mirror of
https://github.com/armbian/os.git
synced 2026-01-06 10:38:50 -08:00
453 lines
14 KiB
YAML
453 lines
14 KiB
YAML
|
|
# template file: 050.single_header.yaml
|
|
|
|
name: "TEST TEST TEST"
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 */8 * * *'
|
|
workflow_call:
|
|
inputs:
|
|
ref: # commit id
|
|
required: false
|
|
type: string
|
|
extraParamsAllBuilds: # addional build parameter
|
|
required: false
|
|
type: string
|
|
secrets:
|
|
ORG_MEMBERS:
|
|
required: true
|
|
workflow_dispatch:
|
|
inputs:
|
|
skipImages:
|
|
description: 'Skip building images? no = build images, yes = skip images'
|
|
required: true
|
|
options: [ 'yes', 'no' ]
|
|
type: choice
|
|
default: 'yes'
|
|
checkOci:
|
|
description: 'Check OCI for existing artifacts? yes = check OCI, no = always build everything'
|
|
required: true
|
|
options: [ 'yes', 'no' ]
|
|
type: choice
|
|
default: 'yes'
|
|
extraParamsAllBuilds:
|
|
description: 'Extra params for all builds/jobs (prepare/artifact/image) (eg: DEBUG=yes)'
|
|
required: false
|
|
default: ''
|
|
type: string
|
|
branch:
|
|
type: choice
|
|
description: 'Framework build branch'
|
|
options:
|
|
# branches
|
|
- main
|
|
- rkfix
|
|
- update-kernel-configs
|
|
- v25.11
|
|
- sunxi
|
|
- coderabbitai/docstrings/2e13998
|
|
- revert-8583-fix-atf-compile
|
|
- test
|
|
- v25.08
|
|
- v25.05
|
|
- igorpecovnik-patch-2
|
|
- igorpecovnik-patch-1
|
|
- logofix
|
|
- coderabbitai/utg/20bTtA
|
|
- coderabbitai/docstrings/20bTtA
|
|
- opi5-mainline-uboot-update
|
|
- prepre
|
|
- fixper
|
|
- bump-6.15-collab
|
|
- coderabbitai/docstrings/756dff9
|
|
default: 'main'
|
|
board:
|
|
type: choice
|
|
description: 'Board'
|
|
options:
|
|
# boards
|
|
- all
|
|
default: 'all'
|
|
maintainer:
|
|
type: choice
|
|
description: 'Maintainer'
|
|
options:
|
|
# maintainers
|
|
- "150balbes"
|
|
- "1ubuntuuser"
|
|
- "AGM1968"
|
|
- "AaronNGray"
|
|
- "CodeChenL"
|
|
- "ColorfulRhino"
|
|
- "DylanHP"
|
|
- "Grippy98"
|
|
- "Heisath"
|
|
- "HeyMeco"
|
|
- "IsMrX"
|
|
- "JackHuang021"
|
|
- "Janmcha"
|
|
- "JohnTheCoolingFan"
|
|
- "Kreyren"
|
|
- "NicoD-SBC"
|
|
- "PanderMusubi"
|
|
- "Qvy-png"
|
|
- "SeeleVolleri"
|
|
- "StephenGraf"
|
|
- "SuperKali"
|
|
- "The-going"
|
|
- "TheSnowfield"
|
|
- "Tonymac32"
|
|
- "ZazaBR"
|
|
- "adeepn"
|
|
- "ahoneybun"
|
|
- "alexl83"
|
|
- "amazingfate"
|
|
- "andyshrk"
|
|
- "brentr"
|
|
- "catalinii"
|
|
- "chainsx"
|
|
- "chraac"
|
|
- "devdotnetorg"
|
|
- "efectn"
|
|
- "eliasbakken"
|
|
- "engineer-80"
|
|
- "fridtjof"
|
|
- "ginkage"
|
|
- "glneo"
|
|
- "hoochiwetech"
|
|
- "hqnicolas"
|
|
- "hzyitc"
|
|
- "igorpecovnik"
|
|
- "janprunk"
|
|
- "jeanrhum"
|
|
- "joekhoobyar"
|
|
- "jomadeto"
|
|
- "jonaswood01"
|
|
- "juanlufont"
|
|
- "kamilsaigol"
|
|
- "krachlatte"
|
|
- "lbmendes"
|
|
- "leggewie"
|
|
- "libiunc"
|
|
- "linhz0hz"
|
|
- "mahdichi"
|
|
- "mattx433"
|
|
- "mhawkins-consultant"
|
|
- "mlegenovic"
|
|
- "paolosabatino"
|
|
- "prahal"
|
|
- "pyavitz"
|
|
- "rbqvq"
|
|
- "redrathnure"
|
|
- "retro98boy"
|
|
- "rpardini"
|
|
- "schmiedelm"
|
|
- "schwar3kat"
|
|
- "sgjava"
|
|
- "sicXnull"
|
|
- "spendist"
|
|
- "sputnik2019"
