name: VyOS rolling nightly build on: schedule: - cron: "0 0 * * *" workflow_dispatch: inputs: BUILD_BY: description: 'Builder identifier (if empty autobuild@vyos.net is used)' default: 'autobuild@vyos.net' BUILD_VERSION: description: 'Version number (if empty 1.5-rolling-$(date -u +%Y%m%d%H%M) is used)' default: '' SKIP_SMOKETEST_ALL: description: 'Skip all smoketests' required: true type: boolean default: false SKIP_SMOKETEST_RAID1: description: 'Skip RAID1 smoketest' required: true type: boolean default: false SKIP_SNAPSHOT_UPLOAD: description: 'Skip snapshot upload to S3' required: true type: boolean default: false SKIP_RELEASE_PUBLISHING: description: 'Skip release publishing' required: true type: boolean default: false SKIP_SLACK_NOTIFICATIONS: description: 'Skip Slack notifications' required: true type: boolean default: false jobs: build-iso: runs-on: ubuntu-latest permissions: contents: write concurrency: group: main env: BUILD_BY: autobuild@vyos.net DEBIAN_MIRROR: http://deb.debian.org/debian/ SMOKETEST_RAID_COMMAND: 'docker run --rm --privileged -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current sudo make testraid' VYOS_MIRROR: https://rolling-packages.vyos.net/current/ steps: ### Initialization ### - uses: actions/checkout@v4 - name: Set env variables id: set_env_vars run: | if [ -n "${{ github.event.inputs.BUILD_BY }}" ]; then echo "BUILD_BY=${{ github.event.inputs.BUILD_BY }}" >> $GITHUB_ENV fi if [ -z "${{ github.event.inputs.BUILD_VERSION }}" ]; then echo "BUILD_VERSION=1.5-rolling-$(date -u +%Y%m%d%H%M)" >> $GITHUB_ENV else echo "BUILD_VERSION=${{ github.event.inputs.BUILD_VERSION }}" >> $GITHUB_ENV fi if [ "${{ github.event.inputs.SKIP_SMOKETEST_RAID1 }}" == "true" ]; then echo "SMOKETEST_RAID_COMMAND=" >> $GITHUB_ENV fi echo "TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_ENV echo "PREVIOUS_SUCCESS_BUILD_TIMESTAMP=$(cat version.json | jq -r '.[0].timestamp')" >> $GITHUB_ENV - name: Git clone vyos-build run: git clone -b current --single-branch https://github.com/vyos/vyos-build - name: Git clone vyos-1x if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} run: git clone -b current --single-branch https://github.com/vyos/vyos-1x ### Smoketest ### - name: Build ISO (for Smoketest) if: ${{ !inputs.SKIP_SMOKETEST_ALL }} run: | docker run --rm --privileged -v ./vyos-build/:/vyos -w /vyos vyos/vyos-build:current sudo --preserve-env ./build-vyos-image \ --architecture amd64 \ --build-by $BUILD_BY \ --build-type release \ --custom-package vyos-1x-smoketest \ --debian-mirror $DEBIAN_MIRROR \ --version $BUILD_VERSION \ --vyos-mirror $VYOS_MIRROR \ iso - name: Upload ISO artifact (Smoketest image) if: ${{ !inputs.SKIP_SMOKETEST_ALL }} uses: actions/upload-artifact@v3 with: name: vyos-${{ env.BUILD_VERSION }}-amd64-smoketest.iso path: ./vyos-build/build/live-image-amd64.hybrid.iso retention-days: 30 if-no-files-found: error - name: Run smoketest if: ${{ !inputs.SKIP_SMOKETEST_ALL }} id: smoketests uses: cross-the-world/ssh-scp-ssh-pipelines@latest env: BUILD_VERSION: ${{ env.BUILD_VERSION }} with: host: ${{ secrets.SSH_HOST }} user: ${{ secrets.SSH_USER }} port: ${{ secrets.SSH_PORT }} key: ${{ secrets.SSH_KEY }} connect_timeout: 999s first_ssh: | rm -rf vyos-build || true git clone -b current --single-branch https://github.com/vyos/vyos-build mkdir -p ~/vyos-build/build/ scp: | './vyos-build/build/live-image-amd64.hybrid.iso' => '~/vyos-build/build/' last_ssh: | ${{ env.SMOKETEST_RAID_COMMAND }} docker run --rm --privileged -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current sudo make test docker run --rm --privileged -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current