-
Notifications
You must be signed in to change notification settings - Fork 7
134 lines (132 loc) · 6.2 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
---
name: CI on push release tag
on:
push:
tags:
- 'v*'
- '!v*-rc*'
jobs:
build:
uses: ./.github/workflows/build.yml
with:
cacheless: false
deploy-images:
name: Deploy DTS artifacts on boot.dasharo.com and GitHub Release
needs: build
runs-on:
labels: dts-builder
steps:
- name: Prepare SSH key
shell: bash
env:
SSH_KEY: ${{secrets.SSH_KEY}}
SSH_KEY_CI_CD: ${{secrets.SSH_KEY_CI_CD}}
run: |
echo -e ${SSH_KEY} > ~/.ssh/dts-ci-key
chmod 600 ~/.ssh/dts-ci-key
echo -e ${SSH_KEY_CI_CD} > ~/.ssh/gitea_dts_release_cicd
chmod 600 ~/.ssh/gitea_dts_release_cicd
echo -e "\n
Host git.3mdeb.com\n
HostName git.3mdeb.com\n
IdentityFile ~/.ssh/gitea_dts_release_cicd\n
IdentitiesOnly yes" > ~/.ssh/config_deploy
- name: Get DTS version
id: dts-ver
shell: bash
run: |
# Extract tag version from GITHUB_REF
TAG=${GITHUB_REF#refs/tags/}
DTS_VER=${TAG}
echo "DTS_VER=${DTS_VER}" >> $GITHUB_ENV
- name: Validate DTS_VER
if: ${{ success() }}
shell: bash
run: |
# Retrieve DTS_VER from previous step
DTS_VER_EXPECTED="${{ env.DTS_VER }}"
DTS_VER_ACTUAL="v$(cat meta-dts/meta-dts-distro/conf/distro/dts-distro.conf | grep DISTRO_VERSION | tr -d "\" [A-Z]_=")"
if [ "${DTS_VER_EXPECTED}" != "${DTS_VER_ACTUAL}" ]; then
echo "Tag (${DTS_VER_EXPECTED}) does not match version (${DTS_VER_ACTUAL}) in `meta-dts/meta-dts-distro/conf/distro/dts-distro.conf`"
exit 1
fi
- name: Deploy DTS on boot.dasharo.com
shell: bash
run: |
DTS_VER="${{ env.DTS_VER }}"
ssh -i ~/.ssh/dts-ci-key builder@10.1.40.2 "mkdir -p boot/dts/${DTS_VER}"
cd build/tmp/deploy/images/genericx86-64/
cp bzImage bzImage-${DTS_VER}
cp dts-base-image-genericx86-64.cpio.gz dts-base-image-${DTS_VER}.cpio.gz
cp dts-base-image-genericx86-64.wic.gz dts-base-image-${DTS_VER}.wic.gz
cp dts-base-image-genericx86-64.wic.bmap dts-base-image-${DTS_VER}.wic.bmap
# do not release iso image until issue is fixed
# see: https://github.com/dasharo/dasharo-issues/issues/288
# cp dts-base-image-genericx86-64.iso dts-base-image-${DTS_VER}.iso
scp -i ~/.ssh/dts-ci-key bzImage-${DTS_VER} builder@10.1.40.2:boot/dts/${DTS_VER}/
scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.cpio.gz builder@10.1.40.2:boot/dts/${DTS_VER}/
scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.wic.gz builder@10.1.40.2:boot/dts/${DTS_VER}/
scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.wic.bmap builder@10.1.40.2:boot/dts/${DTS_VER}/
# do not release iso image until issue is fixed
# see: https://github.com/dasharo/dasharo-issues/issues/288
# scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.iso builder@10.1.40.2:boot/dts/${DTS_VER}/
- name: Deploy manifest on boot.dasharo.com
shell: bash
run: |
DTS_VER="${{ env.DTS_VER }}"
cd build/tmp/deploy/images/genericx86-64/
cp dts-base-image-genericx86-64.manifest dts-base-image-${DTS_VER}.manifest
scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.manifest builder@10.1.40.2:boot/dts/${DTS_VER}/
- name: Deploy sha256 on boot.dasharo.com
shell: bash
run: |
DTS_VER="${{ env.DTS_VER }}"
cd build/tmp/deploy/images/genericx86-64/
sha256sum bzImage-${DTS_VER} > bzImage-${DTS_VER}.sha256
sha256sum dts-base-image-${DTS_VER}.cpio.gz > dts-base-image-${DTS_VER}.cpio.gz.sha256
sha256sum dts-base-image-${DTS_VER}.wic.gz > dts-base-image-${DTS_VER}.wic.gz.sha256
sha256sum dts-base-image-${DTS_VER}.wic.bmap > dts-base-image-${DTS_VER}.wic.bmap.sha256
sha256sum dts-base-image-${DTS_VER}.manifest > dts-base-image-${DTS_VER}.manifest.sha256
# do not release iso image until issue is fixed
# see: https://github.com/dasharo/dasharo-issues/issues/288
# sha256sum dts-base-image-${DTS_VER}.iso > dts-base-image-${DTS_VER}.iso.sha256
scp -i ~/.ssh/dts-ci-key bzImage-${DTS_VER}.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/
scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.cpio.gz.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/
scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.wic.gz.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/
scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.wic.bmap.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/
scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.manifest.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/
# do not release iso image until issue is fixed
# see: https://github.com/dasharo/dasharo-issues/issues/288
# scp -i ~/.ssh/dts-ci-key dts-base-image-${DTS_VER}.iso.sha256 builder@10.1.40.2:boot/dts/${DTS_VER}/
- name: Update iPXE menu
shell: bash
run: |
./meta-dts/scripts/generate-ipxe-menu.sh ${{ env.DTS_VER }}
scp -i ~/.ssh/dts-ci-key dts.ipxe builder@10.1.40.2:boot/dts/
- name: Trigger signing and deploy to GitHub Release tab
shell: bash
run: |
DTS_VER="${{ env.DTS_VER }}"
GIT_SSH_COMMAND='ssh -F ~/.ssh/config_deploy' git clone ssh://git@git.3mdeb.com:2222/3mdeb/dts-release-cicd-pipeline.git
cd dts-release-cicd-pipeline
echo ${DTS_VER} > LATEST_RELEASE
git add LATEST_RELEASE
git commit -m "Signing release ${DTS_VER}"
GIT_SSH_COMMAND='ssh -F ~/.ssh/config_deploy' git push origin main
git tag ${DTS_VER}
GIT_SSH_COMMAND='ssh -F ~/.ssh/config_deploy' git push origin ${DTS_VER}
cd -
cleanup:
name: Cleanup
if: always()
needs: deploy-images
runs-on:
labels: dts-builder
steps:
- name: Cleanup after deployment
shell: bash
run: |
rm -rf ~/.ssh/dts-ci-key
rm -rf dts-release-cicd-pipeline
rm -f ~/.ssh/gitea_dts_release_cicd
rm -rf build meta-dts