This repository has been archived by the owner on May 31, 2024. It is now read-only.
ci: more robust patch workflow #32
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: default | |
| concurrency: | |
| group: ${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| "on": | |
| push: | |
| branches: | |
| - main | |
| - release-* | |
| tags: | |
| - v* | |
| pull_request: | |
| branches: | |
| - main | |
| - release-* | |
| env: | |
| PLATFORM: linux/arm64 | |
| INSTALLER_ARCH: targetarch | |
| USERNAME: ${{ github.repository_owner }} | |
| TALOS_VERSION: v1.7.3 | |
| jobs: | |
| sbc-rk3588: | |
| permissions: | |
| actions: read | |
| contents: write | |
| issues: read | |
| packages: write | |
| pull-requests: read | |
| runs-on: | |
| - self-hosted | |
| - pkgs | |
| if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) | |
| outputs: | |
| SBC_RK3588_TAG: ${{ steps.build-overlay.outputs.SBC_RK3588_TAG }} | |
| IMAGER_TAG: ${{ steps.build-imager.outputs.IMAGER_TAG }} | |
| steps: | |
| - name: gather-system-info | |
| id: system-info | |
| uses: kenchan0130/actions-system-info@v1.3.0 | |
| continue-on-error: true | |
| - name: print-system-info | |
| run: | | |
| MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024)) | |
| OUTPUTS=( | |
| "CPU Core: ${{ steps.system-info.outputs.cpu-core }}" | |
| "CPU Model: ${{ steps.system-info.outputs.cpu-model }}" | |
| "Hostname: ${{ steps.system-info.outputs.hostname }}" | |
| "NodeName: ${NODE_NAME}" | |
| "Kernel release: ${{ steps.system-info.outputs.kernel-release }}" | |
| "Kernel version: ${{ steps.system-info.outputs.kernel-version }}" | |
| "Name: ${{ steps.system-info.outputs.name }}" | |
| "Platform: ${{ steps.system-info.outputs.platform }}" | |
| "Release: ${{ steps.system-info.outputs.release }}" | |
| "Total memory: ${MEMORY_GB} GB" | |
| ) | |
| for OUTPUT in "${OUTPUTS[@]}";do | |
| echo "${OUTPUT}" | |
| done | |
| continue-on-error: true | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Build RK3588 overlay | |
| id: build-overlay | |
| run: | | |
| make | |
| echo "SBC_RK3588_TAG=$(git describe --tag --always --dirty --match 'v[0-9]*')" >> "$GITHUB_OUTPUT" | |
| - name: Login to registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ghcr.io | |
| username: ${{ env.USERNAME }} | |
| - name: Push RK3588 overlay to registry | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| make PUSH=true | |
| - name: Checkout upstream Talos repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: siderolabs/talos | |
| ref: ${{ env.TALOS_VERSION }} | |
| fetch-depth: 0 | |
| path: ./talos | |
| - name: Patch upstream Talos | |
| working-directory: talos | |
| run: | | |
| git config --global user.email "ci-noreply@milas.dev" | |
| git config --global user.name "Build User" | |
| find ../hack/patches/talos \ | |
| -name '*.patch' \ | |
| -type f \ | |
| -print0 \ | |
| | sort -z \ | |
| | xargs -r0 git am --whitespace=fix | |
| - name: Build RK3588 Talos imager | |
| id: build-imager | |
| run: | | |
| export PKG_KERNEL="ghcr.io/${{ env.USERNAME }}/talos-kernel-rk3588:${{ steps.build-overlay.outputs.SBC_RK3588_TAG }}" | |
| echo "PKG_KERNEL=${PKG_KERNEL}" >> "$GITHUB_ENV" | |
| cd talos/ | |
| make imager | |
| echo "IMAGER_TAG=$(git describe --tag --always --dirty --match 'v[0-9]*')" >> "$GITHUB_OUTPUT" | |
