Skip to content

cr_image_version: 2 #494

cr_image_version: 2

cr_image_version: 2 #494

name: build-release-latest
on:
push:
tags-ignore: 'v*'
branches:
- '**'
- '!master'
- '!*.*.*'
env:
python_win_version: 3.11.6
repo_dir: nagstamon-jekyll/docs/repo
cr_image: ghcr.io/henriwahl/build-nagstamon
# to be increased if new updates of build images are necessary
cr_image_version: 2
# release type this file is used for
release: latest
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.7, 3.9, 3.11]
steps:
- uses: actions/checkout@v3
# somehow weird way to get the hash over the requirements to be aware if they changed
- id: requirements_hash
run: echo "HASH=$(md5sum build/requirements/linux.txt | cut -d\ -f1)" >> $GITHUB_OUTPUT
# docker login is needed for pushing the test image
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# if image defined by hash over requirements is not pullable aka does not exist it will be created and pushed
- run: docker pull ${{ env.cr_image }}-${{ github.job }}-${{ matrix.python-version }}-${{ steps.requirements_hash.outputs.HASH }} || /usr/bin/docker build -t ${{ env.cr_image }}-${{ github.job }}-${{ matrix.python-version }}-${{ steps.requirements_hash.outputs.HASH }} --build-arg VERSION=${{ matrix.python-version }} --build-arg REQUIREMENTS="$(cat build/requirements/linux.txt | base64 --wrap=0)" -f build/docker/Dockerfile-${{ github.job }} .
- run: docker push ${{ env.cr_image }}-${{ github.job }}-${{ matrix.python-version }}-${{ steps.requirements_hash.outputs.HASH }}
# - name: Lint with flake8
# run: |
# # stop the build if there are Python syntax errors or undefined names
# flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
# flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Test with unittest
# using the tests in precompiled image makes them way faster instead of creating the test environment every time from scratch
run: docker run --rm -v $PWD:/src --workdir /src ${{ env.cr_image }}-${{ github.job }}-${{ matrix.python-version }}-${{ steps.requirements_hash.outputs.HASH }} python -m unittest tests/test_*.py
debian:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v3
# docker login is needed for pushing the build image
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# if image defined by variable cr_image_version is not pullable aka does not exist it will be created and pushed
- run: docker pull ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} || /usr/bin/docker build -t ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} -f build/docker/Dockerfile-${{ github.job }} .
- run: docker push ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
# building in precompiled image makes them way faster instead of creating the build environment every time from scratch
- run: /usr/bin/docker run -v ${{ github.workspace }}:/nagstamon -e DEB_BUILD_OPTIONS=nocheck ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
- uses: actions/upload-artifact@v3
with:
path: build/*.deb
retention-days: 1
if-no-files-found: error
fedora-36:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v3
# docker login is needed for pushing the build image
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# if image defined by variable cr_image_version is not pullable aka does not exist it will be created and pushed
- run: docker pull ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} || /usr/bin/docker build -t ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} -f build/docker/Dockerfile-${{ github.job }} .
- run: docker push ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
# building in precompiled image makes them way faster instead of creating the build environment every time from scratch
- run: /usr/bin/docker run -v ${{ github.workspace }}:/nagstamon ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
- uses: actions/upload-artifact@v3
with:
path: build/*.rpm
retention-days: 1
if-no-files-found: error
fedora-37:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v3
# docker login is needed for pushing the build image
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# if image defined by variable cr_image_version is not pullable aka does not exist it will be created and pushed
- run: docker pull ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} || /usr/bin/docker build -t ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} -f build/docker/Dockerfile-${{ github.job }} .
