-
Notifications
You must be signed in to change notification settings - Fork 3
/
.cirrus.yml
125 lines (122 loc) · 5.09 KB
/
.cirrus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
env:
IMAGE_TAG: 39
GITHUB_SERVER_URL: "https://github.com"
CIRRUS_SHELL: bash
GH_TOKEN: ENCRYPTED[558ab3342d6dc01817f2cd5c808c1c84f084f8bc991125b8b309e78db686cdbf16e3784200f025ac8b7e8801222e6114]
IMAGE_SUFFIX: "c20240227t125812z-f39f38d13"
FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}"
aws_credentials: ENCRYPTED[fe4aa704cf722afa328adce659449b222a8a34d7126a1ff70bb94ef7f5de403d9bf7fc592140dadb5201d26d1fb82fac]
build_task:
alias: 'build'
only_if: $CIRRUS_BRANCH == 'main' && $CIRRUS_PR == "" && $CIRRUS_TAG == ""
execution_lock: podman-wsl-fedora-arm-serial
auto_cancellation: true
ec2_instance: &standard_build_ec2_aarch64
image: ${FEDORA_AARCH64_AMI}
type: "t4g.xlarge"
region: us-east-1
architecture: arm64
setup_script: |
dnf install 'dnf-command(config-manager)'
dnf config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo
dnf -y install gh git podman golang
get_script: |
set +o verbose
date >> changes
podman image pull docker.io/library/fedora:$IMAGE_TAG
imageDigest=`podman image inspect docker.io/library/fedora:$IMAGE_TAG --format {{.Digest}}`
echo $imageDigest > lastimage
echo "Fetching $GITHUB_SERVER_URL/$CIRRUS_REPO_FULL_NAME/releases/latest/download/lastimage"
lastImage=`curl --retry 5 --retry-delay 8 --retry-all-errors -L "$GITHUB_SERVER_URL/$CIRRUS_REPO_FULL_NAME/releases/latest/download/lastimage"`
echo "Digest: $imageDigest"
echo "Last: $lastImage"
if [ "$lastImage" != "$imageDigest" ]; then
echo "Image needs update"
echo -e "\nImage update:\n $imageDigest\n" >> changes
echo "IMAGE_CHANGED=1" >> $CIRRUS_ENV
fi
reuse_script: |
set +o verbose
if [ "$IMAGE_CHANGED" == "1" ]; then
echo "Skipped"
exit
fi
echo "Reusing cached image"
curl --retry 5 --retry-delay 8 --retry-all-errors -L $GITHUB_SERVER_URL/$CIRRUS_REPO_FULL_NAME/releases/latest/download/rootfs.tar.xz --output rootfs.tar.xz
echo "Extracting rootfs.."
unxz rootfs.tar.xz
podman import rootfs.tar fedora-update
podman create --name fedora-update fedora-update sleep 7200
clean_script: |
set +o verbose
if [ "$IMAGE_CHANGED" != "1" ]; then
echo "Skipped"
exit
fi
echo "Using clean image"
podman create --name fedora-update docker.io/library/fedora:$IMAGE_TAG sleep 7200
update_script: |
set +o verbose
podman start fedora-update
podman exec fedora-update sh -c 'rpm -qa --qf "%-30{name} %{version}-%{release}\n" | sort' > pre-update
podman exec -it fedora-update sh -c 'dnf update -y && dnf -y install podman podman-docker procps-ng openssh-server net-tools iproute dhcp-client crun-wasm wasmedge-rt && dnf clean all && rm -rf /var/cache/yum'
podman exec fedora-update sh -c 'rpm -qa --qf "%-30{name} %{version}-%{release}\n" | sort' > post-update
diff -u pre-update post-update > delta || delta=1
if [ ! -z "$delta" ]; then
echo "Package changes!"
echo -e "\nInstalled packages:\n\`\`\`" >> changes
grep '^+' delta | grep -v '+++' | sed 's/^\+//g' >> changes
echo "\`\`\`" >> changes
echo "PACKAGE_CHANGED=1" >> $CIRRUS_ENV
fi
gvproxy_vm_script: |
set +o verbose
if [ "$IMAGE_CHANGED" != "1" ] && [ "$PACKAGE_CHANGED" != "1" ]; then
echo "Skipping gvproxy vm, no updates required"
exit
fi
git clone https://github.com/containers/gvisor-tap-vsock
cd gvisor-tap-vsock
git checkout v0.7.3
HOME=/root make vm
podman cp bin/gvforwarder fedora-update:/usr/local/bin/vm
cd ..
archive_script: |
set +o verbose
if [ "$IMAGE_CHANGED" != "1" ] && [ "$PACKAGE_CHANGED" != "1" ]; then
echo "Skipping archive, no updates required"
exit
fi
echo "Creating rootfs.tar from container..."
podman export --output rootfs.tar fedora-update
# GNu tar has a corruption bugs with --delete, so use bsdtar to filter instead
echo "Filtering rootfs.tar using container..."
podman run -v .:/mnt --security-opt label=disable fedora sh -c 'dnf -y install bsdtar && bsdtar -cf /mnt/new.tar --exclude etc/resolv.conf @/mnt/rootfs.tar'
mv new.tar rootfs.tar
mkdir -p etc; touch etc/resolv.conf
tar rf rootfs.tar --mode=644 --group=root --owner=root etc/resolv.conf
echo "Compressing rootfs.tar.."
xz --verbose rootfs.tar
sha256sum rootfs.tar.xz > shasums
echo "Done"
ls -l rootfs.tar.xz
release_script: |
set +o verbose
if [ "$IMAGE_CHANGED" != "1" ] && [ "$PACKAGE_CHANGED" != "1" ]; then
echo "Skipping release, no updates required"
exit
fi
git fetch --tags
set +o pipefail
NEXT_RELEASE=`git tag --list | grep v${IMAGE_TAG} | cut -f3 -d '.' | sort -n | tail -1`
re='^[0-9]+$'
if ! [[ $NEXT_RELEASE =~ $re ]] ; then
NEXT_RELEASE=0
fi
NEXT_RELEASE="v${IMAGE_TAG}.0.$((NEXT_RELEASE+1))"
echo $NEXT_RELEASE > version
echo "Releasing $NEXT_RELEASE"
set -o verbose
gh release create $NEXT_RELEASE -t $NEXT_RELEASE -d -F changes
gh release upload $NEXT_RELEASE lastimage rootfs.tar.xz shasums version
gh release edit $NEXT_RELEASE --draft=false