-
-
Notifications
You must be signed in to change notification settings - Fork 4
176 lines (166 loc) · 5.72 KB
/
Copy pathbuild-iso.yml
File metadata and controls
176 lines (166 loc) · 5.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
name: Build ISO
on:
workflow_call:
inputs:
image:
description: "Full podman image reference, including hash"
required: true
type: string
image-name:
description: "Name of the image, will be used to name the file name ISO"
required: true
type: string
update_origin_ref:
description: "Image reference to update from (ie: {image}:latest)"
required: false
type: string
update_is_signed:
description: "Whether the image is signed or not"
required: false
type: boolean
default: true
config-file:
description: "Path to the ISO configuration file"
required: true
type: string
platforms:
description: "The platforms to build the image for"
required: false
type: string
default: "amd64,arm64"
use_librepo:
description: "Use librepo to download the image"
required: false
type: boolean
default: false
REGISTRY_USER:
description: "The username to use for the registry"
required: false
type: string
default: "${{ github.actor }}"
REGISTRY:
description: "The registry to push the image to"
required: false
type: string
default: "ghcr.io"
upload-to-github:
description: "Upload the ISO to GitHub Actions artifacts"
required: false
type: boolean
default: true
upload-to-cloudflare:
description: "Upload the ISO to Cloudflare"
required: false
type: boolean
default: false
upload-to-s3:
description: "Upload the ISO to S3"
required: false
type: boolean
default: false
s3-path:
description: "The path to upload the ISO to in S3"
required: false
type: string
bucket:
description: "The S3/R2 bucket to upload the ISO to"
required: false
type: string
aws-default-region:
description: "The AWS region to use for S3 uploads"
required: false
type: string
secrets:
REGISTRY_TOKEN:
description: "The token to use for the registry"
required: true
R2_ACCOUNT_ID:
description: "Cloudflare R2 account ID"
required: false
ACCESS_KEY_ID:
description: "Cloudflare R2 access key ID"
required: false
SECRET_ACCESS_KEY:
description: "Cloudflare R2 secret access key"
required: false
AWS_ROLE_ARN:
description: "The AWS role ARN to assume for AWS S3 uploads"
required: false
env:
INTERNAL_ACTIONS_REF: v11
jobs:
generate_matrix:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Set matrix
id: set-matrix
run: |
# turn the comma separated string into a list
platforms=()
IFS=',' read -r -a platforms <<< "${{ inputs.platforms }}"
MATRIX="{\"include\":[]}"
for platform in "${platforms[@]}"; do
MATRIX=$(echo $MATRIX | jq ".include += [{\"platform\": \"$platform\"}]")
done
echo "matrix=$(echo $MATRIX | jq -c '.')" >> $GITHUB_OUTPUT
build-iso:
runs-on: ${{ matrix.platform == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
needs: generate_matrix
strategy:
fail-fast: false
matrix: ${{fromJson(needs.generate_matrix.outputs.matrix)}}
permissions:
id-token: write
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v4
- name: Checkout github actions
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v4
with:
repository: AlmaLinux/atomic-ci
ref: ${{ env.INTERNAL_ACTIONS_REF }}
path: github-actions
- name: Build ISO
id: build-iso
uses: ./github-actions/.github/actions/build-iso
with:
image: ${{ inputs.image }}
image-name: ${{ inputs.image-name }}
update_origin_ref: ${{ inputs.update_origin_ref }}
update_is_signed: ${{ inputs.update_is_signed }}
config-file: ${{ inputs.config-file }}
platform: ${{ matrix.platform }}
use_librepo: ${{ inputs.use_librepo }}
REGISTRY: ${{ inputs.REGISTRY }}
REGISTRY_USER: ${{ inputs.REGISTRY_USER }}
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
- name: Upload to Job Artifacts
if: inputs.upload-to-github == true
uses: ./github-actions/.github/actions/upload-gh
with:
artifact_name: ${{ steps.build-iso.outputs.artifact_name }}
directory: ${{ steps.build-iso.outputs.output_directory }}
- name: Upload to Cloudflare
if: inputs.upload-to-cloudflare == true
uses: ./github-actions/.github/actions/upload-r2
with:
directory: ${{ steps.build-iso.outputs.output_directory }}
bucket: ${{ inputs.bucket }}
R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }}
R2_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY_ID }}
R2_SECRET_ACCESS_KEY: ${{ secrets.SECRET_ACCESS_KEY }}
- name: Upload to AWS S3
if: inputs.upload-to-s3 == true
uses: ./github-actions/.github/actions/upload-s3
with:
directory: ${{ steps.build-iso.outputs.output_directory }}
bucket: ${{ inputs.bucket }}
path: ${{ inputs.s3-path }}
aws-default-region: ${{ inputs.aws-default-region }}
iso-name: ${{ steps.build-iso.outputs.iso_name }}
checksum-name: ${{ steps.build-iso.outputs.checksum_name }}
AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }}