name: VyOS rolling nightly build on: schedule: - cron: "0 0 * * *" workflow_dispatch: jobs: build-iso: runs-on: ubuntu-latest permissions: contents: write steps: - name: Set VyOS version id: set_vyos_version run: | echo "VYOS_VERSION=1.5-rolling-$(date -u +%Y%m%d%H%M)" >> $GITHUB_ENV - uses: actions/checkout@v3 - name: Update latest_build.txt run: echo $(date -u +%Y%m%d%H%M) > $GITHUB_WORKSPACE/latest_build.txt - name: Create autocommit and tag uses: stefanzweifel/git-auto-commit-action@v4 with: tagging_message: ${{ env.VYOS_VERSION }} commit_message: ${{ env.VYOS_VERSION }} - name: Git clone vyos-build run: git clone -b current --single-branch https://github.com/vyos/vyos-build - name: Build ISO (for Smoketests) run: | docker run --rm --privileged -v ./vyos-build/:/vyos -w /vyos vyos/vyos-build:current sudo --preserve-env ./build-vyos-image --architecture amd64 --build-by "autobuild@vyos.net" --vyos-mirror https://rolling-packages.vyos.net/current/ --debian-mirror http://deb.debian.org/debian/ --build-type release --custom-package vyos-1x-smoketest --version "${VYOS_VERSION}" iso - name: Run smoketests id: smoketests uses: cross-the-world/ssh-scp-ssh-pipelines@latest env: VYOS_VERSION: ${{ env.VYOS_VERSION }} with: host: ${{ secrets.SSH_HOST }} user: ${{ secrets.SSH_USER }} port: ${{ secrets.SSH_PORT }} key: ${{ secrets.SSH_KEY }} connect_timeout: 10s first_ssh: | rm -rf vyos-build || true git clone -b current --single-branch https://github.com/vyos/vyos-build mkdir -p ~/vyos-build/build/ scp: | './vyos-build/build/live-image-amd64.hybrid.iso' => '~/vyos-build/build/' last_ssh: | docker run --rm --privileged -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current sudo make test docker run --rm --privileged -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current sudo make testc docker run --rm --privileged -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current sudo rm -rf ./* rm -rf ~/vyos-build - name: Build ISO run: | docker run --rm --privileged -v ./vyos-build/:/vyos -w /vyos vyos/vyos-build:current sudo --preserve-env ./build-vyos-image --architecture amd64 --build-by "autobuild@vyos.net" --vyos-mirror https://rolling-packages.vyos.net/current/ --debian-mirror http://deb.debian.org/debian/ --build-type release --version "${VYOS_VERSION}" iso - name: Copy ISO run: | cp ./vyos-build/build/live-image-amd64.hybrid.iso ./vyos-$VYOS_VERSION-amd64.iso - name: Sign ISO (Minisign) run: | echo 'untrusted comment: minisign encrypted secret key' > minisign.key echo $minisign_key >> minisign.key shasum minisign.key echo $minisign_password | $GITHUB_WORKSPACE/bin/minisign -s minisign.key -Sm ./vyos-$VYOS_VERSION-amd64.iso $GITHUB_WORKSPACE/bin/minisign -Vm ./vyos-$VYOS_VERSION-amd64.iso -x ./vyos-$VYOS_VERSION-amd64.iso.minisig -p $GITHUB_WORKSPACE/minisign.pub env: minisign_key: ${{ secrets.minisign_key }} minisign_password: ${{ secrets.minisign_password }} - name: Upload ISO to S3 Glacier uses: keithweaver/aws-s3-github-action@v1.0.0 with: command: cp source: ./vyos-${{ env.VYOS_VERSION }}-amd64.iso destination: s3://${{ secrets.aws_s3_bucket }}/vyos-${{ env.VYOS_VERSION }}-amd64.iso aws_access_key_id: ${{ secrets.aws_access_key_id }} aws_secret_access_key: ${{ secrets.aws_secret_access_key }} aws_region: us-east-1 flags: --storage-class GLACIER - name: Upload ISO's signature to S3 Glacier uses: keithweaver/aws-s3-github-action@v1.0.0 with: command: cp source: ./vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig destination: s3://${{ secrets.aws_s3_bucket }}/vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig aws_access_key_id: ${{ secrets.aws_access_key_id }} aws_secret_access_key: ${{ secrets.aws_secret_access_key }} aws_region: us-east-1 flags: --storage-class GLACIER - name: Upload ISO artifact uses: actions/upload-artifact@v3 with: name: vyos-${{ env.VYOS_VERSION }}-amd64.iso path: ./vyos-${{ env.VYOS_VERSION }}-amd64.iso retention-days: 30 if-no-files-found: error - name: Upload ISO's Minisign artifact uses: actions/upload-artifact@v3 with: name: vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig path: ./vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig retention-days: 30 if-no-files-found: error - name: Publish release uses: softprops/action-gh-release@v1 with: tag_name: ${{ env.VYOS_VERSION }} fail_on_unmatched_files: true files: | ./vyos-${{ env.VYOS_VERSION }}-amd64.iso ./vyos-${{ env.VYOS_VERSION }}-amd64.iso.minisig - name: Remove old releases uses: dev-drprasad/delete-older-releases@v0.2.1 with: keep_latest: 30 delete_tags: true env: GITHUB_TOKEN: ${{ secrets.CUSTOM_GITHUB_TOKEN }} - name: Send Slack notification on workflow failure to Sentrium if: failure() uses: slackapi/slack-github-action@v1.24.0 with: payload: | { "text": "Repository: *${{ github.repository }}*\nWorkflow: ${{ github.workflow }}\nTrigger: ${{ github.event_name }}\nCommit: ${{ github.sha }}\nWorkflow result: ${{ job.status }}\nSmoketests result: ${{ steps.smoketests.conclusion }}\nURL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" } env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - name: Send Slack notification on smoketests failure to VyOS if: failure() uses: slackapi/slack-github-action@v1.24.0 with: payload: | { "text": "*VyOS nightly build has been failed*", "attachments": [ { "color": "FF0000", "fields": [ { "title": "Repository", "short": true, "value": "${{ github.repository }}" }, { "title": "Workflow", "short": true, "value": "${{ github.workflow }}" }, { "title": "Trigger", "short": true, "value": "${{ github.event_name }}" }, { "title": "Smoketests result", "short": true, "value": "${{ steps.smoketests.outcome }}" }, { "title": "URL", "short": false, "value": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" } ] } ] } env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_FOR_MAINTEINERS }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK update-downloads-page: needs: build-iso uses: vyos/community.vyos.net/.github/workflows/main.yml@production secrets: NETLIFY_SITE_NAME: ${{ secrets.NETLIFY_SITE_NAME }} NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} SOUPAULT_PROFILE: ${{ secrets.SOUPAULT_PROFILE }} GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}