From f12bd2eadc20fec1a032442aaf23f6bb8e2be9dd Mon Sep 17 00:00:00 2001
From: Leonardo Graboski Veiga <leonardo.veiga@toradex.com>
Date: Wed, 8 May 2024 11:43:31 -0300
Subject: [PATCH] actions: Add workflow to publish OSTree images

Add a GH Actions workflow to publish OSTree images from Yocto builds
into an AWS S3 bucket.

Closes commontorizon/meta-common-torizon#40

Signed-off-by: Leonardo Graboski Veiga <leonardo.veiga@toradex.com>
---
 .github/workflows/ostree-push.yml | 57 +++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 .github/workflows/ostree-push.yml

diff --git a/.github/workflows/ostree-push.yml b/.github/workflows/ostree-push.yml
new file mode 100644
index 0000000..42aa850
--- /dev/null
+++ b/.github/workflows/ostree-push.yml
@@ -0,0 +1,57 @@
+name: OSTree Push
+
+on:
+    workflow_dispatch:
+        inputs:
+            machine:
+                description: "Hardware machine"
+                required: true
+                type: choice
+                options:
+                    - apalis-imx6
+                    - apalis-imx8
+                    - beaglebone-yocto
+                    - beagleplay
+                    - colibri-imx6
+                    - colibri-imx6ull-emmc
+                    - colibri-imx7-emmc
+                    - colibri-imx8x
+                    - genericx86-64
+                    - intel-corei7-64
+                    - nezha-allwinner-d1
+                    - qemuarm64
+                    - qemux86-64
+                    - raspberrypi0-2w-64
+                    - raspberrypi0-wifi
+                    - raspberrypi3-64
+                    - raspberrypi4-64
+                    - verdin-am62
+                    - verdin-imx8mm
+                    - verdin-imx8mp
+
+env:
+    BUCKET_NAME : "commontorizon"
+    AWS_REGION : "eu-central-1"
+    MACHINE : ${{ inputs.machine }}
+
+permissions:
+    id-token: write   # This is required for requesting the JWT
+    contents: read    # This is required for actions/checkout
+
+jobs:
+    OSTreePushToS3:
+        runs-on: ubuntu-latest
+        steps:
+        - name: Git clone the repository
+          uses: actions/checkout@v4
+        - name: Configure aws credentials
+          uses: aws-actions/configure-aws-credentials@v4
+          with:
+            role-to-assume: arn:aws:iam::184931540836:role/CommonTorizonOstreePush
+            role-session-name: CommonTorizonOSTreePushSession
+            aws-region: ${{ env.AWS_REGION }}
+        # Sync OSTree repo for a given machine to S3 bucket
+        - name:  Sync OSTree repo for ${{ env.MACHINE }} to S3
+          # TODO: adapt the command to get the build output when Yocto build CI is set
+          run: |
+            aws s3 sync ./build/deploy/images/${{ env.MACHINE }} s3://${{ env.BUCKET_NAME }}/${{ env.MACHINE }}