fix: wireless module now has sufficient privileges #70
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
push: | |
pull_request: | |
workflow_dispatch: | |
env: | |
PYTHON_VERSION: '3.11' | |
jobs: | |
dependencies: | |
name: Install Dependencies | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
name: Checkout | |
- uses: actions/setup-python@v5 | |
name: Setup Python | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
architecture: x64 | |
- name: Install Poetry | |
uses: snok/install-poetry@v1 | |
with: | |
virtualenvs-create: true | |
- name: Install dependencies | |
run: poetry install --extras=dev --with dev | |
- name: Save Cached Poetry | |
id: cached-poetry | |
uses: actions/cache/save@v4 | |
with: | |
path: | | |
~/.cache | |
~/.local | |
key: poetry-${{ hashFiles('pyproject.toml', 'poetry.lock') }} | |
type-check: | |
name: Type Check | |
needs: | |
- dependencies | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
name: Checkout | |
- uses: actions/setup-python@v5 | |
name: Setup Python | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
architecture: x64 | |
- name: Load Cached Poetry | |
id: cached-poetry | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
~/.cache | |
~/.local | |
key: poetry-${{ hashFiles('pyproject.toml', 'poetry.lock') }} | |
- name: Create stub files | |
run: poetry run pyright --createstub kivy | |
- name: Type Check | |
run: poetry run poe typecheck | |
lint: | |
name: Lint | |
needs: | |
- dependencies | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
name: Checkout | |
- uses: actions/setup-python@v5 | |
name: Setup Python | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
architecture: x64 | |
- name: Load Cached Poetry | |
id: cached-poetry | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
~/.cache | |
~/.local | |
key: poetry-${{ hashFiles('pyproject.toml', 'poetry.lock') }} | |
- name: Lint | |
run: poetry run poe lint | |
build: | |
name: Build | |
needs: | |
- dependencies | |
runs-on: ubuntu-latest | |
outputs: | |
ubo_app_version: ${{ steps.extract_version.outputs.ubo_app_version }} | |
steps: | |
- uses: actions/checkout@v4 | |
name: Checkout | |
with: | |
lfs: true | |
- uses: actions/setup-python@v5 | |
name: Setup Python | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
architecture: x64 | |
- name: Load Cached Poetry | |
id: cached-poetry | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
~/.cache | |
~/.local | |
key: poetry-${{ hashFiles('pyproject.toml', 'poetry.lock') }} | |
- name: Build | |
run: poetry build | |
- name: Extract Version | |
id: extract_version | |
run: | | |
echo "ubo_app_version=$(poetry run python scripts/print_version.py)" >> "$GITHUB_OUTPUT" | |
echo "ubo_app_version=$(poetry run python scripts/print_version.py)" | |
- name: Upload wheel | |
uses: actions/upload-artifact@v4 | |
with: | |
name: wheel | |
path: dist/*.whl | |
if-no-files-found: error | |
- name: Upload binary | |
uses: actions/upload-artifact@v4 | |
with: | |
name: binary | |
path: dist/*.tar.gz | |
if-no-files-found: error | |
pypi-publish: | |
name: Publish to PyPI | |
if: >- | |
github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
needs: | |
- type-check | |
- lint | |
- build | |
runs-on: ubuntu-latest | |
environment: | |
name: PyPI | |
url: https://pypi.org/p/ubo-app | |
permissions: | |
id-token: write | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: wheel | |
path: dist | |
- uses: actions/download-artifact@v4 | |
with: | |
name: binary | |
path: dist | |
- name: Publish package distributions to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
packages-dir: dist | |
verbose: true | |
images: | |
name: Create Images | |
needs: | |
