VyOS nightly build #330

Summary
Jobs
- build-iso
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/vyos-rolling-nightly-build.yml at b4e6e94

	name: VyOS rolling nightly build

	on:
	schedule:
	- cron: "0 0 * * *"

	workflow_dispatch:
	inputs:
	BUILD_BY:
	description: 'Builder identifier (if empty [email protected] is used)'
	default: '[email protected]'
	BUILD_VERSION:
	description: 'Version number (if empty 1.5-rolling-$(date -u +%Y%m%d%H%M) is used)'
	default: ''
	SKIP_SMOKETEST_ALL:
	description: 'Skip all smoketests'
	required: true
	type: boolean
	default: false
	SKIP_SMOKETEST_RAID1:
	description: 'Skip RAID1 smoketest'
	required: true
	type: boolean
	default: false
	SKIP_SNAPSHOT_UPLOAD:
	description: 'Skip snapshot upload to S3'
	required: true
	type: boolean
	default: false
	SKIP_RELEASE_PUBLISHING:
	description: 'Skip release publishing'
	required: true
	type: boolean
	default: false
	SKIP_SLACK_NOTIFICATIONS:
	description: 'Skip Slack notifications'
	required: true
	type: boolean
	default: false

	jobs:
	build-iso:
	runs-on: ubuntu-latest
	permissions:
	contents: write
	concurrency:
	group: main
	env:
	BUILD_BY: [email protected]
	DEBIAN_MIRROR: http://deb.debian.org/debian/
	SMOKETEST_RAID_COMMAND: 'docker run --rm --privileged -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current sudo make testraid'
	VYOS_MIRROR: https://rolling-packages.vyos.net/current/
	steps:

	### Initialization ###

	- uses: actions/checkout@v4

	- name: Set env variables
	id: set_env_vars
	run: \|
	if [ -n "${{ github.event.inputs.BUILD_BY }}" ]; then
	echo "BUILD_BY=${{ github.event.inputs.BUILD_BY }}" >> $GITHUB_ENV
	fi
	if [ -z "${{ github.event.inputs.BUILD_VERSION }}" ]; then
	echo "BUILD_VERSION=1.5-rolling-$(date -u +%Y%m%d%H%M)" >> $GITHUB_ENV
	else
	echo "BUILD_VERSION=${{ github.event.inputs.BUILD_VERSION }}" >> $GITHUB_ENV
	fi
	if [ "${{ github.event.inputs.SKIP_SMOKETEST_RAID1 }}" == "true" ]; then
	echo "SMOKETEST_RAID_COMMAND=" >> $GITHUB_ENV
	fi
	echo "TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_ENV
	echo "PREVIOUS_SUCCESS_BUILD_TIMESTAMP=$(cat version.json \| jq -r '.[0].timestamp')" >> $GITHUB_ENV

	- name: Git clone vyos-build
	run: git clone -b current --single-branch https://github.com/vyos/vyos-build

	- name: Git clone vyos-1x
	if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
	run: git clone -b current --single-branch https://github.com/vyos/vyos-1x

	### Smoketest ###

	- name: Build ISO (for Smoketest)
	if: ${{ !inputs.SKIP_SMOKETEST_ALL }}
	run: \|
	docker run --rm --privileged -v ./vyos-build/:/vyos -w /vyos vyos/vyos-build:current sudo --preserve-env ./build-vyos-image \
	--architecture amd64 \
	--build-by $BUILD_BY \
	--build-type release \
	--custom-package vyos-1x-smoketest \
	--debian-mirror $DEBIAN_MIRROR \
	--version $BUILD_VERSION \
	--vyos-mirror $VYOS_MIRROR \
	iso

	- name: Upload ISO artifact (Smoketest image)
	if: ${{ !inputs.SKIP_SMOKETEST_ALL }}
	uses: actions/upload-artifact@v3
	with:
	name: vyos-${{ env.BUILD_VERSION }}-amd64-smoketest.iso
	path: ./vyos-build/build/live-image-amd64.hybrid.iso
	retention-days: 30
	if-no-files-found: error

	- name: Run smoketest
	if: ${{ !inputs.SKIP_SMOKETEST_ALL }}
	id: smoketests
	uses: cross-the-world/ssh-scp-ssh-pipelines@latest
	env:
	BUILD_VERSION: ${{ env.BUILD_VERSION }}
	with:
	host: ${{ secrets.SSH_HOST }}
	user: ${{ secrets.SSH_USER }}
	port: ${{ secrets.SSH_PORT }}
	key: ${{ secrets.SSH_KEY }}
	connect_timeout: 999s
	first_ssh: \|
	rm -rf vyos-build \|\| true
	git clone -b current --single-branch https://github.com/vyos/vyos-build
	mkdir -p ~/vyos-build/build/
	scp: \|
	'./vyos-build/build/live-image-amd64.hybrid.iso' => '~/vyos-build/build/'
	last_ssh: \|
	${{ env.SMOKETEST_RAID_COMMAND }}
	docker run --rm --privileged -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current sudo make test
	docker run --rm --privileged -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current sudo make testc
	docker run --rm --privileged -v ~/vyos-build:/vyos -w /vyos vyos/vyos-build:current sudo rm -rf ./*
	rm -rf ~/vyos-build
	timeout-minutes: 300

