diff --git a/.github/workflows/assets.yaml b/.github/workflows/assets.yaml index 77af498..297c4cb 100644 --- a/.github/workflows/assets.yaml +++ b/.github/workflows/assets.yaml @@ -9,13 +9,13 @@ on: default: latest required: false schedule: - - cron: "0 * * * *" + - cron: "0 * * * *" concurrency: group: ${{ github.actor }}-build env: - TALOS_VERSION : "${{ inputs.version || 'latest' }}" + TALOS_VERSION: "${{ inputs.version || 'latest' }}" # renovate: depName=ghcr.io/siderolabs/intel-ucode INTEL_UCODE_VERSION: 20231114 # renovate: depName=ghcr.io/siderolabs/i915-ucode @@ -24,38 +24,38 @@ env: jobs: check-releases: name: Check for new releases - runs-on: ubuntu-latest + runs-on: ci-os steps: - - name: Checkout - uses: actions/checkout@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} + - name: Checkout + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch Talos release version - id: talos-release - run: | - if [ "${{ env.TALOS_VERSION }}" == "latest" ]; then - talos_release_tag=$(curl -sL https://api.github.com/repos/siderolabs/talos/releases/latest | jq -r ".tag_name") - else - talos_release_tag="${{ env.TALOS_VERSION }}" - fi - echo "talos_release_tag=$talos_release_tag" >> $GITHUB_OUTPUT + - name: Fetch Talos release version + id: talos-release + run: | + if [ "${{ env.TALOS_VERSION }}" == "latest" ]; then + talos_release_tag=$(curl -sL https://api.github.com/repos/siderolabs/talos/releases/latest | jq -r ".tag_name") + else + talos_release_tag="${{ env.TALOS_VERSION }}" + fi + echo "talos_release_tag=$talos_release_tag" >> $GITHUB_OUTPUT - - name: Fetch latest Boot Assets release version - id: boot-asset-release - run: | - boot_assets_release_tag=$(curl -sL https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r ".tag_name") - echo "boot_assets_release_tag=$boot_assets_release_tag" >> $GITHUB_OUTPUT + - name: Fetch latest Boot Assets release version + id: boot-asset-release + run: | + boot_assets_release_tag=$(curl -sL https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r ".tag_name") + echo "boot_assets_release_tag=$boot_assets_release_tag" >> $GITHUB_OUTPUT - - name: Compare release versions - if: steps.talos-release.outputs.talos_release_tag != steps.boot-asset-release.outputs.boot_assets_release_tag - id: compare-releases - run: | - compare_result=$(./.github/scripts/semver2.sh \ - ${{ steps.talos-release.outputs.talos_release_tag }} \ - ${{ steps.boot-asset-release.outputs.boot_assets_release_tag }}) - echo "compare_result=$compare_result" >> $GITHUB_OUTPUT + - name: Compare release versions + if: steps.talos-release.outputs.talos_release_tag != steps.boot-asset-release.outputs.boot_assets_release_tag + id: compare-releases + run: | + compare_result=$(./.github/scripts/semver2.sh \ + ${{ steps.talos-release.outputs.talos_release_tag }} \ + ${{ steps.boot-asset-release.outputs.boot_assets_release_tag }}) + echo "compare_result=$compare_result" >> $GITHUB_OUTPUT outputs: newTalosReleaseFound: ${{ steps.compare-releases.outputs.compare_result }} @@ -65,127 +65,127 @@ jobs: needs: [ check-releases ] if: needs.check-releases.outputs.newTalosReleaseFound || github.event_name == 'workflow_dispatch' name: Build kernel image - runs-on: ubuntu-latest + runs-on: ci-os steps: - - name: Get pkgs release tag - id: pkgs-release - run: | - release=release-$(grep -Eo '[0-9]\.[0-9]+' <<< '${{ needs.check-releases.outputs.talosReleaseTag }}') - echo "release=$release" >> $GITHUB_OUTPUT + - name: Get pkgs release tag + id: pkgs-release + run: | + release=release-$(grep -Eo '[0-9]\.[0-9]+' <<< '${{ needs.check-releases.outputs.talosReleaseTag }}') + echo "release=$release" >> $GITHUB_OUTPUT - - name: Checkout - uses: actions/checkout@v4 - with: - repository: siderolabs/pkgs - ref: ${{ steps.pkgs-release.outputs.release }} - token: ${{ secrets.GITHUB_TOKEN }} - fetch-depth: 0 + - name: Checkout + uses: actions/checkout@v4 + with: + repository: siderolabs/pkgs + ref: ${{ steps.pkgs-release.outputs.release }} + token: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 0 - - name: Checkout patches - uses: actions/checkout@v4 - with: - repository: ${{ github.repository }} - ref: ${{ github.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - path: patches - sparse-checkout: patches/pkgs - sparse-checkout-cone-mode: false + - name: Checkout patches + uses: actions/checkout@v4 + with: + repository: ${{ github.repository }} + ref: ${{ github.sha }} + token: ${{ secrets.GITHUB_TOKEN }} + path: patches + sparse-checkout: patches/pkgs + sparse-checkout-cone-mode: false - - name: Apply patches - run: | - while IFS= read -r file; do - echo "==> Adding $file" - git apply -v $file - done < <(find "./patches/patches/pkgs" -type f -name "*.patch" | sort) + - name: Apply patches + run: | + while IFS= read -r file; do + echo "==> Adding $file" + git apply -v $file + done < <(find "./patches/patches/pkgs" -type f -name "*.patch" | sort) - - name: Maximize build space - uses: jlumbroso/free-disk-space@main - with: - large-packages: true - docker-images: true - swap-storage: true + - name: Maximize build space + uses: jlumbroso/free-disk-space@main + with: + large-packages: true + docker-images: true + swap-storage: true - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Login to GitHub Container Registry - uses: docker/login-action@v3.3.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3.3.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Build kernel image - run: | - make kernel \ - PLATFORM=linux/amd64 \ - USERNAME="${{ github.actor }}" \ - TAG="${{ needs.check-releases.outputs.talosReleaseTag }}" \ - PUSH="true" + - name: Build kernel image + run: | + make kernel \ + PLATFORM=linux/amd64 \ + USERNAME="${{ github.actor }}" \ + TAG="${{ needs.check-releases.outputs.talosReleaseTag }}" \ + PUSH="true" build-installer: needs: [ check-releases, build-kernel ] if: needs.check-releases.outputs.newTalosReleaseFound || github.event_name == 'workflow_dispatch' name: Build installer image - runs-on: ubuntu-latest + runs-on: ci-os steps: - - name: Checkout - uses: actions/checkout@v4 - with: - repository: siderolabs/talos - ref: refs/tags/${{ needs.check-releases.outputs.talosReleaseTag }} - token: ${{ secrets.GITHUB_TOKEN }} - fetch-depth: 0 + - name: Checkout + uses: actions/checkout@v4 + with: + repository: siderolabs/talos + ref: refs/tags/${{ needs.check-releases.outputs.talosReleaseTag }} + token: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 0 - - name: Checkout patches - uses: actions/checkout@v4 - with: - repository: ${{ github.repository }} - ref: ${{ github.sha }} - token: ${{ secrets.GITHUB_TOKEN }} - path: patches - sparse-checkout: patches/talos - sparse-checkout-cone-mode: false + - name: Checkout patches + uses: actions/checkout@v4 + with: + repository: ${{ github.repository }} + ref: ${{ github.sha }} + token: ${{ secrets.GITHUB_TOKEN }} + path: patches + sparse-checkout: patches/talos + sparse-checkout-cone-mode: false - - name: Apply patches - run: | - while IFS= read -r file; do - echo "==> Adding $file" - git apply -v $file - done < <(find "./patches/patches/talos" -type f -name "*.patch" | sort) + - name: Apply patches + run: | + while IFS= read -r file; do + echo "==> Adding $file" + git apply -v $file + done < <(find "./patches/patches/talos" -type f -name "*.patch" | sort) - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Login to GitHub Container Registry - uses: docker/login-action@v3.3.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3.3.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - name: Build installer image - run: | - make installer \ - PLATFORM="linux/amd64" \ - USERNAME="${{ github.actor }}" \ - TAG="${{ needs.check-releases.outputs.talosReleaseTag }}" \ - PKG_KERNEL="ghcr.io/${{ github.actor }}/kernel:${{ needs.check-releases.outputs.talosReleaseTag }}" \ - PUSH="true" + - name: Build installer image + run: | + make installer \ + PLATFORM="linux/amd64" \ + USERNAME="${{ github.actor }}" \ + TAG="${{ needs.check-releases.outputs.talosReleaseTag }}" \ + PKG_KERNEL="ghcr.io/${{ github.actor }}/kernel:${{ needs.check-releases.outputs.talosReleaseTag }}" \ + PUSH="true" build-boot-assets: needs: [ check-releases, build-installer ] if: needs.check-releases.outputs.newTalosReleaseFound || github.event_name == 'workflow_dispatch' name: Build boot assets - runs-on: ubuntu-latest + runs-on: ci-os permissions: contents: write @@ -194,81 +194,81 @@ jobs: image: ghcr.io/${{ github.actor }}/installer:${{ needs.check-releases.outputs.talosReleaseTag }} options: --privileged volumes: - - /dev:/dev + - /dev:/dev steps: - - name: Build amd64 installer with I915 & Intel Ucode - run: | - /bin/imager installer \ - --arch amd64 \ - --base-installer-image ghcr.io/${{ github.actor }}/installer:${{ needs.check-releases.outputs.talosReleaseTag }} \ - --system-extension-image ghcr.io/siderolabs/i915-ucode:${{ env.I915_UCODE_VERSION }} \ - --system-extension-image ghcr.io/siderolabs/intel-ucode:${{ env.INTEL_UCODE_VERSION }} + - name: Build amd64 installer with I915 & Intel Ucode + run: | + /bin/imager installer \ + --arch amd64 \ + --base-installer-image ghcr.io/${{ github.actor }}/installer:${{ needs.check-releases.outputs.talosReleaseTag }} \ + --system-extension-image ghcr.io/siderolabs/i915-ucode:${{ env.I915_UCODE_VERSION }} \ + --system-extension-image ghcr.io/siderolabs/intel-ucode:${{ env.INTEL_UCODE_VERSION }} - - name: Upload installer artifact - uses: actions/upload-artifact@v4 - with: - name: talos-installer - path: /out/installer-amd64.tar - if-no-files-found: error - retention-days: 1 + - name: Upload installer artifact + uses: actions/upload-artifact@v4 + with: + name: talos-installer + path: /out/installer-amd64.tar + if-no-files-found: error + retention-days: 1 push-installer-image: needs: [ check-releases, build-boot-assets ] name: Push installer image - runs-on: ubuntu-latest + runs-on: ci-os permissions: contents: read packages: write steps: - - name: Download talos installer image - uses: actions/download-artifact@v4 - with: - name: talos-installer - path: /tmp/talos-build-assets + - name: Download talos installer image + uses: actions/download-artifact@v4 + with: + name: talos-installer + path: /tmp/talos-build-assets - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Login to GitHub Container Registry - uses: docker/login-action@v3.3.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3.3.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - - uses: imjasonh/setup-crane@v0.4 - - name: Push installer image - run: | - crane push \ - --platform linux/amd64 \ - /tmp/talos-build-assets/installer-amd64.tar \ - ghcr.io/${{ github.actor }}/installer:${{ needs.check-releases.outputs.talosReleaseTag }} + - uses: imjasonh/setup-crane@v0.4 + - name: Push installer image + run: | + crane push \ + --platform linux/amd64 \ + /tmp/talos-build-assets/installer-amd64.tar \ + code.252.no/${{ github.actor }}/talos/apple-x86-installer:${{ needs.check-releases.outputs.talosReleaseTag }} create-release: needs: [ check-releases, push-installer-image ] if: needs.check-releases.outputs.newTalosReleaseFound name: Create a new release - runs-on: ubuntu-latest + runs-on: ci-os permissions: contents: write steps: - - name: Fetch Talos release body - id: talos-release-body - run: | - echo 'talos_release_body<> $GITHUB_OUTPUT - curl -sL https://api.github.com/repos/siderolabs/talos/releases/tags/${{ needs.check-releases.outputs.talosReleaseTag }} | jq -r ".body" >> $GITHUB_OUTPUT - echo EOF >> $GITHUB_OUTPUT + - name: Fetch Talos release body + id: talos-release-body + run: | + echo 'talos_release_body<> $GITHUB_OUTPUT + curl -sL https://api.github.com/repos/siderolabs/talos/releases/tags/${{ needs.check-releases.outputs.talosReleaseTag }} | jq -r ".body" >> $GITHUB_OUTPUT + echo EOF >> $GITHUB_OUTPUT - - name: Create a new release - uses: softprops/action-gh-release@v1 - with: - tag_name: ${{ needs.check-releases.outputs.talosReleaseTag }} - body: ${{ steps.talos-release-body.outputs.talos_release_body }} +# - name: Create a new release +# uses: softprops/action-gh-release@v1 +# with: +# tag_name: ${{ needs.check-releases.outputs.talosReleaseTag }} +# body: ${{ steps.talos-release-body.outputs.talos_release_body }}