sudo make testc docker run --rm --privileged -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current sudo rm -rf ./* rm -rf ~/vyos-build timeout-minutes: 300 ### Building ISO ### - name: Build ISO run: | docker run --rm --privileged -v ./vyos-build/:/vyos -w /vyos vyos/vyos-build:current sudo --preserve-env ./build-vyos-image \ --architecture amd64 \ --build-by $BUILD_BY \ --build-type release \ --debian-mirror $DEBIAN_MIRROR \ --version $BUILD_VERSION \ --vyos-mirror $VYOS_MIRROR \ iso - name: Copy ISO run: | cp ./vyos-build/build/live-image-amd64.hybrid.iso ./vyos-$BUILD_VERSION-amd64.iso - name: Sign ISO (Minisign) run: | echo 'untrusted comment: minisign encrypted secret key' > minisign.key echo $minisign_key >> minisign.key shasum minisign.key echo $minisign_password | $GITHUB_WORKSPACE/bin/minisign -s minisign.key -Sm ./vyos-$BUILD_VERSION-amd64.iso $GITHUB_WORKSPACE/bin/minisign -Vm ./vyos-$BUILD_VERSION-amd64.iso -x ./vyos-$BUILD_VERSION-amd64.iso.minisig -p $GITHUB_WORKSPACE/minisign.pub env: minisign_key: ${{ secrets.minisign_key }} minisign_password: ${{ secrets.minisign_password }} ### Uploading artifacts ### - name: Upload ISO to S3 Glacier if: ${{ !inputs.SKIP_SNAPSHOT_UPLOAD }} uses: keithweaver/aws-s3-github-action@v1.0.0 with: command: cp source: ./vyos-${{ env.BUILD_VERSION }}-amd64.iso destination: s3://${{ secrets.aws_s3_bucket }}/vyos-${{ env.BUILD_VERSION }}-amd64.iso aws_access_key_id: ${{ secrets.aws_access_key_id }} aws_secret_access_key: ${{ secrets.aws_secret_access_key }} aws_region: us-east-1 flags: --storage-class GLACIER - name: Upload ISO's signature to S3 Glacier if: ${{ !inputs.SKIP_SNAPSHOT_UPLOAD }} uses: keithweaver/aws-s3-github-action@v1.0.0 with: command: cp source: ./vyos-${{ env.BUILD_VERSION }}-amd64.iso.minisig destination: s3://${{ secrets.aws_s3_bucket }}/vyos-${{ env.BUILD_VERSION }}-amd64.iso.minisig aws_access_key_id: ${{ secrets.aws_access_key_id }} aws_secret_access_key: ${{ secrets.aws_secret_access_key }} aws_region: us-east-1 flags: --storage-class GLACIER - name: Upload ISO artifact uses: actions/upload-artifact@v3 with: name: vyos-${{ env.BUILD_VERSION }}-amd64.iso path: ./vyos-${{ env.BUILD_VERSION }}-amd64.iso retention-days: 30 if-no-files-found: error - name: Upload ISO's Minisign artifact uses: actions/upload-artifact@v3 with: name: vyos-${{ env.BUILD_VERSION }}-amd64.iso.minisig path: ./vyos-${{ env.BUILD_VERSION }}-amd64.iso.minisig retention-days: 30 if-no-files-found: error ### Release publishing ### - name: Retrieve the latest success build for vyos-build and vyos-1x if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} run: | cd ./vyos-build echo "CHANGELOG_COMMIT_build=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_ENV cd ../vyos-1x echo "CHANGELOG_COMMIT_1x=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_ENV env: GH_TOKEN: ${{ github.token }} - name: Generate changelog for vyos-1x if: ${{ !inputs.SKIP_RELEASE_PUBLISHING && env.CHANGELOG_COMMIT_1x != '' }} id: generate-1x-changelog uses: mikepenz/release-changelog-builder-action@v4.1.0 with: owner: "vyos" repo: "vyos-1x" fetchReviewers: false fromTag: ${{ env.CHANGELOG_COMMIT_1x }} toTag: HEAD configurationJson: | { "categories": [{"title": "", "labels": []}], "template": "#{{CHANGELOG}}", "pr_template": "- #{{TITLE}}\n - PR: vyos/vyos-1x##{{NUMBER}}" } - name: Generate changelog for vyos-build if: ${{ !inputs.SKIP_RELEASE_PUBLISHING && env.CHANGELOG_COMMIT_build != '' }} id: generate-build-changelog uses: mikepenz/release-changelog-builder-action@v4.1.0 with: owner: "vyos" repo: "vyos-build" fetchReviewers: false fromTag: ${{ env.CHANGELOG_COMMIT_build }} toTag: HEAD