artifact-image-complete-matrix #60
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # template file: 050.single_header.yaml | |
| #name: "Build All Artifacts/Images" | |
| name: "artifact-image-complete-matrix" | |
| on: | |
| # schedule: | |
| # - cron: '0 1 * * *' # Scheduled runs every day at 2am UTC | |
| workflow_dispatch: | |
| inputs: | |
| skipImages: | |
| description: 'Skip building images? no = build images, yes = skip images' | |
| required: true | |
| options: [ 'no' , 'yes' ] | |
| type: choice | |
| nightly: # This is passed as BETA=yes or BETA=no, to prepare step, and to reprepro steps. it affects output/debs vs output/debs-beta | |
| description: 'BETA/nightly? yes = nightly, no = stable' | |
| required: true | |
| options: [ 'no', 'yes' ] | |
| type: choice | |
| checkOci: | |
| description: 'Check OCI for existing artifacts? yes = check OCI, no = always build everything' | |
| required: true | |
| options: [ 'no', 'yes' ] | |
| type: choice | |
| skipCustomRepo: | |
| description: 'Skip custom repo? yes = skip custom repo, no = use custom repo' | |
| required: true | |
| options: [ 'yes', 'no' ] | |
| type: choice | |
| extraParamsAllBuilds: | |
| description: 'Extra params for all builds/jobs (prepare/artifact/image) (eg: DEBUG=yes)' | |
| required: false | |
| default: '' | |
| type: string | |
| targetsFilterInclude: | |
| description: 'TARGETS_FILTER_INCLUDE, example: "BOARD:odroidhc4,BOARD:odroidn2"' | |
| required: false | |
| default: '' | |
| type: string | |
| env: | |
| # For easier reuse across the multiple chunks ('armbian/build' repo) | |
| BUILD_REPOSITORY: "armbian/build" | |
| BUILD_REF: "main" # branch or tag or sha1 | |
| # For easier reuse across the multiple chunks ('armbian/os' repo) | |
| USERPATCHES_REPOSITORY: "airframesio/airwaves-os" | |
| USERPATCHES_REF: "main" # branch or tag or sha1 | |
| USERPATCHES_DIR: "armbian/armbian-userpatches" # folder inside USERPATCHES_REPOSITORY | |
| # Armbian envs. Adjust to your needs. | |
| OCI_TARGET_BASE: "ghcr.io/${{ github.repository }}/" # This is picked up by the Docker launcher automatically. It does _not_ override the targets.yaml during info resolution. | |
| DOCKER_ARMBIAN_BASE_COORDINATE_PREFIX: "ghcr.io/${{ github.repository }}:armbian-next-" # Use Docker image in same repo | |
| DOCKER_SKIP_UPDATE: "yes" # Do not apt update/install/requirements/etc during Dockerfile build, trust DOCKER_ARMBIAN_BASE_COORDINATE_PREFIX's images are up-to-date | |
| # Added to every build, even the prepare job. | |
| EXTRA_PARAMS_ALL_BUILDS: "SHARE_LOG=yes ${{ github.event.inputs.extraParamsAllBuilds }}" | |
| # Added to every image build arguments. | |
| EXTRA_PARAMS_IMAGE: "'DONT_BUILD_ARTIFACTS=any' COMPRESS_OUTPUTIMAGE=xz SHOW_DEBIAN=yes SKIP_CUSTOM_REPO=${{github.event.inputs.skipCustomRepo}}" # IMAGE_VERSION is individually added at the build step. | |
| jobs: | |
| matrix_prep: | |
| name: "JSON matrix: 1/1 :: 1 artifact chunks, 1 image chunks" | |
| if: ${{ github.repository_owner == 'airframesio' }} | |
| runs-on: [ "self-hosted", "Linux", 'armbian', "matrix-prepare" ] | |
| steps: | |
| #- name: Runner clean | |
| # uses: armbian/actions/runner-clean@main | |
| # prepare and output with the date. there are two so we can be independent regarding GH release name vs REVISION | |
| - name: "Prepare date-based release outputs" | |
| id: prepare-date-outputs | |
| run: | | |
| echo "images_release=$(date +%y.%m.%d)-airframesio-${{ github.run_number }}" >> $GITHUB_OUTPUT | |
| echo "revision_release=$(date +%y.%m.%d)-airframesio-${{ github.run_number }}" >> $GITHUB_OUTPUT | |
