ci: default to testing the latest 1877 for now #694
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: dev | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - "**/README.md" | |
| - "docs/**" | |
| pull_request: | |
| types: [opened, synchronize, reopened, closed] | |
| paths-ignore: | |
| - "**/README.md" | |
| - "docs/**" | |
| jobs: | |
| set_version: | |
| if: ${{ github.event_name != 'pull_request' || github.event.action != 'closed' }} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| VERSION: ${{ steps.version.outputs.VERSION }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: use VERSION file to support dev build on rel-branch | |
| id: version | |
| run: | | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| echo "VERSION=today" >> $GITHUB_OUTPUT | |
| else | |
| echo "VERSION=$(cat VERSION)" >> $GITHUB_OUTPUT | |
| fi | |
| build: | |
| needs: [set_version] | |
| if: ${{ github.event_name != 'pull_request' || github.event.action != 'closed' }} | |
| uses: gardenlinux/gardenlinux/.github/workflows/build.yml@40e7dfa820cb8bd5e0317779f818d31464c18c63 | |
| with: | |
| version: ${{ needs.set_version.outputs.VERSION }} | |
| # to set target to "release" or "nightly" we need proper KMS secrets | |
| # have a look at gardenlinux/.github/workflows/github.mjs | |
| target: dev | |
| fail_fast: true | |
| platform_test_build: false | |
| # secrets: | |
| # aws_region: ${{ secrets.AWS_REGION }} | |
| # aws_kms_role: ${{ secrets.KMS_SIGNING_IAM_ROLE }} | |
| # aws_oidc_session: ${{ secrets.AWS_OIDC_SESSION }} | |
| # secureboot_db_kms_arn: ${{ secrets.SECUREBOOT_DB_KMS_ARN }} | |
| meta: | |
| name: Compute image metadata | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| UPLOAD_VERSION: ${{ steps.meta.outputs.upload_version }} | |
| COMMIT_SHA: ${{ steps.meta.outputs.sha }} | |
| steps: | |
| - name: Derive image version | |
| id: meta | |
| run: | | |
| PR_NUMBER=${{ github.event.pull_request.number }} | |
| UPLOAD_VERSION="pr-${PR_NUMBER}" | |
| echo "upload_version=${UPLOAD_VERSION}" >> $GITHUB_OUTPUT | |
| SHA="${GITHUB_SHA::8}" | |
| echo "sha=${SHA}" >> $GITHUB_OUTPUT | |
| upload: | |
| name: Upload PR image to OCI | |
| needs: [build, meta, set_version] | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }} | |
| uses: ./.github/workflows/upload_oci.yml | |
| with: | |
| version: ${{ needs.set_version.outputs.VERSION }} | |
| upload_version: ${{ needs.meta.outputs.UPLOAD_VERSION }} | |
| flavor_filter: '--include-only "metal-sci_usi-amd64"' | |
| secrets: inherit | |
| test: | |
| name: Test PR image | |
| needs: [set_version, meta, upload] | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }} | |
| uses: ./.github/workflows/test.yml | |
| with: | |
| image_tag: "${{ needs.meta.outputs.UPLOAD_VERSION }}-metal-sci-usi-amd64-${{ needs.meta.outputs.UPLOAD_VERSION }}-${{ needs.meta.outputs.COMMIT_SHA }}" | |
| cleanup_images: | |
| name: Cleanup PR images | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action == 'closed' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Cleanup OCI images via GitHub API | |
| run: | | |
| PR_NUMBER=${{ github.event.pull_request.number }} | |
| UPLOAD_VERSION="pr-${PR_NUMBER}" | |
| all_version_ids="" | |
| page=1 | |
| page_size=100 | |
| # Collect all matching version IDs across pages | |
| while true; do | |
| response=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "https://api.github.com/orgs/gardenlinux/packages/container/gardenlinux-ccloud/versions?per_page=$page_size&page=$page") | |
| page_ids=$(echo "$response" | jq -r --arg prefix "${UPLOAD_VERSION}" ' | |
| .[] | select(.metadata.container.tags[]? | test("^" + $prefix + "(-.*)?$")) | .id | |
| ') | |
| if [ -n "$page_ids" ]; then | |
| all_version_ids="$all_version_ids $page_ids" | |
| fi | |
| page_count=$(echo "$response" | jq '. | length') | |
| if [ "$page_count" -lt "$page_size" ]; then | |
| # Stop if this was the last page | |
| break | |
| fi | |
| page=$((page + 1)) | |
| done | |
| if [ -z "$all_version_ids" ]; then | |
| echo "No images found for PR ${PR_NUMBER}" | |
| exit 0 | |
| fi | |
| for version_id in $all_version_ids; do | |
| echo "Deleting version $version_id" | |
| http_code=$(curl -s -w "%{http_code}" -o /dev/null -X DELETE \ | |
| -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "https://api.github.com/orgs/gardenlinux/packages/container/gardenlinux-ccloud/versions/$version_id") | |
| if [ "$http_code" != "204" ]; then | |
| echo "Failed to delete version $version_id (HTTP $http_code)" | |
| fi | |
| done |