-
Notifications
You must be signed in to change notification settings - Fork 4
148 lines (133 loc) · 5.6 KB
/
dev.yml
File metadata and controls
148 lines (133 loc) · 5.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: dev
on:
push:
branches:
- main
paths-ignore:
- "**/README.md"
- "docs/**"
pull_request:
types: [opened, synchronize, reopened, closed]
paths-ignore:
- "**/README.md"
- "docs/**"
# Cancel any in-progress PR workflow runs when PR is closed
# Used to ensure cleanup runs after any PR build are uploaded (or aborts before the upload)
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.event.action == 'closed' }}
jobs:
set_version:
if: ${{ github.event_name != 'pull_request' || github.event.action != 'closed' }}
runs-on: ubuntu-latest
outputs:
VERSION: ${{ steps.version.outputs.VERSION }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: use VERSION file to support dev build on rel-branch
id: version
run: |
if [ "${{ github.event_name }}" = "pull_request" ]; then
echo "VERSION=today" >> $GITHUB_OUTPUT
else
echo "VERSION=$(cat VERSION)" >> $GITHUB_OUTPUT
fi
build:
needs: [set_version]
if: ${{ github.event_name != 'pull_request' || github.event.action != 'closed' }}
uses: gardenlinux/gardenlinux/.github/workflows/build.yml@36078a576d0767433423289f2fa217b96cd951c9
with:
version: ${{ needs.set_version.outputs.VERSION }}
# to set target to "release" or "nightly" we need proper KMS secrets
# have a look at gardenlinux/.github/workflows/github.mjs
target: dev
fail_fast: true
# secrets:
# aws_region: ${{ secrets.AWS_REGION }}
# aws_kms_role: ${{ secrets.KMS_SIGNING_IAM_ROLE }}
# aws_oidc_session: ${{ secrets.AWS_OIDC_SESSION }}
# secureboot_db_kms_arn: ${{ secrets.SECUREBOOT_DB_KMS_ARN }}
meta:
name: Compute image metadata
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }}
runs-on: ubuntu-latest
outputs:
UPLOAD_VERSION: ${{ steps.meta.outputs.upload_version }}
image_tag: ${{ steps.meta.outputs.image_tag }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Compute image metadata
id: meta
run: |
PR_NUMBER=${{ github.event.pull_request.number }}
UPLOAD_VERSION="pr-${PR_NUMBER}"
echo "upload_version=${UPLOAD_VERSION}" >> $GITHUB_OUTPUT
IMAGE_TAG=$(.github/scripts/compute-image-tag.sh "${UPLOAD_VERSION}")
echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
upload:
name: Upload PR image to OCI
needs: [build, meta, set_version]
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }}
uses: ./.github/workflows/upload_oci.yml
with:
version: ${{ needs.set_version.outputs.VERSION }}
upload_version: ${{ needs.meta.outputs.UPLOAD_VERSION }}
flavor_filter: '--include-only "baremetal-sci_usi-amd64"'
secrets: inherit
test:
name: Test PR image
needs: [set_version, meta, upload]
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }}
uses: ./.github/workflows/test.yml
with:
image_tag: ${{ needs.meta.outputs.image_tag }}
cleanup_images:
name: Cleanup PR images
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action == 'closed' }}
runs-on: ubuntu-latest
steps:
- name: Cleanup OCI images via GitHub API
run: |
PR_NUMBER=${{ github.event.pull_request.number }}
UPLOAD_VERSION="pr-${PR_NUMBER}"
all_version_ids=""
page=1
page_size=100
# Collect all matching version IDs across pages
while true; do
response=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/orgs/gardenlinux/packages/container/gardenlinux-ccloud/versions?per_page=$page_size&page=$page")
page_ids=$(echo "$response" | jq -r --arg prefix "${UPLOAD_VERSION}" '
.[] | select(.metadata.container.tags[]? | test("^" + $prefix + "(-.*)?$")) | .id
')
if [ -n "$page_ids" ]; then
all_version_ids="$all_version_ids $page_ids"
fi
page_count=$(echo "$response" | jq '. | length')
if [ "$page_count" -lt "$page_size" ]; then
# Stop if this was the last page
break
fi
page=$((page + 1))
done
if [ -z "$all_version_ids" ]; then
echo "No images found for PR ${PR_NUMBER}"
exit 0
fi
for version_id in $all_version_ids; do
echo "Deleting version $version_id"
http_code=$(curl -s -w "%{http_code}" -o /dev/null -X DELETE \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/orgs/gardenlinux/packages/container/gardenlinux-ccloud/versions/$version_id")
if [ "$http_code" != "204" ]; then
echo "Failed to delete version $version_id (HTTP $http_code)"
fi
done