-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
FMO-62 with other GH actions updates (#93)
* Update action to latest Signed-off-by: Joonas Onatsu <[email protected]> * Update build action - Generate FMO build version tag - Check if FMO_BUILD_VERSION is set during build, default to hardcoded value - Use 'nix-install-action' to setup Nix - Use 'cachix-action' to setup Cachix - Build image in action file Signed-off-by: Joonas Onatsu <[email protected]> --------- Signed-off-by: Joonas Onatsu <[email protected]>
- Loading branch information
1 parent
fe6a389
commit 978452e
Showing
3 changed files
with
105 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,7 +7,8 @@ name: build | |
on: | ||
push: | ||
tags: | ||
- 'v[0-9]+.[0-9]+.[0-9]*' | ||
- "v[0-9]+.[0-9]+.[0-9]*" | ||
workflow_dispatch: | ||
|
||
permissions: | ||
contents: read | ||
|
@@ -24,16 +25,47 @@ jobs: | |
uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ github.event.pull_request.head.sha || github.ref }} | ||
- name: Extract tag version | ||
id: tag | ||
run: echo "TAG_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | ||
fetch-depth: 0 | ||
- name: Generate FMO build version | ||
id: fmo-build-version | ||
shell: bash | ||
run: | | ||
SHA="${{ github.sha }}" | ||
SHORT_SHA="${SHA:0:7}" | ||
REF="${{ github.ref }}" | ||
REF_TYPE="${{ github.ref_type }}" | ||
REF_NAME="${{ github.ref_name }}" | ||
# Set default to "git-<short-sha>" | ||
FMO_BUILD_VERSION="git-$SHORT_SHA" | ||
if [[ "$REF_TYPE" == "tag" ]]; then | ||
FMO_BUILD_VERSION="$REF_NAME" | ||
elif [[ "$REF_TYPE" == "branch" ]]; then | ||
# Check if there's a reachable tag on the branch | ||
if git name-rev --name-only --tags --no-undefined "$REF" 2>/dev/null; then | ||
# Format: <tag-name>-<#-of-commits-since-tag>-<abbrev-hash> | ||
FMO_BUILD_VERSION="$(git describe --tags --abbrev=7 "$REF")" | ||
else | ||
# No reachable parent tag on branch | ||
FMO_BUILD_VERSION="$REF_NAME-g$SHORT_SHA" | ||
fi | ||
fi | ||
echo "SHA: $SHA" | ||
echo "SHORT_SHA: $SHORT_SHA" | ||
echo "REF: $REF" | ||
echo "REF_TYPE: $REF_TYPE" | ||
echo "REF_NAME: $REF_NAME" | ||
echo "FMO_BUILD_VERSION: $FMO_BUILD_VERSION" | ||
echo "FMO_BUILD_VERSION=$FMO_BUILD_VERSION" >> "$GITHUB_OUTPUT" | ||
- name: Free Disk Space (Ubuntu) | ||
uses: jlumbroso/free-disk-space@main | ||
with: | ||
# this might remove tools that are actually needed, | ||
# if set to "true" but frees about 6 GB | ||
tool-cache: false | ||
tool-cache: true | ||
|
||
# all of these default to true, but feel free to set to | ||
# "false" if necessary for your workflow | ||
android: true | ||
|
@@ -42,27 +74,77 @@ jobs: | |
large-packages: true | ||
docker-images: true | ||
swap-storage: true | ||
- name: Install Nix | ||
id: install-nix | ||
uses: cachix/install-nix-action@v30 | ||
with: | ||
nix_path: nixpkgs=channel:nixos-unstable | ||
extra_nix_config: | | ||
substitute = true | ||
always-allow-substitutes = true | ||
