Skip to content
This repository has been archived by the owner on Dec 18, 2024. It is now read-only.

Continuous

Continuous #852

Workflow file for this run

name: Continuous
on:
push:
branches:
- master
schedule:
- cron: '0 */6 * * *'
workflow_dispatch: {}
permissions:
contents: read
id-token: write
packages: write
jobs:
pre:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.build-matrix.outputs.matrix }}
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
steps:
- name: checkout repository
uses: actions/checkout@v2
- name: setup go
uses: actions/setup-go@v2
with:
go-version: '1.17'
- name: setup python
uses: actions/setup-python@v2
with:
python-version: '3.9'
- name: aws configure
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/xcode
- name: install and setup dependencies
run: |
sudo cp ./hack/unttify.py /usr/local/bin/unttify
sudo sh ./hack/unttify.sh skopeo
sudo sh ./hack/debian-install-xar-devel.sh
pipx install pipenv
- name: build matrix
id: build-matrix
run: |
make -C matrix
echo "::set-output name=matrix::$(cat ./matrix/matrix.json)"
- name: build tgzarmorer
run: make -C tgzarmorer build
- name: upload tgzarmorer
uses: actions/upload-artifact@v3
with:
name: tgzarmorer
path: ./tgzarmorer/tgza
retention-days: 1
- name: build xipverifier
run: make -C xipverifier build
- name: upload xipverifier
uses: actions/upload-artifact@v3
with:
name: xipverifier
path: ./xipverifier/xv
retention-days: 1
- name: bake cookies
run: make 'GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }}' -C cookiebaker
env:
APPLEID_USER: ${{ secrets.APPLEID_USER }}
APPLEID_PASS: ${{ secrets.APPLEID_PASS }}
AWSS3_BUCKETNAME: ${{ secrets.AWSS3_BUCKETNAME }}
MESSAGEBIRD_ACCESSKEY: ${{ secrets.MESSAGEBIRD_ACCESSKEY }}
MESSAGEBIRD_CALLER: ${{ secrets.MESSAGEBIRD_CALLER }}
MESSAGEBIRD_CALLEE: ${{ secrets.MESSAGEBIRD_CALLEE }}
- name: upload cookies
uses: actions/upload-artifact@v3
with:
name: cookiebaker
path: ./cookiebaker/cookies.txt.gpg
retention-days: 1
make:
runs-on: ubuntu-latest
needs: pre
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.pre.outputs.matrix) }}
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
XDG_RUNTIME_DIR: /tmp
steps:
- name: checkout repository
uses: actions/checkout@v2
- name: download artifacts
uses: actions/download-artifact@v3
- name: aws configure
uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/xcode
- name: install and setup dependencies
run: |
sudo cp ./hack/unttify.py /usr/local/bin/unttify
sudo sh ./hack/unttify.sh aria2c
sudo sh ./hack/unttify.sh skopeo
sudo sh ./hack/apple-pki.sh
sudo sh ./hack/debian-install-xar-devel.sh
sudo make -C tgzarmorer install
sudo make -C xipverifier install
- name: docker login
run: |
skopeo login -u '${{ secrets.DOCKERHUB_USER }}' -p '${{ secrets.DOCKERHUB_PASS }}' docker.io
skopeo login -u '${{ secrets.QUAY_USER }}' -p '${{ secrets.QUAY_PASS }}' quay.io
skopeo login -u '${{ github.actor }}' -p '${{ github.token }}' ghcr.io
skopeo login -u 'AWS' -p "$(aws ecr-public get-login-password)" public.ecr.aws
- name: docker inspect
id: docker-inspect
run: |
skopeo inspect --override-os 'darwin' --override-arch 'universal' --raw 'docker://docker.io/inloco/xcode:${{ matrix.build }}' || echo "::set-output name=needs-build::1"
skopeo inspect --override-os 'darwin' --override-arch 'universal' --raw 'docker://docker.io/inloco/xcode:${{ matrix.version }}' || echo "::set-output name=needs-version::1"