| # cleanup the place where we will clone the userpatches repo, to avoid git going insane and cleaning everything later | |
| - name: Cleanup userpatches repo | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| run: rm -rf userpatches.repo | |
| - name: Checkout build repo | |
| uses: actions/checkout@v3 # We don't need to clone git, really. A wget would suffice for GH-hosted runners. But using clone is better for Igor-hosted runners. | |
| with: | |
| repository: ${{ env.BUILD_REPOSITORY }} | |
| ref: ${{ env.BUILD_REF }} | |
| fetch-depth: 0 # fetch all history; much faster for self-hosted runners | |
| clean: false # true is default. it *will* delete the hosts /dev if mounted inside. | |
| - name: "grab the sha1 of the latest commit of the build repo ${{ env.BUILD_REPOSITORY }}#${{ env.BUILD_REF }}" | |
| id: latest-commit | |
| run: echo "sha1=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| # clone the userpatches repo (`armbian/os`) | |
| - name: "Checkout userpatches repo: ${{env.USERPATCHES_REPOSITORY}}#${{env.USERPATCHES_REF}}" | |
| uses: actions/checkout@v3 | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| with: | |
| repository: ${{ env.USERPATCHES_REPOSITORY }} | |
| ref: ${{ env.USERPATCHES_REF }} | |
| fetch-depth: 0 # fetch all history; much faster for self-hosted runners | |
| clean: false # true is default. | |
| path: userpatches.repo | |
| - name: "Put userpatches in place, and remove userpatches repo" | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| run: | | |
| mkdir -pv userpatches | |
| rsync -av userpatches.repo/${{env.USERPATCHES_DIR}}/. userpatches/ | |
| rm -rf userpatches.repo | |
| - name: GitHub cache | |
| id: cache-restore | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| cache/memoize | |
| cache/oci/positive | |
| key: ${{ runner.os }}-matrix-cache-${{ github.sha }}-${{ steps.latest-commit.outputs.sha1 }}" | |
| restore-keys: | | |
| ${{ runner.os }}-matrix-cache- | |
| # Login to ghcr.io, we're gonna do a lot of OCI lookups. | |
| - name: Docker Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: "${{ github.repository_owner }}" # GitHub username or org | |
| password: ${{ secrets.GITHUB_TOKEN }} # GitHub actions builtin token. repo has to have pkg access. | |
| - name: Prepare Info JSON and Matrices | |
| id: prepare-matrix | |
| run: | | |
| # this sets outputs "artifact-matrix" #and "image-matrix" | |
| bash ./compile.sh gha-matrix airwaves-os ${{env.EXTRA_PARAMS_ALL_BUILDS}} \ | |
| REVISION="${{ steps.prepare-date-outputs.outputs.revision_release }}" \ | |
| TARGETS_FILTER_INCLUDE='${{ github.event.inputs.targetsFilterInclude || '' }}' \ | |
| MATRIX_ARTIFACT_CHUNKS=1 \ | |
| MATRIX_IMAGE_CHUNKS=1 \ | |
| BETA=${{ github.event.inputs.nightly || 'yes' }} \ | |
| CHECK_OCI=${{ github.event.inputs.checkOci || 'yes' }} \ | |
| TARGETS_FILENAME=targets.yaml \ | |
| SKIP_IMAGES=${{ github.event.inputs.skipImages || 'yes' }} | |
| - name: "Logs: ${{ steps.prepare-matrix.outputs.logs_url }}" | |
| run: | | |
| echo "Logs: ${{ steps.prepare-matrix.outputs.logs_url }}" | |
| - name: chown cache memoize/oci back to normal user | |
| run: | | |
| sudo chown -R $USER:$USER cache/memoize cache/oci/positive | |
| # Store output/info folder in a GitHub Actions artifact | |
| - uses: actions/upload-artifact@v3 | |
| name: Upload output/info as GitHub Artifact | |
| with: | |
| name: build-info-json | |
| path: output/info | |
| - name: Prepare GH Release | |
