Mirrors/netboot.xyz
1
0
Fork 0
mirror of https://github.com/netbootxyz/netboot.xyz.git synced 2026-01-23 02:34:26 +00:00
Code Issues Projects Releases Wiki Activity

Switch to using Github Actions

Browse source 
With the recent changes to Travis CI, it seemed
like a good time to begin porting netboot.xyz CI
over to Github Actions to keep everything in on
place.  These are the changes for the main
netboot.xyz repo.
This commit is contained in:
Antony Messerli 2020-12-03 04:31:03 -06:00
parent 8dc689727a
commit 3830da6bb2
9 changed files with 273 additions and 204 deletions
Download patch file Download diff file Expand all files Collapse all files

58
.github/workflows/development.yml vendored Normal file
View file

@ -0,0 +1,58 @@
name: development
on:
push:
branches:
- development
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET_DEV }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DISCORD_HOOK_URL: ${{ secrets.DISCORD_HOOK_URL }}
GITHUB_SHA: ${{ github.sha }}
jobs:
development-build:
name: Build Development
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Retrieve Certs
run: |
./script/retrieve_certs
env:
GIT_USER: ${{ secrets.GIT_USER }}
GIT_AUTH: ${{ secrets.GIT_AUTH }}
GIT_URL: ${{ secrets.GIT_URL }}
CERTS_KEY: ${{ secrets.CERTS_KEY }}
- name: Build Development Release
run: |
./script/build_release dev
- name: Deploy development release to bucket/SHA
uses: jakejarvis/s3-sync-action@master
with:
args: --acl public-read --follow-symlinks
env:
SOURCE_DIR: 's3out'
DEST_DIR: '$GITHUB_SHA'
- name: Deploy development release to bucket
uses: jakejarvis/s3-sync-action@master
with:
args: --acl public-read --follow-symlinks
env:
SOURCE_DIR: 's3outver'
- name: Notify Discord on failure
if: failure()
run: |
./script/message failure
- name: Notify Discord on completion
if: success()
run: |
./script/message dev-push

42
.github/workflows/pull-requests.yml vendored Normal file
View file

@ -0,0 +1,42 @@
name: pull-requests
on:
pull_request:
branches:
- development
- RC
- master
jobs:
test-pr:
name: Test Pull Request
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install ansible ansible-lint
- name: Syntax Check
run: |
ansible-playbook -i inventory site.yml --syntax-check
- name: Ansible lint
run: |
ansible-lint -v roles/netbootxyz
build-pr:
name: Build Pull Request
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
- name: Build PR release
run: |
./script/build_release pr

82
.github/workflows/release-candidate.yml vendored Normal file
View file

@ -0,0 +1,82 @@
name: release-candidate
on:
push:
branches:
- RC
env:
DISCORD_HOOK_URL: ${{ secrets.DISCORD_HOOK_URL }}
GITHUB_SHA: ${{ github.sha }}
jobs:
rc-build:
name: Build Release Candidate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Retrieve Certs
run: |
./script/retrieve_certs
env:
GIT_USER: ${{ secrets.GIT_USER }}
GIT_AUTH: ${{ secrets.GIT_AUTH }}
GIT_URL: ${{ secrets.GIT_URL }}
CERTS_KEY: ${{ secrets.CERTS_KEY }}
- name: Set Release Tag
id: release
run: echo "::set-output name=release_tag::$(cat version.txt)-RC"
- name: Build RC release
run: |
./script/build_release rc
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_ACCESS_REGION }}
- name: Deploy RC to release-candidate bucket
run: |
aws s3 sync --no-progress --acl public-read s3out s3://${{ secrets.AWS_S3_BUCKET_STAGING }}/${{ steps.release.outputs.release_tag }}
- name: Deploy RC to rolling bucket
run: |
aws s3 sync --no-progress --acl public-read s3out-latest s3://${{ secrets.AWS_S3_BUCKET_STAGING }}/rc
- name: Deploy RC version file
run: |
aws s3 sync --no-progress --acl public-read s3outver s3://${{ secrets.AWS_S3_BUCKET_STAGING }}
- name: Invalidate Cloudfront
run: |
aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DIST_ID_STAGING }} --paths "/rc/*" "/rc/ipxe/*"
- name: Tag RC Release
run: |
./script/tag ${{ steps.release.outputs.release_tag }}
- name: Create RC Release and Upload Assets
uses: svenstaro/upload-release-action@v2
with:
file: githubout/*
file_glob: true
overwrite: true
prerelease: true
release_name: ${{ steps.release.outputs.release_tag }}
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ steps.release.outputs.release_tag }}
- name: Notify Discord on failure
if: failure()
run: |
./script/message failure
- name: Notify Discord on completion
if: success()
run: |
./script/message rc-push

