Update packages #844
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: dev | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - rel-1877-dev | |
| paths-ignore: | |
| - "**/README.md" | |
| - "docs/**" | |
| pull_request: | |
| types: [opened, synchronize, reopened, closed] | |
| paths-ignore: | |
| - "**/README.md" | |
| - "docs/**" | |
| # Cancel any in-progress PR workflow runs when PR is closed | |
| # Used to ensure cleanup runs after any PR build are uploaded (or aborts before the upload) | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: ${{ github.event.action == 'closed' }} | |
| jobs: | |
| set_version: | |
| if: ${{ github.event_name != 'pull_request' || github.event.action != 'closed' }} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| VERSION: ${{ steps.version.outputs.VERSION }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: use VERSION file to support dev build on rel-branch | |
| id: version | |
| run: | | |
| echo "VERSION=$(cat VERSION)" >> $GITHUB_OUTPUT | |
| build: | |
| needs: [set_version] | |
| if: ${{ github.event_name != 'pull_request' || github.event.action != 'closed' }} | |
| uses: gardenlinux/gardenlinux/.github/workflows/build.yml@81e502e76193219aa54365ff23e3de619902a39b | |
| with: | |
| version: ${{ needs.set_version.outputs.VERSION }} | |
| # to set target to "release" or "nightly" we need proper KMS secrets | |
| # have a look at gardenlinux/.github/workflows/github.mjs | |
| target: dev | |
| fail_fast: true | |
| # secrets: | |
| # aws_region: ${{ secrets.AWS_REGION }} | |
| # aws_kms_role: ${{ secrets.KMS_SIGNING_IAM_ROLE }} | |
| # aws_oidc_session: ${{ secrets.AWS_OIDC_SESSION }} | |
| # secureboot_db_kms_arn: ${{ secrets.SECUREBOOT_DB_KMS_ARN }} | |
| meta: | |
| name: Compute image metadata | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| UPLOAD_VERSION: ${{ steps.meta.outputs.upload_version }} | |
| image_tag: ${{ steps.meta.outputs.image_tag }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Compute image metadata | |
| id: meta | |
| run: | | |
| PR_NUMBER=${{ github.event.pull_request.number }} | |
| UPLOAD_VERSION="pr-${PR_NUMBER}" | |
| echo "upload_version=${UPLOAD_VERSION}" >> $GITHUB_OUTPUT | |
| IMAGE_TAG=$(.github/scripts/compute-image-tag.sh "${UPLOAD_VERSION}") | |
| echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT | |
| upload: | |
| name: Upload PR image to OCI | |
| needs: [build, meta, set_version] | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }} | |
| uses: ./.github/workflows/upload_oci.yml | |
| with: | |
| version: ${{ needs.set_version.outputs.VERSION }} | |
| upload_version: ${{ needs.meta.outputs.UPLOAD_VERSION }} | |
| flavor_filter: '--include-only "metal-sci_usi-amd64"' | |
| secrets: inherit | |
| test: | |
| name: Test PR image | |
| needs: [set_version, meta, upload] | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }} | |
| uses: ./.github/workflows/test.yml | |
| with: | |
| image_tag: ${{ needs.meta.outputs.image_tag }} | |
| cleanup_images: | |
| name: Cleanup PR images | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action == 'closed' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Cleanup OCI images via GitHub API | |
| run: | | |
| PR_NUMBER=${{ github.event.pull_request.number }} | |
| UPLOAD_VERSION="pr-${PR_NUMBER}" | |
| all_version_ids="" | |
| page=1 | |
| page_size=100 | |
| # Collect all matching version IDs across pages | |
| while true; do | |
| response=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "https://api.github.com/orgs/gardenlinux/packages/container/gardenlinux-ccloud/versions?per_page=$page_size&page=$page") | |
| page_ids=$(echo "$response" | jq -r --arg prefix "${UPLOAD_VERSION}" ' | |
| .[] | select(.metadata.container.tags[]? | test("^" + $prefix + "(-.*)?$")) | .id | |
| ') | |
| if [ -n "$page_ids" ]; then | |
| all_version_ids="$all_version_ids $page_ids" | |
| fi | |
| page_count=$(echo "$response" | jq '. | length') | |
| if [ "$page_count" -lt "$page_size" ]; then | |
| # Stop if this was the last page | |
| break | |
| fi | |
| page=$((page + 1)) | |
| done | |
| if [ -z "$all_version_ids" ]; then | |
| echo "No images found for PR ${PR_NUMBER}" | |
| exit 0 | |
| fi | |
| for version_id in $all_version_ids; do | |
| echo "Deleting version $version_id" | |
| http_code=$(curl -s -w "%{http_code}" -o /dev/null -X DELETE \ | |
| -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| "https://api.github.com/orgs/gardenlinux/packages/container/gardenlinux-ccloud/versions/$version_id") | |
| if [ "$http_code" != "204" ]; then | |
| echo "Failed to delete version $version_id (HTTP $http_code)" | |
| fi | |
| done |