Merge pull request #272 from frostyard/auto-update-packages #698
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build sysexts | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| permissions: {} | |
| env: | |
| IMAGE_NAME: snosi | |
| REPO_NAME: snosi | |
| IMAGE_DESC: "Snow Linux - A minimal bootc-enabled OS image" | |
| IMAGE_KEYWORDS: "linux,os,bootc,systemd,debian" | |
| IMAGE_LICENSE: Apache-2.0 | |
| IMAGE_LOGO_URL: "" # Optional: URL to logo image | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }} | |
| cancel-in-progress: ${{ github.event_name == 'push' }} | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| attestations: write | |
| steps: | |
| - name: Aggressive cleanup | |
| run: | | |
| # Remove Java (JDKs) | |
| sudo rm -rf /usr/lib/jvm | |
| # Remove .NET SDKs | |
| sudo rm -rf /usr/share/dotnet | |
| # Remove Swift toolchain | |
| sudo rm -rf /usr/share/swift | |
| # Remove Haskell (GHC) | |
| sudo rm -rf /usr/local/.ghcup | |
| # Remove Julia | |
| sudo rm -rf /usr/local/julia* | |
| # Remove Android SDKs | |
| sudo rm -rf /usr/local/lib/android | |
| # Remove Chromium (optional if not using for browser tests) | |
| sudo rm -rf /usr/local/share/chromium | |
| # Remove Microsoft/Edge and Google Chrome builds | |
| sudo rm -rf /opt/microsoft /opt/google | |
| # Remove Azure CLI | |
| sudo rm -rf /opt/az | |
| # Remove PowerShell | |
| sudo rm -rf /usr/local/share/powershell | |
| # Remove CodeQL and other toolcaches | |
| sudo rm -rf /opt/hostedtoolcache | |
| docker system prune -af || true | |
| docker builder prune -af || true | |
| df -h | |
| - name: Checkout repository | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| persist-credentials: false | |
| - name: Check mkosi package duplicates | |
| run: ./check-duplicate-packages.sh | |
| - name: Generate build date | |
| id: date | |
| run: echo "date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT | |
| - name: Generate version tag | |
| id: version | |
| run: echo "tag=$(date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT | |
| - name: setup-mkosi | |
| uses: systemd/mkosi@3c3a08fb07d27fbe473625aa0725655cfb2c68bf | |
| - name: Build main and sysexts | |
| env: | |
| # These are picked up by mkosi.postoutput script | |
| CREATED_DATE: ${{ steps.date.outputs.date }} | |
| DEFAULT_TAG: ${{ steps.version.outputs.tag }} | |
| IMAGE_VERSION: ${{ steps.version.outputs.tag }} | |
| IMAGE_NAME: ${{ env.IMAGE_NAME }} | |
| IMAGE_DESC: ${{ env.IMAGE_DESC }} | |
| IMAGE_KEYWORDS: ${{ env.IMAGE_KEYWORDS }} | |
| IMAGE_LICENSE: ${{ env.IMAGE_LICENSE }} | |
| IMAGE_LOGO_URL: ${{ env.IMAGE_LOGO_URL }} | |
| # These are automatically available from GitHub context | |
| GITHUB_SHA: ${{ github.sha }} | |
| GITHUB_REPOSITORY_OWNER: ${{ github.repository_owner }} | |
| run: | | |
| sudo -E mkosi build | |
| sudo ./sysextmv.sh | |
| sudo ./manifestmv.sh | |
| - name: Publish sysexts to frostyard repo | |
| if: github.event_name != 'pull_request' | |
| uses: frostyard/repogen/.github/actions/publish-to-r2@f762d00a036951587a84dcf6211cfdbdf0881818 | |
| with: | |
| r2-account-id: ${{ secrets.R2_ACCOUNT_ID }} | |
| r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| r2-bucket: frostyardrepo | |
| skip-duplicates: true | |
| gpg-private-key: ${{ secrets.REPOGEN_GPG_KEY }} | |
| packages-dir: ./output/sysexts | |
| package-type: sysext # or sysext | |
| base-url: https://repository.frostyard.org # required for sysext | |
| - name: Upload manifests to R2 | |
| if: github.event_name != 'pull_request' | |
| uses: ryand56/r2-upload-action@b801a390acbdeb034c5e684ff5e1361c06639e7c | |
| with: | |
| r2-account-id: ${{ secrets.R2_ACCOUNT_ID }} | |
| r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| r2-bucket: frostyardrepo | |
| source-dir: output/manifests | |
| destination-dir: manifests/ |