diff --git a/.github/.env b/.github/.env new file mode 100644 index 0000000..5399167 --- /dev/null +++ b/.github/.env @@ -0,0 +1,4 @@ +BUILD_ARCHS=["i386", "amd64", "arm64", "armhf"] +BUILD_DISTS=["noble", "jammy", "bookworm", "trixie"] +BUILD_EXCLUDE=[ {"dist":"noble", "arch":"i386"}, {"dist":"jammy", "arch":"i386"} ] +SMOKE_TEST_IMAGES=["ubuntu:jammy", "ubuntu:noble", "debian:bookworm", "debian:trixie"] \ No newline at end of file diff --git a/.github/actions/build-binary-package/action.yml b/.github/actions/build-binary-package/action.yml index 9893bef..a420a5c 100644 --- a/.github/actions/build-binary-package/action.yml +++ b/.github/actions/build-binary-package/action.yml @@ -9,17 +9,10 @@ inputs: arch: description: "Architecture to build for" required: true - checkout_ref: - description: "Ref to checkout" - required: false - default: '' runs: using: "composite" steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.checkout_ref || '' }} - name: Determine build architecture shell: bash run: | diff --git a/.github/actions/build-source-package/action.yml b/.github/actions/build-source-package/action.yml index ef89f55..e0583c8 100644 --- a/.github/actions/build-source-package/action.yml +++ b/.github/actions/build-source-package/action.yml @@ -7,17 +7,10 @@ inputs: release_tag: description: "Release tag to build for (value 'unstable' is supported)" required: false - checkout_ref: - description: "Ref to checkout" - required: false - default: '' runs: using: "composite" steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.checkout_ref || '' }} - name: Install dependencies shell: bash run: | diff --git a/.github/actions/parse-env-file/action.yml b/.github/actions/parse-env-file/action.yml new file mode 100644 index 0000000..04a7328 --- /dev/null +++ b/.github/actions/parse-env-file/action.yml @@ -0,0 +1,37 @@ +name: "Parse env file" +description: "Parses .env environment file and extracts all available fields as outputs" + +inputs: + env_file_path: + description: ".env file path" + default: '.github/.env' + required: false + +outputs: + BUILD_ARCHS: + description: "The extracted BUILD_DISTS from .env file" + value: ${{ steps.parse.outputs.BUILD_ARCHS }} + BUILD_DISTS: + description: "The extracted BUILD_DISTS from .env file" + value: ${{ steps.parse.outputs.BUILD_DISTS }} + BUILD_EXCLUDE: + description: "The extracted BUILD_EXCLUDE from .env file" + value: ${{ steps.parse.outputs.BUILD_EXCLUDE }} + SMOKE_TEST_IMAGES: + description: "The extracted SMOKE_TEST_IMAGES from .env file" + value: ${{ steps.parse.outputs.SMOKE_TEST_IMAGES }} + +runs: + using: "composite" + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Parse release handle + id: parse + shell: bash + run: | + cat "${{ inputs.env_file_path }}" | while IFS= read -r line || [[ -n "$line" ]]; do + [[ -z "$line" || "$line" =~ ^# ]] && continue + echo "$line" >> "$GITHUB_OUTPUT" + done \ No newline at end of file diff --git a/.github/actions/run-smoke-tests/action.yml b/.github/actions/run-smoke-tests/action.yml index 0277704..e262b1f 100644 --- a/.github/actions/run-smoke-tests/action.yml +++ b/.github/actions/run-smoke-tests/action.yml @@ -9,17 +9,10 @@ inputs: arch: description: "Architecture to run smoke tests for" required: true - checkout_ref: - description: "Ref to checkout" - required: false - default: '' runs: using: "composite" steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.checkout_ref || '' }} - name: Extract distribution from image id: extract_dist shell: bash diff --git a/.github/actions/upload-packages/action.yml b/.github/actions/upload-packages/action.yml index 2c1e9a0..972cb8f 100644 --- a/.github/actions/upload-packages/action.yml +++ b/.github/actions/upload-packages/action.yml @@ -72,7 +72,7 @@ runs: # For internal release we have an IAM role that we need to assume - name: Configure aws credentials for internal release if: ${{ inputs.release_type == 'internal' }} - uses: aws-actions/configure-aws-credentials@v1.7.0 + uses: aws-actions/configure-aws-credentials@v4.3.1 with: role-to-assume: ${{ inputs.APT_S3_IAM_ARN }} aws-region: us-east-1 diff --git a/.github/workflows/apt.yml b/.github/workflows/apt.yml index 4f10cc5..721f676 100644 --- a/.github/workflows/apt.yml +++ b/.github/workflows/apt.yml @@ -31,13 +31,29 @@ run-name: >- }} jobs: + populate-env-vars: + runs-on: ["ubuntu-latest"] + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Parse vars + id: parse + uses: ./.github/actions/parse-env-file + outputs: + BUILD_ARCHS: ${{ steps.parse.outputs.BUILD_ARCHS }} + BUILD_DISTS: ${{ steps.parse.outputs.BUILD_DISTS }} + BUILD_EXCLUDE: ${{ steps.parse.outputs.BUILD_EXCLUDE }} + SMOKE_TEST_IMAGES: ${{ steps.parse.outputs.SMOKE_TEST_IMAGES }} + build-n-test: uses: ./.github/workflows/build-n-test-all-distros.yml + needs: populate-env-vars with: - BUILD_DISTS: ${{ vars.BUILD_DISTS }} - BUILD_ARCHS: ${{ vars.BUILD_ARCHS }} - BUILD_EXCLUDE: ${{ vars.BUILD_EXCLUDE }} - SMOKE_TEST_IMAGES: ${{ vars.SMOKE_TEST_IMAGES }} + BUILD_DISTS: ${{ needs.populate-env-vars.outputs.BUILD_DISTS }} + BUILD_ARCHS: ${{ needs.populate-env-vars.outputs.BUILD_ARCHS }} + BUILD_EXCLUDE: ${{ needs.populate-env-vars.outputs.BUILD_EXCLUDE }} + SMOKE_TEST_IMAGES: ${{ needs.populate-env-vars.outputs.SMOKE_TEST_IMAGES }} # Determine whether we should use special "unstable" release_tag. Assume # that for unstable branch and for any external call, dispatch or schedule # we are building unstable release. In other cases it's a regular PR/push diff --git a/.github/workflows/build-n-test-all-distros.yml b/.github/workflows/build-n-test-all-distros.yml index e8db6ec..0a4ec63 100644 --- a/.github/workflows/build-n-test-all-distros.yml +++ b/.github/workflows/build-n-test-all-distros.yml @@ -49,7 +49,6 @@ jobs: with: dist: ${{ matrix.dist }} release_tag: ${{ inputs.release_tag }} - checkout_ref: ${{ inputs.release_tag == 'unstable' && 'unstable' || '' }} build-binary-package: runs-on: ${{ contains(matrix.arch, 'arm') && 'ubuntu24-arm64-2-8' || 'ubuntu-24.04' }} @@ -78,7 +77,6 @@ jobs: dist: ${{ matrix.dist }} arch: ${{ matrix.arch }} run_id: ${{ github.run_id }} - checkout_ref: ${{ inputs.release_tag == 'unstable' && 'unstable' || '' }} smoke-test-archs: runs-on: ubuntu-latest @@ -115,4 +113,3 @@ jobs: image: ${{ matrix.image }} arch: ${{ matrix.arch }} run_id: ${{ github.run_id }} - checkout_ref: ${{ inputs.release_tag == 'unstable' && 'unstable' || '' }} diff --git a/.github/workflows/release_build_and_test.yml b/.github/workflows/release_build_and_test.yml index 75dde85..492b4fb 100644 --- a/.github/workflows/release_build_and_test.yml +++ b/.github/workflows/release_build_and_test.yml @@ -45,14 +45,31 @@ jobs: release_version_branch: ${{ steps.ensure-branch.outputs.release_version_branch }} release_type: ${{ github.event.inputs.release_type }} + populate-env-vars: + runs-on: ["ubuntu-latest"] + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Parse vars + id: parse + uses: ./.github/actions/parse-env-file + outputs: + BUILD_ARCHS: ${{ steps.parse.outputs.BUILD_ARCHS }} + BUILD_DISTS: ${{ steps.parse.outputs.BUILD_DISTS }} + BUILD_EXCLUDE: ${{ steps.parse.outputs.BUILD_EXCLUDE }} + SMOKE_TEST_IMAGES: ${{ steps.parse.outputs.SMOKE_TEST_IMAGES }} + build-n-test: - needs: prepare-release + needs: + - prepare-release + - populate-env-vars uses: ./.github/workflows/build-n-test-all-distros.yml with: - BUILD_DISTS: ${{ vars.BUILD_DISTS }} - BUILD_ARCHS: ${{ vars.BUILD_ARCHS }} - BUILD_EXCLUDE: ${{ vars.BUILD_EXCLUDE }} - SMOKE_TEST_IMAGES: ${{ vars.SMOKE_TEST_IMAGES }} + BUILD_DISTS: ${{ needs.populate-env-vars.outputs.BUILD_DISTS }} + BUILD_ARCHS: ${{ needs.populate-env-vars.outputs.BUILD_ARCHS }} + BUILD_EXCLUDE: ${{ needs.populate-env-vars.outputs.BUILD_EXCLUDE }} + SMOKE_TEST_IMAGES: ${{ needs.populate-env-vars.outputs.SMOKE_TEST_IMAGES }} release_tag: ${{ inputs.release_tag }} create-release-handle: @@ -95,7 +112,6 @@ jobs: fi echo "env_name=$env_name" >> $GITHUB_OUTPUT - name: Send Failure Slack notification - if: failure() uses: ./.github/actions/slack-notification with: slack_func: slack_format_failure_message diff --git a/.github/workflows/release_publish.yml b/.github/workflows/release_publish.yml index 1bd7d7b..05478b4 100644 --- a/.github/workflows/release_publish.yml +++ b/.github/workflows/release_publish.yml @@ -64,7 +64,7 @@ jobs: with: release_handle: ${{ github.event.inputs.release_handle }} - - name: Upload staging packages + - name: Upload packages id: upload uses: ./.github/actions/upload-packages with: @@ -72,9 +72,11 @@ jobs: release_type: ${{ github.event.inputs.release_type }} gh_token: ${{ secrets.GITHUB_TOKEN }} APT_SIGNING_KEY: ${{ secrets.APT_SIGNING_KEY }} - APT_S3_BUCKET: ${{ secrets.APT_S3_BUCKET_STAGING }} APT_S3_REGION: ${{ secrets.APT_S3_REGION }} - APT_S3_IAM_ARN: ${{ secrets.APT_S3_IAM_ARN_STAGING }} + APT_S3_BUCKET: ${{ github.event.inputs.release_type == 'public' && secrets.APT_S3_BUCKET || secrets.APT_S3_BUCKET_STAGING }} + APT_S3_IAM_ARN: ${{ github.event.inputs.release_type == 'internal' && secrets.APT_S3_IAM_ARN_STAGING || '' }} + APT_S3_ACCESS_KEY_ID: ${{ github.event.inputs.release_type == 'public' && secrets.APT_S3_ACCESS_KEY_ID || '' }} + APT_S3_SECRET_ACCESS_KEY: ${{ github.event.inputs.release_type == 'public' && secrets.APT_S3_SECRET_ACCESS_KEY || '' }} - name: Merge back to release branch id: merge-back