publish on OBS / main #2690
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: obs | |
on: | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
revision: | |
default: main | |
description: Branch or Tag to be published | |
type: string | |
skip-bundles: | |
default: false | |
description: Skip bundling and only stage+test+release | |
type: boolean | |
skip-stage: | |
default: false | |
description: Skip staging and only bundles+test+release | |
type: boolean | |
skip-tests: | |
default: false | |
description: Skip testing and only bundles+stage+release | |
type: boolean | |
skip-release: | |
default: false | |
description: Skip releasing and only bundles+stage+test | |
type: boolean | |
env: | |
REVISION: ${{ inputs.revision || 'main' }} | |
OBS_PASSWORD: ${{ secrets.OBS_PASSWORD }} | |
run-name: publish on OBS / ${{ inputs.revision || 'main' }} | |
jobs: | |
vars: | |
runs-on: ubuntu-latest | |
timeout-minutes: 300 | |
outputs: | |
archive_path: ${{ steps.step.outputs.ARCHIVE_PATH }} | |
commit: ${{ steps.step.outputs.COMMIT }} | |
git_root: ${{ steps.step.outputs.GIT_ROOT }} | |
project: ${{ steps.step.outputs.PROJECT }} | |
project_type: ${{ steps.step.outputs.PROJECT_TYPE }} | |
project_version: ${{ steps.step.outputs.PROJECT_VERSION }} | |
version: ${{ steps.step.outputs.VERSION }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- id: step | |
run: | | |
source scripts/vars | |
echo "ARCHIVE_PATH=$ARCHIVE_PATH" >> "$GITHUB_OUTPUT" | |
echo "COMMIT=$COMMIT" >> "$GITHUB_OUTPUT" | |
echo "GIT_ROOT=$GIT_ROOT" >> "$GITHUB_OUTPUT" | |
echo "PROJECT=$PROJECT" >> "$GITHUB_OUTPUT" | |
echo "PROJECT_TYPE=$PROJECT_TYPE" >> "$GITHUB_OUTPUT" | |
echo "PROJECT_VERSION=$PROJECT_VERSION" >> "$GITHUB_OUTPUT" | |
echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT" | |
- run: scripts/github-job-wait | |
if: ${{ github.event_name != 'pull_request' }} | |
env: | |
COMMIT: ${{ steps.step.outputs.commit }} | |
GH_TOKEN: ${{ github.token }} | |
- name: COMMIT=${{ steps.step.outputs.commit }} | |
run: true | |
bundles: | |
runs-on: ubuntu-latest | |
needs: vars | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: | |
- amd64 | |
- arm64 | |
- ppc64le | |
- s390x | |
name: bundle / build / ${{ inputs.revision || 'main' }} / ${{ matrix.arch }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 | |
- run: scripts/bundle/build | |
if: ${{ inputs.skip-bundles == false }} | |
env: | |
ARCH: ${{ matrix.arch }} | |
ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
COMMIT: ${{ needs.vars.outputs.commit }} | |
GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
PROJECT: ${{ needs.vars.outputs.project }} | |
PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
VERSION: ${{ needs.vars.outputs.version }} | |
- uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
if: ${{ inputs.skip-bundles == false }} | |
with: | |
name: bundles-${{ matrix.arch }} | |
path: build/bundle/*.tar.gz* | |
bundle-test: | |
name: bundle / test / ${{ inputs.revision || 'main' }} / amd64 | |
runs-on: ubuntu-latest | |
needs: | |
- vars | |
- bundles | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
if: ${{ inputs.skip-bundles == false }} | |
with: | |
name: bundles-amd64 | |
path: build/bundle | |
- run: sudo -E scripts/bundle/test | |
if: ${{ inputs.skip-bundles == false }} | |
env: | |
ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
COMMIT: ${{ needs.vars.outputs.commit }} | |
GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
PROJECT: ${{ needs.vars.outputs.project }} | |
PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
VERSION: ${{ needs.vars.outputs.version }} | |
bundles-publish: | |
name: bundles / publish / ${{ inputs.revision || 'main' }} | |
runs-on: ubuntu-latest | |
needs: bundle-test | |
permissions: | |
id-token: write | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | |
if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
with: | |
credentials_json: ${{ secrets.GCS_CRIO_SA }} | |
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 | |
if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
with: | |
name: bundles-amd64 | |
path: build/bundle | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
with: | |
name: bundles-arm64 | |
path: build/bundle | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
with: | |
name: bundles-ppc64le | |
path: build/bundle | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
