: | sudo chown -R $(whoami):$(whoami) ./* git pull --autostash --rebase - name: "Release publishing: create autocommit and tag" - id: create_autocommit_and_tag - if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} uses: stefanzweifel/git-auto-commit-action@v5 with: - tagging_message: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 - commit_message: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 + tagging_message: ${{ needs.build_iso.outputs.build_version }} + commit_message: ${{ needs.build_iso.outputs.build_version }} + commit_author: "vyosbot <${{ env.BUILD_BY }}>" + + - uses: actions/download-artifact@v4 + with: + name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 - name: "Release publishing: publish release" - id: publish_release - if: github.ref == 'refs/heads/main' - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 with: body_path: CHANGELOG.md tag_name: ${{ needs.build_iso.outputs.build_version }} @@ -318,3 +355,20 @@ jobs: files: | ./vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso ./vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso.minisig + + - uses: Nats-ji/delete-old-releases@v1.0.1 + with: + token: ${{ secrets.CUSTOM_GITHUB_TOKEN }} + keep-count: 30 + keep-old-minor-releases: false + + update_download_page: + if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} + needs: + - publish + uses: vyos/community.vyos.net/.github/workflows/main.yml@production + with: + branch: production + secrets: + NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} + GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} -- cgit v1.2.3