- run: docker push ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
# building in precompiled image makes them way faster instead of creating the build environment every time from scratch
- run: /usr/bin/docker run -v ${{ github.workspace }}:/nagstamon ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
- uses: actions/upload-artifact@v3
with:
path: build/*.rpm
retention-days: 1
if-no-files-found: error
fedora-38:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v3
# docker login is needed for pushing the build image
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# if image defined by variable cr_image_version is not pullable aka does not exist it will be created and pushed
- run: docker pull ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} || /usr/bin/docker build -t ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} -f build/docker/Dockerfile-${{ github.job }} .
- run: docker push ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
# building in precompiled image makes them way faster instead of creating the build environment every time from scratch
- run: /usr/bin/docker run -v ${{ github.workspace }}:/nagstamon ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
- uses: actions/upload-artifact@v3
with:
path: build/*.rpm
retention-days: 1
if-no-files-found: error
fedora-39:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v3
# docker login is needed for pushing the build image
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# if image defined by variable cr_image_version is not pullable aka does not exist it will be created and pushed
- run: docker pull ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} || /usr/bin/docker build -t ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} -f build/docker/Dockerfile-${{ github.job }} .
- run: docker push ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
# building in precompiled image makes them way faster instead of creating the build environment every time from scratch
- run: /usr/bin/docker run -v ${{ github.workspace }}:/nagstamon ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
- uses: actions/upload-artifact@v3
with:
path: build/*.rpm
retention-days: 1
if-no-files-found: error
rhel-9:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v3
# docker login is needed for pushing the build image
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# if image defined by variable cr_image_version is not pullable aka does not exist it will be created and pushed
- run: docker pull ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} || /usr/bin/docker build -t ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }} -f build/docker/Dockerfile-${{ github.job }} .
- run: docker push ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
# building in precompiled image makes them way faster instead of creating the build environment every time from scratch
- run: /usr/bin/docker run -v ${{ github.workspace }}:/nagstamon ${{ env.cr_image }}-${{ github.job }}:${{ env.cr_image_version }}
- uses: actions/upload-artifact@v3
with:
path: build/*.rpm
retention-days: 1
if-no-files-found: error
macos:
runs-on: macos-11
needs: test
steps:
- uses: actions/checkout@v3
- run: pip3 install --no-warn-script-location -r build/requirements/macos.txt
- run: cd ${{ github.workspace }}/build; python3 build.py
env:
PYTHONPATH: ${{ github.workspace }}
- uses: actions/upload-artifact@v3
with:
path: build/*.dmg
retention-days: 1
if-no-files-found: error
windows-32:
# better depend on stable build image
runs-on: windows-2019
needs: test
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: ${{ env.python_win_version }}
architecture: x86
# no PyQt6 for win32 available on pypi.org
- run: ((Get-Content -path build/requirements/windows.txt -Raw) -replace 'pyqt6.*','pyqt5') | Set-Content -Path build/requirements/windows.txt