78
.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,78 @@
name: release
on:
push:
branches:
- master
env:
DISCORD_HOOK_URL: ${{ secrets.DISCORD_HOOK_URL }}
GITHUB_SHA: ${{ github.sha }}
jobs:
release:
name: Build Release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Retrieve Certs
run: |
./script/retrieve_certs
env:
GIT_USER: ${{ secrets.GIT_USER }}
GIT_AUTH: ${{ secrets.GIT_AUTH }}
GIT_URL: ${{ secrets.GIT_URL }}
CERTS_KEY: ${{ secrets.CERTS_KEY }}
- name: Set Release Tag
id: release
run: echo "::set-output name=release_tag::$(cat version.txt)"
- name: Build release
run: |
./script/build_release release
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_ACCESS_REGION }}
- name: Deploy master to release bucket
run: |
aws s3 sync --no-progress --acl public-read s3out s3://${{ secrets.AWS_S3_BUCKET_PROD }}/${{ steps.release.outputs.release_tag }}
- name: Deploy master to rolling bucket
run: |
aws s3 sync --no-progress --acl public-read s3out-latest s3://${{ secrets.AWS_S3_BUCKET_PROD }}
- name: Invalidate Cloudfront
run: |
aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DIST_ID_PROD }} --paths "/*" "/ipxe/*"
- name: Tag Release
run: |
./script/tag ${{ steps.release.outputs.release_tag }}
- name: Create Release and Upload Assets
uses: svenstaro/upload-release-action@v2
with:
file: githubout/*
file_glob: true
overwrite: true
prerelease: false
release_name: ${{ steps.release.outputs.release_tag }}
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: ${{ steps.release.outputs.release_tag }}
- name: Notify Discord on failure
if: failure()
run: |
./script/message failure
- name: Notify Discord on completion
if: success()
run: |
./script/message live-push

