add debug info to cert download during build #293
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Sensorgnome Images | |
on: [push] | |
env: | |
# Upload to AWS uses OIDC for federated auth: | |
# https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services | |
S3_PATH: sensorgnome/images | |
S3_REGION: us-east-2 | |
AWS_ROLE: arn:aws:iam::635201719205:role/Github-actions-motus | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
# build-base builds the base rPi image without any sensorgnome specific software | |
build-base: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
path: . | |
# get base image name based on MD5's of command files | |
- run: | | |
echo BASE_ZIP=$(./build-baseimg.sh --name) >>$GITHUB_ENV | |
- name: Configure AWS Credentials | |
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{env.AWS_ROLE}} | |
role-session-name: GithubActionsMotus | |
aws-region: ${{ env.S3_REGION }} | |
- name: Fetch existing image from S3 | |
run: | | |
mkdir -p images | |
aws s3 cp --no-progress s3://$S3_PATH/$BASE_ZIP images || echo "BUILD=yes" >>$GITHUB_ENV | |
ls -lsh images | |
- name: Build image, if necessary | |
run: ./build-baseimg.sh --if-missing | |
shell: bash | |
if: env.BUILD == 'yes' | |
# Upload github artifacts for debugging purposes | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{env.BASE_ZIP}} | |
path: images/${{env.BASE_ZIP}} | |
if: env.BUILD == 'yes' | |
- name: Upload images to AWS S3 repo | |
run: | | |
aws s3 cp --acl public-read --no-progress images/$BASE_ZIP s3://$S3_PATH/$BASE_ZIP | |
if: env.BUILD == 'yes' | |
- name: Create annotation with link to images on S3 | |
run: | | |
S3=${S3_PATH/\//.s3.amazonaws.com\/} | |
echo "https://$S3/$BASE_ZIP" | |
echo "::notice title=Base image::https://$S3/$BASE_ZIP" | |
# build-image customizes the base image by adding the sensorgnome software | |
build-image: | |
runs-on: ubuntu-latest | |
needs: [ build-base ] | |
env: | |
CODENAME: testing | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
path: . | |
# use branch or tag name in S3 upload path unless it's a release version tag | |
- run: | | |
echo GIT_REF=${{github.ref}} | sed -e 's;refs/[^/]*/;/;' -e 's;/v2.*;;' >>$GITHUB_ENV | |
echo BASE_ZIP=$(./build-baseimg.sh --name) >>$GITHUB_ENV | |
- name: Configure AWS Credentials | |
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{env.AWS_ROLE}} | |
role-session-name: GithubActionsMotus | |
aws-region: ${{ env.S3_REGION }} | |
- name: Promote packages from testing to stable | |
if: > | |
github.repository == 'tve/sensorgnome-build' && | |
startsWith(github.ref, 'refs/tags/v') && | |
github.event_name == 'push' | |
uses: ./.github/actions/promote-packages | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
- name: Switch codename to stable | |
if: > | |
github.repository == 'tve/sensorgnome-build' && | |
startsWith(github.ref, 'refs/tags/v') && | |
github.event_name == 'push' | |
run: echo CODENAME=stable >>$GITHUB_ENV | |
- name: Fetch existing base image from S3 | |
run: | | |
mkdir -p images | |
aws s3 cp --no-progress s3://$S3_PATH/$BASE_ZIP images | |
ls -lsh images | |
- name: Build image | |
run: | | |
echo git_ref=$GIT_REF ${{github.ref}} | |
github_ref=${{github.ref}} | |
tag=$(if [[ -z "$GIT_REF" ]]; then echo "-t ${github_ref#*/v}"; else echo ""; fi) | |
echo tag=$tag | |
./build.sh -c $CODENAME $tag | |
shell: bash | |
- run: ls -ls images | |
- run: echo SG_ZIP=$(cd images; echo sg-*.zip) >>$GITHUB_ENV | |
# Upload github artifacts for debugging purposes | |
# (commented out to save 1min of workflow run time) | |
# - uses: actions/upload-artifact@v2 | |
# with: | |
# name: ${{env.SG_ZIP}} | |
# path: images/${{env.SG_ZIP}} | |
- name: Upload image to AWS S3 repo | |
run: | | |
aws s3 cp --acl public-read --no-progress images/$SG_ZIP s3://$S3_PATH$GIT_REF/$SG_ZIP | |
- name: Upload latest image to AWS S3 repo | |
if: > | |
github.repository == 'tve/sensorgnome-build' && | |
startsWith(github.ref, 'refs/tags/v') && | |
github.event_name == 'push' | |
run: | | |
IMG=${SG_ZIP/rpi-2.*/rpi-2.latest.zip} | |
aws s3 cp --acl public-read --no-progress images/$SG_ZIP s3://$S3_PATH$GIT_REF/$IMG | |
- name: Create annotation with link to images on S3 | |
run: | | |
S3=${S3_PATH/\//.s3.amazonaws.com\/} | |
echo "https://$S3$GIT_REF/$SG_ZIP" | |
echo "::notice title=Sensorgnome Image::https://$S3$GIT_REF/$SG_ZIP " |