enoch/armbian-build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean GitHub actions (#4065)

Browse Source 
* Cleaning actions

* Update

* Update

* Update

* Update
This commit is contained in:
Igor Pečovnik 2022-08-12 14:29:31 +02:00 committed by GitHub
parent 701af0d8d9
commit 9ef2f5ac40
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 29 additions and 479 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
.github/workflows/build-deskktop-pr.yml → .github/workflows/build-desktop-pr.yml vendored
View File

13
.github/workflows/build-images.yml vendored
View File

@ -77,6 +77,11 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: igorjs/gh-actions-clean-workflow@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
days_old: 14
fake:
if: ${{ github.repository_owner == 'Armbian' }}
runs-on: small
@ -104,7 +109,7 @@ jobs:
RELE=$(curl -ks https://api.github.com/repos/armbian/build/releases/latest ^| grep "browser_download_url" | grep -o -P '(?<=Armbian.).*(?=_)' | cut -d"_" -f1 | sort | uniq | head -1)
SOUR=$(cat build/VERSION)
# skip if version in git is the same as at release
if [[ "$RELE" == "$SOUR" ]]; then
echo ::set-output name=changes::$(echo 'true')
@ -346,10 +351,10 @@ jobs:
with:
fetch-depth: 1
ref: nightly
- name: Make build list
run: |
sudo npm install --location=global json || true
truncate README.me --size=0 || true
echo "VERSION=$(cat VERSION)" >> $GITHUB_ENV
@ -376,7 +381,7 @@ jobs:
done
)
cat README.tmp
- uses: ncipollo/release-action@v1
with:
tag: "${{ env.VERSION }}"

14
.github/workflows/build-kernel-pr.yml vendored
View File

@ -1,21 +1,23 @@
name: Build Kernels at PR
#
# Generates kernels at PR if their code, patches or config was changed in any way. Packages are uploaded as Github action build artefakts
# Build starts if review is requested or if PR is marked for review
# Build starts if label is set to "Ready"
#
on:
workflow_dispatch:
pull_request:
types: [review_requested, ready_for_review]
paths-ignore:
- .github/workflows
types: [opened,synchronize,reopened,ready_for_review,review_requested,labeled]
paths:
- 'config/kernel/**'
- 'config/sources/**'
- 'config/patch/**'
jobs:
Check:
name: Checking
if: ${{ success() && github.repository_owner == 'Armbian' }}
if: ${{ github.repository_owner == 'Armbian' && contains( github.event.pull_request.labels.*.name, 'Ready :arrow_right:') }}
uses: armbian/scripts/.github/workflows/check-for-changes.yml@master
with:
@ -24,7 +26,7 @@ jobs:
Build:
needs: Check
if: ${{ success() && github.repository_owner == 'Armbian' }}
if: ${{ github.repository_owner == 'Armbian' && contains( github.event.pull_request.labels.*.name, 'Desktop :desktop_computer:') }}
uses: armbian/scripts/.github/workflows/build-kernel.yml@master
with:

1
.github/workflows/build-u-boot.yml vendored
View File

@ -13,6 +13,7 @@ on:
options:
- nightly
- master
permissions:
contents: read

1
.github/workflows/bump-version.yml vendored
View File

@ -11,6 +11,7 @@ jobs:
fake:
permissions:
contents: none
runs-on: small
name: Source changes
if: ${{ github.repository_owner == 'Armbian' }}

6
.github/workflows/check-integrity.yml vendored
View File

@ -1,4 +1,7 @@
name: Check images integrity
#
# Manually checks images integrity
#
on:
workflow_dispatch:
@ -7,6 +10,9 @@ jobs:
Update:
permissions:
contents: none
name: Check images integrity
runs-on: [fast, igor]
if: ${{ github.repository_owner == 'Armbian' }}

21
.github/workflows/cleanup.yml vendored
View File

@ -1,21 +0,0 @@
name: Clean Workflow Logs
on:
workflow_dispatch:
inputs:
days_old:
description: "The amount of days old to delete"
default: "7"
required: false
jobs:
clean-logs:
if: ${{ github.repository_owner == 'Armbian' }}
runs-on: ubuntu-latest
steps:
- uses: igorjs/gh-actions-clean-workflow@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
owner: ${{ github.repository_owner }}
repo: ${{ github.event.repository.name }}
days_old: ${{ github.event.inputs.days_old }}

