Skip to content

Merge branch 'pr-contrib-sign-release' into 'master' #5

Merge branch 'pr-contrib-sign-release' into 'master'

Merge branch 'pr-contrib-sign-release' into 'master' #5

Workflow file for this run

---
name: "Build Gluon images"
# yamllint disable-line rule:truthy
on: [push]
jobs:
build-meta:
outputs:
container-version: >-
${{ steps.build-metadata.outputs.container-version }}
release-version: >-
${{ steps.build-metadata.outputs.release-version }}
autoupdater-enabled: >-
${{ steps.build-metadata.outputs.autoupdater-enabled }}
autoupdater-branch: >-
${{ steps.build-metadata.outputs.autoupdater-branch }}
broken: >-
${{ steps.build-metadata.outputs.broken }}
gluon-repository: >-
${{ steps.build-metadata.outputs.gluon-repository }}
gluon-commit: >-
${{ steps.build-metadata.outputs.gluon-commit }}
manifest-stable: >-
${{ steps.build-metadata.outputs.manifest-stable }}
manifest-beta: >-
${{ steps.build-metadata.outputs.manifest-beta }}
manifest-testing: >-
${{ steps.build-metadata.outputs.manifest-testing }}
sign-manifest: >-
${{ steps.build-metadata.outputs.sign-manifest }}
create-release: >-
${{ steps.build-metadata.outputs.create-release }}
deploy: >-
${{ steps.build-metadata.outputs.deploy }}
target-whitelist: >-
${{ steps.build-metadata.outputs.target-whitelist }}
runs-on: ubuntu-latest
name: Determine build-meta
steps:
- uses: actions/checkout@v4
- name: Get build-metadata
id: build-metadata
run: bash .github/build-meta.sh
- name: Create Artifact of build-meta
uses: actions/upload-artifact@v3
with:
name: build-meta
path: ${{ steps.build-metadata.outputs.build-meta-output }}
targets:
needs: build-meta
outputs:
targets: ${{ steps.get-targets.outputs.targets }}
runs-on: ubuntu-latest
name: Get Gluon targets
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: ${{ needs.build-meta.outputs.gluon-repository }}
ref: ${{ needs.build-meta.outputs.gluon-commit }}
path: 'gluon-gha-data/gluon'
- name: Get Targets
uses: freifunk-gluon/action-target-list@v1
id: get-targets
with:
gluon-path: "gluon-gha-data/gluon"
broken: ${{ needs.build-meta.outputs.broken }}
allowlist: ${{ needs.build-meta.outputs.target-whitelist }}
host-tools:
needs: build-meta
runs-on: ubuntu-latest
name: Build host-tools
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: ${{ needs.build-meta.outputs.gluon-repository }}
ref: ${{ needs.build-meta.outputs.gluon-commit }}
path: 'gluon-gha-data/gluon'
- name: Determine Cache-Key
id: cache-key
run: >
echo "cache-key=$(bash .github/cache-key.sh
$GITHUB_WORKSPACE/gluon-gha-data/gluon)" >> "$GITHUB_OUTPUT"
- name: Restore Cache
id: restore-cache-tools
uses: actions/cache/restore@v3
with:
path: gluon-gha-data/gluon/openwrt
key: openwrt-${{ steps.cache-key.outputs.cache-key }}
- name: Update Gluon
uses: freifunk-gluon/action-build@v1
if: steps.restore-cache-tools.outputs.cache-hit != 'true'
id: update-gluon
with:
container-version: ${{ needs.build-meta.outputs.container-version }}
gluon-path: "gluon-gha-data/gluon"
make-target: update
site-path: "."
- name: Build host-tools
uses: freifunk-gluon/action-build@v1
if: steps.restore-cache-tools.outputs.cache-hit != 'true'
id: build-host-tools
with:
container-version: ${{ needs.build-meta.outputs.container-version }}
gluon-path: "gluon-gha-data/gluon"
make-target: openwrt/staging_dir/hostpkg/bin/lua
site-path: "."
- name: Save Cache
id: save-cache-tools
if: >
github.ref_type != 'tag' &&
steps.restore-cache-tools.outputs.cache-hit != 'true'
uses: actions/cache/save@v3
with:
path: gluon-gha-data/gluon/openwrt
key: openwrt-${{ steps.cache-key.outputs.cache-key }}
- name: Create Artifact output directory
run: mkdir gluon-gha-data/openwrt
- name: Pack Output
run: >
tar cJf "gluon-gha-data/openwrt/openwrt.tar.xz"
--posix -C "gluon-gha-data/gluon" openwrt
