From 65eb32ce8a3d433321bd47a07174749c28415747 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott@canonical.com>
Date: Thu, 25 Jan 2024 09:13:47 +0000
Subject: [PATCH] github: Adds builds workflow for pushing to launchpad
 5.0-candidate branch

But with the actual push disabled for now for testing.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
---
 .github/workflows/builds.yml | 79 ++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 .github/workflows/builds.yml

diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
new file mode 100644
index 000000000..1f739bde8
--- /dev/null
+++ b/.github/workflows/builds.yml
@@ -0,0 +1,79 @@
+name: Builds
+on:
+  pull_request:
+  push:
+    branches:
+      - 5.0-candidate
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lxd-migrate:
+    name: Test lxd-migrate build
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.20.x
+
+      - name: Test lxd-migrate build
+        run: |
+          set -eux
+          cd ~/work/lxd-pkg-snap/lxd-pkg-snap/lxd-migrate
+          CGO_ENABLED=0 go build -v -tags netgo
+
+  snap:
+    name: Trigger snap build
+    runs-on: ubuntu-22.04
+    needs: lxd-migrate
+    if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.event_name == 'push' && github.actor != 'dependabot[bot]' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Setup Launchpad SSH access
+        env:
+          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+          LAUNCHPAD_LXD_BOT_KEY: ${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}
+        run: |
+          ssh-agent -a "${SSH_AUTH_SOCK}" > /dev/null
+          ssh-add - <<< "${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}"
+          mkdir -m 0700 -p ~/.ssh/
+          # In ephemeral environments like GitHub Action runners, relying on TOFU isn't providing any security
+          # so require the key obtained by `ssh-keyscan` to match the expected hash from https://help.launchpad.net/SSHFingerprints
+          ssh-keyscan git.launchpad.net >> ~/.ssh/known_hosts
+          ssh-keygen -qlF git.launchpad.net | grep -xF 'git.launchpad.net RSA SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo'
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.20.x
+
+      - name: Trigger Launchpad snap build
+        env:
+          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+          TARGET: ${{ github.ref_name }}
+        run: |
+          set -x
+          git config --global user.name "Canonical LXD Bot"
+          git config --global user.email "lxd@lists.canonical.com"
+          localRev=$(git rev-parse HEAD)
+          go install github.com/canonical/lxd-ci/lxd-snapcraft@latest
+          git clone -b "${TARGET}" git+ssh://lxdbot@git.launchpad.net/~canonical-lxd/lxd ~/lxd-pkg-snap-lp
+          originVer=($(lxd-snapcraft -get-version -file snapcraft.yaml))
+          rsync -a --exclude .git --delete . ~/lxd-pkg-snap-lp/
+          cd ~/lxd-pkg-snap-lp
+          lxd-snapcraft -set-version "${originVer[0]}-${localRev:0:7}" -set-source-commit ""
+          git add --all
+          git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${TARGET})" -m "Upstream commit: ${localRev}"
+          git show
+          #git push --quiet