-
Notifications
You must be signed in to change notification settings - Fork 4
145 lines (130 loc) · 5.47 KB
/
dev.yml
File metadata and controls
145 lines (130 loc) · 5.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: dev
on:
push:
branches:
- main
- rel-1877-dev
paths-ignore:
- "**/README.md"
- "docs/**"
pull_request:
types: [opened, synchronize, reopened, closed]
paths-ignore:
- "**/README.md"
- "docs/**"
# Cancel any in-progress PR workflow runs when PR is closed
# Used to ensure cleanup runs after any PR build are uploaded (or aborts before the upload)
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.event.action == 'closed' }}
jobs:
set_version:
if: ${{ github.event_name != 'pull_request' || github.event.action != 'closed' }}
runs-on: ubuntu-latest
outputs:
VERSION: ${{ steps.version.outputs.VERSION }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: use VERSION file to support dev build on rel-branch
id: version
run: |
echo "VERSION=$(cat VERSION)" >> $GITHUB_OUTPUT
build:
needs: [set_version]
if: ${{ github.event_name != 'pull_request' || github.event.action != 'closed' }}
uses: gardenlinux/gardenlinux/.github/workflows/build.yml@81e502e76193219aa54365ff23e3de619902a39b
with:
version: ${{ needs.set_version.outputs.VERSION }}
# to set target to "release" or "nightly" we need proper KMS secrets
# have a look at gardenlinux/.github/workflows/github.mjs
target: dev
fail_fast: true
# secrets:
# aws_region: ${{ secrets.AWS_REGION }}
# aws_kms_role: ${{ secrets.KMS_SIGNING_IAM_ROLE }}
# aws_oidc_session: ${{ secrets.AWS_OIDC_SESSION }}
# secureboot_db_kms_arn: ${{ secrets.SECUREBOOT_DB_KMS_ARN }}
meta:
name: Compute image metadata
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }}
runs-on: ubuntu-latest
outputs:
UPLOAD_VERSION: ${{ steps.meta.outputs.upload_version }}
image_tag: ${{ steps.meta.outputs.image_tag }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Compute image metadata
id: meta
run: |
PR_NUMBER=${{ github.event.pull_request.number }}
UPLOAD_VERSION="pr-${PR_NUMBER}"
echo "upload_version=${UPLOAD_VERSION}" >> $GITHUB_OUTPUT
IMAGE_TAG=$(.github/scripts/compute-image-tag.sh "${UPLOAD_VERSION}")
echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT
upload:
name: Upload PR image to OCI
needs: [build, meta, set_version]
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }}
uses: ./.github/workflows/upload_oci.yml
with:
version: ${{ needs.set_version.outputs.VERSION }}
upload_version: ${{ needs.meta.outputs.UPLOAD_VERSION }}
flavor_filter: '--include-only "metal-sci_usi-amd64"'
secrets: inherit
test:
name: Test PR image
needs: [set_version, meta, upload]
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action != 'closed' }}
uses: ./.github/workflows/test.yml
with:
image_tag: ${{ needs.meta.outputs.image_tag }}
cleanup_images:
name: Cleanup PR images
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.event.action == 'closed' }}
runs-on: ubuntu-latest
steps:
- name: Cleanup OCI images via GitHub API
run: |
PR_NUMBER=${{ github.event.pull_request.number }}
UPLOAD_VERSION="pr-${PR_NUMBER}"
all_version_ids=""
page=1
page_size=100
# Collect all matching version IDs across pages
while true; do
response=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/orgs/gardenlinux/packages/container/gardenlinux-ccloud/versions?per_page=$page_size&page=$page")
page_ids=$(echo "$response" | jq -r --arg prefix "${UPLOAD_VERSION}" '
.[] | select(.metadata.container.tags[]? | test("^" + $prefix + "(-.*)?$")) | .id
')
if [ -n "$page_ids" ]; then
all_version_ids="$all_version_ids $page_ids"
fi
page_count=$(echo "$response" | jq '. | length')
if [ "$page_count" -lt "$page_size" ]; then
# Stop if this was the last page
break
fi
page=$((page + 1))
done
if [ -z "$all_version_ids" ]; then
echo "No images found for PR ${PR_NUMBER}"
exit 0
fi
for version_id in $all_version_ids; do
echo "Deleting version $version_id"
http_code=$(curl -s -w "%{http_code}" -o /dev/null -X DELETE \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/orgs/gardenlinux/packages/container/gardenlinux-ccloud/versions/$version_id")
if [ "$http_code" != "204" ]; then
echo "Failed to delete version $version_id (HTTP $http_code)"
fi
done