1634.0 #349

Summary
Jobs
- build
- re-run
Run details
- Usage
- Workflow file

Workflow file for this run

	name: build
	run-name: ${{ github.ref_type == 'tag' && github.ref_name \|\| 'experimental' }}
	on:
	push:
	tags:
	- '*'
	branches:
	- main
	workflow_dispatch:
	inputs:
	today:
	type: boolean
	default: false
	jobs:
	build:
	runs-on: ubuntu-latest
	environment: aws
	permissions:
	id-token: write
	steps:
	- name: free up runner space
	run: \|
	sudo rm -rf /{usr/{local/{lib/{android,heroku},.ghcup,share/{dotnet,powershell,miniconda,swift}},share/{dotnet,miniconda,swift}},opt/{hostedtoolcache,microsoft},imagegeneration}
	sudo docker system prune -a -f
	- name: setup binfmt
	run: sudo podman run --privileged ghcr.io/gardenlinux/binfmt_container
	- uses: actions/checkout@v4
	- name: resolve container digest
	if: github.ref_type != 'tag'
	run: \|
	set -o noclobber
	if [ ! -e .container ]; then
	image="ghcr.io/gardenlinux/repo-debian-snapshot"
	podman pull "$image"
	digest="$(podman image inspect --format '{{ .Digest }}' "$image")"
	echo "$image@$digest" > .container
	fi
	- name: fetch package repo releases
	if: github.ref_type != 'tag'
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	if [ ! -e package-releases ]; then
	podman build -t build --build-arg base="$(cat .container)" .
	podman run --rm -e GH_TOKEN build /fetch_releases > package-releases
	fi
	- name: download amd64 packages
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	container="$(cat .container)"
	podman pull --arch amd64 "$container"
	podman build -t build --build-arg base="$container" .
	mkdir repo
	podman run --rm -v "$PWD/repo:/repo" -v "$PWD/package-releases:/package-releases" -v "$PWD/package-imports:/package-imports" -v "$PWD/package-exclude:/package-exclude" -e GH_TOKEN build /download_pkgs /repo /package-releases /package-imports /package-exclude
	- name: download arm64 packages
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	container="$(cat .container)"
	podman pull --arch arm64 "$container"
	podman build -t build --build-arg base="$container" .
	mkdir repo_arm64
	podman run --rm -v "$PWD/repo_arm64:/repo" -v "$PWD/package-releases:/package-releases" -v "$PWD/package-imports:/package-imports" -v "$PWD/package-exclude:/package-exclude" -e GH_TOKEN build /download_pkgs /repo /package-releases /package-imports /package-exclude
	cp -r --no-clobber repo_arm64/. repo/.
	rm -rf repo_arm64
	- name: build kms signing container
	run: \|
	podman build -t kms kms
	podman build -t build --build-arg base=kms .
	- uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ vars.AWS_OIDC_ROLE }}
	aws-region: ${{ vars.AWS_REGION }}
	- run: aws sts get-caller-identity
	- name: sync pool to S3
	run: \|
	find repo/pool -type f -printf '%P\n' \| sort > local_objects
	aws s3api list-objects --bucket '${{ vars.S3_BUCKET }}' --prefix pool/ \| jq -r '.Contents // [] \| .[].Key' \| sed 's#^pool/##' \| sort > aws_objects
	join -v 1 local_objects aws_objects > new_objects
	rm local_objects aws_objects
	num_objects="$(wc -l new_objects \| awk '{ print $1 }')"
	cntr=0
	while read -r obj; do
	aws s3 cp --quiet "repo/pool/$obj" "s3://${{ vars.S3_BUCKET }}/pool/$obj"
	cntr="$(( cntr + 1 ))"
	echo "[$cntr/$num_objects] $obj"
	done < new_objects
	rm new_objects
	- name: check dist ${{ github.ref_name }}
	if: github.ref_type == 'tag'
	id: check
	run: \|
	if ! aws s3api head-object --bucket '${{ vars.S3_BUCKET }}' --key 'gardenlinux/dists/${{ github.ref_name }}/InRelease' > /dev/null 2>&1; then
	echo new_dist=true >> "$GITHUB_OUTPUT"
	fi
	- name: create dist ${{ github.ref_name }}
	if: steps.check.outputs.new_dist == 'true'
	run: \|
	podman run --rm \
	-e 'AWS_*' \
	-e 'KMS_KEY_ID=${{ secrets.KMS_KEY_ID }}' \
	-e 'KMS_KEY_CERT=${{ secrets.KMS_KEY_CERT }}' \
	-e 'KMS_KEY_GPG=${{ secrets.KMS_KEY_GPG }}' \
	-v "$PWD/repo:/repo" \
	build /create_dist /repo ${{ github.ref_name }} 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
	aws s3 cp --recursive 'repo/dists/${{ github.ref_name }}' 's3://${{ vars.S3_BUCKET }}/gardenlinux/dists/${{ github.ref_name }}'
	- name: create dist experimental
	if: github.ref_type != 'tag'
	run: \|
	podman run --rm \
	-e 'AWS_*' \
	-e 'KMS_KEY_ID=${{ secrets.KMS_KEY_ID }}' \
	-e 'KMS_KEY_CERT=${{ secrets.KMS_KEY_CERT }}' \
	-e 'KMS_KEY_GPG=${{ secrets.KMS_KEY_GPG }}' \
	-v "$PWD/repo:/repo" \
	build /create_dist /repo experimental 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
	aws s3 cp --recursive 'repo/dists/experimental' 's3://${{ vars.S3_BUCKET }}/gardenlinux/dists/experimental'
	aws cloudfront create-invalidation --distribution-id '${{ secrets.CLOUDFRONT_DISTRIBUTION }}' --paths '/gardenlinux/dists/experimental/*'
	- name: create dist today
	if: inputs.today
	run: \|
	podman run --rm \
	-e 'AWS_*' \
	-e 'KMS_KEY_ID=${{ secrets.KMS_KEY_ID }}' \
	-e 'KMS_KEY_CERT=${{ secrets.KMS_KEY_CERT }}' \
	-e 'KMS_KEY_GPG=${{ secrets.KMS_KEY_GPG }}' \
	-v "$PWD/repo:/repo" \
	build /create_dist /repo today 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
	aws s3 cp --recursive 'repo/dists/today' 's3://${{ vars.S3_BUCKET }}/gardenlinux/dists/today'
	aws cloudfront create-invalidation --distribution-id '${{ secrets.CLOUDFRONT_DISTRIBUTION }}' --paths '/gardenlinux/dists/today/*'
	# Attempt to make CI more resilient using retry logic https://github.com/gardenlinux/gardenlinux/issues/2288
	re-run:
	needs: [ build ]
	if: failure() && fromJSON(github.run_attempt) < 3
	runs-on: ubuntu-latest
	steps:
	- env:
	GH_REPO: ${{ github.repository }}
	GH_TOKEN: ${{ github.token }}
	run: gh workflow run rerun-build.yml -F run_id=${{ github.run_id }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1634.0 #349

Workflow file

1634.0 #349

Jobs

Run details

Workflow file for this run