with: | |
name: bundles-s390x | |
path: build/bundle | |
- run: scripts/sign-artifacts | |
if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
- uses: google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0 # v2.2.1 | |
if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
with: | |
path: build/bundle | |
destination: cri-o/artifacts | |
parent: false | |
process_gcloudignore: false | |
- name: Create bundle marker | |
if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
run: find . -type f -iname "cri-o.amd64.*.tar.gz" | sed -n 's;.*amd64.\(.*\).tar.gz;\1;p' > latest-bundle-${{ inputs.revision || 'main' }}.txt | |
- name: Upload bundle marker | |
uses: google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0 # v2.2.1 | |
if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
with: | |
path: latest-bundle-${{ inputs.revision || 'main' }}.txt | |
destination: cri-o | |
process_gcloudignore: false | |
- uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
if: ${{ inputs.skip-bundles == false && github.event_name != 'pull_request' }} | |
with: | |
name: signatures | |
path: | | |
build/bundle/*.sig | |
build/bundle/*.cert | |
stage: | |
runs-on: ubuntu-latest | |
name: stage / ${{ inputs.revision || 'main' }} | |
timeout-minutes: 240 | |
needs: | |
- vars | |
- bundles-publish | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- run: scripts/obs | |
if: ${{ inputs.skip-stage == false && github.event_name != 'pull_request' }} | |
env: | |
ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
COMMIT: ${{ needs.vars.outputs.commit }} | |
GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
PROJECT: ${{ needs.vars.outputs.project }} | |
PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
VERSION: ${{ needs.vars.outputs.version }} | |
test-kubernetes: | |
runs-on: ubuntu-latest | |
timeout-minutes: 120 | |
needs: | |
- vars | |
- stage | |
strategy: | |
fail-fast: false | |
matrix: | |
type: | |
- deb | |
- rpm | |
name: test / ${{ matrix.type }} / kubernetes / amd64 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- run: sudo scripts/github-actions-setup | |
if: ${{ inputs.skip-tests == false }} | |
- run: sudo -E scripts/test-kubernetes | |
if: ${{ inputs.skip-tests == false }} | |
env: | |
TYPE: ${{ matrix.type }} | |
ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
COMMIT: ${{ needs.vars.outputs.commit }} | |
GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
PROJECT: ${{ needs.vars.outputs.project }} | |
PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
VERSION: ${{ needs.vars.outputs.version }} | |
test-architectures: | |
runs-on: ubuntu-latest | |
timeout-minutes: 120 | |
needs: | |
- vars | |
- stage | |
strategy: | |
fail-fast: false | |
matrix: | |
run: | |
- image: almalinux:9.2 | |
type: rpm | |
- image: fedora:39 | |
type: rpm | |
- image: debian:12 | |
type: deb | |
- image: ubuntu:22.04 | |
type: deb | |
arch: | |
- amd64 | |
- arm64 | |
- ppc64le | |
- s390x | |
exclude: | |
- run: | |
image: fedora:39 | |
arch: arm64 # takes forever | |
name: test / ${{ matrix.run.type }} / ${{ matrix.run.image }} / ${{ matrix.arch }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
- run: scripts/test-architectures | |
if: ${{ inputs.skip-tests == false }} | |
env: | |
IMAGE: ${{ matrix.run.image }} | |
ARCH: ${{ matrix.arch }} | |
TYPE: ${{ matrix.run.type }} | |
ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
COMMIT: ${{ needs.vars.outputs.commit }} | |
GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
PROJECT: ${{ needs.vars.outputs.project }} | |
PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
VERSION: ${{ needs.vars.outputs.version }} | |
release: | |
runs-on: ubuntu-latest | |
name: release / ${{ inputs.revision || 'main' }} | |
needs: | |
- vars | |
- test-architectures | |
- test-kubernetes | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- run: scripts/obs | |
if: ${{ inputs.skip-release == false && github.event_name != 'pull_request' }} | |
env: | |
RUN_RELEASE: 1 | |
ARCHIVE_PATH: ${{ needs.vars.outputs.archive_path }} | |
COMMIT: ${{ needs.vars.outputs.commit }} | |
GIT_ROOT: ${{ needs.vars.outputs.git_root }} | |
PROJECT: ${{ needs.vars.outputs.project }} | |
PROJECT_TYPE: ${{ needs.vars.outputs.project_type }} | |
PROJECT_VERSION: ${{ needs.vars.outputs.project_version }} | |
VERSION: ${{ needs.vars.outputs.version }} |