38
.github/workflows/maintain.yml vendored
View File

@ -1,38 +0,0 @@
name: Maintain Runners
on:
workflow_dispatch:
permissions:
contents: read
jobs:
fake:
permissions:
contents: none
runs-on: small
name: Source changes
if: ${{ github.repository_owner == 'Armbian' }}
steps:
- run: |
echo "not empty" > changes
- uses: actions/upload-artifact@v3
with:
path: changes
name: changes
if-no-files-found: ignore
Bump:
permissions:
contents: none
needs: [ fake ]
if: github.repository_owner == 'Armbian'
uses: armbian/scripts/.github/workflows/maintain-runners.yml@master
with:
checking: true
secrets:
KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }}
KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }}

1
.github/workflows/rebase.yml vendored
View File

@ -13,6 +13,7 @@ jobs:
permissions:
contents: write # for cirrus-actions/rebase to push code to rebase
pull-requests: read # for cirrus-actions/rebase to get info about PR
name: Rebase
if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase')
runs-on: ubuntu-latest

1
.github/workflows/smoke-tests.yml vendored
View File

@ -14,6 +14,7 @@ jobs:
Smoke:
permissions:
contents: none
if: ${{ github.repository_owner == 'Armbian' }}
uses: armbian/scripts/.github/workflows/smoke-tests.yml@master
secrets:

