forked from sensorgnome-org/sensorgnome-build
-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (128 loc) · 5.21 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Build Sensorgnome Images
on: [push]
env:
# Upload to AWS uses OIDC for federated auth:
# https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
S3_PATH: sensorgnome/images
S3_REGION: us-east-2
AWS_ROLE: arn:aws:iam::635201719205:role/Github-actions-motus
permissions:
id-token: write
contents: write
jobs:
# build-base builds the base rPi image without any sensorgnome specific software
build-base:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
path: .
# get base image name based on MD5's of command files
- run: |
echo BASE_ZIP=$(./build-baseimg.sh --name) >>$GITHUB_ENV
- name: Configure AWS Credentials
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: GithubActionsMotus
aws-region: ${{ env.S3_REGION }}
- name: Fetch existing image from S3
run: |
mkdir -p images
aws s3 cp --no-progress s3://$S3_PATH/$BASE_ZIP images || echo "BUILD=yes" >>$GITHUB_ENV
ls -lsh images
- name: Build image, if necessary
run: ./build-baseimg.sh --if-missing
shell: bash
if: env.BUILD == 'yes'
# Upload github artifacts for debugging purposes
- uses: actions/upload-artifact@v4
with:
name: ${{env.BASE_ZIP}}
path: images/${{env.BASE_ZIP}}
if: env.BUILD == 'yes'
- name: Upload images to AWS S3 repo
run: |
aws s3 cp --acl public-read --no-progress images/$BASE_ZIP s3://$S3_PATH/$BASE_ZIP
if: env.BUILD == 'yes'
- name: Create annotation with link to images on S3
run: |
S3=${S3_PATH/\//.s3.amazonaws.com\/}
echo "https://$S3/$BASE_ZIP"
echo "::notice title=Base image::https://$S3/$BASE_ZIP"
# build-image customizes the base image by adding the sensorgnome software
build-image:
runs-on: ubuntu-latest
needs: [ build-base ]
env:
CODENAME: booktest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
path: .
# use branch or tag name in S3 upload path unless it's a release version tag
- run: |
echo GIT_REF=${{github.ref}} | sed -e 's;refs/[^/]*/;/;' -e 's;/v2.*;;' >>$GITHUB_ENV
echo BASE_ZIP=$(./build-baseimg.sh --name) >>$GITHUB_ENV
- name: Configure AWS Credentials
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: GithubActionsMotus
aws-region: ${{ env.S3_REGION }}
- name: Promote packages from booktest to bookworm
if: >
github.repository == 'tve/sensorgnome-build' &&
startsWith(github.ref, 'refs/tags/v') &&
github.event_name == 'push'
uses: ./.github/actions/promote-packages
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Switch codename to bookworm
if: >
github.repository == 'tve/sensorgnome-build' &&
startsWith(github.ref, 'refs/tags/v') &&
github.event_name == 'push'
run: echo CODENAME=bookworm >>$GITHUB_ENV
- name: Fetch existing base image from S3
run: |
mkdir -p images
aws s3 cp --no-progress s3://$S3_PATH/$BASE_ZIP images
ls -lsh images
- name: Build image
run: |
echo git_ref=$GIT_REF ${{github.ref}}
github_ref=${{github.ref}}
tag=$(if [[ -z "$GIT_REF" ]]; then echo "-t ${github_ref#*/v}"; else echo ""; fi)
echo tag=$tag
./build.sh -c $CODENAME $tag
shell: bash
- run: ls -ls images
- run: echo SG_ZIP=$(cd images; echo sg-*.zip) >>$GITHUB_ENV
# Upload github artifacts for debugging purposes
# (commented out to save 1min of workflow run time)
# - uses: actions/upload-artifact@v2
# with:
# name: ${{env.SG_ZIP}}
# path: images/${{env.SG_ZIP}}
- name: Upload image to AWS S3 repo
run: |
aws s3 cp --acl public-read --no-progress images/$SG_ZIP s3://$S3_PATH$GIT_REF/$SG_ZIP
- name: Upload latest image to AWS S3 repo
if: >
github.repository == 'tve/sensorgnome-build' &&
startsWith(github.ref, 'refs/tags/v') &&
github.event_name == 'push'
run: |
IMG=${SG_ZIP/rpi-2.*/rpi-2.latest.zip}
aws s3 cp --acl public-read --no-progress images/$SG_ZIP s3://$S3_PATH$GIT_REF/$IMG
- name: Create annotation with link to images on S3
run: |
S3=${S3_PATH/\//.s3.amazonaws.com\/}
echo "https://$S3$GIT_REF/$SG_ZIP"
echo "::notice title=Sensorgnome Image::https://$S3$GIT_REF/$SG_ZIP "