|
|
- "teknoid"
|
|
- "torte71"
|
|
- "utlark"
|
|
- "vamzii"
|
|
- "vidplace7"
|
|
- "wei633"
|
|
- all
|
|
default: 'all'
|
|
targetsFilterInclude:
|
|
description: 'TARGETS_FILTER_INCLUDE, example: "BOARD:odroidhc4,BOARD:odroidn2"'
|
|
required: false
|
|
default: ''
|
|
type: string
|
|
nightlybuild:
|
|
description: 'yes = nighlty, no = stable'
|
|
required: false
|
|
options: [ 'yes', 'no' ]
|
|
type: choice
|
|
default: 'yes'
|
|
bumpversion:
|
|
type: boolean
|
|
description: "Bump version"
|
|
default: 'true'
|
|
versionOverride:
|
|
description: 'Version override'
|
|
required: false
|
|
default: ''
|
|
|
|
env:
|
|
|
|
# For easier reuse across the multiple chunks ('armbian/build' repo)
|
|
BUILD_REPOSITORY: "armbian/build"
|
|
BUILD_REF: "${{ inputs.ref || inputs.branch || 'main' }}" # branch or tag or sha1
|
|
|
|
# For easier reuse across the multiple chunks ('armbian/os' repo)
|
|
USERPATCHES_REPOSITORY: "armbian/os"
|
|
USERPATCHES_REF: "main" # branch or tag or sha1
|
|
USERPATCHES_DIR: "userpatches" # folder inside USERPATCHES_REPOSITORY
|
|
|
|
# Github repository for releases. Normally its the one where we executing script
|
|
RELEASE_REPOSITORY: "os"
|
|
|
|
# Armbian envs. Adjust to your needs.
|
|
# This makes builds faster, but only if the Docker images are up-to-date with all dependencies, Python, tools, etc. Otherwise it makes it... slower.
|
|
DOCKER_SKIP_UPDATE: "yes" # Do not apt update/install/requirements/etc during Dockerfile build, trust that Docker images are up-to-date.
|
|
|
|
# Added to every build, even the prepare job.
|
|
EXTRA_PARAMS_ALL_BUILDS: "${{ inputs.extraParamsAllBuilds || 'UPLOAD_TO_OCI_ONLY=yes' }}"
|
|
|
|
# Storage deployment path
|
|
TARGET_PATH: "cron/"
|
|
|
|
# Version management
|
|
VERSION_OVERRIDE: "${{ github.event.inputs.versionOverride }}"
|
|
VERSION_BUMP: "${{ github.event.inputs.bumpversion || 'true' }}"
|
|
|
|
# To use GitHub CLI in a GitHub Actions workflow
|
|
GH_TOKEN: "${{ secrets.ACCESS_TOKEN }}"
|
|
|
|
# Added to every image build arguments.
|
|
EXTRA_PARAMS_IMAGE: "SHARE_LOG=yes "
|
|
|
|
# To ensure that only a single workflow using the same concurrency group will run at a time
|
|
concurrency:
|
|
group: pipeline
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
|
|
# additional security check
|
|
team_check:
|
|
permissions:
|
|
actions: write
|
|
name: "Team check"
|
|
runs-on: [ "ubuntu-latest" ]
|
|
steps:
|
|
|
|
- name: "Check membership"
|
|
uses: armbian/actions/team-check@main
|
|
with:
|
|
ORG_MEMBERS: ${{ secrets.ORG_MEMBERS }}
|
|
GITHUB_TOKEN: "${{ env.GH_TOKEN }}"
|
|
TEAM: "Board Maintainers"
|
|
|
|
|
|
version_prep:
|
|
needs: team_check
|
|
name: "Bump version"
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
|
|
# Clone the userpatches repo (`armbian/os`)
|
|
- name: "Checkout userpatches repo: ${{env.USERPATCHES_REPOSITORY}}#${{env.USERPATCHES_REF}}"
|
|
uses: actions/checkout@v6
|
|
if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }}
|
|
with:
|
|
repository: ${{ env.USERPATCHES_REPOSITORY }}
|
|
ref: ${{ env.USERPATCHES_REF }}
|
|
fetch-depth: 0
|
|
clean: false # true is default.
