diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8f433275..f4726f76 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,13 +1,491 @@ -name: "Test $GITHUB_WORKFLOW" + +# template file: 050.single_header.yaml + +name: "TEST TEST TEST" + on: - push: + schedule: + - cron: '0 */8 * * *' + workflow_call: + inputs: + ref: # commit id + required: false + type: string + extraParamsAllBuilds: # addional build parameter + required: false + type: string + secrets: + ORG_MEMBERS: + required: true workflow_dispatch: + inputs: + skipImages: + description: 'Skip building images? no = build images, yes = skip images' + required: true + options: [ 'yes', 'no' ] + type: choice + default: 'yes' + checkOci: + description: 'Check OCI for existing artifacts? yes = check OCI, no = always build everything' + required: true + options: [ 'yes', 'no' ] + type: choice + default: 'yes' + extraParamsAllBuilds: + description: 'Extra params for all builds/jobs (prepare/artifact/image) (eg: DEBUG=yes)' + required: false + default: '' + type: string + branch: + type: choice + description: 'Framework build branch' + options: + # branches + - main + - rkfix + - update-kernel-configs + - v25.11 + - sunxi + - coderabbitai/docstrings/2e13998 + - revert-8583-fix-atf-compile + - test + - v25.08 + - v25.05 + - igorpecovnik-patch-2 + - igorpecovnik-patch-1 + - logofix + - coderabbitai/utg/20bTtA + - coderabbitai/docstrings/20bTtA + - opi5-mainline-uboot-update + - prepre + - fixper + - bump-6.15-collab + - coderabbitai/docstrings/756dff9 + default: 'main' + board: + type: choice + description: 'Board' + options: + # boards + - all + default: 'all' + maintainer: + type: choice + description: 'Maintainer' + options: + # maintainers + - "150balbes" + - "1ubuntuuser" + - "AGM1968" + - "AaronNGray" + - "CodeChenL" + - "ColorfulRhino" + - "DylanHP" + - "Grippy98" + - "Heisath" + - "HeyMeco" + - "IsMrX" + - "JackHuang021" + - "Janmcha" + - "JohnTheCoolingFan" + - "Kreyren" + - "NicoD-SBC" + - "PanderMusubi" + - "Qvy-png" + - "SeeleVolleri" + - "StephenGraf" + - "SuperKali" + - "The-going" + - "TheSnowfield" + - "Tonymac32" + - "ZazaBR" + - "adeepn" + - "ahoneybun" + - "alexl83" + - "amazingfate" + - "andyshrk" + - "brentr" + - "catalinii" + - "chainsx" + - "chraac" + - "devdotnetorg" + - "efectn" + - "eliasbakken" + - "engineer-80" + - "fridtjof" + - "ginkage" + - "glneo" + - "hoochiwetech" + - "hqnicolas" + - "hzyitc" + - "igorpecovnik" + - "janprunk" + - "jeanrhum" + - "joekhoobyar" + - "jomadeto" + - "jonaswood01" + - "juanlufont" + - "kamilsaigol" + - "krachlatte" + - "lbmendes" + - "leggewie" + - "libiunc" + - "linhz0hz" + - "mahdichi" + - "mattx433" + - "mhawkins-consultant" + - "mlegenovic" + - "paolosabatino" + - "prahal" + - "pyavitz" + - "rbqvq" + - "redrathnure" + - "retro98boy" + - "rpardini" + - "schmiedelm" + - "schwar3kat" + - "sgjava" + - "sicXnull" + - "spendist" + - "sputnik2019" + - "teknoid" + - "torte71" + - "utlark" + - "vamzii" + - "vidplace7" + - "wei633" + - all + default: 'all' + targetsFilterInclude: + description: 'TARGETS_FILTER_INCLUDE, example: "BOARD:odroidhc4,BOARD:odroidn2"' + required: false + default: '' + type: string + nightlybuild: + description: 'yes = nighlty, no = stable' + required: false + options: [ 'yes', 'no' ] + type: choice + default: 'yes' + bumpversion: + type: boolean + description: "Bump version" + default: 'true' + versionOverride: + description: 'Version override' + required: false + default: '' + +env: + + # For easier reuse across the multiple chunks ('armbian/build' repo) + BUILD_REPOSITORY: "armbian/build" + BUILD_REF: "${{ inputs.ref || inputs.branch || 'main' }}" # branch or tag or sha1 + + # For easier reuse across the multiple chunks ('armbian/os' repo) + USERPATCHES_REPOSITORY: "armbian/os" + USERPATCHES_REF: "main" # branch or tag or sha1 + USERPATCHES_DIR: "userpatches" # folder inside USERPATCHES_REPOSITORY + + # Github repository for releases. Normally its the one where we executing script + RELEASE_REPOSITORY: "os" + + # Armbian envs. Adjust to your needs. + # This makes builds faster, but only if the Docker images are up-to-date with all dependencies, Python, tools, etc. Otherwise it makes it... slower. + DOCKER_SKIP_UPDATE: "yes" # Do not apt update/install/requirements/etc during Dockerfile build, trust that Docker images are up-to-date. + + # Added to every build, even the prepare job. + EXTRA_PARAMS_ALL_BUILDS: "${{ inputs.extraParamsAllBuilds || 'UPLOAD_TO_OCI_ONLY=yes' }}" + + # Storage deployment path + TARGET_PATH: "cron/" + + # Version management + VERSION_OVERRIDE: "${{ github.event.inputs.versionOverride }}" + VERSION_BUMP: "${{ github.event.inputs.bumpversion || 'true' }}" + + # To use GitHub CLI in a GitHub Actions workflow + GH_TOKEN: "${{ secrets.ACCESS_TOKEN }}" + + # Added to every image build arguments. + EXTRA_PARAMS_IMAGE: "SHARE_LOG=yes " + +# To ensure that only a single workflow using the same concurrency group will run at a time +concurrency: + group: pipeline + cancel-in-progress: false jobs: - Cancel: - name: "Run" - runs-on: "ubuntu-latest" + + # additional security check + team_check: + permissions: + actions: write + name: "Team check" + runs-on: [ "ubuntu-latest" ] steps: - - name: Repository Dispatch + + - name: "Check membership" + uses: armbian/actions/team-check@main + with: + ORG_MEMBERS: ${{ secrets.ORG_MEMBERS }} + GITHUB_TOKEN: "${{ env.GH_TOKEN }}" + TEAM: "Board Maintainers" + + + version_prep: + needs: team_check + name: "Bump version" + runs-on: ubuntu-latest + steps: + + # Clone the userpatches repo (`armbian/os`) + - name: "Checkout userpatches repo: ${{env.USERPATCHES_REPOSITORY}}#${{env.USERPATCHES_REF}}" + uses: actions/checkout@v6 + if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} + with: + repository: ${{ env.USERPATCHES_REPOSITORY }} + ref: ${{ env.USERPATCHES_REF }} + fetch-depth: 0 + clean: false # true is default. + + - name: Determine version + id: versionfile run: | - echo "$GITHUB_WORKFLOW" + # file = where version is getting stored, different for stable and nightly + # skip_tag = we only upload nighlty to GH releases + echo "file=nightly" >> $GITHUB_OUTPUT + echo "skip_tag=false" >> $GITHUB_OUTPUT + echo "pre_release=true" >> $GITHUB_OUTPUT + if [ "${{ github.event.inputs.nightlybuild || 'yes' }}" == "no" ]; then + echo "file=stable" >> $GITHUB_OUTPUT + echo "skip_tag=true" >> $GITHUB_OUTPUT + echo "pre_release=false" >> $GITHUB_OUTPUT + fi + + # Bump version automatically + - name: Bump version + if: ${{ ( ! github.event.inputs.versionOverride ) && ( inputs.ref == '' ) && ( env.VERSION_BUMP == 'true' ) }} + id: changelog + uses: TriPSs/conventional-changelog-action@v5.4.0 + with: + github-token: ${{ secrets.ACCESS_TOKEN_ARMBIANWORKER }} + git-message: 'Bump release to {version}' + git-user-name: armbianworker + git-user-email: info@armbian.com + output-file: 'false' + skip-version-file: 