All Kernels and Hooks #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: All Kernels and Hooks | |
on: | |
#schedule: | |
# # every day at 5am UTC | |
# - cron: '0 5 * * *' | |
workflow_dispatch: | |
env: # Global environment, passed to all jobs & all steps | |
# Default to quay.io, which is also the default for the CLI. | |
# Allow to use ghcr.io as an alternative, change & uncomment below: | |
REGISTRY: "quay.io" # or ghcr.io, determines which will be logged-in to | |
#HOOK_KERNEL_OCI_BASE: "ghcr.io/${{ github.repository_owner }}/tinkerbell/kernel-" | |
#HOOK_LK_CONTAINERS_OCI_BASE: "ghcr.io/${{ github.repository_owner }}/tinkerbell/linuxkit-" | |
# Apart from the quay/ghcr coordinates above (used for both pulling & pushing), we might also want to | |
# log in to DockerHub (with a read-only token) so we aren't hit by rate limits when pulling the linuxkit pkgs. | |
# To do so, set the secret DOCKER_USERNAME and DOCKER_PASSWORD in the repo secrets, and set the below to yes. | |
LOGIN_TO_DOCKERHUB: "yes" | |
HOOK_VERSION: "0.9.0-alpha1-build-${{github.run_number}}" # Use a forced Hook version | |
# Which flavors to build? space separated list, must match one of the TAG='s in flavors (this is used by matrix_prep job in gha-matrix command) | |
CI_TAGS: "standard armbian-sbc armbian-uefi lts" # 'dev' is not included | |
# GHA runner configuration. See bash/json-matrix.sh for more details. | |
CI_RUNNER_LK_CONTAINERS_ARM64: "ARM64" # Use a self-hosted runner with the "ARM64" tag for the ARM64 builds of LK containers | |
jobs: | |
matrix_prep: | |
name: "Prepare matrix JSON" | |
runs-on: ubuntu-latest | |
outputs: | |
created: ${{ steps.date_prep.outputs.created }} # refer to as ${{needs.prepare.outputs.created}} | |
kernels_json: ${{ steps.prepare-matrix.outputs.kernels_json }} | |
lkcontainers_json: ${{ steps.prepare-matrix.outputs.lkcontainers_json }} | |
lk_hooks_json: ${{ steps.prepare-matrix.outputs.lk_hooks_json }} | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Prepare release ID (current date) # This only used for the GitHub Release; not included in any way in the build process. | |
id: date_prep | |
run: echo "created=$(date -u +'%Y%m%d-%H%M')" >> "${GITHUB_OUTPUT}" | |
- name: Run the matrix JSON preparation bash script | |
id: prepare-matrix | |
run: bash build.sh gha-matrix # This sets the output "kernels_json" & "lkcontainers_json" & "lk_hooks_json" internally | |
build-linuxkit-containers: | |
needs: [ matrix_prep ] | |
runs-on: "${{ matrix.runner }}" # the runner to use is determined by the 'gha-matrix' code | |
strategy: | |
fail-fast: true | |
matrix: | |
include: ${{ fromJSON(needs.matrix_prep.outputs.lkcontainers_json) }} | |
name: "LinuxKit containers for ${{ matrix.docker_arch }}" | |
steps: | |
- name: Checkout build repo | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker Login to quay.io | |
if: ${{ env.REGISTRY == 'quay.io' }} | |
uses: docker/login-action@v3 | |
with: { registry: "quay.io", username: "${{ secrets.QUAY_USERNAME }}", password: "${{ secrets.QUAY_PASSWORD }}" } | |
- name: Docker Login to GitHub Container Registry | |
if: ${{ env.REGISTRY == 'ghcr.io' }} | |
uses: docker/login-action@v3 | |
with: { registry: "ghcr.io", username: "${{ github.repository_owner }}", password: "${{ secrets.GITHUB_TOKEN }}" } | |
- name: Build and Push LinuxKit containers for ${{matrix.docker_arch}} | |
env: | |
DOCKER_ARCH: "${{ matrix.docker_arch }}" | |
DO_PUSH: "yes" | |
run: bash build.sh linuxkit-containers | |
build-kernels: | |
needs: [ matrix_prep ] # depend on the previous job... | |
runs-on: "${{ matrix.runner }}" # the runner to use is determined by the 'gha-matrix' code | |
strategy: | |
fail-fast: false # let other jobs try to complete if one fails, kernels might take long, and they'd be skipped on the next run | |
matrix: | |
include: ${{ fromJSON(needs.matrix_prep.outputs.kernels_json) }} | |
name: "Kernel ${{ matrix.kernel }}" | |
steps: | |