configurationJson: | { "categories": [{"title": "", "labels": []}], "template": "#{{CHANGELOG}}", "pr_template": "- #{{TITLE}}\n - PR: vyos/vyos-build##{{NUMBER}}" } - name: Fix files and directories permissions to do checkout if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} run: | sudo chown -R $(whoami):$(whoami) ./* - uses: actions/checkout@v4 # If someone pushes commit to this repo while building process the workflow would fall on autocommit step. There is a fix. if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} - name: Generate CHANGELOG.md if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} run: | cat < CHANGELOG.md ## vyos-1x ${{ steps.generate-1x-changelog.outputs.changelog }} ## vyos-build ${{ steps.generate-build-changelog.outputs.changelog }} EOF cat CHANGELOG.md - name: Create version.json if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} id: create-json uses: jsdaniell/create-json@v1.2.2 with: name: "version.json" json: | [ { "url": "https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/${{ env.BUILD_VERSION }}/vyos-${{ env.BUILD_VERSION }}-amd64.iso", "version": "${{ env.BUILD_VERSION }}", "timestamp": "${{ env.TIMESTAMP }}" } ] - name: Create autocommit and tag if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} uses: stefanzweifel/git-auto-commit-action@v4 with: tagging_message: ${{ env.BUILD_VERSION }} commit_message: ${{ env.BUILD_VERSION }} - name: Publish release if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} uses: softprops/action-gh-release@v1 with: body_path: CHANGELOG.md tag_name: ${{ env.BUILD_VERSION }} fail_on_unmatched_files: true files: | ./vyos-${{ env.BUILD_VERSION }}-amd64.iso ./vyos-${{ env.BUILD_VERSION }}-amd64.iso.minisig - name: Remove old releases if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} uses: dev-drprasad/delete-older-releases@v0.2.1 with: keep_latest: 30 delete_tags: true env: GITHUB_TOKEN: ${{ secrets.CUSTOM_GITHUB_TOKEN }} ### Slack notification ### - name: Send Slack notification on workflow failure to Sentrium if: failure() && !inputs.SKIP_SLACK_NOTIFICATIONS uses: slackapi/slack-github-action@v1.24.0 with: payload: | { "text": "Repository: *${{ github.repository }}*\nWorkflow: ${{ github.workflow }}\nTrigger: ${{ github.event_name }}\nCommit: ${{ github.sha }}\nWorkflow result: ${{ job.status }}\nSmoketests result: ${{ steps.smoketests.conclusion }}\nURL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" } env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - name: Send Slack notification on smoketests failure to VyOS if: failure() && !inputs.SKIP_SLACK_NOTIFICATIONS uses: slackapi/slack-github-action@v1.24.0 with: payload: | { "text": "*VyOS nightly build has been failed*", "attachments": [ { "color": "FF0000", "fields": [ { "title": "Repository", "short": true, "value": "${{ github.repository }}" }, { "title": "Workflow", "short": true, "value": "${{ github.workflow }}" }, { "title": "Trigger", "short": true, "value": "${{ github.event_name }}" }, { "title": "Smoketests result", "short": true, "value": "${{ steps.smoketests.outcome }}" }, { "title": "URL", "short": false, "value": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" } ] } ] } env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_FOR_MAINTEINERS }} SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK update-downloads-page: needs: build-iso uses: vyos/community.vyos.net/.github/workflows/main.yml@production secrets: NETLIFY_SITE_NAME: ${{ secrets.NETLIFY_SITE_NAME }} NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} SOUPAULT_PROFILE: ${{ secrets.SOUPAULT_PROFILE }} GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}