| uses: "marvinpinto/action-automatic-releases@latest" # @TODO this is outdated, needs replacement. Also it deletes the release if it already exists, which is not what we want. Might be necessary to move the tag. | |
| if: ${{ github.event.inputs.skipImages == 'no' }} # this action deletes the release, so if skipping images, skip this too | |
| with: | |
| repo_token: "${{ secrets.GITHUB_TOKEN }}" | |
| automatic_release_tag: "${{ steps.prepare-date-outputs.outputs.images_release }}" | |
| prerelease: false | |
| title: "Images ${{ steps.prepare-date-outputs.outputs.images_release }}" | |
| outputs: | |
| # not related to matrix | |
| build-sha1: ${{ steps.latest-commit.outputs.sha1 }} | |
| images_release: ${{ steps.prepare-date-outputs.outputs.images_release }} | |
| revision_release: ${{ steps.prepare-date-outputs.outputs.revision_release }} | |
| # template file: 150.per-chunk-artifacts_prep-outputs.yaml | |
| # artifacts-1 of 1 | |
| artifacts-chunk-json-1: ${{ steps.prepare-matrix.outputs.artifacts-chunk-json-1 }} | |
| artifacts-chunk-not-empty-1: ${{ steps.prepare-matrix.outputs.artifacts-chunk-not-empty-1 }} | |
| artifacts-chunk-size-1: ${{ steps.prepare-matrix.outputs.artifacts-chunk-size-1 }} | |
| # template file: 151.per-chunk-images_prep-outputs.yaml | |
| # artifacts-1 of 1 | |
| images-chunk-json-1: ${{ steps.prepare-matrix.outputs.images-chunk-json-1 }} | |
| images-chunk-not-empty-1: ${{ steps.prepare-matrix.outputs.images-chunk-not-empty-1 }} | |
| images-chunk-size-1: ${{ steps.prepare-matrix.outputs.images-chunk-size-1 }} | |
| # template file: 250.single_aggr-jobs.yaml | |
| # ------ aggregate all artifact chunks into a single dependency ------- | |
| all-artifacts-ready: | |
| name: "1 artifacts chunks ready" | |
| runs-on: ubuntu-latest # not going to run, anyway, but is required. | |
| if: ${{ !cancelled() && ( 1 == 2 ) }} # eg: never run. | |
| needs: [ "matrix_prep", "build-artifacts-chunk-1" ] # <-- HERE: all artifact chunk numbers. | |
| steps: | |
| - name: fake step | |
| run: uptime | |
| all-images-ready: | |
| name: "1 image chunks ready" | |
| runs-on: ubuntu-latest # not going to run, anyway, but is required. | |
| if: ${{ !cancelled() && ( 1 == 2 ) }} # eg: never run. | |
| needs: [ "matrix_prep", "build-images-chunk-1" ] # <-- HERE: all image chunk numbers. | |
| steps: | |
| - name: fake step | |
| run: uptime | |
| all-artifacts-and-images-ready: | |
| name: "1 artifact chunks and 1 image chunks ready" | |
| runs-on: ubuntu-latest # not going to run, anyway, but is required. | |
| if: ${{ !cancelled() && ( 1 == 2 ) }} # eg: never run. | |
| needs: [ "matrix_prep", "all-artifacts-ready", "all-images-ready" ] | |
| steps: | |
| - name: fake step | |
| run: uptime | |
| all-artifacts-and-repo-ready: | |
| name: "1 artifact chunks and apt repository ready" | |
| runs-on: ubuntu-latest # not going to run, anyway, but is required. | |
| if: ${{ !cancelled() && ( 1 == 2 ) }} # eg: never run. | |
| needs: [ "matrix_prep", "all-artifacts-ready", "publish-debs-to-repo" ] | |
| steps: | |
| - name: fake step | |
| run: uptime | |
| # template file: 550.per-chunk-artifacts_job.yaml | |
| "build-artifacts-chunk-1": # templated "build-artifacts-chunk-1" | |
| if: ${{ github.repository_owner == 'airframesio' && needs.matrix_prep.outputs.artifacts-chunk-not-empty-1 == 'yes' }} # <-- HERE: Chunk number. | |
| needs: [ "matrix_prep" ] | |
| strategy: | |
| fail-fast: false # let other jobs try to complete if one fails | |
| matrix: ${{ fromJSON(needs.matrix_prep.outputs.artifacts-chunk-json-1) }} # <-- HERE: Chunk number. | |
