-
Notifications
You must be signed in to change notification settings - Fork 17
104 lines (92 loc) · 4.16 KB
/
rootfs.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: Build and Push Rootfs Docker Image
on:
push:
branches:
- main
paths:
- 'Dockerfile'
workflow_dispatch:
permissions:
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
id-token: write
contents: write
jobs:
build-rootfs-image:
runs-on: ubuntu-latest
strategy:
matrix:
# finch only supports amd64 for windows
arch: ['amd64']
platform: ['common']
steps:
- name: Generate Timestamp
id: timestamp
run: echo "value=$(date +%s)" >> $GITHUB_OUTPUT
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
aws-region: ${{ secrets.REGION }}
role-to-assume: ${{ secrets.ROLE }}
role-session-name: rootfs-ecr-image-upload-session
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v2
- name: checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
persist-credentials: false
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Build Image
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
platforms: linux/${{ matrix.arch }}
push: false
load: true # load the image into Docker so we can create a container from it
tags: finch-rootfs-image-production:intermediate
- name: Tag and Push Container Image
run: |
TIMESTAMP=${{ steps.timestamp.outputs.value }}
docker tag finch-rootfs-image-production:intermediate ${{ secrets.ROOTFS_IMAGE_ECR_REPOSITORY_NAME }}:${{ matrix.arch }}-"$TIMESTAMP"
docker push ${{ secrets.ROOTFS_IMAGE_ECR_REPOSITORY_NAME }}:${{ matrix.arch }}-"$TIMESTAMP"
- name: Create, Compress, and Upload Rootfs
run: |
TIMESTAMP=${{ steps.timestamp.outputs.value }}
docker container create --platform linux/${{ matrix.arch }} --name ${{ matrix.arch }}-rootfs finch-rootfs-image-production:intermediate
docker container export -o finch-rootfs-production-${{ matrix.arch }}.tar ${{ matrix.arch }}-rootfs
compressed_archive=finch-rootfs-production-${{ matrix.arch }}-"$TIMESTAMP".tar.gz
gzip -9 -c finch-rootfs-production-${{ matrix.arch }}.tar > $compressed_archive
sha512_digest=$(sha512sum $compressed_archive | cut -d " " -f 1)
echo $sha512_digest > $compressed_archive.sha512sum
ARCHPATH="x86-64"
ARTIFACT_KEY="X86_64"
if [ ${{ matrix.arch }} == "arm64" ]; then
ARCHPATH="aarch64"
ARTIFACT_KEY="ARM64"
fi
# Upload tarball and shasum to S3
aws s3 cp . s3://${{ secrets.DEPENDENCY_BUCKET_NAME }}/${{ matrix.platform }}/$ARCHPATH/ --recursive --exclude "*" --include "finch-rootfs-production-${{ matrix.arch }}-"$TIMESTAMP".tar.gz*"
cat <<EOL > deps/rootfs.conf
ARTIFACT_BASE_URL=https://deps.runfinch.com
${ARTIFACT_KEY}_ARTIFACT_PATHING=common/$ARCHPATH
${ARTIFACT_KEY}_ARTIFACT=$compressed_archive
${ARTIFACT_KEY}_512_DIGEST=$sha512_digest
EOL
- name: create pr
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with:
token: ${{ secrets.GITHUB_TOKEN }}
signoff: true
title: 'build(deps): Update windows rootfs'
body: >
Bump for
```bash
git fetch --all
git switch create-pull-request/patch
git add deps/rootfs.conf
git commit -s "build(deps): Update windows rootfs"
git push
```