	### Building ISO ###

	- name: Build ISO
	run: \|
	docker run --rm --privileged -v ./vyos-build/:/vyos -w /vyos vyos/vyos-build:current sudo --preserve-env ./build-vyos-image \
	--architecture amd64 \
	--build-by $BUILD_BY \
	--build-type release \
	--debian-mirror $DEBIAN_MIRROR \
	--version $BUILD_VERSION \
	--vyos-mirror $VYOS_MIRROR \
	iso

	- name: Copy ISO
	run: \|
	cp ./vyos-build/build/live-image-amd64.hybrid.iso ./vyos-$BUILD_VERSION-amd64.iso

	- name: Sign ISO (Minisign)
	run: \|
	echo 'untrusted comment: minisign encrypted secret key' > minisign.key
	echo $minisign_key >> minisign.key
	shasum minisign.key
	echo $minisign_password \| $GITHUB_WORKSPACE/bin/minisign -s minisign.key -Sm ./vyos-$BUILD_VERSION-amd64.iso
	$GITHUB_WORKSPACE/bin/minisign -Vm ./vyos-$BUILD_VERSION-amd64.iso -x ./vyos-$BUILD_VERSION-amd64.iso.minisig -p $GITHUB_WORKSPACE/minisign.pub
	env:
	minisign_key: ${{ secrets.minisign_key }}
	minisign_password: ${{ secrets.minisign_password }}

	### Uploading artifacts ###

	- name: Upload ISO to S3 Glacier
	if: ${{ !inputs.SKIP_SNAPSHOT_UPLOAD }}
	uses: keithweaver/[email protected]
	with:
	command: cp
	source: ./vyos-${{ env.BUILD_VERSION }}-amd64.iso
	destination: s3://${{ secrets.aws_s3_bucket }}/vyos-${{ env.BUILD_VERSION }}-amd64.iso
	aws_access_key_id: ${{ secrets.aws_access_key_id }}
	aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
	aws_region: us-east-1
	flags: --storage-class GLACIER

	- name: Upload ISO's signature to S3 Glacier
	if: ${{ !inputs.SKIP_SNAPSHOT_UPLOAD }}
	uses: keithweaver/[email protected]
	with:
	command: cp
	source: ./vyos-${{ env.BUILD_VERSION }}-amd64.iso.minisig
	destination: s3://${{ secrets.aws_s3_bucket }}/vyos-${{ env.BUILD_VERSION }}-amd64.iso.minisig
	aws_access_key_id: ${{ secrets.aws_access_key_id }}
	aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
	aws_region: us-east-1
	flags: --storage-class GLACIER

	- name: Upload ISO artifact
	uses: actions/upload-artifact@v3
	with:
	name: vyos-${{ env.BUILD_VERSION }}-amd64.iso
	path: ./vyos-${{ env.BUILD_VERSION }}-amd64.iso
	retention-days: 30
	if-no-files-found: error

	- name: Upload ISO's Minisign artifact
	uses: actions/upload-artifact@v3
	with:
	name: vyos-${{ env.BUILD_VERSION }}-amd64.iso.minisig
	path: ./vyos-${{ env.BUILD_VERSION }}-amd64.iso.minisig
	retention-days: 30
	if-no-files-found: error

	### Release publishing ###

	- name: Retrieve the latest success build for vyos-build and vyos-1x
	if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
	run: \|
	cd ./vyos-build
	echo "CHANGELOG_COMMIT_build=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse \| head -n1)" >> $GITHUB_ENV
	cd ../vyos-1x
	echo "CHANGELOG_COMMIT_1x=$(git log --since "${{ env.PREVIOUS_SUCCESS_BUILD_TIMESTAMP }}" --format="%H" --reverse \| head -n1)" >> $GITHUB_ENV
	env:
	GH_TOKEN: ${{ github.token }}

	- name: Generate changelog for vyos-1x
	if: ${{ !inputs.SKIP_RELEASE_PUBLISHING && env.CHANGELOG_COMMIT_1x != '' }}
	id: generate-1x-changelog
	uses: mikepenz/[email protected]
	with:
	owner: "vyos"
	repo: "vyos-1x"
	fetchReviewers: false
	fromTag: ${{ env.CHANGELOG_COMMIT_1x }}
	toTag: HEAD
	configurationJson: \|
	{
	"categories": [{"title": "", "labels": []}],
	"template": "#{{CHANGELOG}}",
	"pr_template": "- #{{TITLE}}\n - PR: vyos/vyos-1x##{{NUMBER}}"
	}

	- name: Generate changelog for vyos-build
	if: ${{ !inputs.SKIP_RELEASE_PUBLISHING && env.CHANGELOG_COMMIT_build != '' }}
	id: generate-build-changelog
	uses: mikepenz/[email protected]
	with:
	owner: "vyos"
	repo: "vyos-build"
	fetchReviewers: false
	fromTag: ${{ env.CHANGELOG_COMMIT_build }}
	toTag: HEAD
	configurationJson: \|
	{
	"categories": [{"title": "", "labels": []}],
	"template": "#{{CHANGELOG}}",
	"pr_template": "- #{{TITLE}}\n - PR: vyos/vyos-build##{{NUMBER}}"
	}

	- name: Generate CHANGELOG.md
	if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
	run: \|
	cat <<EOF > CHANGELOG.md
	## vyos-1x
	${{ steps.generate-1x-changelog.outputs.changelog }}
	## vyos-build
	${{ steps.generate-build-changelog.outputs.changelog }}
	EOF
	cat CHANGELOG.md

	- name: Create version.json
	if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
	id: create-json
	uses: jsdaniell/[email protected]
	with:
	name: "version.json"
	json: \|
	[
	{
	"url": "https://github.com/vyos/vyos-rolling-nightly-builds/releases/download/${{ env.BUILD_VERSION }}/vyos-${{ env.BUILD_VERSION }}-amd64.iso",
	"version": "${{ env.BUILD_VERSION }}",
	"timestamp": "${{ env.TIMESTAMP }}"
	}
	]


	- name: Check if the repository was modified during runtime to prevent autocommit failure
	if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
	run: \|
	sudo chown -R $(whoami):$(whoami) ./*
	git pull --autostash --rebase

	- name: Create autocommit and tag
	if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
	uses: stefanzweifel/git-auto-commit-action@v4
	with:
	tagging_message: ${{ env.BUILD_VERSION }}
	commit_message: ${{ env.BUILD_VERSION }}

	- name: Publish release
	if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
	uses: softprops/action-gh-release@v1
	with:
	body_path: CHANGELOG.md
	tag_name: ${{ env.BUILD_VERSION }}
	fail_on_unmatched_files: true
	files: \|
	./vyos-${{ env.BUILD_VERSION }}-amd64.iso
	./vyos-${{ env.BUILD_VERSION }}-amd64.iso.minisig

	- name: Remove old releases
	if: ${{ !inputs.SKIP_RELEASE_PUBLISHING }}
	uses: dev-drprasad/[email protected]
	with:
	keep_latest: 30
	delete_tags: true
	env:
	GITHUB_TOKEN: ${{ secrets.CUSTOM_GITHUB_TOKEN }}

	### Slack notification ###

	- name: Send Slack notification on workflow failure to Sentrium
	if: failure() && !inputs.SKIP_SLACK_NOTIFICATIONS
	uses: slackapi/[email protected]
	with:
	payload: \|
	{
	"text": "Repository: ${{ github.repository }}\nWorkflow: ${{ github.workflow }}\nTrigger: ${{ github.event_name }}\nCommit: ${{ github.sha }}\nWorkflow result: ${{ job.status }}\nSmoketests result: ${{ steps.smoketests.conclusion }}\nURL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
	SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

	- name: Send Slack notification on smoketests failure to VyOS
	if: failure() && !inputs.SKIP_SLACK_NOTIFICATIONS
	uses: slackapi/[email protected]
	with:
	payload: \|
	{
	"text": "VyOS nightly build has been failed",
	"attachments": [
	{
	"color": "FF0000",
	"fields": [
	{
	"title": "Repository",
	"short": true,
	"value": "${{ github.repository }}"
	},
	{
	"title": "Workflow",
	"short": true,
	"value": "${{ github.workflow }}"
	},
	{
	"title": "Trigger",
	"short": true,
	"value": "${{ github.event_name }}"
	},
	{
	"title": "Smoketests result",
	"short": true,
	"value": "${{ steps.smoketests.outcome }}"
	},
	{
	"title": "URL",
	"short": false,
	"value": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
	}
	]
	}
	]
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL_FOR_MAINTEINERS }}
	SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

	update-downloads-page:
	needs: build-iso
	uses: vyos/community.vyos.net/.github/workflows/main.yml@production
	secrets:
	NETLIFY_SITE_NAME: ${{ secrets.NETLIFY_SITE_NAME }}
	NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
	SOUPAULT_PROFILE: ${{ secrets.SOUPAULT_PROFILE }}
	GH_ACCESS_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VyOS nightly build #330

Workflow file

VyOS nightly build #330

Jobs

Run details

Workflow file for this run