Skip to content
name: Build and Distribute (via Docker)
on:
workflow_call:
inputs:
ENVIRONMENT:
required: false
type: string
description: Environment where the variables and secrets are scoped to
RUNNER:
required: false
default: ubuntu-latest
description: A GitHub runner type
type: string
REPO_DOMAIN:
required: false
description: Domain name of repository
type: string
PLATFORM:
required: true
description: Default Linux Arch (amd64/arm32v7/...)
type: string
DOCKERFILE:
required: true
description: Path to Dockerfile
type: string
MAINTAINER:
required: true
description: Package maintainer
type: string
ARTIFACTS_PATTERN:
required: false
default: '.*\.(deb|rpm)$'
description: Regexp that matches artifacts
type: string
TARGET_ARTIFACT_NAME:
required: true
description: Artifact name
type: string
UPLOAD_BUILD_ARTIFACTS:
required: false
type: boolean
default: true
description: Enable upload build artifacts related steps
LOG_RETENTION_DAYS:
required: false
type: number
default: 7
description: Number of days to keep build log artifacts
META_FILE_PATH_PREFIX:
required: true
type: string
default: ''
description: A prefix to append to meta file (also target folder where the files should be sent on remote)
META_REPO:
required: true
type: string
default: ''
description: Target meta repo to sync metadata changes
META_REPO_BRANCH:
required: true
type: string
default: ''
description: Target meta repo branch name
META_REPO_DEFAULT_BRANCH:
required: false
type: string
default: 'main'
description: Target meta repo default branch name
secrets:
HOSTNAME:
required: true
PROXY_URL:
required: true
TELEPORT_TOKEN:
required: true
USERNAME:
required: true
REPO_PASSWORD:
required: false
REPO_USERNAME:
required: false
GH_BOT_DEPLOY_TOKEN:
required: true
jobs:
build-and-distribute:
runs-on: ${{ inputs.RUNNER }}
permissions:
contents: read
id-token: write
environment: ${{ inputs.ENVIRONMENT }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
path: code
- name: Checkout reusable actions
if: (github.ref_type == 'branch' && github.base_ref == '' && inputs.UPLOAD_BUILD_ARTIFACTS)
uses: actions/checkout@v4
with:
repository: signalwire/actions-template
ref: s3rj1k
fetch-depth: 1
path: actions
sparse-checkout: |
.github/actions/teleport/action.yml
.github/actions/docker-build-artifacts/action.yml
sparse-checkout-cone-mode: false
- name: Build artifacts via Docker
uses: .github/actions/docker-build-artifacts
with:
REPO_DOMAIN: ${{ inputs.REPO_DOMAIN }}
PLATFORM: ${{ inputs.PLATFORM }}
DOCKERFILE: ${{ inputs.DOCKERFILE }}
MAINTAINER: ${{ inputs.MAINTAINER }}
WORKING_DIRECTORY: 'code'
ARTIFACTS_PATTERN: ${{ inputs.ARTIFACTS_PATTERN }}
ARTIFACTS_DIR: 'BUILD'
BUILD_LOG_FILENAME: 'artifacts-${GITHUB_RUN_ID}-${GITHUB_SHA}.log'
env:
REPO_USERNAME: ${{ secrets.REPO_USERNAME }}
REPO_PASSWORD: ${{ secrets.REPO_PASSWORD }}
- name: Upload build logs
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.TARGET_ARTIFACT_NAME }}.log
path: code/artifacts-*.log
if-no-files-found: warn
retention-days: ${{ inputs.LOG_RETENTION_DAYS }}
- name: Compress build artifacts
if: (github.ref_type == 'branch' && github.base_ref == '' && inputs.UPLOAD_BUILD_ARTIFACTS)
shell: bash
working-directory: code
run: |
tar -czvf ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz -C "${ARTIFACTS_DIR}" $(ls -1 "${ARTIFACTS_DIR}")
sha512sum ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz | tee ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz.sha512
tar -czvf artifacts.tar.gz ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz.sha512
rm -v ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz.sha512 && \
mv -v artifacts.tar.gz ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz
- name: Create destination folder on remote host
if: (github.ref_type == 'branch' && github.base_ref == '' && inputs.UPLOAD_BUILD_ARTIFACTS)
uses: ./actions/.github/actions/teleport
with:
EXEC_COMMANDS: mkdir -p ${{ inputs.META_FILE_PATH_PREFIX }}
env:
HOSTNAME: ${{ secrets.HOSTNAME }}
PROXY_URL: ${{ secrets.PROXY_URL }}
TOKEN: ${{ secrets.TELEPORT_TOKEN }}
USERNAME: ${{ secrets.USERNAME }}
- name: Copy build artifacts to remote host
if: (github.ref_type == 'branch' && github.base_ref == '' && inputs.UPLOAD_BUILD_ARTIFACTS)
uses: ./actions/.github/actions/teleport
with:
EXEC_COMMANDS: 'echo "${{ github.sha }}" > ${{ inputs.META_FILE_PATH_PREFIX }}/hash.txt'
FILES: 'BUILD/*.tar.gz'
FILES_FOLDER: ${{ inputs.META_FILE_PATH_PREFIX }}
env:
HOSTNAME: ${{ secrets.HOSTNAME }}
PROXY_URL: ${{ secrets.PROXY_URL }}
TOKEN: ${{ secrets.TELEPORT_TOKEN }}
USERNAME: ${{ secrets.USERNAME }}
meta-repo:
runs-on: ${{ inputs.RUNNER }}
if: (github.ref_type == 'branch' && github.base_ref == '' && inputs.UPLOAD_BUILD_ARTIFACTS)
needs:
- build
permissions:
id-token: write
contents: read
environment: ${{ inputs.ENVIRONMENT }}
steps:
- name: Encode '${{ inputs.META_REPO_BRANCH }}' and write to ENV
id: encode-meta-repo-branch
shell: bash
run: |
echo "META_REPO_BRANCH_B64=$(echo -n ${{ inputs.META_REPO_BRANCH }} | base64)" | tee -a "${GITHUB_ENV}"
echo "meta-repo-branch-b64=$(echo -n ${{ inputs.META_REPO_BRANCH }} | base64)" | tee -a "${GITHUB_OUTPUT}"
- name: Checkout metadata repo (${{ inputs.META_REPO_BRANCH }})
uses: actions/checkout@v4
id: meta-branch-exists
continue-on-error: true
with:
repository: ${{ inputs.META_REPO }}
ref: ${{ inputs.META_REPO_BRANCH }}
token: ${{ secrets.GH_BOT_DEPLOY_TOKEN || github.token }}
fetch-depth: 1
path: ${{ steps.encode-meta-repo-branch.outputs.meta-repo-branch-b64 }}
- name: Checkout metadata repo (${{ inputs.META_REPO_BRANCH }})
uses: actions/checkout@v4
if: steps.meta-branch-exists.outcome != 'success'
with:
repository: ${{ inputs.META_REPO }}
ref: ${{ inputs.META_REPO_DEFAULT_BRANCH }}
token: ${{ secrets.GH_BOT_DEPLOY_TOKEN || github.token }}
fetch-depth: 1
path: ${{ steps.encode-meta-repo-branch.outputs.meta-repo-branch-b64 }}
clean: true
- name: Create remote branch (${{ inputs.META_REPO_BRANCH }})
if: steps.meta-branch-exists.outcome != 'success'
working-directory: ${{ steps.encode-meta-repo-branch.outputs.meta-repo-branch-b64 }}
run: |
git checkout -b ${{ inputs.META_REPO_BRANCH }}
git push --set-upstream origin ${{ inputs.META_REPO_BRANCH }}
- name: Push changes
shell: bash
working-directory: ${{ steps.encode-meta-repo-branch.outputs.meta-repo-branch-b64 }}
run: |
git config --global user.email "[email protected]" && \
git config --global user.name "github-actions"
echo "${{ inputs.META_FILE_PATH_PREFIX }}" | tee metafile.txt
git status --porcelain | grep -q . || exit 0
git add -v metafile.txt && \
git commit --branch -m "update metadata" && \
git push --atomic -v