410
.github/workflows/update-cache.yml vendored
View File

@ -1,410 +0,0 @@
name: Build Rootfs Cache
#
# Generates rootfs cache and uploads it to:
#
# https://github.com/armbian/mirror/releases/tag/rootfs
# https://cache.armbian.com/rootfs/
#
on:
schedule:
- cron: "30 0 15 * *" # Runs at 00:30 UTC on the 15st of every month.
push:
branches:
- 'master'
paths:
- 'config/distributions/**'
- 'config/cli/**'
- 'config/desktop/**'
workflow_dispatch:
jobs:
release-start:
permissions:
contents: none
name: Release start
runs-on: [X64]
outputs:
rootfscache_version: ${{ steps.env-vars.outputs.rootfscache_version }}
if: ${{ github.repository_owner == 'Armbian' }}
steps:
# Synyching procedure expects this value
- run: |
echo "not empty" > changes
- uses: actions/upload-artifact@v3
with:
path: changes
name: changes
if-no-files-found: ignore
- name: Checkout repository
uses: actions/checkout@v3
with:
repository: armbian/build
path: build
clean: false
- name: Remove current status
run: |
sudo mountpoint -q build/cache/rootfs.upload && sudo fusermount -u build/cache/rootfs.upload || true
sudo apt-get -y -qq install sshfs
sudo mkdir -p build/cache/rootfs.upload || true
# locally mount via NFS
if [[ $(curl -s http://ifconfig.me) == "93.103.15.56" ]]; then
sudo mount nas:/tank/armbian/users.armbian.com/upload/rootfs build/cache/rootfs.upload
else
sudo sshfs upload@users.armbian.com:/rootfs build/cache/rootfs.upload -o IdentityFile=~/.ssh/id_rsa -o reconnect -o allow_other || true
fi
# remove true in sshfs when all runners are on jammy
sudo rm build/cache/rootfs.upload/* || true
sudo mountpoint -q build/cache/rootfs.upload && sudo fusermount -u build/cache/rootfs.upload || true
- id: env-vars
name: Read current version
run: |
ROOTFSCACHE_VERSION=$(wget --tries=10 -O - -o /dev/null https://github.com/armbian/mirror/releases/download/rootfs/rootfscache.version || true)
ROOTFSCACHE_VERSION=$(( ${ROOTFSCACHE_VERSION:-"0"} + 1 ))
echo "${ROOTFSCACHE_VERSION}"
echo "$ROOTFSCACHE_VERSION" | sudo tee rootfscache.version
echo ::set-output name=rootfscache_version::$(echo ${ROOTFSCACHE_VERSION}) || true
- uses: dev-drprasad/delete-tag-and-release@v0.2.0
if: ${{ github.repository_owner == 'Armbian' }}
with:
delete_release: true
repo: 'armbian/mirror'
tag_name: "rootfs"
env:
GITHUB_TOKEN: ${{ secrets.CR_PAT }}
- name: Updating releases
uses: ncipollo/release-action@v1.10.0
with:
artifacts: "rootfscache.version"
repo: "mirror"
tag: "rootfs"
name: "Build in progress"
bodyFile: "build/.github/Releases-wip.md"
allowUpdates: true
removeArtifacts: true
token: ${{ secrets.CR_PAT }}
x86-min:
needs: [release-start]
permissions:
contents: none
uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master
with:
variant: 'minimal:uefi-x86'
rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }}
secrets:
PAT1: ${{ secrets.CR_PAT }}
GPG_KEY1: ${{ secrets.GPG_KEY1 }}
GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }}
GPG_KEY2: ${{ secrets.GPG_KEY2 }}
GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }}
SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }}
SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }}
KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }}
x86-srv:
needs: [release-start]
permissions:
contents: none
uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master
with:
variant: 'server:uefi-x86'
rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }}
secrets:
PAT1: ${{ secrets.CR_PAT }}
GPG_KEY1: ${{ secrets.GPG_KEY1 }}
GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }}
GPG_KEY2: ${{ secrets.GPG_KEY2 }}
GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }}
SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }}
SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }}
KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }}
x86-x:
needs: [release-start]
permissions:
contents: none
uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master
with:
variant: 'desktop:uefi-x86'
rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }}
secrets:
PAT1: ${{ secrets.CR_PAT }}
GPG_KEY1: ${{ secrets.GPG_KEY1 }}
GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }}
GPG_KEY2: ${{ secrets.GPG_KEY2 }}
GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }}
SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }}
SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }}
KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }}
armhf-min:
needs: [release-start]
permissions:
contents: none
uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master
with:
variant: 'minimal:tinkerboard'
rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }}
secrets:
PAT1: ${{ secrets.CR_PAT }}
GPG_KEY1: ${{ secrets.GPG_KEY1 }}
GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }}
GPG_KEY2: ${{ secrets.GPG_KEY2 }}
GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }}
SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }}
SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }}
KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }}
armhf-srv:
needs: [release-start]
permissions:
contents: none
uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master
with:
variant: 'server:tinkerboard'
rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }}
secrets:
PAT1: ${{ secrets.CR_PAT }}
GPG_KEY1: ${{ secrets.GPG_KEY1 }}
GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }}
GPG_KEY2: ${{ secrets.GPG_KEY2 }}
GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }}
SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }}
SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }}
KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }}
armhf-x:
needs: [release-start]
permissions:
contents: none
uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master
with:
variant: 'desktop:tinkerboard'
rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }}
secrets:
PAT1: ${{ secrets.CR_PAT }}
GPG_KEY1: ${{ secrets.GPG_KEY1 }}
GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }}
GPG_KEY2: ${{ secrets.GPG_KEY2 }}
GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }}
SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }}
SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }}
KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }}
arm64-min:
needs: [release-start]
permissions:
contents: none
uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master
with:
variant: 'minimal:uefi-arm64'
rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }}
secrets:
PAT1: ${{ secrets.CR_PAT }}
GPG_KEY1: ${{ secrets.GPG_KEY1 }}
GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }}
GPG_KEY2: ${{ secrets.GPG_KEY2 }}
GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }}
SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }}
SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }}
KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }}
arm64-srv:
needs: [release-start]
permissions:
contents: none
uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master
with:
variant: 'server:uefi-arm64'
rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }}
secrets:
PAT1: ${{ secrets.CR_PAT }}
GPG_KEY1: ${{ secrets.GPG_KEY1 }}
GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }}
GPG_KEY2: ${{ secrets.GPG_KEY2 }}
GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }}
SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }}
SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }}
KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }}
arm64-x:
needs: [release-start]
permissions:
contents: none
uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master
with:
variant: 'desktop:uefi-arm64'
rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }}
secrets:
PAT1: ${{ secrets.CR_PAT }}
GPG_KEY1: ${{ secrets.GPG_KEY1 }}
GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }}
GPG_KEY2: ${{ secrets.GPG_KEY2 }}
GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }}
SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }}
SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }}
KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }}
jobsend:
permissions:
contents: none
name: Release finish
needs: [x86-min,x86-srv,x86-x,armhf-min,armhf-srv,armhf-x,arm64-min,arm64-srv,arm64-x]
runs-on: [fast]
if: ${{ github.repository_owner == 'Armbian' }}
steps:
- name: Runner cleanup
uses: igorpecovnik/freespace@main
- name: Checkout repository
uses: actions/checkout@v3
with:
repository: armbian/build
path: build
clean: false
- name: Checkout tracker lists
uses: actions/checkout@v3
with:
fetch-depth: '1'
repository: ngosang/trackerslist
path: trackerslist
clean: false
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.GPG_KEY1 }}
passphrase: ${{ secrets.GPG_PASSPHRASE1 }}
workdir: build
git_user_signingkey: true
- name: Install SSH key for storage
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.KEY_TORRENTS }}
known_hosts: ${{ secrets.KNOWN_HOSTS_UPLOAD }}
if_key_exists: replace
- name: Mount upload folders
run: |
sudo mountpoint -q build/cache/rootfs.upload && sudo fusermount -u build/cache/rootfs.upload || true
sudo apt-get -y -qq install sshfs
sudo mkdir -p build/cache/rootfs.upload || true
if [[ $(curl -s http://ifconfig.me) == "93.103.15.56" ]]; then
sudo mount nas:/tank/armbian/users.armbian.com/upload/rootfs build/cache/rootfs.upload
else
sudo sshfs upload@users.armbian.com:/rootfs build/cache/rootfs.upload -o IdentityFile=~/.ssh/id_rsa -o reconnect -o allow_other || true
fi
# remove true in sshfs when all runners are on jammy
sudo df
- name: Signing
run: |
sudo apt-get -y -qq install parallel buildtorrent
ANNOUNCE=$(cat trackerslist/trackers_best_ip.txt | sed '/^$/d' | shuf -n 1)
TRACKERS=$(cat trackerslist/trackers_all.txt | sed '/^\s*$/d' | while read line; do printf ",""${line}"; done | cut -c 2-)
WEBSEEDS="--webseeds="https://github.com/armbian/mirror/releases/download/rootfs/\$FILE,"$(curl -s https://cache.armbian.com/mirrors | jq -r '.'default' | .[] | values' | sed -e 's/$/rootfs\/$FILE/' | tr '\n' , | sed 's/.$//')"
cd build/cache/rootfs.upload
FILES=$(ls -1 *.lz4)
for FILE in ${FILES[@]}
do
if [[ ! -f $FILE.asc ]]; then
echo "$FILE"
fi
done | sudo --preserve-env parallel --jobs 18 '
echo "Signing {} "; echo ${{ secrets.GPG_PASSPHRASE1 }} | gpg --quiet --armor --batch --yes --passphrase-fd 0 --detach-sign --pinentry-mode loopback {};
echo "Generating {}.torrent "; buildtorrent -q -s -m '$WEBSEEDS' --announce="'$ANNOUNCE'" --announcelist="'$TRACKERS'" {} -c "Armbian rootfs cache" {}.torrent >/dev/null
'
# Update version
echo "${{ needs.release-start.outputs.rootfscache_version }}" | sudo tee rootfscache.version
- name: Upload
uses: ncipollo/release-action@v1
if: ${{ github.repository_owner == 'Armbian' }}
with:
repo: "mirror"
artifacts: "build/cache/rootfs.upload/*.torrent,build/cache/rootfs.upload/*.asc"
tag: "rootfs"
bodyFile: "build/.github/Releases.md"
name: "Rootfs cache"
allowUpdates: true
token: ${{ secrets.CR_PAT }}
- name: Delete obsolete
run: |
BRISI=($(diff <(find build/cache/rootfs.upload -name "*.lz4.current" | sed "s/.current//" | sort) <(find build/cache/rootfs.upload -name "*.lz4" | sort) | grep ">" | sed "s/> //"))
for brisi in "${BRISI[@]}"; do
sudo rm $brisi.*
done
- name: Unmount folders
run: |
sudo mountpoint -q build/cache/rootfs && sudo fusermount -u build/cache/rootfs || true
sudo mountpoint -q build/cache/rootfs.upload && sudo fusermount -u build/cache/rootfs.upload || true
final-sync:
permissions:
contents: none
name: "Sync servers"
needs: [jobsend]
if: ${{ success() && github.repository_owner == 'Armbian' }}
uses: armbian/scripts/.github/workflows/sync-servers.yml@master
with:
KEY_ID: 'upload'
secrets:
KEY_UPLOAD: ${{ secrets.KEY_UPLOAD }}
USER_REPOSITORY: ${{ secrets.USER_REPOSITORY }}
HOST_REPOSITORY: ${{ secrets.HOST_REPOSITORY }}
KNOWN_HOSTS_REPOSITORY: ${{ secrets.KNOWN_HOSTS_REPOSITORY }}

2
.github/workflows/update-docker.yml vendored
View File

@ -16,6 +16,7 @@ jobs:
Docker:
permissions:
contents: none
if: ${{ github.repository_owner == 'Armbian' }}
uses: armbian/scripts/.github/workflows/update-docker-image.yml@master
@ -25,6 +26,7 @@ jobs:
Docker-test:
permissions:
contents: none
needs: Docker
if: ${{ github.repository_owner == 'Armbian' }}
uses: armbian/scripts/.github/workflows/build-test-image-docker.yml@master