-
Notifications
You must be signed in to change notification settings - Fork 6
105 lines (84 loc) · 3.38 KB
/
rebuild-images.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Rebuild Mkosi images for nspawn.org
# Controls when the workflow will run
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Also run on cron schedule
schedule:
- cron: 0 0 * * 0
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: internal-builders
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Remove toolstree directory if exists
run: sudo rm -rf ./hub-images/toolstree
- name: Change ownership of files for checkout
env:
SERVER_WORKDIR: ${{ secrets.SERVER_WORKDIR }}
run: sudo chown -R $USER:$USER $SERVER_WORKDIR || true
- uses: actions/checkout@v2
# Check duplictaed outputs
- name: Check for duplicated Output directives
working-directory: hub-images
run: |
./validate_directories.sh
# Prepare our custom builder
- name: Prepare our builder
run: |
sudo apt-get install --assume-yes --no-install-recommends debian-archive-keyring
# Configure GPG
- name: Configure the GPG Key
env:
GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
run: |
echo -n "$GPG_SIGNING_KEY" | base64 --decode | sudo gpg --import
echo -n "$GPG_SIGNING_KEY" | base64 --decode | gpg --import
# Setup mkosi
- name: setup-mkosi
uses: systemd/mkosi@main
#- name: Debug
# uses: mxschmitt/action-tmate@v3
- name: Change ownership of files for checkout
env:
SERVER_WORKDIR: ${{ secrets.SERVER_WORKDIR }}
run: sudo chown -R $USER:$USER $SERVER_WORKDIR || true
# Clean newly created directories to avoid the build.sh script tryting to iterate them
- uses: actions/checkout@v2
#- name: Debug
# uses: mxschmitt/action-tmate@v3
# Setup mkosi tools tree
- name: Setup mkosi tools tree
working-directory: ./hub-images
run: |
sudo mkosi --distribution fedora --include=mkosi-tools --output-dir=./toolstree
# Runs a set of commands using the runners shell
- name: Build the images
working-directory: ./hub-images
run: |
sudo ./build.sh
sudo ./clean-artifacts.sh
#- name: Debug
# uses: mxschmitt/action-tmate@v3
# Prepare everything for syncing
- name: Install SSH Key
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_VM1_PRIVATE_KEY }}
run: |
[ -f ~/.ssh/nspawnvm1.key ] && exit 0
mkdir -p ~/.ssh/
echo "$SSH_PRIVATE_KEY" > ~/.ssh/nspawnvm1.key
chmod 400 ~/.ssh/nspawnvm1.key
- name: Adding Known Hosts
run: |
touch ~/.ssh/known_hosts
ssh-keyscan -H ${{ secrets.SSH_VM1_HOST }} >> ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
# Finally deploy the artifacts
- name: Deploy with rsync
working-directory: ./hub-images
run: rsync -e "ssh -i ~/.ssh/nspawnvm1.key" -auvzP ./output/public/storage/ ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_VM1_HOST }}:/var/www/hub-nspawn/storage/
- uses: gautamkrishnar/keepalive-workflow@v1