VyOS nightly build #647
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: VyOS rolling nightly build | |
on: | |
schedule: | |
- cron: "0 0 * * *" | |
workflow_dispatch: | |
inputs: | |
BUILD_BY: | |
description: 'Builder identifier (default: [email protected])' | |
default: '' | |
build_version: | |
description: 'Version number (default: 1.5-rolling-ISO8601-TIMESTAMP)' | |
default: '' | |
SKIP_SMOKETEST_RAID1: | |
description: 'Skip RAID1 Test' | |
required: true | |
type: boolean | |
default: false | |
SKIP_SMOKETEST_SYSTEM: | |
description: 'Skip CLI smoketest' | |
required: true | |
type: boolean | |
default: false | |
SKIP_SMOKETEST_CONFIG: | |
description: 'Skip config load test' | |
required: true | |
type: boolean | |
default: false | |
SKIP_SNAPSHOT_S3_UPLOAD: | |
description: 'Skip snapshot upload to S3' | |
required: true | |
type: boolean | |
default: false | |
SKIP_RELEASE_PUBLISHING: | |
description: 'Skip release publishing' | |
required: true | |
type: boolean | |
default: false | |
SKIP_SLACK_NOTIFICATIONS: | |
description: 'Skip Slack notifications' | |
required: true | |
type: boolean | |
default: false | |
SKIP_DOWNLOADS_PAGE_UPDATE: | |
description: 'Skip downloads page update' | |
required: true | |
type: boolean | |
default: false | |
env: | |
BUILD_BY: [email protected] | |
DEBIAN_MIRROR: http://deb.debian.org/debian/ | |
VYOS_MIRROR: https://rolling-packages.vyos.net/current/ | |
jobs: | |
build_iso: | |
runs-on: ubuntu-24.04 | |
permissions: | |
contents: write | |
container: | |
image: vyos/vyos-build:current | |
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged | |
outputs: | |
BUILD_BY: ${{ steps.set_env_variables.outputs.BUILD_BY }} | |
build_version: ${{ steps.set_env_variables.outputs.build_version }} | |
TIMESTAMP: ${{ steps.set_env_variables.outputs.TIMESTAMP }} | |
PREVIOUS_SUCCESS_BUILD_TIMESTAMP: ${{ steps.set_env_variables.outputs.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }} | |
steps: | |
### Initialization ### | |
- uses: actions/checkout@v4 | |
- name: "Initialization: set env variables" | |
id: set_env_variables | |
run: | | |
set -x | |
if [ -n "${{ github.event.inputs.BUILD_BY }}" ]; then | |
echo "BUILD_BY=${{ github.event.inputs.BUILD_BY }}" >> $GITHUB_ENV | |
fi | |
if [ -z "${{ github.event.inputs.build_version }}" ]; then | |
echo "build_version=1.5-rolling-$(date -u +%Y%m%d%H%M)" >> $GITHUB_OUTPUT | |
else | |
echo "build_version=${{ github.event.inputs.build_version }}" >> $GITHUB_OUTPUT | |
fi | |
echo "TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_ENV | |
echo "PREVIOUS_SUCCESS_BUILD_TIMESTAMP=$(cat version.json | jq -r '.[0].timestamp')" >> $GITHUB_ENV | |
- name: Clone vyos-build source code | |
uses: actions/checkout@v4 | |
with: | |
repository: vyos/vyos-build | |
path: vyos-build | |
- name: Build generic ISO image | |
id: build_generic_iso | |
run: | | |
cd vyos-build | |
sudo --preserve-env ./build-vyos-image \ | |
--architecture amd64 \ | |
--build-by $BUILD_BY \ | |
--build-type release \ | |
--custom-package vyos-1x-smoketest \ | |
--debian-mirror $DEBIAN_MIRROR \ | |
--version ${{ steps.set_env_variables.outputs.build_version }} \ | |
--vyos-mirror $VYOS_MIRROR \ | |
generic | |
# move artifact one level up for minisign | |
mv build/vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso .. | |
- name: Sign generic ISO image | |
shell: bash | |
run: | | |
echo "${{ secrets.minisign_private_key }}" > /tmp/minisign.key | |
echo ${{ secrets.minisign_password }} | $GITHUB_WORKSPACE/bin/minisign -s /tmp/minisign.key -Sm vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso | |
echo "${{ secrets.minisign_public_key }}" > /tmp/minisign.pub | |
$GITHUB_WORKSPACE/bin/minisign -Vm vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso -x vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64.iso.minisig -p /tmp/minisign.pub | |
rm /tmp/minisign.key /tmp/minisign.pub | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: vyos-${{ steps.set_env_variables.outputs.build_version }}-generic-amd64 | |
