-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #280 from tomponline/5.0-candidate
Add github workflows (5.0-candidate)
- Loading branch information
Showing
2 changed files
with
121 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| name: Builds | ||
| on: | ||
| pull_request: | ||
| push: | ||
| branches: | ||
| - 5.0-candidate | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
|
|
||
| jobs: | ||
| lxd-migrate: | ||
| name: Test lxd-migrate build | ||
| runs-on: ubuntu-22.04 | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install Go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: 1.20.x | ||
|
|
||
| - name: Test lxd-migrate build | ||
| run: | | ||
| set -eux | ||
| cd ~/work/lxd-pkg-snap/lxd-pkg-snap/lxd-migrate | ||
| CGO_ENABLED=0 go build -v -tags netgo | ||
| snap: | ||
| name: Trigger snap build | ||
| runs-on: ubuntu-22.04 | ||
| needs: lxd-migrate | ||
| if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.event_name == 'push' && github.actor != 'dependabot[bot]' }} | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Setup Launchpad SSH access | ||
| env: | ||
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | ||
| LAUNCHPAD_LXD_BOT_KEY: ${{ secrets.LAUNCHPAD_LXD_BOT_KEY }} | ||
| run: | | ||
| ssh-agent -a "${SSH_AUTH_SOCK}" > /dev/null | ||
| ssh-add - <<< "${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}" | ||
| mkdir -m 0700 -p ~/.ssh/ | ||
| # In ephemeral environments like GitHub Action runners, relying on TOFU isn't providing any security | ||
| # so require the key obtained by `ssh-keyscan` to match the expected hash from https://help.launchpad.net/SSHFingerprints | ||
| ssh-keyscan git.launchpad.net >> ~/.ssh/known_hosts | ||
| ssh-keygen -qlF git.launchpad.net | grep -xF 'git.launchpad.net RSA SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo' | ||
| - name: Install Go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: 1.20.x | ||
|
|
||
| - name: Trigger Launchpad snap build | ||
| env: | ||
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | ||
| TARGET: ${{ github.ref_name }} | ||
| run: | | ||
| set -x | ||
| git config --global user.name "Canonical LXD Bot" | ||
| git config --global user.email "[email protected]" | ||
| localRev=$(git rev-parse HEAD) | ||
| go install github.com/canonical/lxd-ci/lxd-snapcraft@latest | ||
| git clone -b "${TARGET}" git+ssh://[email protected]/~canonical-lxd/lxd ~/lxd-pkg-snap-lp | ||
| originVer=($(lxd-snapcraft -get-version -file snapcraft.yaml)) | ||
| rsync -a --exclude .git --delete . ~/lxd-pkg-snap-lp/ | ||
| cd ~/lxd-pkg-snap-lp | ||
| lxd-snapcraft -set-version "${originVer[0]}-${localRev:0:7}" -set-source-commit "" | ||
| git add --all | ||
| git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${TARGET})" -m "Upstream commit: ${localRev}" | ||
| git show | ||
| #git push --quiet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| name: Commits | ||
| on: | ||
| - pull_request | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| dco-check: | ||
| permissions: | ||
| pull-requests: read # for tim-actions/get-pr-commits to get list of commits from the PR | ||
| name: Signed-off-by (DCO) and branch target | ||
| runs-on: ubuntu-22.04 | ||
| steps: | ||
| - name: Get PR Commits | ||
| id: 'get-pr-commits' | ||
| uses: tim-actions/get-pr-commits@master | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Check that all commits are signed-off | ||
| uses: tim-actions/dco@master | ||
| with: | ||
| commits: ${{ steps.get-pr-commits.outputs.commits }} | ||
|
|
||
| - name: Check branch target | ||
| env: | ||
| TARGET: ${{ github.event.pull_request.base.ref }} | ||
| TITLE: ${{ github.event.pull_request.title }} | ||
| if: ${{ github.actor != 'dependabot[bot]' }} | ||
| run: | | ||
| set -x | ||
| TARGET_FROM_PR_TITLE="$(echo "${TITLE}" | sed -n 's/.*(\(\(latest\|[0-9]\.[0-9]\)-\(edge\|candidate\)\))$/\1/p')" | ||
| if [ -z "${TARGET_FROM_PR_TITLE}" ]; then | ||
| TARGET_FROM_PR_TITLE="latest-edge" | ||
| else | ||
| echo "Branch target overridden from PR title" | ||
| fi | ||
| [ "${TARGET}" = "${TARGET_FROM_PR_TITLE}" ] && exit 0 | ||
| echo "Invalid branch target: ${TARGET} != ${TARGET_FROM_PR_TITLE}" | ||
| exit 1 |