skopeo inspect --override-os 'darwin' --override-arch 'universal' --raw 'docker://quay.io/inloco/xcode:${{ matrix.build }}' || echo "::set-output name=needs-build::1"
skopeo inspect --override-os 'darwin' --override-arch 'universal' --raw 'docker://quay.io/inloco/xcode:${{ matrix.version }}' || echo "::set-output name=needs-version::1"
skopeo inspect --override-os 'darwin' --override-arch 'universal' --raw 'docker://ghcr.io/inloco/xcode:${{ matrix.build }}' || echo "::set-output name=needs-build::1"
skopeo inspect --override-os 'darwin' --override-arch 'universal' --raw 'docker://ghcr.io/inloco/xcode:${{ matrix.version }}' || echo "::set-output name=needs-version::1"
skopeo inspect --override-os 'darwin' --override-arch 'universal' --raw 'docker://public.ecr.aws/incognia/xcode:${{ matrix.build }}' || echo "::set-output name=needs-build::1"
skopeo inspect --override-os 'darwin' --override-arch 'universal' --raw 'docker://public.ecr.aws/incognia/xcode:${{ matrix.version }}' || echo "::set-output name=needs-version::1"
- name: decrypt cookies
if: ${{ steps.docker-inspect.outputs.needs-build }}
run: make 'GPG_PASSPHRASE=${{ secrets.GPG_PASSPHRASE }}' -C cookiebaker decrypt
- name: download xcode
if: ${{ steps.docker-inspect.outputs.needs-build }}
run: make 'URL=${{ matrix.url }}' Xcode.xip.tgz
- name: docker build
if: ${{ steps.docker-inspect.outputs.needs-build }}
run: |
export OCIREV='${{ matrix.build }}'
export OCITIT='${{ matrix.name }}'
export OCIURL='${{ matrix.url }}'
export OCIVER='${{ matrix.version }}'
make -C oci build
- name: docker push build
if: ${{ steps.docker-inspect.outputs.needs-build }}
shell: '/usr/bin/env parallel --lb :::: {0}'
run: |
make 'IMAGE_REGISTRY=docker.io' 'IMAGE_REPOSITORY=inloco/xcode' 'IMAGE_VERSION=${{ matrix.build }}' -C oci push
make 'IMAGE_REGISTRY=quay.io' 'IMAGE_REPOSITORY=inloco/xcode' 'IMAGE_VERSION=${{ matrix.build }}' -C oci push
make 'IMAGE_REGISTRY=ghcr.io' 'IMAGE_REPOSITORY=${{ github.repository }}' 'IMAGE_VERSION=${{ matrix.build }}' -C oci push
make 'IMAGE_REGISTRY=public.ecr.aws' 'IMAGE_REPOSITORY=incognia/xcode' 'IMAGE_VERSION=${{ matrix.build }}' -C oci push
- name: docker tag version
if: ${{ steps.docker-inspect.outputs.needs-version }}
shell: '/usr/bin/env parallel --lb :::: {0}'
run: |
make 'IMAGE_REGISTRY=docker.io' 'IMAGE_REPOSITORY=inloco/xcode' 'IMAGE_VERSION=${{ matrix.build }}' 'IMAGE_TAG=${{ matrix.version }}' -C oci tag
make 'IMAGE_REGISTRY=quay.io' 'IMAGE_REPOSITORY=inloco/xcode' 'IMAGE_VERSION=${{ matrix.build }}' 'IMAGE_TAG=${{ matrix.version }}' -C oci tag
make 'IMAGE_REGISTRY=ghcr.io' 'IMAGE_REPOSITORY=${{ github.repository }}' 'IMAGE_VERSION=${{ matrix.build }}' 'IMAGE_TAG=${{ matrix.version }}' -C oci tag
make 'IMAGE_REGISTRY=public.ecr.aws' 'IMAGE_REPOSITORY=incognia/xcode' 'IMAGE_VERSION=${{ matrix.build }}' 'IMAGE_TAG=${{ matrix.version }}' -C oci tag
- name: docker tag latest
if: ${{ matrix.latest }}
shell: '/usr/bin/env parallel --lb :::: {0}'
run: |
make 'IMAGE_REGISTRY=docker.io' 'IMAGE_REPOSITORY=inloco/xcode' 'IMAGE_VERSION=${{ matrix.version }}' 'IMAGE_TAG=latest' -C oci tag
make 'IMAGE_REGISTRY=quay.io' 'IMAGE_REPOSITORY=inloco/xcode' 'IMAGE_VERSION=${{ matrix.version }}' 'IMAGE_TAG=latest' -C oci tag
make 'IMAGE_REGISTRY=ghcr.io' 'IMAGE_REPOSITORY=${{ github.repository }}' 'IMAGE_VERSION=${{ matrix.version }}' 'IMAGE_TAG=latest' -C oci tag
make 'IMAGE_REGISTRY=public.ecr.aws' 'IMAGE_REPOSITORY=incognia/xcode' 'IMAGE_VERSION=${{ matrix.version }}' 'IMAGE_TAG=latest' -C oci tag