jeans/operating-system
jeans/operating-system
1
0
Fork 0
mirror of https://github.com/home-assistant/operating-system.git synced 2025-07-28 15:36:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

GitHub action improvements and cleanup (#2710)

Browse Source 
* Determine git reference in prepare step

We can determin the git reference used once in the prepare step.

* Build HAOS builder in prepare step

Instead of building the build container multiple times, simply build it
once in the prepare step. This saves some GitHub Runner time (as we only
need to create the builder once).

* Drop per PR builds

Drop the per PR builds which are based on pull_request_target. These
make things more complicated with the recent changes requiring two
deployment approvals since we use the environment in for the prepare
and build job now. It will also interfere with future expansions.

We should consider readding the feature using `pull_request` and
subsequent `workflow_run` trigger, as suggested by
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/.

* Simplify board filter
This commit is contained in:
Stefan Agner 2023-08-29 18:30:28 +02:00 committed by GitHub
parent 02d85d73ef
commit 111eebfb49
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 48 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
.github/workflows/dev.yml vendored
View File

@ -9,37 +9,26 @@ on:
description: 'List of boards to build (comma separated identifiers)' description: 'List of boards to build (comma separated identifiers)'
required: false required: false
type: string type: string
pull_request_target:
types: [opened,synchronize,labeled]
jobs: jobs:
prepare: prepare:
if: ${{ github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'run-dev-build') }}
name: Prepare build name: Prepare build
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
permissions: permissions:
contents: read contents: read
pull-requests: read pull-requests: read
packages: write
outputs: outputs:
version_main: ${{ steps.version_main.outputs.version_main }} version_main: ${{ steps.version_main.outputs.version_main }}
version_dev: ${{ steps.version_dev.outputs.version_dev }}${{ steps.version_pr.outputs.version_pr }} version_dev: ${{ steps.version_dev.outputs.version_dev }}
matrix: ${{ steps.generate_matrix.outputs.result }} matrix: ${{ steps.generate_matrix.outputs.result }}
build_container_image: ghcr.io/${{ github.repository_owner }}/haos-builder@${{ steps.build_haos_builder.outputs.digest }}
steps: steps:
- name: Generate Development build version - name: Checkout source
shell: bash uses: actions/checkout@v3
id: version_dev with:
run: | persist-credentials: false
version_dev="dev$(date --utc +'%Y%m%d')"
echo "Development version \"${version_dev}\""
echo "version_dev=${version_dev}" >> $GITHUB_OUTPUT
- name: Generate Development build version for PR
if: ${{ github.event.pull_request }}
shell: bash
id: version_pr
run: |
version_pr=$(printf "%05d" ${{ github.event.pull_request.number }})
echo "Development build for PR #${{ github.event.pull_request.number }}"
echo "version_pr=${version_pr}" >> $GITHUB_OUTPUT
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: Get Major/Minor version - name: Get Major/Minor version
id: version_main id: version_main
@ -47,36 +36,53 @@ jobs:
major=$(cat ${GITHUB_WORKSPACE}/buildroot-external/meta | grep VERSION_MAJOR | cut -d'=' -f2) major=$(cat ${GITHUB_WORKSPACE}/buildroot-external/meta | grep VERSION_MAJOR | cut -d'=' -f2)
build=$(cat ${GITHUB_WORKSPACE}/buildroot-external/meta | grep VERSION_BUILD | cut -d'=' -f2) build=$(cat ${GITHUB_WORKSPACE}/buildroot-external/meta | grep VERSION_BUILD | cut -d'=' -f2)
echo "version_main=${major}.${build}" >> $GITHUB_OUTPUT echo "version_main=${major}.${build}" >> $GITHUB_OUTPUT
- name: Generate Development build version
shell: bash
id: version_dev
run: |
version_dev="dev$(date --utc +'%Y%m%d')"
echo "Development version \"${version_dev}\""
echo "version_dev=${version_dev}" >> $GITHUB_OUTPUT
- name: Create build matrix - name: Create build matrix
uses: actions/github-script@v6 uses: actions/github-script@v6
id: generate_matrix id: generate_matrix
with: with:
script: | script: |
const boards = require('./.github/workflows/matrix.json') const boards = require('./.github/workflows/matrix.json')
const boardFilter = "${{ github.event.inputs.boards }}"
if (context.eventName == "workflow_dispatch") { if (boardFilter == "") {
const boardFilter = "${{ github.event.inputs.boards }}" console.log("Run full build for all boards")
if (boardFilter == "") { return { "board": boards }
console.log("Run full build for all boards") } else {
return { "board": boards } console.log("Run partial build")
} else { const boardSet = new Set(boardFilter.split(","))
console.log("Run partial build") const buildBoards = boards.filter(b => boardSet.has(b.id))
const boardSet = new Set(boardFilter.split(',')) return { "board": buildBoards }
const buildBoards = boards.filter(b => boardSet.has(b.id))
return { "board": buildBoards }
}
} }
const labels = context.payload.pull_request.labels.map(l => l.name) - name: Set up Docker Buildx
const labelsSet = new Set(labels) uses: docker/setup-buildx-action@v2.10.0
const buildBoards = boards.filter(b => labelsSet.has(b.label)) - name: Log in to the GitHub container registry
uses: docker/login-action@v2.1.0
return { "board": buildBoards } with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push
uses: docker/build-push-action@v4.1.1
id: build_haos_builder
with:
context: .
file: Dockerfile
tags: ghcr.io/${{ github.repository_owner }}/haos-builder
cache-from: ghcr.io/${{ github.repository_owner }}/haos-builder:cache-${{ steps.version_main.outputs.version_main }}
cache-to: ghcr.io/${{ github.repository_owner }}/haos-builder:cache-${{ steps.version_main.outputs.version_main }}
push: true
build: build:
if: ${{ github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'run-dev-build') }}
name: Development build for ${{ matrix.board.id }} name: Development build for ${{ matrix.board.id }}
environment: "dev_build"
needs: prepare needs: prepare
strategy: strategy:
fail-fast: false fail-fast: false
@ -84,24 +90,11 @@ jobs:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- name: Define git reference
uses: actions/github-script@v6
id: generate_gitref
with:
script: |
if (context.eventName == "workflow_dispatch")
return { "ref": context.ref }
return { "ref": context.payload.pull_request.head.sha }
- name: Checkout source - name: Checkout source
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:
submodules: true submodules: true
persist-credentials: false persist-credentials: false
ref: ${{ fromJSON(steps.generate_gitref.outputs.result).ref }}
- name: Build container
run: docker build -t haos-builder .
- name: 'Add release PKI certs' - name: 'Add release PKI certs'
env: env:
@ -139,7 +132,8 @@ jobs:
docker run --rm --privileged -v "${GITHUB_WORKSPACE}:/build" \ docker run --rm --privileged -v "${GITHUB_WORKSPACE}:/build" \
-e BUILDER_UID="${BUILDER_UID}" -e BUILDER_GID="${BUILDER_GID}" \ -e BUILDER_UID="${BUILDER_UID}" -e BUILDER_GID="${BUILDER_GID}" \
-v "/mnt/cache:/cache" \ -v "/mnt/cache:/cache" \
haos-builder make BUILDDIR=/build VERSION_DEV=${{ needs.prepare.outputs.version_dev }} ${{ matrix.board.defconfig }} ${{ needs.prepare.outputs.build_container_image }} \
make BUILDDIR=/build VERSION_DEV=${{ needs.prepare.outputs.version_dev }} ${{ matrix.board.defconfig }}
- name: Upload images - name: Upload images
uses: burnett01/rsync-deployments@5.2 uses: burnett01/rsync-deployments@5.2
@ -156,9 +150,9 @@ jobs:
bump_version: bump_version:
name: Bump dev channel version name: Bump dev channel version
if: ${{ github.event_name == 'workflow_dispatch' && github.repository == 'home-assistant/operating-system' }} if: ${{ github.repository == 'home-assistant/operating-system' }}
needs: [ build, prepare ] needs: [ build, prepare ]
runs-on: [ "ubuntu-20.04" ] runs-on: ubuntu-22.04
steps: steps:
- name: Initialize git - name: Initialize git