path: vyos-${{ steps.set_env_variables.outputs.build_version }}-* | |
retention-days: 30 | |
if-no-files-found: error | |
test_smoketest_cli: | |
needs: build_iso | |
runs-on: ubuntu-24.04 | |
if: ${{ !inputs.SKIP_SMOKETEST_SYSTEM }} | |
container: | |
image: vyos/vyos-build:current | |
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged | |
steps: | |
# We need the test script from vyos-build repo | |
- name: Clone vyos-build source code | |
uses: actions/checkout@v4 | |
with: | |
repository: vyos/vyos-build | |
- uses: actions/download-artifact@v4 | |
with: | |
name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 | |
path: build | |
- name: VyOS CLI smoketests | |
id: test | |
shell: bash | |
run: | | |
set -e | |
ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso | |
sudo make test | tee smoketest_make_test.log | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: smoketest_make_test | |
path: smoketest_make_test.log | |
retention-days: 30 | |
if-no-files-found: error | |
test_config_load: | |
needs: build_iso | |
runs-on: ubuntu-24.04 | |
if: ${{ !inputs.SKIP_SMOKETEST_CONFIG }} | |
container: | |
image: vyos/vyos-build:current | |
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged | |
steps: | |
# We need the test script from vyos-build repo | |
- name: Clone vyos-build source code | |
uses: actions/checkout@v4 | |
with: | |
repository: vyos/vyos-build | |
- uses: actions/download-artifact@v4 | |
with: | |
name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 | |
path: build | |
- name: VyOS config load tests | |
id: test | |
shell: bash | |
run: | | |
set -e | |
ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso | |
sudo make testc | tee smoketest_make_testc.log | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: smoketest_make_testc | |
path: smoketest_make_testc.log | |
retention-days: 30 | |
if-no-files-found: error | |
test_raid1_install: | |
needs: build_iso | |
runs-on: ubuntu-24.04 | |
if: ${{ !inputs.SKIP_SMOKETEST_RAID1 }} | |
container: | |
image: vyos/vyos-build:current | |
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged | |
steps: | |
# We need the test script from vyos-build repo | |
- name: Clone vyos-build source code | |
uses: actions/checkout@v4 | |
with: | |
repository: vyos/vyos-build | |
- uses: actions/download-artifact@v4 | |
with: | |
name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 | |
path: build | |
- name: VyOS RAID1 installation tests | |
id: test | |
shell: bash | |
run: | | |
set -e | |
ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso | |
sudo make testraid | tee smoketest_make_testraid.log | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: smoketest_make_testraid | |
path: smoketest_make_testraid.log | |
retention-days: 30 | |
if-no-files-found: error | |
test_encrypted_config_tpm: | |
needs: build_iso | |
runs-on: ubuntu-24.04 | |
if: ${{ !inputs.SKIP_SMOKETEST_RAID1 }} | |
container: | |
image: vyos/vyos-build:current | |
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0 --privileged | |
steps: | |
# We need the test script from vyos-build repo | |
- name: Clone vyos-build source code | |
uses: actions/checkout@v4 | |
with: | |
repository: vyos/vyos-build | |
- uses: actions/download-artifact@v4 | |
with: | |
name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 | |
path: build | |
- name: VyOS TPM encryption tests | |
id: test | |
shell: bash | |
run: | | |
set -e | |
ln -s vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso build/live-image-amd64.hybrid.iso | |
sudo make testtpm | tee smoketest_make_testtpm.log | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: smoketest_make_testtpm | |
path: smoketest_make_testtpm.log | |
retention-days: 30 | |
if-no-files-found: error | |
publish: | |
needs: | |
- test_config_load | |
- test_raid1_install | |
- test_smoketest_cli | |
- test_encrypted_config_tpm | |
- build_iso | |
runs-on: ubuntu-24.04 | |
