name: VyOS rolling nightly build on: schedule: - cron: "0 0 * * *" workflow_dispatch: inputs: BUILD_BY: description: 'Builder identifier (default: autobuild@vyos.net)' default: '' build_version: description: 'Version number (default: 1.5-rolling-ISO8601-TIMESTAMP)' default: '' SKIP_SMOKETEST_RAID1: description: 'Skip RAID1 Test' required: true type: boolean default: false SKIP_SMOKETEST_SYSTEM: description: 'Skip CLI smoketest' required: true type: boolean default: false SKIP_SMOKETEST_CONFIG: description: 'Skip config load test' required: true type: boolean default: false SKIP_SNAPSHOT_S3_UPLOAD: description: 'Skip snapshot upload to S3' required: true type: boolean default: false SKIP_RELEASE_PUBLISHING: description: 'Skip release publishing' required: true type: boolean default: false SKIP_SLACK_NOTIFICATIONS: description: 'Skip Slack notifications' required: true type: boolean default: false SKIP_DOWNLOADS_PAGE_UPDATE: description: 'Skip downloads page update' required: true type: boolean default: false env: BUILD_BY: autobuild@vyos.net DEBIAN_MIRROR: http://deb.debian.org/debian/ VYOS_MIRROR: https://rolling-packages.vyos.net/current/ jobs: build_iso: runs-on: ubuntu-24.04 permissions: contents: write container: image: vyos/vyos-build:current options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged outputs: build_version: ${{ steps.set_env_variables.outputs.build_version }} steps: ### Initialization ### - uses: actions/checkout@v4 - name: "Initialization: set env variables" id: set_env_variables run: | set -x if [ -n "${{ github.event.inputs.BUILD_BY }}" ]; then echo "BUILD_BY=${{ github.event.inputs.BUILD_BY }}" >> $GITHUB_ENV fi if [ -z "${{ github.event.inputs.build_version }}" ]; then echo "build_version=1.5-rolling-$(date -u +%Y%m%d%H%M)" >> $GITHUB_OUTPUT else echo "build_version=${{ github.event.inputs.build_version }}" >> $GITHUB_OUTPUT fi echo "TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_ENV echo "PREVIOUS_SUCCESS_BUILD_TIMESTAMP=$(cat version.json | jq -r '.[0].timestamp')" >> $GITHUB_ENV - name: Clone vyos-build source code uses: actions/checkout@v4 with: repository: vyos/vyos-build path: vyos-build - name: Build generic ISO image id: build_generic_iso run: | cd vyos-build sudo --preserve-env ./build-vyos-image \ --architecture amd64 \ --build-by $BUILD_BY \ --build-type release \ --custom-package vyos-1x-smoketest \ --debian-mirror $DEBIAN_MIRROR \ --version ${{ steps.set_env_variables.outputs.build_version }} \ --vyos-mirror $VYOS_MIRROR \ generic # move artifact one level up for minisign mv build/vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso .. - name: Sign generic ISO image shell: bash run: | echo "${{ secrets.minisign_private_key }}" > /tmp/minisign.key echo ${{ secrets.minisign_password }} | $GITHUB_WORKSPACE/bin/minisign -s /tmp/minisign.key -Sm vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso echo "${{ secrets.minisign_public_key }}" > /tmp/minisign.pub $GITHUB_WORKSPACE/bin/minisign -Vm vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso -x vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso.minisig -p /tmp/minisign.pub rm /tmp/minisign.key /tmp/minisign.pub - uses: actions/upload-artifact@v4 with: name: vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64 path: vyos-${{ steps.set_env_variables.outputs.build_version }}-* retention-days: 30 if-no-files-found: error test_smoketest_cli: needs: build_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_SYSTEM }} container: image: vyos/vyos-build:current options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged steps: # We need the test script from vyos-build repo - name: Clone vyos-build source code uses: actions/checkout@v4 with: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 path: build - name: VyOS CLI smoketests id: test shell: bash run: | set -e ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso sudo make test | tee smoketest_make_test.log - uses: actions/upload-artifact@v4 with: name: smoketest_make_test path: smoketest_make_test.log retention-days: 30 if-no-files-found: error test_config_load: needs: build_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_CONFIG }} container: image: vyos/vyos-build:current options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged steps: # We need the test script from vyos-build repo - name: Clone vyos-build source code uses: actions/checkout@v4 with: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 path: build - name: VyOS config load tests id: test shell: bash run: | set -e ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso sudo make testc | tee smoketest_make_testc.log - uses: actions/upload-artifact@v4 with: name: smoketest_make_testc path: smoketest_make_testc.log retention-days: 30 if-no-files-found: error test_raid1_install: needs: build_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_RAID1 }} container: image: vyos/vyos-build:current options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged steps: # We need the test script from vyos-build repo - name: Clone vyos-build source code uses: actions/checkout@v4 with: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 path: build - name: VyOS RAID1 installation tests id: test shell: bash run: | set -e ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso sudo make testraid | tee smoketest_make_testraid.log - uses: actions/upload-artifact@v4 with: name: smoketest_make_testraid path: smoketest_make_testraid.log retention-days: 30 if-no-files-found: error test_encrypted_config_tpm: needs: build_iso runs-on: ubuntu-24.04 if: ${{ !inputs.SKIP_SMOKETEST_RAID1 }} container: image: vyos/vyos-build:current options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged steps: # We need the test script from vyos-build repo - name: Clone vyos-build source code uses: actions/checkout@v4 with: repository: vyos/vyos-build - uses: actions/download-artifact@v4 with: name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 path: build - name: VyOS TPM encryption tests id: test shell: bash run: | set -e ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso sudo make testtpm | tee smoketest_make_testtpm.log - uses: actions/upload-artifact@v4 with: name: smoketest_make_testtpm path: smoketest_make_testtpm.log retention-days: 30 if-no-files-found: error publish: needs: - test_config_load - test_raid1_install - test_smoketest_cli - test_encrypted_config_tpm - build_iso runs-on: ubuntu-24.04 permissions: contents: write if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} steps: - uses: actions/checkout@v4 - name: Clone vyos-build source code uses: actions/checkout@v4 with: repository: vyos/vyos-build path: vyos-build - name: Clone vyos-1x source code uses: actions/checkout@v4 with: repository: vyos/vyos-1x path: vyos-1x - id: commit_ids shell: bash run: | cd vyos-build echo "CHANGELOG_COMMIT_VYOS_BUILD=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT cd ../vyos-1x echo "CHANGELOG_COMMIT_VYOS_1X=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT - name: "Release publishing: generate changelog for vyos-1x" id: generate_changelog_for_vyos-1x uses: mikepenz/release-changelog-builder-action@v4.1.0 with: owner: "vyos" repo: "vyos-1x" fetchReviewers: false fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_VYOS_1X }} toTag: HEAD configurationJson: | { "categories": [{"title": "", "labels": []}], "template": "#{{CHANGELOG}}", "pr_template": "- #{{TITLE}}\n - PR: vyos/vyos-1x##{{NUMBER}}" } - name: "Release publishing: generate changelog for vyos-build" id: generate_changelog_for_vyos-build uses: mikepenz/release-changelog-builder-action@v4.1.0 with: owner: "vyos" repo: "vyos-build" fetchReviewers: false fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_VYOS_BUILD }} toTag: HEAD configurationJson: | { "categories": [{"title": "", "labels": []}], "template": "#{{CHANGELOG}}", "pr_template": "- #{{TITLE}}\n - PR: vyos/vyos-build##{{NUMBER}}" } - name: "Release publishing: generate CHANGELOG.md" run: | cat < CHANGELOG.md ## vyos-1x ${{ steps.generate_changelog_for_vyos-1x.outputs.changelog }} ## vyos-build ${{ steps.generate_changelog_for_vyos-build.outputs.changelog }} EOF cat CHANGELOG.md - name: "Release publishing: create version.json" uses: jsdaniell/create-json@v1.2.3 with: name: "version.json" json: | [ { "url": "https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64/vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso", "version": "${{ needs.build_iso.outputs.build_version }}", "timestamp": "${{ env.TIMESTAMP }}" } ] - name: "Release publishing: check if the repository was modified during runtime to prevent autocommit failure" id: check_if_the_repository_was_modified_during_runtime run: | sudo chown -R $(whoami):$(whoami) ./* git pull --autostash --rebase - name: "Release publishing: create autocommit and tag" uses: stefanzweifel/git-auto-commit-action@v5 with: tagging_message: ${{ needs.build_iso.outputs.build_version }} commit_message: ${{ needs.build_iso.outputs.build_version }} commit_author: "vyosbot <${{ env.BUILD_BY }}>" - uses: actions/download-artifact@v4 with: name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 - name: "Release publishing: publish release" uses: softprops/action-gh-release@v2 with: body_path: CHANGELOG.md tag_name: ${{ needs.build_iso.outputs.build_version }} fail_on_unmatched_files: true files: | ./vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso ./vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso.minisig - uses: Nats-ji/delete-old-releases@v1.0.1 with: token: ${{ secrets.CUSTOM_GITHUB_TOKEN }} keep-count: 30 keep-old-minor-releases: false