| name: ${{ matrix.desc || 'Empty A1' }} # <-- HERE: Chunk number. | |
| timeout-minutes: 120 | |
| runs-on: ${{ matrix.runs_on }} | |
| steps: | |
| #- name: Runner clean | |
| # uses: armbian/actions/runner-clean@main | |
| # Login to ghcr.io, for later uploading rootfs to ghcr.io | |
| - name: Docker Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: "${{ github.repository_owner }}" # GitHub username or org | |
| password: ${{ secrets.GITHUB_TOKEN }} # GitHub actions builtin token. repo has to have pkg access. | |
| # cleanup the place where we will clone the userpatches repo, to avoid git going insane and cleaning everything later | |
| - name: Cleanup userpatches repo | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| run: rm -rf userpatches.repo | |
| - name: "Checkout build repo with depth ${{ matrix.fdepth }}" | |
| uses: actions/checkout@v3 # We don't need to clone git, really. A wget would suffice for GH-hosted runners. But using clone is better for Igor-hosted runners. | |
| with: | |
| repository: ${{ env.BUILD_REPOSITORY }} | |
| ref: ${{ needs.matrix_prep.outputs.build-sha1 }} | |
| fetch-depth: ${{ matrix.fdepth }} # fetch all history for self-hosted, but shallow for GH-hosted | |
| clean: false # true is default. it *will* delete the hosts /dev if mounted inside. | |
| # clone the userpatches repo (`armbian/os`) | |
| - name: "Checkout userpatches repo with depth ${{ matrix.fdepth }}: ${{env.USERPATCHES_REPOSITORY}}#${{env.USERPATCHES_REF}}" | |
| uses: actions/checkout@v3 | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| with: | |
| repository: ${{ env.USERPATCHES_REPOSITORY }} | |
| ref: ${{ env.USERPATCHES_REF }} | |
| fetch-depth: ${{ matrix.fdepth }} # fetch all history for self-hosted, but shallow for GH-hosted | |
| clean: false # true is default. | |
| path: userpatches.repo | |
| - name: "Put userpatches in place, and remove userpatches repo" | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| run: | | |
| mkdir -pv userpatches | |
| rsync -av userpatches.repo/${{env.USERPATCHES_DIR}}/. userpatches/ | |
| rm -rf userpatches.repo | |
| - name: Build ${{matrix.desc}} | |
| id: build | |
| run: | | |
| bash ./compile.sh ${{ matrix.invocation }} ${{env.EXTRA_PARAMS_ALL_BUILDS}} UPLOAD_TO_OCI_ONLY=yes | |
| - name: "Logs: ${{ steps.build.outputs.logs_url }}" | |
| if: always() | |
| run: | | |
| echo "Logs: ${{ steps.build.outputs.logs_url }}" | |
| # template file: 650.per-chunk-images_job.yaml | |
| "build-images-chunk-1": # templated "build-images-chunk-1" | |
| needs: [ "matrix_prep", "all-artifacts-and-repo-ready" ] | |
| timeout-minutes: 60 | |
| if: ${{ !failure() && !cancelled() && ( github.repository_owner == 'airframesio' ) && ( needs.matrix_prep.outputs.images-chunk-not-empty-1 == 'yes' ) }} # <-- HERE: Chunk number. | |
| strategy: | |
| fail-fast: false # let other jobs try to complete if one fails | |
| matrix: ${{ fromJSON(needs.matrix_prep.outputs.images-chunk-json-1) }} # <-- HERE: Chunk number. | |
| name: ${{ matrix.desc || 'Empty I1' }} # <-- HERE: Chunk number. | |
| runs-on: ${{ matrix.runs_on }} | |
| steps: | |
| # Login to ghcr.io, we'll be downloading a lot from ghcr.io | |
| - name: Docker Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: "${{ github.repository_owner }}" # GitHub username or org | |
| password: ${{ secrets.GITHUB_TOKEN }} # GitHub actions builtin token. repo has to have pkg access. | |
| # cleanup the place where we will clone the userpatches repo, to avoid git going insane and cleaning everything later | |