|
|
|
|
- name: Determine version
|
|
id: versionfile
|
|
run: |
|
|
# file = where version is getting stored, different for stable and nightly
|
|
# skip_tag = we only upload nighlty to GH releases
|
|
echo "file=nightly" >> $GITHUB_OUTPUT
|
|
echo "skip_tag=false" >> $GITHUB_OUTPUT
|
|
echo "pre_release=true" >> $GITHUB_OUTPUT
|
|
if [ "${{ github.event.inputs.nightlybuild || 'yes' }}" == "no" ]; then
|
|
echo "file=stable" >> $GITHUB_OUTPUT
|
|
echo "skip_tag=true" >> $GITHUB_OUTPUT
|
|
echo "pre_release=false" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
# Bump version automatically
|
|
- name: Bump version
|
|
if: ${{ ( ! github.event.inputs.versionOverride ) && ( inputs.ref == '' ) && ( env.VERSION_BUMP == 'true' ) }}
|
|
id: changelog
|
|
uses: TriPSs/conventional-changelog-action@v5.4.0
|
|
with:
|
|
github-token: ${{ secrets.ACCESS_TOKEN_ARMBIANWORKER }}
|
|
git-message: 'Bump release to {version}'
|
|
git-user-name: armbianworker
|
|
git-user-email: info@armbian.com
|
|
output-file: 'false'
|
|
skip-version-file: 'false'
|
|
skip-on-empty: 'false'
|
|
skip-commit: 'false'
|
|
skip-ci: 'false'
|
|
skip-tag: "${{ steps.versionfile.outputs.skip_tag }}"
|
|
version-file: "${{ steps.versionfile.outputs.file }}.json"
|
|
pre-release: "${{ steps.versionfile.outputs.pre_release }}"
|
|
git-branch: 'main'
|
|
tag-prefix: ''
|
|
pre-release-identifier: 'trunk'
|
|
|
|
- name: Read version from file if nor overriden
|
|
if: ${{ ! github.event.inputs.versionOverride || env.VERSION_BUMP == 'false' }}
|
|
run: |
|
|
mkdir -p downloads
|
|
cat "${{ steps.versionfile.outputs.file }}.json" | jq '.version' | sed "s/\"//g" | sed 's/^/VERSION_OVERRIDE=/' >> $GITHUB_ENV
|
|
cat "${{ steps.versionfile.outputs.file }}.json" | jq '.version' | sed "s/\"//g" > downloads/version
|
|
|
|
- name: 'Upload Artifact'
|
|
uses: actions/upload-artifact@v6
|
|
with:
|
|
name: assets-for-download-all
|
|
path: downloads
|
|
retention-days: 5
|
|
|
|
- name: "Generate body file"
|
|
if: ${{ (github.event.inputs.skipImages || 'yes') != 'yes' }}
|
|
run: |
|
|
# Make html document
|
|
if [ -f release-headers/${{ env.RELEASE_REPOSITORY }}.sh ]; then
|
|
bash release-headers/${{ env.RELEASE_REPOSITORY }}.sh > body.html
|
|
fi
|
|
|
|
- uses: ncipollo/release-action@v1
|
|
if: ${{ (github.event.inputs.nightlybuild || 'yes') == 'yes' && (github.event.inputs.skipImages || 'yes') != 'yes' }}
|
|
with:
|
|
repo: "${{ env.RELEASE_REPOSITORY }}"
|
|
tag: "${{ env.VERSION_OVERRIDE }}"
|
|
name: "${{ env.VERSION_OVERRIDE }}"
|
|
bodyFile: "body.html"
|
|
prerelease: "true"
|
|
allowUpdates: true
|
|
removeArtifacts: true
|
|
token: ${{ env.GH_TOKEN }}
|
|
|
|
- name: Save
|
|
id: releases
|
|
run: |
|
|
|
|
echo "version=${{ env.VERSION_OVERRIDE }}" >> $GITHUB_OUTPUT
|
|
|
|
outputs:
|
|
|
|
# not related to matrix
|
|
version: ${{ steps.releases.outputs.version }}
|
|
|
|
|
|
publish-debs-to-repo:
|
|
name: "Download artifacts from ORAS cache"
|
|
runs-on: [ repository ]
|
|
if: ${{ !failure() && !cancelled() && github.event.inputs.targetsFilterInclude == '' && inputs.ref == '' }} # eg: run if dependencies worked. See https://github.com/orgs/community/discussions/45058#discussioncomment-4817378
|
|
needs: [ "version_prep" ]
|
|
steps:
|
|
|
|
- name: "Runner clean ${{ needs.matrix_prep.outputs.version }}"
|
|
uses: armbian/actions/runner-clean@main
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
pkgs=(gnupg2 reprepro lftp)
|
|
missing=()
|
|
|
|
for p in "${pkgs[@]}"; do
|
|
dpkg -s "$p" >/dev/null 2>&1 || missing+=("$p")
|
|
done
|
|
|
|
if ((${#missing[@]})); then
|
|
echo "Installing missing packages: ${missing[*]}"
|
|
|
|
sudo flock /var/lib/apt/lists/.lock -c '
|
|
DEBIAN_FRONTEND=noninteractive apt-get update
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends '"${missing[*]}"'
|
|
'
|
|
else
|
|
echo "All required packages already installed."