| - name: Login to registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ghcr.io | |
| username: ${{ env.USERNAME }} | |
| - name: Push RK3588 Talos imager | |
| if: github.event_name != 'pull_request' | |
| working-directory: ./talos | |
| run: | | |
| make imager PUSH=true | |
| boards: | |
| permissions: | |
| contents: write | |
| packages: write | |
| needs: [sbc-rk3588] | |
| if: startsWith(github.ref, 'refs/tags/') | |
| runs-on: [self-hosted] | |
| strategy: | |
| matrix: | |
| variant: | |
| - board: rock-5a | |
| chipset: rk3588s | |
| - board: rock-5b | |
| chipset: rk3588 | |
| env: | |
| SBC_RK3588_TAG: ${{ needs.sbc-rk3588.outputs.SBC_RK3588_TAG }} | |
| IMAGER_TAG: ${{ needs.sbc-rk3588.outputs.IMAGER_TAG }} | |
| steps: | |
| - name: Build installer image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| docker run --rm -t -v ./_out:/out -v /dev:/dev --privileged ghcr.io/${{ env.USERNAME }}/imager:${{ env.IMAGER_TAG }} \ | |
| installer --arch arm64 \ | |
| --overlay-image=ghcr.io/${{ env.USERNAME }}/talos-sbc-rk3588:${{ env.SBC_RK3588_TAG }} \ | |
| --overlay-name=rk3588 \ | |
| --overlay-option="board=${{ matrix.variant.board }}" \ | |
| --overlay-option="chipset=${{ matrix.variant.chipset }}" \ | |
| --base-installer-image="ghcr.io/siderolabs/installer:${{ env.TALOS_VERSION }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push installer image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | crane auth login ghcr.io --username "${{ env.USERNAME }}" --password-stdin | |
| crane push _out/installer-arm64.tar ghcr.io/${{ env.USERNAME }}/talos-rk3588:${{ env.IMAGER_TAG }}-${{ matrix.variant.board }} | |
| - name: Build flashable image | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| docker run --rm -t -v ./_out:/out -v /dev:/dev --privileged ghcr.io/${{ env.USERNAME }}/imager:${{ env.IMAGER_TAG }} \ | |
| metal --arch arm64 \ | |
| --overlay-image=ghcr.io/${{ env.USERNAME }}/talos-sbc-rk3588:${{ env.SBC_RK3588_TAG }} \ | |
| --overlay-name=rk3588 \ | |
| --overlay-option="board=${{ matrix.variant.board }}" \ | |
| --overlay-option="chipset=${{ matrix.variant.chipset }}" \ | |
| --base-installer-image="ghcr.io/${{ env.USERNAME }}/talos-rk3588:${{ env.IMAGER_TAG }}-${{ matrix.variant.board }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Prepare flashable image for upload | |
| run: | | |
| docker run --rm -t -v ./_out:/out alpine mv /out/metal-arm64.raw.xz /out/talos-metal-${{ matrix.variant.chipset }}-${{ matrix.variant.board }}-${{ env.IMAGER_TAG }}.raw.xz | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: talos-metal-${{ matrix.variant.chipset }}-${{ matrix.variant.board }}-${{ env.IMAGER_TAG }} | |
| path: _out/talos-metal-*.raw.xz | |
| compression-level: 0 # already compressed | |
| if-no-files-found: error | |
| - name: Cleanup | |
| if: always() | |
| continue-on-error: true | |
| run: | | |
| crane auth logout ghcr.io | |
| # HACK: files are owned by root, (ab)use Docker as sudo | |
| docker run --rm -t -v ./_out:/out alpine sh -c 'rm -rf /out/*' | |
| release: | |
| needs: [boards] | |
| runs-on: [self-hosted] | |
| if: startsWith(github.ref, 'refs/tags/') | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| merge-multiple: true | |
| - name: Release | |
| uses: crazy-max/ghaction-github-release@v2 | |
| with: | |
| files: | | |
| talos-metal-*.raw.xz |