| - name: Cleanup userpatches repo | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| run: rm -rf userpatches.repo | |
| - name: "Checkout build repo with depth ${{ matrix.fdepth }}" | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: ${{ env.BUILD_REPOSITORY }} | |
| ref: ${{ needs.matrix_prep.outputs.build-sha1 }} | |
| clean: false # true is default. it *will* delete the hosts /dev if mounted inside. | |
| fetch-depth: ${{ matrix.fdepth }} # fetch all history for self-hosted, but shallow for GH-hosted | |
| # clone the userpatches repo (`armbian/os`) | |
| - name: "Checkout userpatches repo with depth ${{ matrix.fdepth }}: ${{env.USERPATCHES_REPOSITORY}}#${{env.USERPATCHES_REF}}" | |
| uses: actions/checkout@v3 | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| with: | |
| repository: ${{ env.USERPATCHES_REPOSITORY }} | |
| ref: ${{ env.USERPATCHES_REF }} | |
| fetch-depth: ${{ matrix.fdepth }} # fetch all history for self-hosted, but shallow for GH-hosted | |
| clean: false # true is default. | |
| path: userpatches.repo | |
| - name: "Put userpatches in place, and remove userpatches repo" | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| run: | | |
| mkdir -pv userpatches | |
| rsync -av userpatches.repo/${{env.USERPATCHES_DIR}}/. userpatches/ | |
| rm -rf userpatches.repo | |
| - name: Cleanup leftover output images | |
| run: | | |
| rm -rfv output/images userpatches/VERSION | |
| - name: ${{matrix.desc}} | |
| id: build-one-image | |
| run: | | |
| bash ./compile.sh ${{ matrix.invocation }} ${{env.EXTRA_PARAMS_IMAGE}} ${{env.EXTRA_PARAMS_ALL_BUILDS}} OUTPUT_IMAGES_ONLY=yes | |
| - name: "Logs: ${{ steps.build-one-image.outputs.logs_url }}" | |
| if: always() | |
| run: | | |
| echo "Logs: ${{ steps.build-one-image.outputs.logs_url }}" | |
| # @TODO lets upload to GHR release ourselves instead of this shit | |
| - name: Release ${{ matrix.board }} | |
| id: release1 | |
| continue-on-error: true | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # de2c0eb8 = v0.1.5; already with koplo199's node16 fixes | |
| with: | |
| tag_name: ${{ needs.matrix_prep.outputs.images_release }} | |
| files: | | |
| output/images/*.xz | |
| - name: Release ${{ matrix.board }} (retry if 1st failed) | |
| id: release2 | |
| if: ${{ steps.release1.outcome == 'failure'}} | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # de2c0eb8 = v0.1.5; already with koplo199's node16 fixes | |
| with: | |
| tag_name: ${{ needs.matrix_prep.outputs.images_release }} | |
| files: | | |
| output/images/*.xz | |
| - name: Cleanup output images | |
| if: always() | |
| run: | | |
| rm -rfv output/images userpatches/VERSION | |
| # template file: 750.single_repo.yaml | |
| # ------ publish packages to repository ------- | |
| publish-debs-to-repo: | |
| name: "publish debs to repo" | |
| runs-on: [ "self-hosted", "Linux", 'armbian', "debs-to-repo" ] | |
| if: ${{ !failure() && !cancelled() && (github.event.inputs.targetsFilterInclude == 'LEAVE_BRITNEY_ALONE') }} # eg: run if dependencies worked. See https://github.com/orgs/community/discussions/45058#discussioncomment-4817378 | |
| needs: [ "matrix_prep", "all-artifacts-ready" ] | |
| steps: | |
| # Prepare dependencies. | |
| # If no /usr/bin/gpg, install gnupg2 | |
| # If no /usr/bin/reprepro, install reprepro | |
| - name: Install dependencies | |
| run: | | |
| if [ ! -e /usr/bin/gpg ]; then | |
| sudo apt-get update | |
| sudo apt-get install -y gnupg2 | |
| fi | |
| if [ ! -e /usr/bin/reprepro ]; then | |
| sudo apt-get update | |
| sudo apt-get install -y reprepro | |
| fi | |