- run: python -m pip install --no-warn-script-location -r build/requirements/windows.txt
# pretty hacky but no other idea to avoid gssapi being installed which breaks requests-kerberos
- run: python -m pip uninstall -y gssapi requests-gssapi
- run: cd ${{ github.workspace }}/build; python build.py
env:
PYTHONPATH: ${{ github.workspace }}
WIN_SIGNING_CERT_BASE64: ${{ secrets.SIGNING_CERT_BASE64 }}
WIN_SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
- uses: actions/upload-artifact@v3
with:
path: |
build/dist/*.zip
build/dist/*.exe
retention-days: 1
if-no-files-found: error
windows-64:
# better depend on stable build image
runs-on: windows-2019
needs: test
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: ${{ env.python_win_version }}
architecture: x64
- run: python -m pip install --no-warn-script-location -r build/requirements/windows.txt
# pretty hacky but no other idea to avoid gssapi being installed which breaks requests-kerberos
- run: python -m pip uninstall -y gssapi requests-gssapi
- run: cd ${{ github.workspace }}/build; python build.py
env:
PYTHONPATH: ${{ github.workspace }}
WIN_SIGNING_CERT_BASE64: ${{ secrets.SIGNING_CERT_BASE64 }}
WIN_SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
- uses: actions/upload-artifact@v3
with:
path: |
build/dist/*.zip
build/dist/*.exe
retention-days: 1
if-no-files-found: error
windows-64-debug:
# better depend on stable build image
runs-on: windows-2019
needs: test
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: ${{ env.python_win_version }}
architecture: x64
- run: python -m pip install --no-warn-script-location -r build/requirements/windows.txt
# pretty hacky but no other idea to avoid gssapi being installed which breaks requests-kerberos
- run: python -m pip uninstall -y gssapi requests-gssapi
- run: cd ${{ github.workspace }}/build; python build.py debug
env:
PYTHONPATH: ${{ github.workspace }}
WIN_SIGNING_CERT_BASE64: ${{ secrets.SIGNING_CERT_BASE64 }}
WIN_SIGNING_PASSWORD: ${{ secrets.SIGNING_PASSWORD }}
- uses: actions/upload-artifact@v3
with:
path: |
build/dist/*.zip
retention-days: 1
if-no-files-found: error
# borrowed from dhcpy6d
repo-debian:
runs-on: ubuntu-latest
# try to avoid race condition and start uploading only after the last install package has been build
needs: [debian, fedora-36, fedora-37, fedora-38, fedora-39, rhel-9, macos, windows-32, windows-64, windows-64-debug]
env:
family: debian
steps:
- uses: actions/checkout@v3
# get binaries created by other jobs
- uses: actions/download-artifact@v3
# get secret signing key
- run: echo "${{ secrets.PACKAGE_SIGNING_KEY }}" > signing_key.asc
# organize SSH deploy key for nagstamon-jekyll repo
- run: mkdir ~/.ssh
- run: echo "${{ secrets.NAGSTAMON_REPO_KEY_WEB }}" > ~/.ssh/id_ed25519
- run: chmod -R go-rwx ~/.ssh
# get and prepare nagstamon-jekyll
- run: git clone [email protected]:HenriWahl/nagstamon-jekyll.git
- run: rm -rf ${{ env.repo_dir }}/${{ env.family }}/${{ env.dist }}/${{ env.release }}
- run: mkdir -p ${{ env.repo_dir }}/${{ env.family }}/${{ env.dist }}/${{ env.release }}
# create deb repo via Debian build container
- run: |
/usr/bin/docker run --rm \
-v ${{ github.workspace }}:/workspace \
-v $PWD/${{ env.repo_dir }}/${{ env.family }}/${{ env.release }}:/repo \
${{ env.cr_image }}-${{ env.family }}:${{ env.cr_image_version }} \
/bin/sh -c "cd /workspace && \
gpg --import signing_key.asc && \
cp -r artifact/*.deb nagstamon-jekyll/docs/repo/${{ env.family }}/${{ env.release }} && \
cd nagstamon-jekyll/docs/repo/${{ env.family }}/${{ env.release }}
dpkg-scanpackages . > Packages && \
gzip -k -f Packages && \
apt-ftparchive release . > Release && \
gpg -abs -o Release.gpg Release && \
gpg --clearsign -o InRelease Release && \
gpg --output key.gpg --armor --export"
# commit and push new binaries to nagstamon-jekyll
- run: git config --global user.email "[email protected]" && git config --global user.name "Nagstamon Repository"