- name: Checkout build repo | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx # nb: no need for qemu here, kernels are cross-compiled, instead of the compilation being emulated | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker Login to quay.io | |
if: ${{ env.REGISTRY == 'quay.io' }} | |
uses: docker/login-action@v3 | |
with: { registry: "quay.io", username: "${{ secrets.QUAY_USERNAME }}", password: "${{ secrets.QUAY_PASSWORD }}" } | |
- name: Docker Login to GitHub Container Registry | |
if: ${{ env.REGISTRY == 'ghcr.io' }} | |
uses: docker/login-action@v3 | |
with: { registry: "ghcr.io", username: "${{ github.repository_owner }}", password: "${{ secrets.GITHUB_TOKEN }}" } | |
- name: Build and push Kernel ${{matrix.kernel}} (${{ matrix.arch }}) | |
env: | |
DO_PUSH: "yes" | |
run: bash build.sh build-kernel "${{ matrix.kernel }}" | |
build-hook-ensemble: | |
needs: [ matrix_prep, build-linuxkit-containers, build-kernels ] # depend on the previous job... | |
runs-on: "${{ matrix.runner }}" # the runner to use is determined by the 'gha-matrix' code | |
strategy: | |
fail-fast: false # let other jobs try to complete if one fails | |
matrix: | |
include: ${{ fromJSON(needs.matrix_prep.outputs.lk_hooks_json) }} | |
name: "Hook ${{ matrix.kernel }}" | |
steps: | |
- name: Checkout build repo | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx # nb: no need for qemu here, kernels are cross-compiled, instead of the compilation being emulated | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker Login to DockerHub # read-only token, required to be able to pull all the linuxkit pkgs without getting rate limited. | |
if: ${{ env.LOGIN_TO_DOCKERHUB == 'yes' }} | |
uses: docker/login-action@v3 | |
with: { registry: "docker.io", username: "${{ secrets.DOCKER_USERNAME }}", password: "${{ secrets.DOCKER_PASSWORD }}" } | |
- name: Docker Login to quay.io | |
if: ${{ env.REGISTRY == 'quay.io' }} | |
uses: docker/login-action@v3 | |
with: { registry: "quay.io", username: "${{ secrets.QUAY_USERNAME }}", password: "${{ secrets.QUAY_PASSWORD }}" } | |
- name: Docker Login to GitHub Container Registry | |
if: ${{ env.REGISTRY == 'ghcr.io' }} | |
uses: docker/login-action@v3 | |
with: { registry: "ghcr.io", username: "${{ github.repository_owner }}", password: "${{ secrets.GITHUB_TOKEN }}" } | |
- name: GitHub Actions Cache for 'cache' dir | |
uses: actions/cache@v4 | |
if: ${{ matrix.gha_cache == 'yes' }} # only set to yes for GH-hosted runners; see gha-matrix bash impl | |
with: | |
path: cache | |
key: "lk-cache-${{ matrix.docker_arch }}-${{ matrix.kernel }}-${{ hashFiles('linuxkit-templates/*') }}-${{ hashFiles('bash/**/*.sh') }}" | |
restore-keys: | | |
lk-cache-${{ matrix.docker_arch }}-${{ matrix.kernel }} | |
lk-cache-${{ matrix.docker_arch }} | |
save-always: true # always save the cache, even if build fails | |
- name: "Build Hook with Kernel ${{matrix.kernel}} (${{ matrix.arch }}) - cache: ${{matrix.gha_cache}}" | |
env: | |
DO_BUILD_LK_CONTAINERS: "no" # already built them; this is only for hook/linuxkit. | |
run: bash build.sh build "${{ matrix.kernel }}" | |
- name: Upload deb as artifact ${{ matrix.arch.name }} ${{ matrix.distro }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "hook-tarball-${{ matrix.kernel }}" | |
path: out/*.tar.gz | |
release: | |
name: Publish all Hooks to GitHub Releases | |
needs: [ matrix_prep, build-hook-ensemble ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download built Hook artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: "hook-tarball-*" | |
merge-multiple: true | |
path: out | |
# Release the artifacts into GitHub Releases. @TODO this GHA Action is not ideal, uses old nodejs, but I can't find a better one. | |
- name: "GH Release" | |
uses: "marvinpinto/action-automatic-releases@latest" | |
with: | |
repo_token: "${{ secrets.GITHUB_TOKEN }}" | |
automatic_release_tag: "${{needs.matrix_prep.outputs.created}}" | |
prerelease: false | |
title: "${{needs.matrix_prep.outputs.created}}" | |
files: | | |
out/*.tar.gz |