From 6a500f890b2bb1fa3e6e25ed1c3a7b616eda5348 Mon Sep 17 00:00:00 2001 From: Daria Guy Date: Wed, 29 Oct 2025 19:09:19 +0200 Subject: [PATCH 1/6] Added .env file and github action to parse variables --- .env | 4 +++ .github/actions/parse-env-file/action.yml | 31 ++++++++++++++++++++ .github/workflows/apt.yml | 23 ++++++++++++--- .github/workflows/release_build_and_test.yml | 23 ++++++++++++--- 4 files changed, 73 insertions(+), 8 deletions(-) create mode 100644 .env create mode 100644 .github/actions/parse-env-file/action.yml diff --git a/.env b/.env new file mode 100644 index 0000000..5399167 --- /dev/null +++ b/.env @@ -0,0 +1,4 @@ +BUILD_ARCHS=["i386", "amd64", "arm64", "armhf"] +BUILD_DISTS=["noble", "jammy", "bookworm", "trixie"] +BUILD_EXCLUDE=[ {"dist":"noble", "arch":"i386"}, {"dist":"jammy", "arch":"i386"} ] +SMOKE_TEST_IMAGES=["ubuntu:jammy", "ubuntu:noble", "debian:bookworm", "debian:trixie"] \ No newline at end of file diff --git a/.github/actions/parse-env-file/action.yml b/.github/actions/parse-env-file/action.yml new file mode 100644 index 0000000..5f5a8a5 --- /dev/null +++ b/.github/actions/parse-env-file/action.yml @@ -0,0 +1,31 @@ +name: "Parse env file" +description: "Parses .env environment file and extracts all available fields as outputs" + +outputs: + BUILD_ARCHS: + description: "The extracted BUILD_DISTS from .env file" + value: ${{ steps.parse.outputs.BUILD_ARCHS }} + BUILD_DISTS: + description: "The extracted BUILD_DISTS from .env file" + value: ${{ steps.parse.outputs.BUILD_DISTS }} + BUILD_EXCLUDE: + description: "The extracted BUILD_EXCLUDE from .env file" + value: ${{ steps.parse.outputs.BUILD_EXCLUDE }} + SMOKE_TEST_IMAGES: + description: "The extracted SMOKE_TEST_IMAGES from .env file" + value: ${{ steps.parse.outputs.SMOKE_TEST_IMAGES }} + +runs: + using: "composite" + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Parse release handle + id: parse + shell: bash + run: | + while IFS='=' read -r key value; do + [[ -z "$key" || "$key" =~ ^# ]] && continue + echo "$key=$value" >> "$GITHUB_OUTPUT" + done < .env \ No newline at end of file diff --git a/.github/workflows/apt.yml b/.github/workflows/apt.yml index 4f10cc5..7841dce 100644 --- a/.github/workflows/apt.yml +++ b/.github/workflows/apt.yml @@ -31,13 +31,28 @@ run-name: >- }} jobs: + populate-env-vars: + runs-on: ["ubuntu-latest"] + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Parse vars + id: parse + uses: ./.github/actions/parse-env-file + outputs: + BUILD_ARCHS: ${{ steps.parse.outputs.BUILD_ARCHS }} + BUILD_DISTS: ${{ steps.parse.outputs.BUILD_DISTS }} + BUILD_EXCLUDE: ${{ steps.parse.outputs.BUILD_EXCLUDE }} + SMOKE_TEST_IMAGES: ${{ steps.parse.outputs.SMOKE_TEST_IMAGES }} + build-n-test: uses: ./.github/workflows/build-n-test-all-distros.yml with: - BUILD_DISTS: ${{ vars.BUILD_DISTS }} - BUILD_ARCHS: ${{ vars.BUILD_ARCHS }} - BUILD_EXCLUDE: ${{ vars.BUILD_EXCLUDE }} - SMOKE_TEST_IMAGES: ${{ vars.SMOKE_TEST_IMAGES }} + BUILD_DISTS: ${{ needs.populate-env-vars.outputs.BUILD_DISTS }} + BUILD_ARCHS: ${{ needs.populate-env-vars.outputs.BUILD_ARCHS }} + BUILD_EXCLUDE: ${{ needs.populate-env-vars.outputs.BUILD_EXCLUDE }} + SMOKE_TEST_IMAGES: ${{ needs.populate-env-vars.outputs.SMOKE_TEST_IMAGES }} # Determine whether we should use special "unstable" release_tag. Assume # that for unstable branch and for any external call, dispatch or schedule # we are building unstable release. In other cases it's a regular PR/push diff --git a/.github/workflows/release_build_and_test.yml b/.github/workflows/release_build_and_test.yml index 75dde85..13ae7eb 100644 --- a/.github/workflows/release_build_and_test.yml +++ b/.github/workflows/release_build_and_test.yml @@ -45,14 +45,29 @@ jobs: release_version_branch: ${{ steps.ensure-branch.outputs.release_version_branch }} release_type: ${{ github.event.inputs.release_type }} + populate-env-vars: + runs-on: ["ubuntu-latest"] + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Parse vars + id: parse + uses: ./.github/actions/parse-env-file + outputs: + BUILD_ARCHS: ${{ steps.parse.outputs.BUILD_ARCHS }} + BUILD_DISTS: ${{ steps.parse.outputs.BUILD_DISTS }} + BUILD_EXCLUDE: ${{ steps.parse.outputs.BUILD_EXCLUDE }} + SMOKE_TEST_IMAGES: ${{ steps.parse.outputs.SMOKE_TEST_IMAGES }} + build-n-test: needs: prepare-release uses: ./.github/workflows/build-n-test-all-distros.yml with: - BUILD_DISTS: ${{ vars.BUILD_DISTS }} - BUILD_ARCHS: ${{ vars.BUILD_ARCHS }} - BUILD_EXCLUDE: ${{ vars.BUILD_EXCLUDE }} - SMOKE_TEST_IMAGES: ${{ vars.SMOKE_TEST_IMAGES }} + BUILD_DISTS: ${{ needs.populate-env-vars.outputs.BUILD_DISTS }} + BUILD_ARCHS: ${{ needs.populate-env-vars.outputs.BUILD_ARCHS }} + BUILD_EXCLUDE: ${{ needs.populate-env-vars.outputs.BUILD_EXCLUDE }} + SMOKE_TEST_IMAGES: ${{ needs.populate-env-vars.outputs.SMOKE_TEST_IMAGES }} release_tag: ${{ inputs.release_tag }} create-release-handle: From 48ab5a9f1ceb7d069d94cdcf3f8c00287c7e7796 Mon Sep 17 00:00:00 2001 From: Daria Guy Date: Thu, 30 Oct 2025 11:10:25 +0200 Subject: [PATCH 2/6] Fixed .env parsing - Moved .env to .github - Changed parsing in parse-env-file - Added needs in apt and release_build_and_test workflows --- .env => .github/.env | 0 .github/actions/parse-env-file/action.yml | 14 ++++++++++---- .github/workflows/apt.yml | 1 + .github/workflows/release_build_and_test.yml | 4 +++- 4 files changed, 14 insertions(+), 5 deletions(-) rename .env => .github/.env (100%) diff --git a/.env b/.github/.env similarity index 100% rename from .env rename to .github/.env diff --git a/.github/actions/parse-env-file/action.yml b/.github/actions/parse-env-file/action.yml index 5f5a8a5..28bfeab 100644 --- a/.github/actions/parse-env-file/action.yml +++ b/.github/actions/parse-env-file/action.yml @@ -1,6 +1,12 @@ name: "Parse env file" description: "Parses .env environment file and extracts all available fields as outputs" +inputs: + env_file_path: + description: ".env file path" + default: '.github/.env' + required: false + outputs: BUILD_ARCHS: description: "The extracted BUILD_DISTS from .env file" @@ -25,7 +31,7 @@ runs: id: parse shell: bash run: | - while IFS='=' read -r key value; do - [[ -z "$key" || "$key" =~ ^# ]] && continue - echo "$key=$value" >> "$GITHUB_OUTPUT" - done < .env \ No newline at end of file + cat "${{ inputs.env_file_path }}" | while IFS= read -r line || [[ -n "$line" ]]; do + [[ -z "$line" || "$line" =~ ^# ]] && continue + echo "$line" >> "$GITHUB_OUTPUT" + done \ No newline at end of file diff --git a/.github/workflows/apt.yml b/.github/workflows/apt.yml index 7841dce..721f676 100644 --- a/.github/workflows/apt.yml +++ b/.github/workflows/apt.yml @@ -48,6 +48,7 @@ jobs: build-n-test: uses: ./.github/workflows/build-n-test-all-distros.yml + needs: populate-env-vars with: BUILD_DISTS: ${{ needs.populate-env-vars.outputs.BUILD_DISTS }} BUILD_ARCHS: ${{ needs.populate-env-vars.outputs.BUILD_ARCHS }} diff --git a/.github/workflows/release_build_and_test.yml b/.github/workflows/release_build_and_test.yml index 13ae7eb..49930dd 100644 --- a/.github/workflows/release_build_and_test.yml +++ b/.github/workflows/release_build_and_test.yml @@ -61,7 +61,9 @@ jobs: SMOKE_TEST_IMAGES: ${{ steps.parse.outputs.SMOKE_TEST_IMAGES }} build-n-test: - needs: prepare-release + needs: + - prepare-release + - populate-env-vars uses: ./.github/workflows/build-n-test-all-distros.yml with: BUILD_DISTS: ${{ needs.populate-env-vars.outputs.BUILD_DISTS }} From e4b389371083a3b747b2e1c1f8bf3ea4f70ed188 Mon Sep 17 00:00:00 2001 From: Daria Guy Date: Thu, 30 Oct 2025 13:55:52 +0200 Subject: [PATCH 3/6] Removed whitespaces --- .github/actions/parse-env-file/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/parse-env-file/action.yml b/.github/actions/parse-env-file/action.yml index 28bfeab..04a7328 100644 --- a/.github/actions/parse-env-file/action.yml +++ b/.github/actions/parse-env-file/action.yml @@ -25,7 +25,7 @@ runs: using: "composite" steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v4 - name: Parse release handle id: parse @@ -34,4 +34,4 @@ runs: cat "${{ inputs.env_file_path }}" | while IFS= read -r line || [[ -n "$line" ]]; do [[ -z "$line" || "$line" =~ ^# ]] && continue echo "$line" >> "$GITHUB_OUTPUT" - done \ No newline at end of file + done \ No newline at end of file From e5259c6b04d99c3a27b7dd9994fc2f03e2f163dc Mon Sep 17 00:00:00 2001 From: Petar Shtuchkin Date: Thu, 30 Oct 2025 17:25:58 +0200 Subject: [PATCH 4/6] Update AWS credentials action to 4.3.1 --- .github/actions/upload-packages/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/upload-packages/action.yml b/.github/actions/upload-packages/action.yml index 2c1e9a0..972cb8f 100644 --- a/.github/actions/upload-packages/action.yml +++ b/.github/actions/upload-packages/action.yml @@ -72,7 +72,7 @@ runs: # For internal release we have an IAM role that we need to assume - name: Configure aws credentials for internal release if: ${{ inputs.release_type == 'internal' }} - uses: aws-actions/configure-aws-credentials@v1.7.0 + uses: aws-actions/configure-aws-credentials@v4.3.1 with: role-to-assume: ${{ inputs.APT_S3_IAM_ARN }} aws-region: us-east-1 From 18f353aa2b306a056619c1de4ebd405711c51115 Mon Sep 17 00:00:00 2001 From: Petar Shtuchkin Date: Thu, 30 Oct 2025 20:44:30 +0200 Subject: [PATCH 5/6] Fix slack notification about failed build --- .github/workflows/release_build_and_test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release_build_and_test.yml b/.github/workflows/release_build_and_test.yml index 49930dd..492b4fb 100644 --- a/.github/workflows/release_build_and_test.yml +++ b/.github/workflows/release_build_and_test.yml @@ -112,7 +112,6 @@ jobs: fi echo "env_name=$env_name" >> $GITHUB_OUTPUT - name: Send Failure Slack notification - if: failure() uses: ./.github/actions/slack-notification with: slack_func: slack_format_failure_message From 3ee9a1d3ee2f9b4442c1e4ed142387f281b21f1e Mon Sep 17 00:00:00 2001 From: dariaguy <61630209+dariaguy@users.noreply.github.com> Date: Sun, 2 Nov 2025 18:13:52 +0200 Subject: [PATCH 6/6] Release automation 7.4 (#63) * Get rid of double code checkout, remove checkout_ref param * Changed upload packages in release_publish --- .github/actions/build-binary-package/action.yml | 7 ------- .github/actions/build-source-package/action.yml | 7 ------- .github/actions/run-smoke-tests/action.yml | 7 ------- .github/workflows/build-n-test-all-distros.yml | 3 --- .github/workflows/release_publish.yml | 8 +++++--- 5 files changed, 5 insertions(+), 27 deletions(-) diff --git a/.github/actions/build-binary-package/action.yml b/.github/actions/build-binary-package/action.yml index 9893bef..a420a5c 100644 --- a/.github/actions/build-binary-package/action.yml +++ b/.github/actions/build-binary-package/action.yml @@ -9,17 +9,10 @@ inputs: arch: description: "Architecture to build for" required: true - checkout_ref: - description: "Ref to checkout" - required: false - default: '' runs: using: "composite" steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.checkout_ref || '' }} - name: Determine build architecture shell: bash run: | diff --git a/.github/actions/build-source-package/action.yml b/.github/actions/build-source-package/action.yml index ef89f55..e0583c8 100644 --- a/.github/actions/build-source-package/action.yml +++ b/.github/actions/build-source-package/action.yml @@ -7,17 +7,10 @@ inputs: release_tag: description: "Release tag to build for (value 'unstable' is supported)" required: false - checkout_ref: - description: "Ref to checkout" - required: false - default: '' runs: using: "composite" steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.checkout_ref || '' }} - name: Install dependencies shell: bash run: | diff --git a/.github/actions/run-smoke-tests/action.yml b/.github/actions/run-smoke-tests/action.yml index 0277704..e262b1f 100644 --- a/.github/actions/run-smoke-tests/action.yml +++ b/.github/actions/run-smoke-tests/action.yml @@ -9,17 +9,10 @@ inputs: arch: description: "Architecture to run smoke tests for" required: true - checkout_ref: - description: "Ref to checkout" - required: false - default: '' runs: using: "composite" steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.checkout_ref || '' }} - name: Extract distribution from image id: extract_dist shell: bash diff --git a/.github/workflows/build-n-test-all-distros.yml b/.github/workflows/build-n-test-all-distros.yml index e8db6ec..0a4ec63 100644 --- a/.github/workflows/build-n-test-all-distros.yml +++ b/.github/workflows/build-n-test-all-distros.yml @@ -49,7 +49,6 @@ jobs: with: dist: ${{ matrix.dist }} release_tag: ${{ inputs.release_tag }} - checkout_ref: ${{ inputs.release_tag == 'unstable' && 'unstable' || '' }} build-binary-package: runs-on: ${{ contains(matrix.arch, 'arm') && 'ubuntu24-arm64-2-8' || 'ubuntu-24.04' }} @@ -78,7 +77,6 @@ jobs: dist: ${{ matrix.dist }} arch: ${{ matrix.arch }} run_id: ${{ github.run_id }} - checkout_ref: ${{ inputs.release_tag == 'unstable' && 'unstable' || '' }} smoke-test-archs: runs-on: ubuntu-latest @@ -115,4 +113,3 @@ jobs: image: ${{ matrix.image }} arch: ${{ matrix.arch }} run_id: ${{ github.run_id }} - checkout_ref: ${{ inputs.release_tag == 'unstable' && 'unstable' || '' }} diff --git a/.github/workflows/release_publish.yml b/.github/workflows/release_publish.yml index 1bd7d7b..05478b4 100644 --- a/.github/workflows/release_publish.yml +++ b/.github/workflows/release_publish.yml @@ -64,7 +64,7 @@ jobs: with: release_handle: ${{ github.event.inputs.release_handle }} - - name: Upload staging packages + - name: Upload packages id: upload uses: ./.github/actions/upload-packages with: @@ -72,9 +72,11 @@ jobs: release_type: ${{ github.event.inputs.release_type }} gh_token: ${{ secrets.GITHUB_TOKEN }} APT_SIGNING_KEY: ${{ secrets.APT_SIGNING_KEY }} - APT_S3_BUCKET: ${{ secrets.APT_S3_BUCKET_STAGING }} APT_S3_REGION: ${{ secrets.APT_S3_REGION }} - APT_S3_IAM_ARN: ${{ secrets.APT_S3_IAM_ARN_STAGING }} + APT_S3_BUCKET: ${{ github.event.inputs.release_type == 'public' && secrets.APT_S3_BUCKET || secrets.APT_S3_BUCKET_STAGING }} + APT_S3_IAM_ARN: ${{ github.event.inputs.release_type == 'internal' && secrets.APT_S3_IAM_ARN_STAGING || '' }} + APT_S3_ACCESS_KEY_ID: ${{ github.event.inputs.release_type == 'public' && secrets.APT_S3_ACCESS_KEY_ID || '' }} + APT_S3_SECRET_ACCESS_KEY: ${{ github.event.inputs.release_type == 'public' && secrets.APT_S3_SECRET_ACCESS_KEY || '' }} - name: Merge back to release branch id: merge-back