Skip to content
release

umask #25

Sign in to view logs

umask

umask #25

Workflow file for this run

.github/workflows/release.yml at 0e60c44
name: release
on:
push:
tags:
- v*
workflow_dispatch: {}
jobs:
build:
name: build image
runs-on: warp-ubuntu-latest-x64-32x
steps:
- uses: actions/checkout@v5
- name: Restore cache
id: restore-cache
uses: actions/cache/restore@v4
with:
path: |
cache.tar
key: mkosi-buildernet-
- name: Install tools
run: |
sudo apt-get update && sudo apt-get install -y \
debian-archive-keyring \
minisign\
rclone
pip3 install git+https://github.com/systemd/mkosi.git@$(cat .mkosi_version)
- name: Create rclone config
run: |
mkdir -p ~/.config/rclone
cat << EOF > ~/.config/rclone/rclone.conf
[r2-flashbots-public-artifacts]
type = s3
provider = Cloudflare
access_key_id = "$R2_FLASHBOTS_PUBLIC_ARTIFACTS_ACCESS_KEY"
secret_access_key = "$R2_FLASHBOTS_PUBLIC_ARTIFACTS_SECRET_KEY"
region = auto
endpoint = "$R2_FLASHBOTS_PUBLIC_ARTIFACTS_ENDPOINT"
acl = private
EOF
- name: Extract cache
run: |
if [[ -f cache.tar ]]; then
sudo tar -xf cache.tar
sudo rm -f cache.tar
fi
- name: Enable user namespaces
run: |
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
- name: Build image
run: |
umask 022
mkosi --force -I buildernet.conf --image-version=${GITHUB_REF_NAME#v}-${GITHUB_SHA::8}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: buildernet-images
path: |
mkosi.output/*.efi
mkosi.output/*.tar.gz
mkosi.output/*.vhd
- name: Sign artifacts
run: |
mkdir -p ~/.minisign
echo "$MINISIGN_SECRET_KEY" > ~/.minisign/minisign.key
chmod 600 ~/.minisign/minisign.key
for file in mkosi.output/*.{efi,tar.gz,vhd}; do
echo "$MINISIGN_SECRET_KEY_PASSWORD" | minisign -Sm "$file" -t "github.com/${GITHUB_REPOSITORY}/commit/${GITHUB_SHA}"
done
- name: Generate SHA256 checksums
run: |
sha256sum mkosi.output/*.{efi,tar.gz,vhd} | tee mkosi.output/checksums.sha256
- name: Upload to R2
run: |
for file in mkosi.output/*.{efi,tar.gz,vhd,minisign,checksums.sha256}; do
rclone copy "$file" r2-flashbots-public-artifacts:flashbots-public-artifacts/buildernet-images/${GITHUB_REF_NAME#v}/$file
done
- name: Prepare cache
run: |
sudo find . \( -name "mkosi.builddir" -o -name "mkosi.cache" -o -name "mkosi.tools" \) -type d -print0 | \
sudo tar --null -rf cache.tar -T - 2>/dev/null || true
- uses: actions/cache/save@v4
id: save-cache
with:
path: cache.tar
key: mkosi-buildernet-${{ github.run_id }}