'false' + skip-on-empty: 'false' + skip-commit: 'false' + skip-ci: 'false' + skip-tag: "${{ steps.versionfile.outputs.skip_tag }}" + version-file: "${{ steps.versionfile.outputs.file }}.json" + pre-release: "${{ steps.versionfile.outputs.pre_release }}" + git-branch: 'main' + tag-prefix: '' + pre-release-identifier: 'trunk' + + - name: Read version from file if nor overriden + if: ${{ ! github.event.inputs.versionOverride || env.VERSION_BUMP == 'false' }} + run: | + mkdir -p downloads + cat "${{ steps.versionfile.outputs.file }}.json" | jq '.version' | sed "s/\"//g" | sed 's/^/VERSION_OVERRIDE=/' >> $GITHUB_ENV + cat "${{ steps.versionfile.outputs.file }}.json" | jq '.version' | sed "s/\"//g" > downloads/version + + - name: 'Upload Artifact' + uses: actions/upload-artifact@v6 + with: + name: assets-for-download-all + path: downloads + retention-days: 5 + + - name: "Generate body file" + if: ${{ (github.event.inputs.skipImages || 'yes') != 'yes' }} + run: | + # Make html document + if [ -f release-headers/${{ env.RELEASE_REPOSITORY }}.sh ]; then + bash release-headers/${{ env.RELEASE_REPOSITORY }}.sh > body.html + fi + + - uses: ncipollo/release-action@v1 + if: ${{ (github.event.inputs.nightlybuild || 'yes') == 'yes' && (github.event.inputs.skipImages || 'yes') != 'yes' }} + with: + repo: "${{ env.RELEASE_REPOSITORY }}" + tag: "${{ env.VERSION_OVERRIDE }}" + name: "${{ env.VERSION_OVERRIDE }}" + bodyFile: "body.html" + prerelease: "true" + allowUpdates: true + removeArtifacts: true + token: ${{ env.GH_TOKEN }} + + - name: Save + id: releases + run: | + + echo "version=${{ env.VERSION_OVERRIDE }}" >> $GITHUB_OUTPUT + + outputs: + + # not related to matrix + version: ${{ steps.releases.outputs.version }} + + + publish-debs-to-repo: + name: "Download artifacts from ORAS cache" + runs-on: [ repository ] + if: ${{ !failure() && !cancelled() && github.event.inputs.targetsFilterInclude == '' && inputs.ref == '' }} # eg: run if dependencies worked. See https://github.com/orgs/community/discussions/45058#discussioncomment-4817378 + needs: [ "version_prep" ] + steps: + + - name: "Runner clean ${{ needs.matrix_prep.outputs.version }}" + uses: armbian/actions/runner-clean@main + + # Prepare dependencies. + - name: Install dependencies + run: | + missing=() + + [ -x /usr/bin/gpg ] || missing+=("gnupg2") + [ -x /usr/bin/reprepro ] || missing+=("reprepro") + [ -x /usr/bin/lftp ] || missing+=("lftp") + + if [ ${#missing[@]} -gt 0 ]; then + echo "Installing missing packages: ${missing[*]}" + sudo apt-get update + sudo apt-get install -y "${missing[@]}" + else + echo "All required packages already installed." + fi + + # Login to ghcr.io, for later uploading rootfs to ghcr.io + - name: Docker Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: "${{ github.repository_owner }}" # GitHub username or org + password: "${{ secrets.GITHUB_TOKEN }}" # GitHub actions builtin token. repo has to have pkg access. + + # cleanup the place where we will clone the userpatches repo, to avoid git going insane and cleaning everything later + - name: Cleanup userpatches repo + if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} + run: rm -rf userpatches.repo + + - name: Checkout build repo + uses: actions/checkout@v6 # We don't need to clone git, really. A wget would suffice for GH-hosted runners. But using clone is better for Igor-hosted runners. + with: + repository: ${{ env.BUILD_REPOSITORY }} + ref: ${{ needs.matrix_prep.outputs.build-sha1 }} + fetch-depth: 0 + clean: false # true is default. it *will* delete the hosts /dev if mounted inside. + + # clone the userpatches repo (`armbian/os`) + - name: "Checkout userpatches repo: ${{env.USERPATCHES_REPOSITORY}}#${{env.USERPATCHES_REF}}" + uses: actions/checkout@v6 + if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} + with: + repository: ${{ env.USERPATCHES_REPOSITORY }} + ref: ${{ env.USERPATCHES_REF }} + fetch-depth: 0 + clean: false # true is default. + path: userpatches.repo + + - name: "Put userpatches in place, and remove userpatches repo" + if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }} + run: | + mkdir -pv userpatches + rsync -av userpatches.repo/${{env.USERPATCHES_DIR}}/. userpatches/ + #rm -rf userpatches.repo + + # Clean off output/info, if any + # Clean off debs and debs-beta + - name: Cleanup output/info + run: | + rm -rfv output/info output/debs output/debs-beta + mkdir -pv output + + # Download the artifacts (output/info) produced by the prepare-matrix job. + - name: Download artifacts + uses: actions/download-artifact@v7 + with: + name: build-info-json + path: output/info + + # List the artifacts we downloaded + - name: List artifacts + run: | + ls -laht output/info + + - name: Download the debs + id: download-debs + run: | + bash ./compile.sh debs-to-repo-download REVISION="${{ needs.matrix_prep.outputs.version }}" BETA=${{ github.event.inputs.nightlybuild || 'yes' }} SHARE_LOG=yes ${{env.EXTRA_PARAMS_ALL_BUILDS}} + + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_KEY1 }} + passphrase: ${{ secrets.GPG_PASSPHRASE1 }} + + - name: Install SSH key + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.KEY_UPLOAD }} + known_hosts: ${{ secrets.KNOWN_HOSTS_ARMBIAN_UPLOAD }} + if_key_exists: replace + + - name: "Fix permissions and sync artifacts" + run: | + + set -euo pipefail + + #echo "Fix permissions on output/" + #sudo chown -R "$USER:$USER" output/. + + # Decide target subfolder + TARGET="" + #if [ "${{ github.event.inputs.skipImages }}" = "no" ] || [ "'yes'" = "no" ]; then + # echo "Save to user's partial folder" + # TARGET="partial/${{ github.actor }}/" + #fi + + #if [ "$GITHUB_WORKFLOW" = "Build All Stable Artifacts (cronjob)" ]; then + # echo "Nightly workflow detected" + # TARGET="stable-daily/" + #fi + + #echo "Fix permissions on /incoming" + #sudo chown -R "${{ secrets.HOST_UPLOAD_USER }}:${{ secrets.HOST_UPLOAD_USER }}" /incoming/. + + echo "Sync all parts (only debs***)" + rsync -e "ssh -p ${{ secrets.HOST_UPLOAD_PORT }} -o StrictHostKeyChecking=accept-new" \ + -rvc \ + --include='*/' \ + --include='*.deb' \ + --exclude='*' \ + --remove-source-files \ + --omit-dir-times \ + --prune-empty-dirs \ + output/ \ + "${{ secrets.HOST_UPLOAD_USER }}@${{ secrets.HOST_UPLOAD }}:storage/${{ env.TARGET_PATH }}${TARGET}" + + echo "Clean up empty directories in output/" + find output/. -type d -empty -delete + + - name: "Run repository update action" + if: ${{ (github.event.inputs.skipImages || 'yes') == 'yes' }} + uses: peter-evans/repository-dispatch@v4 + with: + token: ${{ secrets.DISPATCH }} + repository: armbian/armbian.github.io + event-type: "Repository update" + + - name: "Logs debs-to-repo-download: ${{ steps.download-debs.outputs.logs_url }}" + run: | + echo "Logs debs-to-repo-download: ${{ steps.download-debs.outputs.logs_url }}" + + outputs: + + # not related to matrix + version: ${{ needs.matrix_prep.outputs.version }} +