- name: Archive build output
uses: actions/upload-artifact@v3
with:
name: openwrt
path: "gluon-gha-data/openwrt"
build:
needs: [targets, build-meta, host-tools]
if: ${{ needs.targets.outputs.targets != '[]' }}
strategy:
fail-fast: false
matrix:
target: ${{ fromJSON(needs.targets.outputs.targets) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: ${{ needs.build-meta.outputs.gluon-repository }}
ref: ${{ needs.build-meta.outputs.gluon-commit }}
path: 'gluon-gha-data/gluon'
fetch-depth: 0
fetch-tags: true
- name: Print CPU info
run: cat /proc/cpuinfo
- name: Print meminfo
run: cat /proc/meminfo
- name: Download prepared OpenWrt
uses: actions/download-artifact@v3
with:
name: openwrt
path: "gluon-gha-data/openwrt"
- name: Restore OpenWrt
run: >
tar xf gluon-gha-data/openwrt/openwrt.tar.xz -C gluon-gha-data/gluon
- name: Gluon Update
uses: freifunk-gluon/action-build@v1
id: update-gluon
with:
container-version: ${{ needs.build-meta.outputs.container-version }}
gluon-path: "gluon-gha-data/gluon"
hardware-target: ath79-generic
make-target: update
- name: Build
uses: freifunk-gluon/action-build@v1
id: build-gluon
with:
container-version: ${{ needs.build-meta.outputs.container-version }}
gluon-path: "gluon-gha-data/gluon"
hardware-target: ${{ matrix.target }}
broken: ${{ needs.build-meta.outputs.broken }}
deprecated: "0"
autoupdater-enabled: |
${{ needs.build-meta.outputs.autoupdater-enabled }}
autoupdater-branch: |
${{ needs.build-meta.outputs.autoupdater-branch }}
release: ${{ needs.build-meta.outputs.release-version }}
- name: Pack and Upload build output
uses: ./.github/actions/build-artifact
with:
gluon-path: "gluon-gha-data/gluon"
hardware-target: ${{ matrix.target }}
manifest:
needs: [build, build-meta, targets]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
with:
path: "gluon-gha-data/gluon-output"
- name: Clone Gluon
uses: actions/checkout@v4
with:
repository: ${{ needs.build-meta.outputs.gluon-repository }}
ref: ${{ needs.build-meta.outputs.gluon-commit }}
path: 'gluon-gha-data/gluon'
- name: Download prepared OpenWrt
uses: actions/download-artifact@v3
with:
name: openwrt
path: "gluon-gha-data/openwrt"
- name: Restore OpenWrt
run: |
tar xf gluon-gha-data/openwrt/openwrt.tar.xz -C gluon-gha-data/gluon
- name: Combine Build output
uses: ./.github/actions/build-combine
with:
artifact-dir: "gluon-gha-data/gluon-output"
output-dir: "gluon-gha-data/gluon/output"
targets: ${{ needs.targets.outputs.targets }}
- name: Gluon Update
uses: freifunk-gluon/action-build@v1
id: update-gluon
with:
container-version: ${{ needs.build-meta.outputs.container-version }}
gluon-path: "gluon-gha-data/gluon"
make-target: update
- name: Manifest (Stable)
uses: freifunk-gluon/action-build@v1
if: ${{ needs.build-meta.outputs.manifest-stable != '0' }}
with:
container-version: ${{ needs.build-meta.outputs.container-version }}
gluon-path: "gluon-gha-data/gluon"
make-target: manifest
autoupdater-branch: stable
release: ${{ needs.build-meta.outputs.release-version }}
priority: 1
- name: Manifest (Beta)
uses: freifunk-gluon/action-build@v1
if: ${{ needs.build-meta.outputs.manifest-beta != '0' }}
with:
container-version: |
${{ needs.build-meta.outputs.container-version }}
gluon-path: "gluon-gha-data/gluon"
make-target: manifest
autoupdater-branch: beta
release: |
${{ needs.build-meta.outputs.release-version }}
priority: 1
- name: Manifest (Testing)
uses: freifunk-gluon/action-build@v1
if: ${{ needs.build-meta.outputs.manifest-testing != '0' }}
with:
container-version: ${{ needs.build-meta.outputs.container-version }}
gluon-path: "gluon-gha-data/gluon"
make-target: manifest
autoupdater-branch: testing
release: ${{ needs.build-meta.outputs.release-version }}
priority: 1
broken: ${{ needs.build-meta.outputs.broken }}
