From 65eb32ce8a3d433321bd47a07174749c28415747 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 25 Jan 2024 09:13:47 +0000 Subject: [PATCH 1/2] github: Adds builds workflow for pushing to launchpad 5.0-candidate branch But with the actual push disabled for now for testing. Signed-off-by: Thomas Parrott --- .github/workflows/builds.yml | 79 ++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 .github/workflows/builds.yml diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml new file mode 100644 index 000000000..1f739bde8 --- /dev/null +++ b/.github/workflows/builds.yml @@ -0,0 +1,79 @@ +name: Builds +on: + pull_request: + push: + branches: + - 5.0-candidate + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + lxd-migrate: + name: Test lxd-migrate build + runs-on: ubuntu-22.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: 1.20.x + + - name: Test lxd-migrate build + run: | + set -eux + cd ~/work/lxd-pkg-snap/lxd-pkg-snap/lxd-migrate + CGO_ENABLED=0 go build -v -tags netgo + + snap: + name: Trigger snap build + runs-on: ubuntu-22.04 + needs: lxd-migrate + if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.event_name == 'push' && github.actor != 'dependabot[bot]' }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup Launchpad SSH access + env: + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + LAUNCHPAD_LXD_BOT_KEY: ${{ secrets.LAUNCHPAD_LXD_BOT_KEY }} + run: | + ssh-agent -a "${SSH_AUTH_SOCK}" > /dev/null + ssh-add - <<< "${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}" + mkdir -m 0700 -p ~/.ssh/ + # In ephemeral environments like GitHub Action runners, relying on TOFU isn't providing any security + # so require the key obtained by `ssh-keyscan` to match the expected hash from https://help.launchpad.net/SSHFingerprints + ssh-keyscan git.launchpad.net >> ~/.ssh/known_hosts + ssh-keygen -qlF git.launchpad.net | grep -xF 'git.launchpad.net RSA SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo' + + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: 1.20.x + + - name: Trigger Launchpad snap build + env: + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + TARGET: ${{ github.ref_name }} + run: | + set -x + git config --global user.name "Canonical LXD Bot" + git config --global user.email "lxd@lists.canonical.com" + localRev=$(git rev-parse HEAD) + go install github.com/canonical/lxd-ci/lxd-snapcraft@latest + git clone -b "${TARGET}" git+ssh://lxdbot@git.launchpad.net/~canonical-lxd/lxd ~/lxd-pkg-snap-lp + originVer=($(lxd-snapcraft -get-version -file snapcraft.yaml)) + rsync -a --exclude .git --delete . ~/lxd-pkg-snap-lp/ + cd ~/lxd-pkg-snap-lp + lxd-snapcraft -set-version "${originVer[0]}-${localRev:0:7}" -set-source-commit "" + git add --all + git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${TARGET})" -m "Upstream commit: ${localRev}" + git show + #git push --quiet From a2797ab5545687d5d5990c18d707a474767f8b14 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 25 Jan 2024 09:15:50 +0000 Subject: [PATCH 2/2] github: Adds commit workflow Signed-off-by: Thomas Parrott --- .github/workflows/commits.yml | 42 +++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/commits.yml diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml new file mode 100644 index 000000000..bacbcb17a --- /dev/null +++ b/.github/workflows/commits.yml @@ -0,0 +1,42 @@ +name: Commits +on: + - pull_request + +permissions: + contents: read + +jobs: + dco-check: + permissions: + pull-requests: read # for tim-actions/get-pr-commits to get list of commits from the PR + name: Signed-off-by (DCO) and branch target + runs-on: ubuntu-22.04 + steps: + - name: Get PR Commits + id: 'get-pr-commits' + uses: tim-actions/get-pr-commits@master + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Check that all commits are signed-off + uses: tim-actions/dco@master + with: + commits: ${{ steps.get-pr-commits.outputs.commits }} + + - name: Check branch target + env: + TARGET: ${{ github.event.pull_request.base.ref }} + TITLE: ${{ github.event.pull_request.title }} + if: ${{ github.actor != 'dependabot[bot]' }} + run: | + set -x + TARGET_FROM_PR_TITLE="$(echo "${TITLE}" | sed -n 's/.*(\(\(latest\|[0-9]\.[0-9]\)-\(edge\|candidate\)\))$/\1/p')" + if [ -z "${TARGET_FROM_PR_TITLE}" ]; then + TARGET_FROM_PR_TITLE="latest-edge" + else + echo "Branch target overridden from PR title" + fi + [ "${TARGET}" = "${TARGET_FROM_PR_TITLE}" ] && exit 0 + + echo "Invalid branch target: ${TARGET} != ${TARGET_FROM_PR_TITLE}" + exit 1