name: Build Rootfs Cache # # Generates rootfs cache and uploads it to: # # https://github.com/armbian/mirror/releases/tag/rootfs # https://cache.armbian.com/rootfs/ # on: schedule: - cron: "30 0 15 * *" # Runs at 00:30 UTC on the 15st of every month. push: branches: - 'master' paths: - 'config/distributions/**' - 'config/cli/**' - 'config/desktop/**' workflow_dispatch: inputs: monthoffset: description: Forced month offset required: true default: 0 jobs: release-start: permissions: contents: none name: Release start runs-on: [X64] outputs: rootfscache_version: ${{ steps.env-vars.outputs.rootfscache_version }} if: ${{ github.repository_owner == 'Armbian' }} steps: # Synyching procedure expects this value - run: | echo "not empty" > changes - uses: actions/upload-artifact@v3 with: path: changes name: changes if-no-files-found: ignore - name: Checkout repository uses: actions/checkout@v3 with: repository: armbian/build path: build clean: false - name: Remove current status run: | sudo mountpoint -q build/cache/rootfs.upload && sudo fusermount -u build/cache/rootfs.upload || true sudo apt-get -y -qq install sshfs sudo mkdir -p build/cache/rootfs.upload || true # locally mount via NFS if [[ $(curl -s http://ifconfig.me) == "93.103.15.56" ]]; then sudo mount nas:/tank/armbian/users.armbian.com/upload/rootfs build/cache/rootfs.upload else sudo sshfs upload@users.armbian.com:/rootfs build/cache/rootfs.upload -o IdentityFile=~/.ssh/id_rsa -o reconnect -o allow_other || true fi # remove true in sshfs when all runners are on jammy sudo rm build/cache/rootfs.upload/* || true sudo mountpoint -q build/cache/rootfs.upload && sudo fusermount -u build/cache/rootfs.upload || true - id: env-vars name: Read current version run: | ROOTFSCACHE_VERSION=$(wget --tries=10 -O - -o /dev/null https://github.com/armbian/mirror/releases/download/rootfs/rootfscache.version || true) ROOTFSCACHE_VERSION=$(( ${ROOTFSCACHE_VERSION:-"0"} + 1 )) echo "${ROOTFSCACHE_VERSION}" echo "$ROOTFSCACHE_VERSION" | sudo tee rootfscache.version echo ::set-output name=rootfscache_version::$(echo ${ROOTFSCACHE_VERSION}) || true - uses: dev-drprasad/delete-tag-and-release@v0.2.0 if: ${{ github.repository_owner == 'Armbian' }} with: delete_release: true repo: 'armbian/mirror' tag_name: "rootfs" env: GITHUB_TOKEN: ${{ secrets.CR_PAT }} - name: Updating releases uses: ncipollo/release-action@v1.10.0 with: artifacts: "rootfscache.version" repo: "mirror" tag: "rootfs" name: "Build in progress" bodyFile: "build/.github/Releases-wip.md" allowUpdates: true removeArtifacts: true token: ${{ secrets.CR_PAT }} x86-min: needs: [release-start] permissions: contents: none uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master with: variant: 'minimal:uefi-x86' monthoffset: ${{ inputs.monthoffset }} rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }} secrets: PAT1: ${{ secrets.CR_PAT }} GPG_KEY1: ${{ secrets.GPG_KEY1 }} GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }} GPG_KEY2: ${{ secrets.GPG_KEY2 }} GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }} SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }} SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }} KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }} x86-srv: needs: [release-start] permissions: contents: none uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master with: variant: 'server:uefi-x86' monthoffset: ${{ inputs.monthoffset }} rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }} secrets: PAT1: ${{ secrets.CR_PAT }} GPG_KEY1: ${{ secrets.GPG_KEY1 }} GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }} GPG_KEY2: ${{ secrets.GPG_KEY2 }} GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }} SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }} SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }} KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }} x86-x: needs: [release-start] permissions: contents: none uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master with: variant: 'desktop:uefi-x86' monthoffset: ${{ inputs.monthoffset }} rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }} secrets: PAT1: ${{ secrets.CR_PAT }} GPG_KEY1: ${{ secrets.GPG_KEY1 }} GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }} GPG_KEY2: ${{ secrets.GPG_KEY2 }} GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }} SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }} SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }} KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }} armhf-min: needs: [release-start] permissions: contents: none uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master with: variant: 'minimal:tinkerboard' monthoffset: ${{ inputs.monthoffset }} rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }} secrets: PAT1: ${{ secrets.CR_PAT }} GPG_KEY1: ${{ secrets.GPG_KEY1 }} GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }} GPG_KEY2: ${{ secrets.GPG_KEY2 }} GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }} SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }} SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }} KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }} armhf-srv: needs: [release-start] permissions: contents: none uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master with: variant: 'server:tinkerboard' monthoffset: ${{ inputs.monthoffset }} rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }} secrets: PAT1: ${{ secrets.CR_PAT }} GPG_KEY1: ${{ secrets.GPG_KEY1 }} GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }} GPG_KEY2: ${{ secrets.GPG_KEY2 }} GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }} SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }} SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }} KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }} armhf-x: needs: [release-start] permissions: contents: none uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master with: variant: 'desktop:tinkerboard' monthoffset: ${{ inputs.monthoffset }} rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }} secrets: PAT1: ${{ secrets.CR_PAT }} GPG_KEY1: ${{ secrets.GPG_KEY1 }} GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }} GPG_KEY2: ${{ secrets.GPG_KEY2 }} GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }} SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }} SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }} KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }} arm64-min: needs: [release-start] permissions: contents: none uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master with: variant: 'minimal:uefi-arm64' monthoffset: ${{ inputs.monthoffset }} rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }} secrets: PAT1: ${{ secrets.CR_PAT }} GPG_KEY1: ${{ secrets.GPG_KEY1 }} GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }} GPG_KEY2: ${{ secrets.GPG_KEY2 }} GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }} SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }} SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }} KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }} arm64-srv: needs: [release-start] permissions: contents: none uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master with: variant: 'server:uefi-arm64' monthoffset: ${{ inputs.monthoffset }} rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }} secrets: PAT1: ${{ secrets.CR_PAT }} GPG_KEY1: ${{ secrets.GPG_KEY1 }} GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }} GPG_KEY2: ${{ secrets.GPG_KEY2 }} GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }} SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }} SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }} KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }} arm64-x: needs: [release-start] permissions: contents: none uses: armbian/scripts/.github/workflows/build-cache-v2.yml@master with: variant: 'desktop:uefi-arm64' monthoffset: ${{ inputs.monthoffset }} rootfscache_version: ${{ needs.release-start.outputs.rootfscache_version }} secrets: PAT1: ${{ secrets.CR_PAT }} GPG_KEY1: ${{ secrets.GPG_KEY1 }} GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }} GPG_KEY2: ${{ secrets.GPG_KEY2 }} GPG_PASSPHRASE2: ${{ secrets.GPG_PASSPHRASE2 }} SCRIPTS_ACCESS_TOKEN: ${{ secrets.SCRIPTS_ACCESS_TOKEN }} SSH_KEY_TORRENTS: ${{ secrets.KEY_TORRENTS }} KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }} jobsend: permissions: contents: none name: Release finish needs: [x86-min,x86-srv,x86-x,armhf-min,armhf-srv,armhf-x,arm64-min,arm64-srv,arm64-x] runs-on: [fast] if: ${{ github.repository_owner == 'Armbian' }} steps: - name: Runner cleanup uses: igorpecovnik/freespace@main - name: Checkout repository uses: actions/checkout@v3 with: repository: armbian/build path: build clean: false - name: Checkout tracker lists uses: actions/checkout@v3 with: fetch-depth: '1' repository: ngosang/trackerslist path: trackerslist clean: false - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v5 with: gpg_private_key: ${{ secrets.GPG_KEY1 }} passphrase: ${{ secrets.GPG_PASSPHRASE1 }} workdir: build git_user_signingkey: true - name: Install SSH key for storage uses: shimataro/ssh-key-action@v2 with: key: ${{ secrets.KEY_TORRENTS }} known_hosts: ${{ secrets.KNOWN_HOSTS_UPLOAD }} if_key_exists: replace - name: Mount upload folders run: | sudo mountpoint -q build/cache/rootfs.upload && sudo fusermount -u build/cache/rootfs.upload || true sudo apt-get -y -qq install sshfs sudo mkdir -p build/cache/rootfs.upload || true if [[ $(curl -s http://ifconfig.me) == "93.103.15.56" ]]; then sudo mount nas:/tank/armbian/users.armbian.com/upload/rootfs build/cache/rootfs.upload else sudo sshfs upload@users.armbian.com:/rootfs build/cache/rootfs.upload -o IdentityFile=~/.ssh/id_rsa -o reconnect -o allow_other || true fi # remove true in sshfs when all runners are on jammy sudo df - name: Signing run: | sudo apt-get -y -qq install parallel buildtorrent ANNOUNCE=$(cat trackerslist/trackers_best_ip.txt | head -1)ANNOUNCE=$(cat trackerslist/trackers_best_ip.txt | sed '/^$/d' | shuf -n 1) TRACKERS=$(cat trackerslist/trackers_all.txt | sed '/^\s*$/d' | while read line; do printf ",""${line}"; done | cut -c 2-) WEBSEEDS="--webseeds="https://github.com/armbian/mirror/releases/download/rootfs/\$FILE,"$(curl -s https://cache.armbian.com/mirrors | jq -r '.'default' | .[] | values' | sed -e 's/$/rootfs\/$FILE/' | tr '\n' , | sed 's/.$//')" cd build/cache/rootfs.upload FILES=$(ls -1 *.lz4) for FILE in ${FILES[@]} do if [[ ! -f $FILE.asc ]]; then echo "$FILE" fi done | sudo --preserve-env parallel --jobs 18 ' echo "Signing {} "; echo ${{ secrets.GPG_PASSPHRASE1 }} | gpg --quiet --armor --batch --yes --passphrase-fd 0 --detach-sign --pinentry-mode loopback {}; echo "Generating {}.torrent "; buildtorrent -q -s -m '$WEBSEEDS' --announce="'$ANNOUNCE'" --announcelist="'$TRACKERS'" {} -c "Armbian rootfs cache" {}.torrent >/dev/null ' # Update version echo "${{ needs.release-start.outputs.rootfscache_version }}" | sudo tee rootfscache.version - name: Upload uses: ncipollo/release-action@v1 if: ${{ github.repository_owner == 'Armbian' }} with: repo: "mirror" artifacts: "build/cache/rootfs.upload/*.torrent,build/cache/rootfs.upload/*.asc" tag: "rootfs" bodyFile: "build/.github/Releases.md" name: "Rootfs cache" allowUpdates: true token: ${{ secrets.CR_PAT }} - name: Delete obsolete run: | BRISI=($(diff <(find build/cache/rootfs.upload -name "*.lz4.current" | sed "s/.current//" | sort) <(find build/cache/rootfs.upload -name "*.lz4" | sort) | grep ">" | sed "s/> //")) for brisi in "${BRISI[@]}"; do sudo rm $brisi.* done - name: Unmount folders run: | sudo mountpoint -q build/cache/rootfs && sudo fusermount -u build/cache/rootfs || true sudo mountpoint -q build/cache/rootfs.upload && sudo fusermount -u build/cache/rootfs.upload || true final-sync: permissions: contents: none name: "Sync servers" needs: [jobsend] if: ${{ success() && github.repository_owner == 'Armbian' }} uses: armbian/scripts/.github/workflows/sync-servers.yml@master with: KEY_ID: 'upload' secrets: KEY_UPLOAD: ${{ secrets.KEY_UPLOAD }} USER_REPOSITORY: ${{ secrets.USER_REPOSITORY }} HOST_REPOSITORY: ${{ secrets.HOST_REPOSITORY }} KNOWN_HOSTS_REPOSITORY: ${{ secrets.KNOWN_HOSTS_REPOSITORY }}