-
Notifications
You must be signed in to change notification settings - Fork 1
149 lines (134 loc) · 5.49 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# SPDX-FileCopyrightText: 2023-2024 TII (SSRC) and the Ghaf contributors
#
# SPDX-License-Identifier: Apache-2.0
name: build
on:
push:
branches:
- gh_updates
tags:
- "v[0-9]+.[0-9]+.[0-9]*"
workflow_dispatch:
permissions:
contents: read
jobs:
build_target:
runs-on: ubuntu-latest
timeout-minutes: 360
name: Build FMO-OS
steps:
# To use this repository's private action,
# you must check out the repository
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
fetch-depth: 0
- name: Generate FMO build version
id: fmo-build-version
shell: bash
run: |
SHA="${{ github.sha }}"
SHORT_SHA="${SHA:0:7}"
REF="${{ github.ref }}"
REF_TYPE="${{ github.ref_type }}"
REF_NAME="${{ github.ref_name }}"
# Set default to "git-<short-sha>"
FMO_BUILD_VERSION="git-$SHORT_SHA"
if [[ "$REF_TYPE" == "tag" ]]; then
FMO_BUILD_VERSION="$REF_NAME"
elif [[ "$REF_TYPE" == "branch" ]]; then
# Check if there's a reachable tag on the branch
if git name-rev --name-only --tags --no-undefined "$REF" 2>/dev/null; then
# Format: <tag-name>-<#-of-commits-since-tag>-<abbrev-hash>
FMO_BUILD_VERSION="$(git describe --tags --abbrev=7 "$REF")"
else
# No reachable parent tag on branch
FMO_BUILD_VERSION="$REF_NAME-g$SHORT_SHA"
fi
fi
echo "SHA: $SHA"
echo "SHORT_SHA: $SHORT_SHA"
echo "REF: $REF"
echo "REF_TYPE: $REF_TYPE"
echo "REF_NAME: $REF_NAME"
echo "FMO_BUILD_VERSION: $FMO_BUILD_VERSION"
#echo "FMO_BUILD_VERSION=$FMO_BUILD_VERSION" >> "$GITHUB_ENV"
echo "FMO_BUILD_VERSION=$FMO_BUILD_VERSION" >> "$GITHUB_OUTPUT"
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: true
# all of these default to true, but feel free to set to
# "false" if necessary for your workflow
android: true
dotnet: true
haskell: true
large-packages: true
docker-images: true
swap-storage: true
- name: Install Nix
id: install-nix
uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
extra_nix_config: |
substitute = true
always-allow-substitutes = true
substituters = https://cache.nixos.org https://nixpkgs.cachix.org https://nixpkgs-unfree.cachix.org https://nix-community.cachix.org
trusted-substituters = https://cache.nixos.org https://nixpkgs.cachix.org https://nixpkgs-unfree.cachix.org https://nix-community.cachix.org
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixpkgs.cachix.org-1:q91R6hxbwFvDqTSDKwDAV4T5PxqXGxswD8vhONFMeOE= nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
- name: Setup Cachix
id: setup-cachix
uses: cachix/cachix-action@v15
with:
name: fmo-os
authToken: '${{ secrets.CACHIX_TOKEN }}'
- name: Prepare build environment
id: prepare-build
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
run: |
SSH_DIR=$HOME/.ssh
mkdir -p $SSH_DIR
chmod 0700 $SSH_DIR
ssh-keyscan -t ed25519 -H github.com > $SSH_DIR/known_hosts
chmod 600 $SSH_DIR/known_hosts
echo "${{ secrets.RA_TOKEN }}" > $SSH_DIR/id_rsa
chmod 600 $SSH_DIR/id_rsa
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add $SSH_DIR/id_rsa
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
- name: Build
id: build
env:
FMO_BUILD_VERSION: "${{ steps.fmo-build-version.outputs.FMO_BUILD_VERSION }}"
run: |
nix flake show
cachix watch-exec fmo-os -- nix build -L --accept-flake-config .#fmo-os-installer-debug
if ! [[ -f ./result/iso/nixos.iso ]]; then
echo "No output image found, build failed!" >&2
exit 1
fi
output="$(readlink -f ./result/iso/nixos.iso)"
echo "Output image: $output"
echo "OUTPUT_IMAGE=$output" >> "$GITHUB_OUTPUT"
#- name: Push to JFrog artifactory
# uses: ./.github/actions/upload-action-jfrog
# with:
# JFROG_UNAME: ${{ secrets.JFROG_UNAME }}
# JFROG_TOKEN: ${{ secrets.JFROG_TOKEN }}
# JFROG_URL: ${{ secrets.JFROG_URL }}
# input-paths: |
# ${{ steps.build.outputs.outimg }}:tii-fmo-os/releases/FMO-OS_inst_${{ steps.fmo-build-version.outputs.BUILD_VERSION }}.iso
#- name: Push to Harbor artifactory
# uses: ./.github/actions/upload-action-harbor
# with:
# HARBOR_UNAME: ${{ secrets.HARBOR_UNAME }}
# HARBOR_TOKEN: ${{ secrets.HARBOR_TOKEN }}
# HARBOR_URL: ${{ secrets.HARBOR_URL }}
# input-paths: |
# ${{ steps.build.outputs.outimg }}:fmo/pmc-installer:${{ steps.fmo-build-version.outputs.BUILD_VERSION }}