|
|
fi
|
|
|
|
# Login to ghcr.io, for later uploading rootfs to ghcr.io
|
|
- name: Docker Login to GitHub Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: "${{ github.repository_owner }}" # GitHub username or org
|
|
password: "${{ secrets.GITHUB_TOKEN }}" # GitHub actions builtin token. repo has to have pkg access.
|
|
|
|
# cleanup the place where we will clone the userpatches repo, to avoid git going insane and cleaning everything later
|
|
- name: Cleanup userpatches repo
|
|
if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }}
|
|
run: rm -rf userpatches.repo
|
|
|
|
- name: Checkout build repo
|
|
uses: actions/checkout@v6 # We don't need to clone git, really. A wget would suffice for GH-hosted runners. But using clone is better for Igor-hosted runners.
|
|
with:
|
|
repository: ${{ env.BUILD_REPOSITORY }}
|
|
ref: ${{ needs.matrix_prep.outputs.build-sha1 }}
|
|
fetch-depth: 0
|
|
clean: false # true is default. it *will* delete the hosts /dev if mounted inside.
|
|
|
|
# clone the userpatches repo (`armbian/os`)
|
|
- name: "Checkout userpatches repo: ${{env.USERPATCHES_REPOSITORY}}#${{env.USERPATCHES_REF}}"
|
|
uses: actions/checkout@v6
|
|
if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }}
|
|
with:
|
|
repository: ${{ env.USERPATCHES_REPOSITORY }}
|
|
ref: ${{ env.USERPATCHES_REF }}
|
|
fetch-depth: 0
|
|
clean: false # true is default.
|
|
path: userpatches.repo
|
|
|
|
- name: "Put userpatches in place, and remove userpatches repo"
|
|
if: ${{ ( env.USERPATCHES_REPOSITORY != '' ) && ( env.USERPATCHES_REF != '' ) }}
|
|
run: |
|
|
mkdir -pv userpatches
|
|
rsync -av userpatches.repo/${{env.USERPATCHES_DIR}}/. userpatches/
|
|
#rm -rf userpatches.repo
|
|
|
|
# Clean off output/info, if any
|
|
# Clean off debs and debs-beta
|
|
- name: Cleanup output/info
|
|
run: |
|
|
rm -rfv output/info output/debs output/debs-beta
|
|
mkdir -pv output
|
|
|
|
- name: Install SSH key
|
|
uses: shimataro/ssh-key-action@v2
|
|
with:
|
|
key: ${{ secrets.KEY_UPLOAD }}
|
|
known_hosts: ${{ secrets.KNOWN_HOSTS_ARMBIAN_UPLOAD }}
|
|
if_key_exists: replace
|
|
|
|
- name: "Upload artifacts"
|
|
run: |
|
|
|
|
set -euo pipefail
|
|
|
|
mkdir -p output/debs-beta
|
|
touch output/debs-beta/file.deb
|
|
|
|
echo "Sync all parts (only debs***)"
|
|
rsync -e "ssh -p ${{ secrets.HOST_UPLOAD_PORT }} -o StrictHostKeyChecking=accept-new" \
|
|
-rvc \
|
|
--delete \
|
|
--remove-source-files \
|
|
--prune-empty-dirs \
|
|
--include='debs/' \
|
|
--include='debs-beta/' \
|
|
--include='debs/***/' \
|
|
--include='debs-beta/***/' \
|
|
--include='debs/*.deb' \
|
|
--include='debs-beta/*.deb' \
|
|
--include='debs/**/*.deb' \
|
|
--include='debs-beta/**/*.deb' \
|
|
--exclude='*' \
|
|
--omit-dir-times \
|
|
output/ \
|
|
"${{ secrets.HOST_UPLOAD_USER }}@${{ secrets.HOST_UPLOAD }}:storage/incoming/${{ env.TARGET_PATH }}"
|
|
|
|
ls -l output/debs-beta/
|
|
|
|
outputs:
|
|
|
|
# not related to matrix
|
|
version: ${{ needs.matrix_prep.outputs.version }}
|
|
|