Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

github: make use of LXD's actions/lp-snap-build in build job (5.0-candidate) #659

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 13 additions & 37 deletions .github/workflows/builds.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
name: Builds
on:
pull_request:
push:
branches:
- 5.0-candidate
Expand Down Expand Up @@ -33,55 +32,32 @@ jobs:

snap:
name: Trigger snap build
runs-on: ubuntu-22.04
needs: lxd-migrate
if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.event_name == 'push' && github.actor != 'dependabot[bot]' }}
runs-on: ubuntu-24.04
if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.actor != 'dependabot[bot]' }}
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
PACKAGE: "lxd"
REPO: "git+ssh://[email protected]/~canonical-lxd/lxd"
BRANCH: ${{ github.ref_name }}
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Launchpad SSH access
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
LAUNCHPAD_LXD_BOT_KEY: ${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}
run: |
set -eux
mkdir -m 0700 -p ~/.ssh/
ssh-agent -a "${SSH_AUTH_SOCK}" > /dev/null
ssh-add - <<< "${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}"
ssh-add -L > ~/.ssh/id_ed25519.pub
# In ephemeral environments like GitHub Action runners, relying on TOFU isn't providing any security
# so require the key obtained by `ssh-keyscan` to match the expected hash from https://help.launchpad.net/SSHFingerprints
ssh-keyscan git.launchpad.net >> ~/.ssh/known_hosts
ssh-keygen -qlF git.launchpad.net | grep -xF 'git.launchpad.net RSA SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo'

- name: Install Go
uses: actions/setup-go@v5
- uses: canonical/lxd/.github/actions/lp-snap-build@main
with:
go-version: 1.22.x
ssh-key: "${{ secrets.LAUNCHPAD_LXD_BOT_KEY}}"

- name: Trigger Launchpad snap build
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
TARGET: ${{ github.ref_name }}
run: |
set -eux
git config --global transfer.fsckobjects true
git config --global user.name "Canonical LXD Bot"
git config --global user.email "[email protected]"
git config --global commit.gpgsign true
git config --global gpg.format "ssh"
git config --global user.signingkey ~/.ssh/id_ed25519.pub
localRev="$(git rev-parse HEAD)"
go install github.com/canonical/lxd-ci/lxd-snapcraft@latest
git clone -b "${TARGET}" git+ssh://[email protected]/~canonical-lxd/lxd ~/lxd-pkg-snap-lp
# XXX: `originVer` contains an array with the 2 versions
originVer=($(lxd-snapcraft -package lxd -get-version -file snapcraft.yaml))
rsync -a --exclude .git --delete . ~/lxd-pkg-snap-lp/
cd ~/lxd-pkg-snap-lp
originVer=($(lxd-snapcraft -package "${PACKAGE}" -get-version -file snapcraft.yaml))
rsync -a --exclude .git --delete . ~/"${PACKAGE}-pkg-snap-lp"/
cd ~/"${PACKAGE}-pkg-snap-lp"
lxd-snapcraft -package lxd -set-version "${originVer[0]}-${localRev:0:7}" -set-source-commit ""
git add --all
git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${TARGET})" -m "Upstream commit: ${localRev}"
git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${BRANCH})" -m "Upstream commit: ${localRev}"
git show
git push --quiet

19 changes: 3 additions & 16 deletions .github/workflows/commits.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,23 +6,10 @@ permissions:
contents: read

jobs:
dco-check:
permissions:
pull-requests: read # for tim-actions/get-pr-commits to get list of commits from the PR
name: Signed-off-by (DCO) and branch target
runs-on: ubuntu-22.04
commits:
name: Branch target
runs-on: ubuntu-24.04
steps:
- name: Get PR Commits
id: 'get-pr-commits'
uses: tim-actions/get-pr-commits@master
with:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Check that all commits are signed-off
uses: tim-actions/dco@master
with:
commits: ${{ steps.get-pr-commits.outputs.commits }}

- name: Check branch target
env:
TARGET: ${{ github.event.pull_request.base.ref }}
Expand Down