--- name: CI on push develop tag on: push: tags: - 'v*-rc*' concurrency: group: run-only-one-workflow jobs: build-uefi-sb: uses: ./.github/workflows/build.yml with: cacheless: false kas-path: meta-dts/kas-uefi-sb.yml move-build-artifacts: needs: build-uefi-sb runs-on: labels: dts-builder steps: - name: Move UEFI SB build artifacts run: | mv build build-sb build: needs: move-build-artifacts uses: ./.github/workflows/build.yml with: cacheless: false kas-path: meta-dts/kas.yml deploy-images: name: Deploy DTS artifacts on boot.dasharo.com needs: build runs-on: labels: dts-builder steps: - name: Prepare SSH key shell: bash env: SSH_KEY: ${{secrets.SSH_KEY}} SSH_KEY_CI_CD: ${{secrets.SSH_KEY_CI_CD}} run: | echo -e ${SSH_KEY} > ~/.ssh/dts-ci-key chmod 600 ~/.ssh/dts-ci-key echo -e ${SSH_KEY_CI_CD} > ~/.ssh/gitea_dts_release_cicd chmod 600 ~/.ssh/gitea_dts_release_cicd echo -e "\n Host git.3mdeb.com\n HostName git.3mdeb.com\n IdentityFile ~/.ssh/gitea_dts_release_cicd\n IdentitiesOnly yes" > ~/.ssh/config_deploy - name: Get DTS version id: dts-ver shell: bash run: | # Extract tag version from GITHUB_REF TAG=${GITHUB_REF#refs/tags/} DTS_VER=${TAG} echo "DTS_VER=${DTS_VER}" >> $GITHUB_ENV - name: Validate DTS_VER if: ${{ success() }} shell: bash run: | # Retrieve DTS_VER from previous step DTS_VER_EXPECTED="${{ env.DTS_VER }}" DTS_VER_ACTUAL="v$(cat meta-dts/meta-dts-distro/conf/distro/dts-distro.conf | grep DISTRO_VERSION | tr -d "\" [A-Z]_=")" if [ "${DTS_VER_EXPECTED}" != "${DTS_VER_ACTUAL}" ]; then echo "Tag (${DTS_VER_EXPECTED}) does not match version (${DTS_VER_ACTUAL}) in 'meta-dts/meta-dts-distro/conf/distro/dts-distro.conf'" exit 1 fi - name: Deploy DTS on boot.dasharo.com shell: bash run: | DTS_VER="${{ env.DTS_VER }}" ssh -i ~/.ssh/dts-ci-key builder@10.1.40.2 "mkdir -p boot/dts/${DTS_VER}" cd build/tmp/deploy/images/genericx86-64/ cp bzImage bzImage-${DTS_VER} cp dts-base-image-genericx86-64.cpio.gz dts-base-image-${DTS_VER}.cpio.gz cp dts-base-image-genericx86-64.wic.gz dts-base-image-${DTS_VER}.wic.gz cp dts-base-image-genericx86-64.wic.bmap dts-base-image-${DTS_VER}.wic.bmap cp dts-base-image-genericx86-64.iso dts-base-image-${DTS_VER}.iso scp -i ~/.ssh/dts-ci-key bzImage-${DTS_VER} builder@10.1.40.2:boot/dts/${DTS_VER}/ scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.cpio.gz builder@10.1.40.2:boot/dts/${DTS_VER}/ scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.wic.gz builder@10.1.40.2:boot/dts/${DTS_VER}/ scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.wic.bmap builder@10.1.40.2:boot/dts/${DTS_VER}/ scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.iso builder@10.1.40.2:boot/dts/${DTS_VER}/ - name: Deploy manifest on boot.dasharo.com shell: bash run: | DTS_VER="${{ env.DTS_VER }}" cd build/tmp/deploy/images/genericx86-64/ cp dts-base-image-genericx86-64.manifest dts-base-image-${DTS_VER}.manifest scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.manifest builder@10.1.40.2:boot/dts/${DTS_VER}/ - name: Deploy sha256 on boot.dasharo.com shell: bash run: | DTS_VER="${{ env.DTS_VER }}" cd build/tmp/deploy/images/genericx86-64/ sha256sum bzImage-${DTS_VER} > bzImage-${DTS_VER}.sha256 sha256sum dts-base-image-${DTS_VER}.cpio.gz > dts-base-image-${DTS_VER}.cpio.gz.sha256 sha256sum dts-base-image-${DTS_VER}.wic.gz > dts-base-image-${DTS_VER}.wic.gz.sha256 sha256sum dts-base-image-${DTS_VER}.wic.bmap > dts-base-image-${DTS_VER}.wic.bmap.sha256 sha256sum dts-base-image-${DTS_VER}.iso > dts-base-image-${DTS_VER}.iso.sha256 sha256sum dts-base-image-${DTS_VER}.manifest > dts-base-image-${DTS_VER}.manifest.sha256 scp -i ~/.ssh/dts-ci-key bzImage-${DTS_VER}.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/ scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.cpio.gz.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/ scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.wic.gz.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/ scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.wic.bmap.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/ scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.iso.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/ scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.manifest.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/ - name: Update iPXE menu shell: bash run: | ./meta-dts/scripts/generate-ipxe-menu.sh ${{ env.DTS_VER }} scp -i ~/.ssh/dts-ci-key dts-rc.ipxe builder@10.1.40.2:boot/dts/ - name: Trigger signing shell: bash run: | DTS_VER="${{ env.DTS_VER }}" GIT_SSH_COMMAND='ssh -F ~/.ssh/config_deploy' git clone ssh://git@git.3mdeb.com:2222/3mdeb/dts-release-cicd-pipeline.git cd dts-release-cicd-pipeline echo ${DTS_VER} > LATEST_RELEASE git add LATEST_RELEASE git commit -m "Signing release ${DTS_VER}" GIT_SSH_COMMAND='ssh -F ~/.ssh/config_deploy' git push origin main git tag ${DTS_VER} GIT_SSH_COMMAND='ssh -F ~/.ssh/config_deploy' git push origin ${DTS_VER} cd - cleanup: name: Cleanup if: always() needs: deploy-images runs-on: labels: dts-builder steps: - name: Cleanup after deployment shell: bash run: | rm -rf ~/.ssh/dts-ci-key rm -rf dts-release-cicd-pipeline rm -f ~/.ssh/gitea_dts_release_cicd rm -rf build build-sb meta-dts