190
.travis.yml
View file

@ -1,190 +0,0 @@
os: linux
dist: focal
language: shell
services:
- docker
env:
global:
- DEBIAN_FRONTEND="noninteractive"
jobs:
include:
- stage: test
if: type = pull_request
language: python
install:
- pip install ansible ansible-lint
- ansible-lint --version
script:
- ansible-playbook -i inventory site.yml --syntax-check
- ansible-lint -v roles/netbootxyz
- stage: development
if: branch = development AND type != pull_request
before_install:
- ./script/retrieve_certs
script:
- ./script/build_release dev
after_failure:
- ./script/message failure
deploy:
- provider: s3
edge: true
access_key_id: $AWS_ACCESS_KEY_ID
secret_access_key: $AWS_SECRET_ACCESS_KEY
bucket: $BUCKET_DEV
local_dir: s3out
upload_dir: $TRAVIS_COMMIT
skip_cleanup: true
on:
branch: development
- provider: s3
edge: true
access_key_id: $AWS_ACCESS_KEY_ID
secret_access_key: $AWS_SECRET_ACCESS_KEY
bucket: $BUCKET_DEV
local_dir: s3outver
skip_cleanup: true
on:
branch: development
after_deploy:
- >
if ! [ "$AFTER_DEPLOY_RUN" ]; then
export AFTER_DEPLOY_RUN=1;
./script/message dev-push
fi
- stage: pull-request
if: type = pull_request
script:
- ./script/build_release pr
- stage: release-candidate
if: branch = RC AND type != pull_request
before_install:
- ./script/retrieve_certs
script:
- ./script/build_release rc
workspaces:
create:
name: githubassets
paths:
- githubout
after_failure:
- ./script/message failure
before_deploy:
- export RELEASE_TAG=$(cat version.txt)-RC
deploy:
- provider: s3
edge: true
access_key_id: $AWS_ACCESS_KEY_ID
secret_access_key: $AWS_SECRET_ACCESS_KEY
bucket: $BUCKET_STAGING
local_dir: s3out-latest
upload_dir: rc
skip_cleanup: true
on:
branch: RC
- provider: s3
edge: true
access_key_id: $AWS_ACCESS_KEY_ID
secret_access_key: $AWS_SECRET_ACCESS_KEY
bucket: $BUCKET_STAGING
local_dir: s3out
upload_dir: $RELEASE_TAG
skip_cleanup: true
on:
branch: RC
- provider: s3
edge: true
access_key_id: $AWS_ACCESS_KEY_ID
secret_access_key: $AWS_SECRET_ACCESS_KEY
bucket: $BUCKET_STAGING
local_dir: s3outver
skip_cleanup: true
on:
branch: RC
- stage: rc-github
if: branch = RC AND type != pull_request
before_install:
- ./script/pre_install
workspaces:
use: githubassets
script: skip
before_deploy:
- export RELEASE_TAG=$(cat version.txt)-RC
- ./script/tag
deploy:
- provider: releases
token: $GITHUB_TOKEN
file_glob: true
file: githubout/*
name: $RELEASE_TAG
prerelease: true
skip_cleanup: true
on:
branch: RC
after_deploy:
- aws configure set preview.cloudfront true
- aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DIST_ID_STAGING --paths "rc/*" "rc/ipxe/*"
- ./script/message rc-push
- stage: release
if: branch = master AND type != pull_request
before_install:
- ./script/retrieve_certs
script:
- ./script/build_release release
workspaces:
create:
name: githubassets
paths:
- githubout
after_failure:
- ./script/message failure
before_deploy:
- export RELEASE_TAG=$(cat version.txt)
deploy:
- provider: s3
edge: true
access_key_id: $AWS_ACCESS_KEY_ID
secret_access_key: $AWS_SECRET_ACCESS_KEY
bucket: $BUCKET_PROD
local_dir: s3out-latest
skip_cleanup: true
on:
branch: master
- provider: s3
edge: true
access_key_id: $AWS_ACCESS_KEY_ID
secret_access_key: $AWS_SECRET_ACCESS_KEY
bucket: $BUCKET_PROD
local_dir: s3out
upload_dir: $RELEASE_TAG
skip_cleanup: true
on:
branch: master
- stage: release-github
if: branch = master AND type != pull_request
before_install:
- ./script/pre_install
workspaces:
use: githubassets
script: skip
before_deploy:
- export RELEASE_TAG=$(cat version.txt)
- git tag ${RELEASE_TAG}
deploy:
- provider: releases
token: $GITHUB_TOKEN
file_glob: true
file: githubout/*
name: $RELEASE_TAG
skip_cleanup: true
on:
branch: master
after_deploy:
- aws configure set preview.cloudfront true
- aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DIST_ID_PROD --paths "/*" "/ipxe/*"
- ./script/message live-push

2
README.md
View file

@ -1,6 +1,6 @@
## netboot.xyz
[![Build Status](https://travis-ci.com/netbootxyz/netboot.xyz.svg?branch=master)](https://travis-ci.com/netbootxyz/netboot.xyz)
[![Build Status](https://github.com/netbootxyz/netboot.xyz/workflows/release/badge.svg)](https://travis-ci.com/netbootxyz/netboot.xyz)
[![Discord](https://img.shields.io/discord/425186187368595466)](https://discord.gg/An6PA2a)
[![Release](https://img.shields.io/github/v/release/netbootxyz/netboot.xyz?color=hunter%20green)](https://github.com/netbootxyz/netboot.xyz/releases/latest)