substituters = https://cache.nixos.org https://nixpkgs.cachix.org https://nixpkgs-unfree.cachix.org https://nix-community.cachix.org | ||
trusted-substituters = https://cache.nixos.org https://nixpkgs.cachix.org https://nixpkgs-unfree.cachix.org https://nix-community.cachix.org | ||
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE= nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | ||
- name: Setup Cachix | ||
id: setup-cachix | ||
uses: cachix/cachix-action@v15 | ||
with: | ||
name: fmo-os | ||
authToken: "${{ secrets.CACHIX_TOKEN }}" | ||
- name: Prepare build environment | ||
id: prepare-build | ||
env: | ||
SSH_AUTH_SOCK: /tmp/ssh_agent.sock | ||
run: | | ||
SSH_DIR=$HOME/.ssh | ||
mkdir -p $SSH_DIR | ||
chmod 0700 $SSH_DIR | ||
ssh-keyscan -t ed25519 -H github.com > $SSH_DIR/known_hosts | ||
chmod 600 $SSH_DIR/known_hosts | ||
echo "${{ secrets.RA_TOKEN }}" > $SSH_DIR/id_rsa | ||
chmod 600 $SSH_DIR/id_rsa | ||
ssh-agent -a $SSH_AUTH_SOCK > /dev/null | ||
ssh-add $SSH_DIR/id_rsa | ||
git config --global user.email "[email protected]" | ||
git config --global user.name "GitHub Actions" | ||
- name: Build | ||
id: build | ||
uses: ./.github/actions/build-action | ||
with: | ||
build_target: 'fmo-os-installer-debug' | ||
CACHIX_TOKEN: ${{ secrets.CACHIX_TOKEN }} | ||
RA_TOKEN: ${{ secrets.RA_TOKEN }} | ||
env: | ||
FMO_BUILD_VERSION: "${{ steps.fmo-build-version.outputs.FMO_BUILD_VERSION }}" | ||
run: | | ||
nix flake show | ||
cachix watch-exec fmo-os -- nix build -L --accept-flake-config .#fmo-os-installer-debug | ||
res="$(readlink -f ./result/iso/nixos.iso)" | ||
if ! [[ -f "${res}" ]]; then | ||
echo "No result found, build failed!" >&2 | ||
exit 1 | ||
fi | ||
echo "Result image: $res" | ||
mkdir -p ./out | ||
cp -v "${res}" ./out/nixos.iso | ||
output="$(ls ./out/nixos.iso)" | ||
echo "Output: $output" | ||
echo "OUTPUT_IMAGE=$output" >> "$GITHUB_OUTPUT" | ||
- name: Push to JFrog artifactory | ||
uses: ./.github/actions/upload-action-jfrog | ||
with: | ||
JFROG_UNAME: ${{ secrets.JFROG_UNAME }} | ||
JFROG_TOKEN: ${{ secrets.JFROG_TOKEN }} | ||
JFROG_URL: ${{ secrets.JFROG_URL }} | ||
input-paths: | | ||
${{ steps.build.outputs.outimg }}:tii-fmo-os/releases/FMO-OS_inst_${{ steps.tag.outputs.TAG_VERSION }}.iso | ||
input-paths: | | ||
${{ steps.build.outputs.OUTPUT_IMAGE }}:tii-fmo-os/releases/FMO-OS_inst_${{ steps.fmo-build-version.outputs.FMO_BUILD_VERSION }}.iso | ||
- name: Push to Harbor artifactory | ||
uses: ./.github/actions/upload-action-harbor | ||
with: | ||
HARBOR_UNAME: ${{ secrets.HARBOR_UNAME }} | ||
HARBOR_TOKEN: ${{ secrets.HARBOR_TOKEN }} | ||
HARBOR_URL: ${{ secrets.HARBOR_URL }} | ||
input-paths: | | ||
${{ steps.build.outputs.outimg }}:fmo/pmc-installer:${{ steps.tag.outputs.TAG_VERSION }} | ||
input-paths: | | ||
${{ steps.build.outputs.OUTPUT_IMAGE }}:fmo/pmc-installer:${{ steps.fmo-build-version.outputs.FMO_BUILD_VERSION }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters