Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Distribute (via Docker) | |
on: | |
workflow_call: | |
inputs: | |
ENVIRONMENT: | |
required: false | |
type: string | |
description: Environment where the variables and secrets are scoped to | |
RUNNER: | |
required: false | |
default: ubuntu-latest | |
description: A GitHub runner type | |
type: string | |
REPO_DOMAIN: | |
required: false | |
description: Domain name of repository | |
type: string | |
PLATFORM: | |
required: true | |
description: Default Linux Arch (amd64/arm32v7/...) | |
type: string | |
DOCKERFILE: | |
required: true | |
description: Path to Dockerfile | |
type: string | |
MAINTAINER: | |
required: true | |
description: Package maintainer | |
type: string | |
ARTIFACTS_PATTERN: | |
required: false | |
default: '.*\.(deb|rpm)$' | |
description: Regexp that matches artifacts | |
type: string | |
TARGET_ARTIFACT_NAME: | |
required: true | |
description: Artifact name | |
type: string | |
UPLOAD_BUILD_ARTIFACTS: | |
required: false | |
type: boolean | |
default: true | |
description: Enable upload build artifacts related steps | |
LOG_RETENTION_DAYS: | |
required: false | |
type: number | |
default: 7 | |
description: Number of days to keep build log artifacts | |
META_FILE_PATH_PREFIX: | |
required: true | |
type: string | |
default: '' | |
description: A prefix to append to meta file (also target folder where the files should be sent on remote) | |
META_REPO: | |
required: true | |
type: string | |
default: '' | |
description: Target meta repo to sync metadata changes | |
META_REPO_BRANCH: | |
required: true | |
type: string | |
default: '' | |
description: Target meta repo branch name | |
META_REPO_DEFAULT_BRANCH: | |
required: false | |
type: string | |
default: 'main' | |
description: Target meta repo default branch name | |
secrets: | |
HOSTNAME: | |
required: true | |
PROXY_URL: | |
required: true | |
TELEPORT_TOKEN: | |
required: true | |
USERNAME: | |
required: true | |
REPO_PASSWORD: | |
required: false | |
REPO_USERNAME: | |
required: false | |
GH_BOT_DEPLOY_TOKEN: | |
required: true | |
jobs: | |
build-and-distribute: | |
runs-on: ${{ inputs.RUNNER }} | |
permissions: | |
contents: read | |
id-token: write | |
environment: ${{ inputs.ENVIRONMENT }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
path: code | |
- name: Checkout reusable actions | |
if: (github.ref_type == 'branch' && github.base_ref == '' && inputs.UPLOAD_BUILD_ARTIFACTS) | |
uses: actions/checkout@v4 | |
with: | |
repository: signalwire/actions-template | |
ref: s3rj1k | |
fetch-depth: 1 | |
path: actions | |
sparse-checkout: | | |
.github/actions/teleport/action.yml | |
.github/actions/docker-build-artifacts/action.yml | |
sparse-checkout-cone-mode: false | |
- name: Build artifacts via Docker | |
uses: .github/actions/docker-build-artifacts | |
with: | |
REPO_DOMAIN: ${{ inputs.REPO_DOMAIN }} | |
PLATFORM: ${{ inputs.PLATFORM }} | |
DOCKERFILE: ${{ inputs.DOCKERFILE }} | |
MAINTAINER: ${{ inputs.MAINTAINER }} | |
WORKING_DIRECTORY: 'code' | |
ARTIFACTS_PATTERN: ${{ inputs.ARTIFACTS_PATTERN }} | |
ARTIFACTS_DIR: 'BUILD' | |
BUILD_LOG_FILENAME: 'artifacts-${GITHUB_RUN_ID}-${GITHUB_SHA}.log' | |
env: | |
REPO_USERNAME: ${{ secrets.REPO_USERNAME }} | |
REPO_PASSWORD: ${{ secrets.REPO_PASSWORD }} | |
- name: Upload build logs | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ inputs.TARGET_ARTIFACT_NAME }}.log | |
path: code/artifacts-*.log | |
if-no-files-found: warn | |
retention-days: ${{ inputs.LOG_RETENTION_DAYS }} | |
- name: Compress build artifacts | |
if: (github.ref_type == 'branch' && github.base_ref == '' && inputs.UPLOAD_BUILD_ARTIFACTS) | |
shell: bash | |
working-directory: code | |
run: | | |
tar -czvf ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz -C "${ARTIFACTS_DIR}" $(ls -1 "${ARTIFACTS_DIR}") | |
sha512sum ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz | tee ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz.sha512 | |
tar -czvf artifacts.tar.gz ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz.sha512 | |
rm -v ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz.sha512 && \ | |
mv -v artifacts.tar.gz ${{ inputs.TARGET_ARTIFACT_NAME }}.tar.gz | |
- name: Create destination folder on remote host | |
if: (github.ref_type == 'branch' && github.base_ref == '' && inputs.UPLOAD_BUILD_ARTIFACTS) | |
uses: ./actions/.github/actions/teleport | |
with: | |
EXEC_COMMANDS: mkdir -p ${{ inputs.META_FILE_PATH_PREFIX }} | |
env: | |
HOSTNAME: ${{ secrets.HOSTNAME }} | |
PROXY_URL: ${{ secrets.PROXY_URL }} | |
TOKEN: ${{ secrets.TELEPORT_TOKEN }} | |
USERNAME: ${{ secrets.USERNAME }} | |
- name: Copy build artifacts to remote host | |
if: (github.ref_type == 'branch' && github.base_ref == '' && inputs.UPLOAD_BUILD_ARTIFACTS) | |
uses: ./actions/.github/actions/teleport | |
with: | |
EXEC_COMMANDS: 'echo "${{ github.sha }}" > ${{ inputs.META_FILE_PATH_PREFIX }}/hash.txt' | |
FILES: 'BUILD/*.tar.gz' | |
FILES_FOLDER: ${{ inputs.META_FILE_PATH_PREFIX }} | |
env: | |
HOSTNAME: ${{ secrets.HOSTNAME }} | |
PROXY_URL: ${{ secrets.PROXY_URL }} | |
TOKEN: ${{ secrets.TELEPORT_TOKEN }} | |
USERNAME: ${{ secrets.USERNAME }} | |
meta-repo: | |
runs-on: ${{ inputs.RUNNER }} | |
if: (github.ref_type == 'branch' && github.base_ref == '' && inputs.UPLOAD_BUILD_ARTIFACTS) | |
needs: | |
- build | |
permissions: | |
id-token: write | |
contents: read | |
environment: ${{ inputs.ENVIRONMENT }} | |
steps: | |
- name: Encode '${{ inputs.META_REPO_BRANCH }}' and write to ENV | |
id: encode-meta-repo-branch | |
shell: bash | |
run: | | |
echo "META_REPO_BRANCH_B64=$(echo -n ${{ inputs.META_REPO_BRANCH }} | base64)" | tee -a "${GITHUB_ENV}" | |
echo "meta-repo-branch-b64=$(echo -n ${{ inputs.META_REPO_BRANCH }} | base64)" | tee -a "${GITHUB_OUTPUT}" | |
- name: Checkout metadata repo (${{ inputs.META_REPO_BRANCH }}) | |
uses: actions/checkout@v4 | |
id: meta-branch-exists | |
continue-on-error: true | |
with: | |
repository: ${{ inputs.META_REPO }} | |
ref: ${{ inputs.META_REPO_BRANCH }} | |
token: ${{ secrets.GH_BOT_DEPLOY_TOKEN || github.token }} | |
fetch-depth: 1 | |
path: ${{ steps.encode-meta-repo-branch.outputs.meta-repo-branch-b64 }} | |
- name: Checkout metadata repo (${{ inputs.META_REPO_BRANCH }}) | |
uses: actions/checkout@v4 | |
if: steps.meta-branch-exists.outcome != 'success' | |
with: | |
repository: ${{ inputs.META_REPO }} | |
ref: ${{ inputs.META_REPO_DEFAULT_BRANCH }} | |
token: ${{ secrets.GH_BOT_DEPLOY_TOKEN || github.token }} | |
fetch-depth: 1 | |
path: ${{ steps.encode-meta-repo-branch.outputs.meta-repo-branch-b64 }} | |
clean: true | |
- name: Create remote branch (${{ inputs.META_REPO_BRANCH }}) | |
if: steps.meta-branch-exists.outcome != 'success' | |
working-directory: ${{ steps.encode-meta-repo-branch.outputs.meta-repo-branch-b64 }} | |
run: | | |
git checkout -b ${{ inputs.META_REPO_BRANCH }} | |
git push --set-upstream origin ${{ inputs.META_REPO_BRANCH }} | |
- name: Push changes | |
shell: bash | |
working-directory: ${{ steps.encode-meta-repo-branch.outputs.meta-repo-branch-b64 }} | |
run: | | |
git config --global user.email "[email protected]" && \ | |
git config --global user.name "github-actions" | |
echo "${{ inputs.META_FILE_PATH_PREFIX }}" | tee metafile.txt | |
git status --porcelain | grep -q . || exit 0 | |
git add -v metafile.txt && \ | |
git commit --branch -m "update metadata" && \ | |
git push --atomic -v |