diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index 2936a7009..8651ff8e4 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -1,6 +1,5 @@ name: Builds on: - pull_request: push: branches: - 4.0-edge @@ -33,54 +32,32 @@ jobs: snap: name: Trigger snap build - runs-on: ubuntu-22.04 needs: lxd-migrate - if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.event_name == 'push' && github.actor != 'dependabot[bot]' }} + runs-on: ubuntu-24.04 + if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.actor != 'dependabot[bot]' }} + env: + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + PACKAGE: "lxd" + REPO: "git+ssh://lxdbot@git.launchpad.net/~canonical-lxd/lxd" + BRANCH: ${{ github.ref_name }} steps: - name: Checkout code uses: actions/checkout@v4 - - name: Setup Launchpad SSH access - env: - SSH_AUTH_SOCK: /tmp/ssh_agent.sock - LAUNCHPAD_LXD_BOT_KEY: ${{ secrets.LAUNCHPAD_LXD_BOT_KEY }} - run: | - set -eux - mkdir -m 0700 -p ~/.ssh/ - ssh-agent -a "${SSH_AUTH_SOCK}" > /dev/null - ssh-add - <<< "${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}" - ssh-add -L > ~/.ssh/id_ed25519.pub - # In ephemeral environments like GitHub Action runners, relying on TOFU isn't providing any security - # so require the key obtained by `ssh-keyscan` to match the expected hash from https://help.launchpad.net/SSHFingerprints - ssh-keyscan git.launchpad.net >> ~/.ssh/known_hosts - ssh-keygen -qlF git.launchpad.net | grep -xF 'git.launchpad.net RSA SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo' - - - name: Install Go - uses: actions/setup-go@v5 + - uses: canonical/lxd/.github/actions/lp-snap-build@main with: - go-version: 1.22.x + ssh-key: "${{ secrets.LAUNCHPAD_LXD_BOT_KEY}}" - name: Trigger Launchpad snap build - env: - SSH_AUTH_SOCK: /tmp/ssh_agent.sock - TARGET: ${{ github.ref_name }} run: | set -eux - git config --global transfer.fsckobjects true - git config --global user.name "Canonical LXD Bot" - git config --global user.email "lxd@lists.canonical.com" - git config --global commit.gpgsign true - git config --global gpg.format "ssh" - git config --global user.signingkey ~/.ssh/id_ed25519.pub localRev="$(git rev-parse HEAD)" - go install github.com/canonical/lxd-ci/lxd-snapcraft@latest - git clone -b "${TARGET}" git+ssh://lxdbot@git.launchpad.net/~canonical-lxd/lxd ~/lxd-pkg-snap-lp # XXX: `ver` contains an array with the 2 versions - ver=($(lxd-snapcraft -package lxd -get-version -file ~/lxd-pkg-snap-lp/snapcraft.yaml)) - rsync -a --exclude .git --delete . ~/lxd-pkg-snap-lp/ - cd ~/lxd-pkg-snap-lp + ver=($(lxd-snapcraft -package "${PACKAGE}" -get-version -file ~/"${PACKAGE}-pkg-snap-lp/snapcraft.yaml")) + rsync -a --exclude .git --delete . ~/"${PACKAGE}-pkg-snap-lp"/ + cd ~/"${PACKAGE}-pkg-snap-lp" lxd-snapcraft -package lxd -set-version "${ver[0]}" -set-source-commit "${ver[1]}" git add --all - git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${TARGET})" -m "Upstream commit: ${localRev}" + git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${BRANCH})" -m "Upstream commit: ${localRev}" git show git push --quiet diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml index 7a61b633c..15352701e 100644 --- a/.github/workflows/commits.yml +++ b/.github/workflows/commits.yml @@ -8,7 +8,7 @@ permissions: jobs: commits: name: Branch target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Check branch target env: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3a82673f1..7444581fe 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -19,7 +19,7 @@ defaults: jobs: code-tests: name: Code - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4