- name: Sign manifest (Testing)
uses: freifunk-gluon/action-sign@v1
if: >
needs.build-meta.outputs.manifest-testing != '0' &&
needs.build-meta.outputs.sign-manifest != '0'
with:
container-version: ${{ needs.build-meta.outputs.container-version }}
gluon-path: "gluon-gha-data/gluon"
manifest: >-
gluon-gha-data/gluon/output/images/sysupgrade/testing.manifest
signing-key: ${{ secrets.GHA_FFDA_BUILD_ECDSA_KEY_TESTING }}
write-signature: "true"
- name: Create Artifact Directory
run: mkdir gluon-gha-data/artifact-out
- name: Structure
run: tree gluon-gha-data/gluon
- name: Pack Manifest
run: >
find ./gluon-gha-data/gluon/output/images/sysupgrade
-maxdepth 1 -name "*.manifest" -exec basename {} \; |
tar cJf gluon-gha-data/artifact-out/manifest.tar.xz
-C gluon-gha-data/gluon/output/images/sysupgrade -T -
- name: Archive output
uses: actions/upload-artifact@v3
with:
name: manifest-signed
path: gluon-gha-data/artifact-out
deploy:
needs: [build, build-meta, targets, manifest]
runs-on: ubuntu-latest
if: ${{ needs.build-meta.outputs.deploy != '0' }}
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
with:
path: "gluon-gha-data/artifact-download"
- name: Create Directory to store Gluon output into
run: mkdir gluon-gha-data/gluon-output
- name: Combine Build output
uses: ./.github/actions/build-combine
with:
artifact-dir: "gluon-gha-data/artifact-download"
output-dir: "gluon-gha-data/gluon-output/output"
targets: ${{ needs.targets.outputs.targets }}
- name: Extract Manifest
run: >
tar xf
gluon-gha-data/artifact-download/manifest-signed/manifest.tar.xz
-C gluon-gha-data/gluon-output/output/images/sysupgrade
- name: Save SSH Key for deployment
run: >
mkdir -p ~/.ssh &&
echo "${{ secrets.GHA_FFDA_BUILD_DEPLOY_SSH_KEY }}" >
~/.ssh/deploy_key && chmod 600 ~/.ssh/deploy_key
- name: Deploy Images
# yamllint disable-line rule:line-length
run: rsync -avzP -e "ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key -oIdentitiesOnly=yes" gluon-gha-data/gluon-output/output/images/{factory,sysupgrade,other} "firmware@www1.darmstadt.freifunk.net:/srv/firmware/images/${{ needs.build-meta.outputs.release-version }}/"
- name: Deploy Packages
# ToDo: Remove 'ffda' site-code and move to build-meta
# yamllint disable-line rule:line-length
run: rsync -avzP -e "ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ~/.ssh/deploy_key -oIdentitiesOnly=yes" "gluon-gha-data/gluon-output/output/packages/gluon-ffda-${{ needs.build-meta.outputs.release-version }}" "firmware@www1.darmstadt.freifunk.net:/srv/firmware/modules/"
create-release:
needs: [build, build-meta, targets, manifest]
runs-on: ubuntu-latest
if: ${{ needs.build-meta.outputs.create-release != '0' }}
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
with:
path: "gluon-gha-data/artifact-download"
- name: Create Directory to store Gluon output into
run: mkdir gluon-gha-data/gluon-output
- name: Download target Artifacts
uses: ./.github/actions/build-combine
with:
artifact-dir: "gluon-gha-data/artifact-download"
output-dir: "gluon-gha-data/release-artifacts"
targets: ${{ needs.targets.outputs.targets }}
keep-packed: 1
- name: Move manifest archive
run: >-
mv gluon-gha-data/artifact-download/manifest-signed/manifest.tar.xz
gluon-gha-data/release-artifacts/manifest.tar.xz
- name: Move manifest archive
run: >-
mv gluon-gha-data/artifact-download/build-meta/build-meta.txt
gluon-gha-data/release-artifacts/build-meta.txt
- name: Show File sizes
run: du -sh gluon-gha-data/release-artifacts/*
- name: Create Release Notes
run: >-
bash .github/create-release-notes.sh
gluon-gha-data/release-artifacts/build-meta.txt
gluon-gha-data/release-notes.md
- name: Create GitHub Release
uses: softprops/action-gh-release@v1
with:
body_path: gluon-gha-data/release-notes.md
files: |
gluon-gha-data/release-artifacts/*