- run: cd ${{ env.repo_dir }} && git add . && git commit -am "new ${{ env.release }} repo ${{ env.family }}" && git push
repo-rpm-fedora:
runs-on: ubuntu-latest
# if not all are ready there might be trouble when downloading artifacts
# maybe faster now with build containers
needs: [repo-debian]
env:
family: fedora
# which image to use for packaging
cr_image_latest: 38
steps:
# get binaries created by other jobs
- uses: actions/download-artifact@v3
# organize SSH deploy key for nagstamon-repo
- run: mkdir ~/.ssh
- run: echo "${{ secrets.NAGSTAMON_REPO_KEY_WEB }}" > ~/.ssh/id_ed25519
- run: chmod -R go-rwx ~/.ssh
# get and prepare nagstamon-jekyll
- run: git clone [email protected]:HenriWahl/nagstamon-jekyll.git
- run: rm -rf ${{ env.repo_dir }}/${{ env.family }}/${{ env.release }}
- run: mkdir -p ${{ env.repo_dir }}/${{ env.family }}/${{ env.release }}
# copy *.rpm files into nagstamon-jekyll and create repodata
- run: |
version=${{ env.release }} && \
mkdir -p mkdir -p ${{ env.repo_dir }}/${{ env.family }}/${version} && \
cp -r artifact/*.${{ env.family }}* ${{ env.repo_dir }}/${{ env.family }}/${version} && \
docker run --rm -v ${PWD}/${{ env.repo_dir }}/${{ env.family }}/${version}:/repo \
${{ env.cr_image }}-${{ env.family }}-${{ env.cr_image_latest }}:${{ env.cr_image_version }} \
/bin/bash -c "createrepo --verbose --workers 1 /repo" && \
ls -laR ${PWD}/${{ env.repo_dir }}/${{ env.family }}/${version}
# commit and push new binaries to nagstamon-repo
- run: git config --global user.email "[email protected]" && git config --global user.name "Nagstamon Repository"
- run: cd ${{ env.repo_dir }} && git pull && git add . && git commit -am "new latest repo ${{ env.family }}" && git push
repo-rpm-rhel:
runs-on: ubuntu-latest
# if not all are ready there might be trouble when downloading artifacts
# maybe faster now with build containers
needs: [repo-rpm-fedora]
env:
family: rhel
# which image to use for packaging
cr_image_latest: 9
steps:
# get binaries created by other jobs
- uses: actions/download-artifact@v3
# organize SSH deploy key for nagstamon-repo
- run: mkdir ~/.ssh
- run: echo "${{ secrets.NAGSTAMON_REPO_KEY_WEB }}" > ~/.ssh/id_ed25519
- run: chmod -R go-rwx ~/.ssh
# get and prepare nagstamon-jekyll
- run: git clone [email protected]:HenriWahl/nagstamon-jekyll.git
- run: rm -rf ${{ env.repo_dir }}/${{ env.family }}/${{ env.release }}
- run: mkdir -p ${{ env.repo_dir }}/${{ env.family }}/${{ env.release }}
# copy *.rpm files into nagstamon-jekyll and create repodata
- run: |
version=${{ env.release }} && \
mkdir -p mkdir -p ${{ env.repo_dir }}/${{ env.family }}/${version} && \
cp -r artifact/*.${{ env.family }}* ${{ env.repo_dir }}/${{ env.family }}/${version} && \
docker run --rm -v ${PWD}/${{ env.repo_dir }}/${{ env.family }}/${version}:/repo \
${{ env.cr_image }}-${{ env.family }}-${{ env.cr_image_latest }}:${{ env.cr_image_version }} \
/bin/bash -c "createrepo --verbose --workers 1 /repo" && \
ls -laR ${PWD}/${{ env.repo_dir }}/${{ env.family }}/${version}
# commit and push new binaries to nagstamon-repo
- run: git config --global user.email "[email protected]" && git config --global user.name "Nagstamon Repository"
- run: cd ${{ env.repo_dir }} && git pull && git add . && git commit -am "new latest repo ${{ env.family }}" && git push
github-release:
runs-on: ubuntu-latest
needs: [repo-rpm-rhel]
steps:
- uses: actions/download-artifact@v3
- run: cd artifact && md5sum *agstamon* > md5sums.txt
- run: cd artifact && sha256sum *agstamon* > sha256sums.txt
- uses: marvinpinto/action-automatic-releases@latest
# the dciborow action is outdated as well :-(
#- uses: dciborow/[email protected]
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
automatic_release_tag: "latest"
prerelease: true
files: |
artifact/*