From 9a05d126f5bd2cc14af5d4c55499c07023f058d8 Mon Sep 17 00:00:00 2001 From: Noel Georgi Date: Mon, 23 Oct 2023 18:53:27 +0530 Subject: [PATCH] feat: move to gh workflow Move to GitHub workflows. Signed-off-by: Noel Georgi --- .drone.yml | 163 ---------------------------- .github/workflows/ci.yaml | 58 ++++++++++ .github/workflows/cron.yaml | 38 +++++++ .github/workflows/slack-notify.yaml | 88 +++++++++++++++ Pkgfile | 6 - dwarfutils/pkg.yaml | 2 +- sd-boot/pkg.yaml | 1 + 7 files changed, 186 insertions(+), 170 deletions(-) delete mode 100644 .drone.yml create mode 100644 .github/workflows/cron.yaml create mode 100644 .github/workflows/slack-notify.yaml diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 9a7edd5..0000000 --- a/.drone.yml +++ /dev/null @@ -1,163 +0,0 @@ ---- -kind: pipeline -type: kubernetes -name: default - -steps: - - name: setup-ci - image: autonomy/build-container:latest - commands: - - git fetch --tags - - install-ci-key - - setup-buildx-amd64-arm64 - environment: - SSH_KEY: - from_secret: ssh_key - resources: - requests: - cpu: 24000 - memory: 48GiB - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: build-pull-request - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - commands: - - make - when: - event: - include: - - pull_request - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: reproducibility-test - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - commands: - - make reproducibility-test - when: - target: - include: - - integration-reproducibility - event: - exclude: - - pull_request - - tag - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: reproducibility-test-cron - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - commands: - - make reproducibility-test - when: - cron: - - weekly - event: - exclude: - - pull_request - - tag - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: build-and-publish - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - environment: - GHCR_USERNAME: - from_secret: ghcr_username - GHCR_PASSWORD: - from_secret: ghcr_token - commands: - - docker login ghcr.io --username "$${GHCR_USERNAME}" --password "$${GHCR_PASSWORD}" - - make PUSH=true - when: - event: - exclude: - - pull_request - - promote - - cron - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - -trigger: - branch: - exclude: - - renovate/* - - dependabot/* - -volumes: - - name: docker-socket - host: - path: /var/ci-docker - - name: docker - temp: {} - - name: ssh - temp: {} ---- -kind: pipeline -type: kubernetes -name: notify - -clone: - disable: true - -steps: - - name: slack - image: plugins/slack - settings: - webhook: - from_secret: slack_webhook - channel: proj-talos-maintainers - when: - status: - - success - - failure - -trigger: - branch: - exclude: - - renovate/* - - dependabot/* - status: - - success - - failure - -depends_on: - - default diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c5ec133..5746169 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -38,3 +38,61 @@ jobs: steps: - name: checkout uses: actions/checkout@v3 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://localhost:1234 + append: | + - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 + platforms: linux/arm64 + - name: build + run: | + make + - name: Login to registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + username: ${{ github.repository_owner }} + - name: Push to registry + if: github.event_name != 'pull_request' + run: | + make PUSH=true + reproducibility: + runs-on: + - self-hosted + - pkgs + if: ${{ contains(github.event.pull_request.labels.*.name, 'integration/reproducibility') }} + needs: + - default + services: + buildkitd: + image: moby/buildkit:buildx-stable-1 + ports: + - 1234:1234 + options: --privileged + volumes: + - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit + - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml + steps: + - name: checkout + uses: actions/checkout@v3 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://localhost:1234 + append: | + - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 + platforms: linux/arm64 + - name: reproducibility + run: | + make reproducibility-test diff --git a/.github/workflows/cron.yaml b/.github/workflows/cron.yaml new file mode 100644 index 0000000..149116e --- /dev/null +++ b/.github/workflows/cron.yaml @@ -0,0 +1,38 @@ +name: weekly +concurrency: + group: ${{ github.event.label == null && github.head_ref || github.run_id }} + cancel-in-progress: true +on: + schedule: + - cron: '30 1 * * 1' +jobs: + reproducibility: + runs-on: + - self-hosted + - pkgs + services: + buildkitd: + image: moby/buildkit:buildx-stable-1 + ports: + - 1234:1234 + options: --privileged + volumes: + - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit + - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml + steps: + - name: checkout + uses: actions/checkout@v3 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://localhost:1234 + append: | + - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 + platforms: linux/arm64 + - name: reproducibility + run: | + make reproducibility-test diff --git a/.github/workflows/slack-notify.yaml b/.github/workflows/slack-notify.yaml new file mode 100644 index 0000000..3d28228 --- /dev/null +++ b/.github/workflows/slack-notify.yaml @@ -0,0 +1,88 @@ +name: slack-notify +"on": + workflow_run: + workflows: + - default + - weekly + - integration + types: + - completed +jobs: + slack-notify: + runs-on: + - self-hosted + if: ${{ github.event.workflow_run.conclusion != 'skipped' }} + steps: + - name: Retrieve Workflow Run Info + id: retrieve-workflow-run-info + uses: potiuk/get-workflow-origin@v1_5 + with: + sourceRunId: ${{ github.event.workflow_run.id }} + token: ${{ secrets.GITHUB_TOKEN }} + - name: Slack Notify + uses: slackapi/slack-github-action@v1 + with: + channel-id: proj-talos-maintainers + payload: | + { + "attachments": [ + { + "color": "${{ github.event.workflow_run.conclusion == 'success' && '#2EB886' || github.event.workflow_run.conclusion == 'failure' && '#A30002' || '#FFCC00' }}", + "fallback": "test", + "blocks": [ + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "${{ github.event.workflow_run.event == 'pull_request' && format('*Pull Request:* {0} (`{1}`)\n<{2}/pull/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, steps.retrieve-workflow-run-info.outputs.pullRequestNumber, github.event.workflow_run.display_title) || format('*Build:* {0}#{1} (`{2}`)', github.repository, github.sha, github.ref_name) }}" + }, + { + "type": "mrkdwn", + "text": "*Status:*\n`${{ github.event.workflow_run.conclusion }}`" + } + ] + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Author:*\n`${{ github.actor }}`" + }, + { + "type": "mrkdwn", + "text": "*Event:*\n`${{ github.event.workflow_run.event }}`" + } + ] + }, + { + "type": "divider" + }, + { + "type": "actions", + "elements": [ + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Logs" + }, + "url": "${{ github.event.workflow_run.html_url }}" + }, + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Commit" + }, + "url": "${{ github.event.repository.html_url }}/commit/${{ github.sha }}" + } + ] + } + ] + } + ] + } + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/Pkgfile b/Pkgfile index f13c4d4..7c4946c 100644 --- a/Pkgfile +++ b/Pkgfile @@ -143,12 +143,6 @@ vars: grep_sha256: 1db2aedde89d0dea42b16d9528f894c8d15dae4e190b59aecc78f5a951276eab grep_sha512: f254a1905a08c8173e12fbdd4fd8baed9a200217fba9d7641f0d78e4e002c1f2a621152d67027d9b25f0bb2430898f5233dc70909d8464fd13d7dd9298e65c42 - # renovate: datasource=git-tags depName=https://git.code.sf.net/p/gnu-efi/code.git - # we have to use 3.0.15 for now, since anything later breaks building sd-stub/sd-boot. - gnuefi_version: 3.0.15 - gnuefi_sha256: 931a257b9c5c1ba65ff519f18373c438a26825f2db7866b163e96d1b168f20ea - gnuefi_sha512: 64d408b6d115bdc6eebae12fbd6cd907ed5f847f54e506c1e8f8ea5de38a95cf6fac66ab1009bd1d0bd2d54ad45ad598d29bcc303926a5899bf5cc25448cbb2f - # renovate: datasource=git-tags depName=https://gitlab.com/gnutls/gnutls.git gnutls_version: 3.8.1 gnutls_sha256: ba8b9e15ae20aba88f44661978f5b5863494316fe7e722ede9d069fe6294829c diff --git a/dwarfutils/pkg.yaml b/dwarfutils/pkg.yaml index 895978f..22ae9c3 100644 --- a/dwarfutils/pkg.yaml +++ b/dwarfutils/pkg.yaml @@ -9,7 +9,7 @@ steps: sha256: "{{ .dwarfutils_sha256 }}" sha512: "{{ .dwarfutils_sha512 }}" env: - SOURCE_DATE_EPOCH: "1" + SOURCE_DATE_EPOCH: {{ .BUILD_ARG_SOURCE_DATE_EPOCH }} prepare: - | tar -xvf dwarfutils.tar.xz --strip-components=1 diff --git a/sd-boot/pkg.yaml b/sd-boot/pkg.yaml index 208ad7b..4b27237 100644 --- a/sd-boot/pkg.yaml +++ b/sd-boot/pkg.yaml @@ -22,6 +22,7 @@ steps: sha512: "{{ .systemd_sha512 }}" env: LD_LIBRARY_PATH: "/toolchain/lib" + SOURCE_DATE_EPOCH: {{ .BUILD_ARG_SOURCE_DATE_EPOCH }} prepare: - | tar -xzf systemd.tar.gz --strip-components=1