Skip to content

install tailscale in base image #317

install tailscale in base image

install tailscale in base image #317

Workflow file for this run

name: Build Sensorgnome Images
on: [push]
env:
# Upload to AWS uses OIDC for federated auth:
# https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
S3_PATH: sensorgnome/images
S3_REGION: us-east-2
AWS_ROLE: arn:aws:iam::635201719205:role/Github-actions-motus
permissions:
id-token: write
contents: write
jobs:
# build-base builds the base rPi image without any sensorgnome specific software
build-base:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
path: .
# get base image name based on MD5's of command files
- run: |
echo BASE_ZIP=$(./build-baseimg.sh --name) >>$GITHUB_ENV
- name: Configure AWS Credentials
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: GithubActionsMotus
aws-region: ${{ env.S3_REGION }}
- name: Fetch existing image from S3
run: |
mkdir -p images
aws s3 cp --no-progress s3://$S3_PATH/$BASE_ZIP images || echo "BUILD=yes" >>$GITHUB_ENV
ls -lsh images
- name: Build image, if necessary
run: ./build-baseimg.sh --if-missing
shell: bash
if: env.BUILD == 'yes'
# Upload github artifacts for debugging purposes
- uses: actions/upload-artifact@v4
with:
name: ${{env.BASE_ZIP}}
path: images/${{env.BASE_ZIP}}
if: env.BUILD == 'yes'
- name: Upload images to AWS S3 repo
run: |
aws s3 cp --acl public-read --no-progress images/$BASE_ZIP s3://$S3_PATH/$BASE_ZIP
if: env.BUILD == 'yes'
- name: Create annotation with link to images on S3
run: |
S3=${S3_PATH/\//.s3.amazonaws.com\/}
echo "https://$S3/$BASE_ZIP"
echo "::notice title=Base image::https://$S3/$BASE_ZIP"
# build-image customizes the base image by adding the sensorgnome software
build-image:
runs-on: ubuntu-latest
needs: [ build-base ]
env:
CODENAME: booktest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
path: .
# use branch or tag name in S3 upload path unless it's a release version tag
- run: |
echo GIT_REF=${{github.ref}} | sed -e 's;refs/[^/]*/;/;' -e 's;/v2.*;;' >>$GITHUB_ENV
echo BASE_ZIP=$(./build-baseimg.sh --name) >>$GITHUB_ENV
- name: Configure AWS Credentials
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{env.AWS_ROLE}}
role-session-name: GithubActionsMotus
aws-region: ${{ env.S3_REGION }}
- name: Promote packages from booktest to bookworm
if: >
github.repository == 'tve/sensorgnome-build' &&
startsWith(github.ref, 'refs/tags/v') &&
github.event_name == 'push'
uses: ./.github/actions/promote-packages
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Switch codename to bookworm
if: >
github.repository == 'tve/sensorgnome-build' &&
startsWith(github.ref, 'refs/tags/v') &&
github.event_name == 'push'
run: echo CODENAME=bookworm >>$GITHUB_ENV
- name: Fetch existing base image from S3
run: |
mkdir -p images
aws s3 cp --no-progress s3://$S3_PATH/$BASE_ZIP images
ls -lsh images
- name: Build image
run: |
echo git_ref=$GIT_REF ${{github.ref}}
github_ref=${{github.ref}}
tag=$(if [[ -z "$GIT_REF" ]]; then echo "-t ${github_ref#*/v}"; else echo ""; fi)
echo tag=$tag
./build.sh -c $CODENAME $tag
shell: bash
- run: ls -ls images
- run: echo SG_ZIP=$(cd images; echo sg-*.zip) >>$GITHUB_ENV
# Upload github artifacts for debugging purposes
# (commented out to save 1min of workflow run time)
# - uses: actions/upload-artifact@v2
# with:
# name: ${{env.SG_ZIP}}
# path: images/${{env.SG_ZIP}}
- name: Upload image to AWS S3 repo
run: |
aws s3 cp --acl public-read --no-progress images/$SG_ZIP s3://$S3_PATH$GIT_REF/$SG_ZIP
- name: Upload latest image to AWS S3 repo
if: >
github.repository == 'tve/sensorgnome-build' &&
startsWith(github.ref, 'refs/tags/v') &&
github.event_name == 'push'
run: |
IMG=${SG_ZIP/rpi-2.*/rpi-2.latest.zip}
aws s3 cp --acl public-read --no-progress images/$SG_ZIP s3://$S3_PATH$GIT_REF/$IMG
- name: Create annotation with link to images on S3
run: |
S3=${S3_PATH/\//.s3.amazonaws.com\/}
echo "https://$S3$GIT_REF/$SG_ZIP"
echo "::notice title=Sensorgnome Image::https://$S3$GIT_REF/$SG_ZIP "