8
script/build_release
View file

@ -11,8 +11,8 @@ DOCKER_FILE="Dockerfile-build.production"
# Set boot domain
if [[ "${TYPE}" == "dev" ]]; then
BOOT_DOMAIN="s3.amazonaws.com/${DEV_URL}/${TRAVIS_COMMIT}"
BOOT_VERSION="${TRAVIS_COMMIT}"
BOOT_DOMAIN="s3.amazonaws.com/${DEV_URL}/${GITHUB_SHA}"
BOOT_VERSION="${GITHUB_SHA}"
elif [[ "${TYPE}" == "pr" ]]; then
BOOT_DOMAIN="test.com"
BOOT_VERSION="test"
@ -33,7 +33,7 @@ sed -i \
# Build release
docker build -t localbuild -f ${DOCKER_FILE} .
docker run --rm -it -v $(pwd):/buildout localbuild
docker run --rm -i -v $(pwd):/buildout localbuild
# Generate folder outputs
mkdir -p s3out
@ -68,7 +68,7 @@ if [[ "${TYPE}" == "release" ]] || [[ "${TYPE}" == "rc" ]]; then
-e "/^boot_domain/c\boot_domain: ${STAGING_URL}/rc" \
user_overrides.yml
docker build -t localbuild -f ${DOCKER_FILE} .
docker run --rm -it -v $(pwd):/buildout localbuild
docker run --rm -i -v $(pwd):/buildout localbuild
fi
mkdir -p s3out-latest
cp -r buildout/* s3out-latest/

15
script/message
View file

@ -4,39 +4,38 @@ set -e
TYPE=$1
if [ "${TYPE}" == "dev-push" ]; then
BOOT_URL="https://s3.amazonaws.com/${BUCKET_DEV}/${TRAVIS_COMMIT}/index.html"
BOOT_URL="https://s3.amazonaws.com/dev.boot.netboot.xyz/${GITHUB_SHA}/index.html"
elif [ "${TYPE}" == "rc-push" ]; then
BOOT_URL="https://staging.boot.netboot.xyz/$(cat version.txt)-RC/index.html"
elif [ "${TYPE}" == "live-push" ]; then
BOOT_URL="https://boot.netboot.xyz/$(cat version.txt)/index.html"
fi
# send status to discord
if [ "${TYPE}" == "failure" ]; then
curl -X POST -H "Content-Type: application/json" --data \
'{
"avatar_url": "https://unavatar.now.sh/twitter/travisci",
"avatar_url": "https://unavatar.now.sh/twitter/github",
"embeds": [
{
"color": 16711680,
"description": "__**Failed to Build**__ \n**Build:** '${TRAVIS_BUILD_WEB_URL}'\n**Status:** Failure\n**Change:** https://github.com/netbootxyz/netboot.xyz/commit/'${TRAVIS_COMMIT}'\n"
"description": "__**Failed to Build**__ \n**Build:** 'https://github.com/netbootxyz/netboot.xyz/actions/runs/${GITHUB_RUN_ID}'\n**Status:** Failure\n**Change:** https://github.com/netbootxyz/netboot.xyz/commit/'${GITHUB_SHA}'\n"
}
],
"username": "Travis CI"
"username": "Github"
}' \
${DISCORD_HOOK_URL}
else
curl -X POST -H "Content-Type: application/json" --data \
'{
"avatar_url": "https://unavatar.now.sh/twitter/travisci",
"avatar_url": "https://unavatar.now.sh/twitter/github",
"embeds": [
{
"color": 1681177,
"description": "__**Boot Menu Published**__ \n**Files:** '${BOOT_URL}' \n**Build:** '${TRAVIS_BUILD_WEB_URL}'\n**Change:** https://github.com/netbootxyz/netboot.xyz/commit/'${TRAVIS_COMMIT}'\n"
"description": "__**Boot Menu Published**__ \n**Files:** '${BOOT_URL}' \n**Build:** 'https://github.com/netbootxyz/netboot.xyz/actions/runs/${GITHUB_RUN_ID}'\n**Change:** https://github.com/netbootxyz/netboot.xyz/commit/'${GITHUB_SHA}'\n"
}
],
"username": "Travis CI"
"username": "Github"
}' \
${DISCORD_HOOK_URL}
fi

2
script/retrieve_certs
View file

@ -4,5 +4,5 @@ set -e
# retrieve certs
git clone https://$GIT_USER:$GIT_AUTH@$GIT_URL certs
cp certs/certs.tar.enc .
openssl aes-256-cbc -K $encrypted_9ca5918f08ba_key -iv $encrypted_9ca5918f08ba_iv -in certs.tar.enc -out certs.tar -d
openssl aes-256-cbc -pass pass:$CERTS_KEY -d -salt -pbkdf2 -a -in certs.tar.enc -out certs.tar
tar xf certs.tar -C certs