- build | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/solo-io/packer-plugin-arm-image | |
env: | |
PACKER_CACHE_DIR: /build/packer_cache | |
volumes: | |
- /dev:/dev | |
options: --rm --privileged | |
strategy: | |
fail-fast: false | |
matrix: | |
suffix: ['lite', '', 'full'] | |
steps: | |
- run: echo Building amd64-${{ matrix.suffix }} image | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: wheel | |
path: /build/dist | |
- uses: actions/download-artifact@v4 | |
with: | |
name: binary | |
path: /build/dist | |
- run: | | |
ls -l /build/dist | |
- name: Generate Image URL and Checksum | |
id: generate_image_url | |
run: | | |
if [ -n "${{ matrix.suffix }}" ]; then | |
SUFFIX="_${{ matrix.suffix }}" | |
else | |
SUFFIX="${{ matrix.suffix }}" | |
fi | |
DASHED_SUFFIX=$(echo $SUFFIX | sed 's/_/-/g') | |
IMAGE_URL="https://downloads.raspberrypi.com/raspios${SUFFIX}_arm64/images/raspios${SUFFIX}_arm64-2023-12-06/2023-12-05-raspios-bookworm-arm64${DASHED_SUFFIX}.img.xz" | |
IMAGE_CHECKSUM=$(curl -s "${IMAGE_URL}.sha256" | awk '{print $1}') | |
echo "suffix=$SUFFIX" >> "$GITHUB_OUTPUT" | |
echo "dashed_suffix=$DASHED_SUFFIX" >> "$GITHUB_OUTPUT" | |
echo "image_url=$IMAGE_URL" >> "$GITHUB_OUTPUT" | |
echo "image_checksum=$IMAGE_CHECKSUM" >> "$GITHUB_OUTPUT" | |
- name: Build Artifact | |
env: | |
PKR_VAR_ubo_app_version: ${{ needs.build.outputs.ubo_app_version }} | |
PKR_VAR_image_url: ${{ steps.generate_image_url.outputs.image_url }} | |
PKR_VAR_image_checksum: | |
${{ steps.generate_image_url.outputs.image_checksum }} | |
PKR_VAR_target_image_size: | |
${{ matrix.suffix == 'lite' && '3758096384' || '0' }} | |
run: | | |
/entrypoint.sh validate scripts/packer/image.pkr.hcl | |
/entrypoint.sh build scripts/packer/image.pkr.hcl | |
- name: Write Zeroes to Free Space | |
run: | | |
losetup -P /dev/loop3 /build/image.img | |
apt-get -y update | |
apt-get install -y zerofree | |
zerofree /dev/loop3p2 | |
losetup -d /dev/loop3 | |
- name: Compress File with Gzip | |
run: | | |
scripts/consume.sh /build/image.img | gzip -9 > /ubo_app-bookworm${{ steps.generate_image_url.outputs.dashed_suffix }}.img.gz | |
- name: Upload Image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: | |
ubo_app-bookworm${{ | |
steps.generate_image_url.outputs.dashed_suffix}}.img.gz | |
path: | |
/ubo_app-bookworm${{ steps.generate_image_url.outputs.dashed_suffix | |
}}.img.gz | |
if-no-files-found: error | |
release: | |
name: Release | |
needs: | |
- type-check | |
- lint | |
- build | |
- pypi-publish | |
- images | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- name: Procure Lite Image | |
uses: actions/download-artifact@v4 | |
with: | |
name: ubo_app-bookworm-lite.img.gz | |
path: artifacts | |
- name: Procure Default Image | |
uses: actions/download-artifact@v4 | |
with: | |
name: ubo_app-bookworm.img.gz | |
path: artifacts | |
# TODO | |
# It is larger than 2GB, so it is not possible to upload it to GitHub | |
# Looking for a solution to this problem | |
# - name: Procure Full Image | |
# uses: actions/download-artifact@v4 | |
# with: | |
# name: ubo_app-bookworm-full.img.gz | |
# path: artifacts | |
- name: Procure Wheel | |
uses: actions/download-artifact@v4 | |
with: | |
name: wheel | |
path: artifacts | |
- name: Procure Binary | |
uses: actions/download-artifact@v4 | |
with: | |
name: binary | |
path: artifacts | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
files: artifacts/* | |
tag_name: ${{ needs.build.outputs.ubo_app_version }} | |
body: | | |
Release of version ${{ needs.build.outputs.ubo_app_version }} | |
PyPI package: https://pypi.org/project/ubo-app/${{ needs.build.outputs.ubo_app_version }} | |
prerelease: false | |
draft: false |