| # Login to ghcr.io, for later uploading rootfs to ghcr.io | |
| - name: Docker Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: "${{ github.repository_owner }}" # GitHub username or org | |
| password: ${{ secrets.GITHUB_TOKEN }} # GitHub actions builtin token. repo has to have pkg access. | |
| # cleanup the place where we will clone the userpatches repo, to avoid git going insane and cleaning everything later | |
| - name: Cleanup userpatches repo | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| run: rm -rf userpatches.repo | |
| - name: Checkout build repo | |
| uses: actions/checkout@v3 # We don't need to clone git, really. A wget would suffice for GH-hosted runners. But using clone is better for Igor-hosted runners. | |
| with: | |
| repository: ${{ env.BUILD_REPOSITORY }} | |
| ref: ${{ needs.matrix_prep.outputs.build-sha1 }} | |
| fetch-depth: 0 # fetch all history; much faster for self-hosted runners | |
| clean: false # true is default. it *will* delete the hosts /dev if mounted inside. | |
| # clone the userpatches repo (`armbian/os`) | |
| - name: "Checkout userpatches repo: ${{env.USERPATCHES_REPOSITORY}}#${{env.USERPATCHES_REF}}" | |
| uses: actions/checkout@v3 | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| with: | |
| repository: ${{ env.USERPATCHES_REPOSITORY }} | |
| ref: ${{ env.USERPATCHES_REF }} | |
| clean: false # true is default. | |
| path: userpatches.repo | |
| - name: "Put userpatches in place, and remove userpatches repo" | |
| if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} | |
| run: | | |
| mkdir -pv userpatches | |
| rsync -av userpatches.repo/${{env.USERPATCHES_DIR}}/. userpatches/ | |
| rm -rf userpatches.repo | |
| # Clean off output/info, if any | |
| - name: Cleanup output/info | |
| run: | | |
| rm -rfv output/info | |
| mkdir -pv output | |
| # Download the artifacts (output/info) produced by the prepare-matrix job. | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: build-info-json | |
| path: output/info | |
| # List the artifacts we downloaded | |
| - name: List artifacts | |
| run: | | |
| ls -laht output/info | |
| - name: Import GPG key from GitHub secrets | |
| id: import_gpg | |
| uses: crazy-max/ghaction-import-gpg@72b6676b71ab476b77e676928516f6982eef7a41 # v5.3.0 # https://github.com/crazy-max/ghaction-import-gpg/releases | |
| with: | |
| gpg_private_key: ${{ secrets.REPO_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.REPO_GPG_PASSPHRASE }} | |
| - name: Show GPG user IDs | |
| run: | | |
| echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}" | |
| echo "keyid: ${{ steps.import_gpg.outputs.keyid }}" | |
| echo "name: ${{ steps.import_gpg.outputs.name }}" | |
| echo "email: ${{ steps.import_gpg.outputs.email }}" | |
| - name: List loaded keys keys | |
| run: gpg -K || true | |
| #- name: restart repo from scratch | |
| # run: | | |
| # sudo rm -rf /opt/armbian_repo | |
| - name: create and ensure ownership of /opt/armbian_repo | |
| run: | | |
| sudo mkdir -pv /opt/armbian_repo | |
| sudo chown -R $USER:$USER /opt/armbian_repo | |
| - name: copy the reprepro db inside armbian output/reprepro-db | |
| run: | | |
| mkdir -pv output/reprepro-db/db | |
| if [[ -d /opt/armbian_repo/db ]]; then | |
| cp -pv /opt/armbian_repo/db/packages.db output/reprepro-db/db/packages.db | |
| else | |
| rm -rf output/reprepro-db | |
| fi | |
| - name: Integrated reprepro-based deb-download and reprepro script generation | |
| id: rolling-repo-reprepro-download-script | |
| run: | | |
| bash ./compile.sh airwaves-os debs-to-repo-rolling-reprepro REPO_REPREPRO_PATH=/armbian/output/reprepro-db REPO_GPG_KEYID="${{ steps.import_gpg.outputs.keyid }}" BETA=${{ github.event.inputs.nightly || 'yes' }} ${{env.EXTRA_PARAMS_ALL_BUILDS}} OCI_TARGET_BASE=${{env.OCI_TARGET_BASE}} | |
| - name: "Logs debs-to-repo-rolling-reprepro: ${{ steps.rolling-repo-reprepro-download-script.outputs.logs_url }}" | |
| run: | | |
| echo "Logs debs-to-repo-rolling-reprepro: ${{ steps.rolling-repo-reprepro-download-script.outputs.logs_url }}" | |
| #- name: Prepare the reprepro scripts | |
| # id: prepare-scripts-reprepro | |
| # run: | | |
| # bash ./compile.sh airwaves-os debs-to-repo-reprepro BETA=${{ github.event.inputs.nightly || 'yes' }} ${{env.EXTRA_PARAMS_ALL_BUILDS}} | |
| # | |
| #- name: "Logs debs-to-repo-reprepro: ${{ steps.prepare-scripts-reprepro.outputs.logs_url }}" | |
| # run: | | |
| # echo "Logs debs-to-repo-reprepro: ${{ steps.prepare-scripts-reprepro.outputs.logs_url }}" | |
| - name: Run the reprepro scripts | |
| id: run-scripts-reprepro | |
| env: | |
| REPO_GPG_KEYID: ${{ steps.import_gpg.outputs.keyid }} | |
| REPO_LOCATION: /opt/armbian_repo | |
| REPO_CONF_LOCATION: /opt/armbian_repo/conf | |
| run: | | |
| set -x | |
| export REPREPRO_INFO_DIR="$(pwd)/output/info/reprepro" | |
| # rpardini is an absolute idiot, and chose "[" (bracket) as the delimiter jinja template, so now has to escape it (raw/endraw). Imbecile. | |
| if [[ "${{ github.event.inputs.nightly || 'yes' }}" == "yes" ]]; then | |
| export INCOMING_DEBS_DIR="$(pwd)/output/debs-beta" | |
| else | |
| export INCOMING_DEBS_DIR="$(pwd)/output/debs" | |
| fi | |
| bash -x output/info/reprepro/reprepro.sh | |
| - name: export the GPG public key from the agent into repo files | |
| run: | | |
| rm -fv /opt/armbian_repo/armbian-next.gpg | |
| gpg --batch --export --output /opt/armbian_repo/armbian-next.gpg "${{ steps.import_gpg.outputs.keyid }}" | |
| rm -fv /opt/armbian_repo/armbian-next.asc | |
| gpg --batch --export --output /opt/armbian_repo/armbian-next.asc --armor "${{ steps.import_gpg.outputs.keyid }}" | |
| - name: Deploy nginx and setup for serving the repo over http 8081 | |
| run: | | |
| if [ ! -e /usr/sbin/nginx ]; then | |
| sudo apt-get update | |
| sudo apt-get install -y nginx-full | |
| fi | |
| cat <<EOF | sudo tee /etc/nginx/sites-enabled/armbian_repo.conf | |
| server { | |
| listen 8081; | |
| access_log /var/log/nginx/repo-access.log; | |
| error_log /var/log/nginx/repo-error.log; | |
| location / { | |
| root /opt/armbian_repo; | |
| autoindex on; | |
| } | |
| location ~ /(.*)/conf { | |
| deny all; | |
| } | |
| location ~ /(.*)/db { | |
| deny all; | |
| } | |
| } | |
| EOF | |
| sudo nginx -t | |
| sudo systemctl restart nginx | |
| - name: Run the OCI-tagging script | |
| id: run-scripts-oci-tagging | |
| run: | | |
| set -x | |
| [[ ! -f /usr/local/bin/oras ]] && wget -O- "https://github.com/oras-project/oras/releases/download/v1.0.1/oras_1.0.1_linux_arm64.tar.gz" | sudo tar xzf - -C/usr/local/bin/ && oras version | |
| bash -x output/info/reprepro/oci_tag_versions.sh | |
| # # Generate priv | |
| # gpg --batch --passphrase "supersecretpassphrase" --quick-generate-key "armbian-next (apt) <[email protected]>" default default never | |
| # | |
| # # Export priv | |
| # gpg --batch --pinentry-mode=loopback --yes --passphrase "supersecretpassphrase" --armor --output apt-repo-private.asc --export-secret-key | |
| # | |
| # # Put contents of apt-repo-private.asc in secret REPO_GPG_PRIVATE_KEY | |
| # # Put supersecretpassphrase in secret REPO_GPG_PASSPHRASE |