OSTree Build #39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: OSTree Build | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: 0 13 * * 5 # Friday 9pm in SGT/GMT+8, Friday 1pm in UTC | |
push: | |
branches: ["main"] | |
paths: | |
- "ostree/**" | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
timeout-minutes: 40 | |
container: | |
image: public.ecr.aws/docker/library/fedora:40 | |
# Fix SELinux for the built OSTree: https://github.com/coreos/rpm-ostree/issues/1943 | |
options: --privileged --security-opt label:disable | |
strategy: | |
matrix: | |
build: ["router"] | |
steps: | |
- name: Lowercase repository owner | |
shell: bash | |
run: | | |
echo "LOWERCASN_REPO_OWNER=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_ENV | |
- name: Install dependencies | |
run: dnf install -y rpm-ostree selinux-policy selinux-policy-targeted policycoreutils podman | |
- name: "Generate Short Lived OAuth App Token (ghs_*)" | |
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 | |
id: oauth-token | |
with: | |
app-id: "${{ secrets.BOT_APP_ID }}" # $BOT_APP_ID is found in GitHub App main settings page | |
private-key: "${{ secrets.BOT_JWT_PRIVATE_KEY }}" # $BOT_JWT_PRIVATE_KEY is generated in GitHub App main settings page, uses the X.509 private key format | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
token: "${{ steps.oauth-token.outputs.token }}" | |
- name: Log into container registry | |
run: podman login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io | |
- name: Download RPM repo files from upstream | |
run: "./ostree/repos.sh" | |
- name: Build OSTree and push it to registry | |
env: | |
USER: "${{ env.LOWERCASN_REPO_OWNER }}" | |
BUILD: "${{ matrix.build }}" | |
run: "cd ./ostree && ./build.sh registry" | |
# TODO: add secrets and push to private R2/Wasabi/etc |