permissions: | |
contents: write | |
if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Clone vyos-build source code | |
uses: actions/checkout@v4 | |
with: | |
repository: vyos/vyos-build | |
path: vyos-build | |
- name: Clone vyos-1x source code | |
uses: actions/checkout@v4 | |
with: | |
repository: vyos/vyos-1x | |
path: vyos-1x | |
- id: commit_ids | |
shell: bash | |
run: | | |
cd vyos-build | |
echo "CHANGELOG_COMMIT_VYOS_BUILD=$(git log --since "${{ needs.build_iso.outputs.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT | |
cd ../vyos-1x | |
echo "CHANGELOG_COMMIT_VYOS_1X=$(git log --since "${{ needs.build_iso.outputs.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse | head -n1)" >> $GITHUB_OUTPUT | |
- name: "Release publishing: generate changelog for vyos-1x" | |
id: generate_changelog_for_vyos-1x | |
uses: mikepenz/[email protected] | |
with: | |
owner: "vyos" | |
repo: "vyos-1x" | |
fetchReviewers: false | |
fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_VYOS_1X }} | |
toTag: HEAD | |
configurationJson: | | |
{ | |
"categories": [{"title": "", "labels": []}], | |
"template": "#{{CHANGELOG}}", | |
"pr_template": "- #{{TITLE}}\n - PR: vyos/vyos-1x##{{NUMBER}}" | |
} | |
- name: "Release publishing: generate changelog for vyos-build" | |
id: generate_changelog_for_vyos-build | |
uses: mikepenz/[email protected] | |
with: | |
owner: "vyos" | |
repo: "vyos-build" | |
fetchReviewers: false | |
fromTag: ${{ steps.commit_ids.outputs.CHANGELOG_COMMIT_VYOS_BUILD }} | |
toTag: HEAD | |
configurationJson: | | |
{ | |
"categories": [{"title": "", "labels": []}], | |
"template": "#{{CHANGELOG}}", | |
"pr_template": "- #{{TITLE}}\n - PR: vyos/vyos-build##{{NUMBER}}" | |
} | |
- name: "Release publishing: generate CHANGELOG.md" | |
run: | | |
cat <<EOF > CHANGELOG.md | |
## vyos-1x | |
${{ steps.generate_changelog_for_vyos-1x.outputs.changelog }} | |
## vyos-build | |
${{ steps.generate_changelog_for_vyos-build.outputs.changelog }} | |
EOF | |
cat CHANGELOG.md | |
- name: "Release publishing: create version.json" | |
uses: jsdaniell/[email protected] | |
with: | |
name: "version.json" | |
json: | | |
[ | |
{ | |
"url": "https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64/vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso", | |
"version": "${{ needs.build_iso.outputs.build_version }}", | |
"timestamp": "${{ needs.build_iso.outputs.TIMESTAMP }}" | |
} | |
] | |
- name: "Release publishing: check if the repository was modified during runtime to prevent autocommit failure" | |
id: check_if_the_repository_was_modified_during_runtime | |
run: | | |
sudo chown -R $(whoami):$(whoami) ./* | |
git pull --autostash --rebase | |
- name: "Release publishing: create autocommit and tag" | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
tagging_message: ${{ needs.build_iso.outputs.build_version }} | |
commit_message: ${{ needs.build_iso.outputs.build_version }} | |
commit_author: "vyosbot <${{ needs.build_iso.outputs.BUILD_BY }}>" | |
- uses: actions/download-artifact@v4 | |
with: | |
name: vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64 | |
- name: "Release publishing: publish release" | |
uses: softprops/action-gh-release@v2 | |
with: | |
body_path: CHANGELOG.md | |
tag_name: ${{ needs.build_iso.outputs.build_version }} | |
fail_on_unmatched_files: true | |
files: | | |
./vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso | |
./vyos-${{ needs.build_iso.outputs.build_version }}-generic-amd64.iso.minisig | |
- uses: Nats-ji/[email protected] | |
with: | |
token: ${{ secrets.CUSTOM_GITHUB_TOKEN }} | |
keep-count: 30 | |
keep-old-minor-releases: false | |
update_download_page: | |
if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }} | |
needs: | |
- publish | |
uses: vyos/community.vyos.net/.github/workflows/main.yml@production | |
with: | |
branch: production | |
secrets: | |
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }} | |
GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }} |