forked from edwarnicke/govpp
-
Notifications
You must be signed in to change notification settings - Fork 5
218 lines (202 loc) · 8.5 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
---
name: ci
on:
push:
branches:
- main
tags:
- v*
paths-ignore:
- '**.md'
pull_request:
paths-ignore:
- '**.md'
jobs:
setup_github_runner:
name: Setup actions runner
runs-on: ubuntu-latest
env:
METAL_AUTH_TOKEN: ${{ secrets.PACKET_AUTH_TOKEN }}
METAL_PROJECT_ID: ${{ secrets.PACKET_PROJECT_ID }}
SERVER_NAME: "nsm-govpp-builder"
SERVER_TYPE: "c3.medium.x86"
METRO: da
steps:
- name: Check out code
uses: actions/checkout@v2
with:
path: ${{ github.repository }}
- name: Install metal CLI
run: |
curl -L https://github.com/equinix/metal-cli/releases/download/v0.15.0/metal-linux-amd64 -o metal
chmod +x ./metal
mv ./metal /usr/local/bin/metal
metal -v
# Setup ssh to be able to connect to the Packet server
- name: Setup ssh
id: setup_ssh
run: |
echo "${{ secrets.PACKET_SSH_KEY }}" > /tmp/sshkey
chmod 600 /tmp/sshkey
ssh-keygen -f /tmp/sshkey -y > /tmp/sshkey.pub
metal ssh-key create --key "$(cat /tmp/sshkey.pub)" --label $SERVER_NAME-ssh -o json | jq -r '.id'
# Create server and wait to be ready
- name: Create server
run: |
metal device create -p $METAL_PROJECT_ID -P $SERVER_TYPE -m $METRO -H $SERVER_NAME -O ubuntu_20_04
max_retry=20
for i in $(seq 1 $max_retry); do
state=$(metal device get -p $METAL_PROJECT_ID -o json | jq -r '.[] | select(.hostname==env.SERVER_NAME) | .state')
[ "$state" == "active" ] && break
[[ ${i} -eq $max_retry ]] && echo "Failed!" && exit 1
sleep 30s
echo "Try #$i"
done
# Install GitHub action runner on the Packet server. The script uses RUNNER_TOKEN that we can get from GitHub api (gh api ...)
# Redirect the script output to file to not show the token
- name: Setup actions runner
working-directory: ${{ github.repository }}
run: |
RUNNER_TOKEN=$(gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/networkservicemesh/govpp/actions/runners/registration-token | jq -r '.token')
SSH_OPTS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -i /tmp/sshkey"
server_ip=$(metal device get -p $METAL_PROJECT_ID -o json | jq -r '.[] | select(.hostname==env.SERVER_NAME) | .ip_addresses[] | select(.public==true and .address_family==4) | .address')
scp ${SSH_OPTS} scripts/setup-actions-runner.sh root@${server_ip}:setup-actions-runner.sh
ssh ${SSH_OPTS} root@${server_ip} "./setup-actions-runner.sh $RUNNER_TOKEN &> f.log"
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
build:
name: build
needs: setup_github_runner
runs-on: self-hosted
outputs:
docker_tag: ${{ steps.docker_push.outputs.docker_tag }}
steps:
- name: Docker install
run: |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
apt update
apt install docker-ce -y
- name: Check out code
uses: actions/checkout@v2
- uses: actions/setup-go@v4
with:
go-version: 1.20.8
# Use buildx to build for two platforms (amd64, arm64) in one image
- name: Docker Build
run: |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
docker buildx create --use --bootstrap
echo "docker buildx inspect --bootstrap"
docker buildx inspect --bootstrap
echo "docker buildx build --platform linux/amd64,linux/arm64 ."
docker buildx build --platform linux/amd64,linux/arm64 .
docker buildx build -t vpp:version --target version --load .
branch=${{github.event.workflow_run.head_branch}}
if [[ $branch == *release/* ]]; then
TAG=${branch#release/}
else
VPP_VERSION=$(docker run vpp:version)
TAG=v${VPP_VERSION/\~/-}
fi
echo "TAG=${TAG}" >> $GITHUB_ENV
- name: Generate files
run: go generate ./...
- name: Check for changes in generated code
run: |
git diff -- binapi || (echo "Rerun go generate ./... locally and resubmit" && exit -1)
- name: Go Build
run: go build ./...
- name: Login to GitHub Container Registry
id: docker_login
if: ${{ github.event_name == 'push' }}
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
# Use the --push flag to publish the image. Currently, buildx only supports this way.
- name: Docker Push
id: docker_push
if: steps.docker_login.outcome == 'success'
run: |
docker buildx build --platform linux/amd64,linux/arm64 -t ghcr.io/${{github.repository}}/vpp:${TAG} . --target vpp --push
echo docker_tag=${TAG} >> $GITHUB_OUTPUT
- name: Push tag ${TAG}
id: tag_commit
if: ${{ steps.docker_push.outcome == 'success' && !contains(github.event.workflow_run.head_branch, 'release/') }}
run: |
git status
git tag ${TAG} ${{github.sha}}
git push origin ${TAG} -f
delete_github_runner:
name: Delete actions runner
if: ${{ always() }}
needs: [setup_github_runner, build]
runs-on: ubuntu-latest
env:
METAL_AUTH_TOKEN: ${{ secrets.PACKET_AUTH_TOKEN }}
METAL_PROJECT_ID: ${{ secrets.PACKET_PROJECT_ID }}
SERVER_NAME: "nsm-govpp-builder"
steps:
- name: Check out code
uses: actions/checkout@v2
with:
path: ${{ github.repository }}
- name: Install metal CLI
run: |
curl -L https://github.com/equinix/metal-cli/releases/download/v0.15.0/metal-linux-amd64 -o metal
chmod +x ./metal
mv ./metal /usr/local/bin/metal
metal -v
# Delete GitHub action runner from the Packet server
- name: Delete actions runner
working-directory: ${{ github.repository }}
run: |
RUNNER_TOKEN=$(gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/networkservicemesh/govpp/actions/runners/remove-token | jq -r '.token')
echo "${{ secrets.PACKET_SSH_KEY }}" > /tmp/sshkey
chmod 600 /tmp/sshkey
SSH_OPTS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -i /tmp/sshkey"
server_ip=$(metal device get -p $METAL_PROJECT_ID -o json | jq -r '.[] | select(.hostname==env.SERVER_NAME) | .ip_addresses[] | select(.public==true and .address_family==4) | .address')
scp ${SSH_OPTS} scripts/delete-actions-runner.sh root@${server_ip}:delete-actions-runner.sh
ssh ${SSH_OPTS} root@${server_ip} "./delete-actions-runner.sh $RUNNER_TOKEN &> f.log"
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
- name: Delete server
run: |
device_id=$(metal device get -p $METAL_PROJECT_ID -o json | jq -r '.[] | select(.hostname==env.SERVER_NAME) | .id')
metal device delete -i $device_id -f
- name: Delete ssh
run: |
export ssh_label=$SERVER_NAME-ssh
ssh_id=$(metal ssh-key get -o json | jq -r '.[] | select(.label==env.ssh_label) | .id')
metal ssh-key delete -i $ssh_id -f
check-gomod-deps:
needs: [build]
if: ${{ contains(github.event.workflow_run.head_branch, 'release/') }}
uses: networkservicemesh/.github/.github/workflows/check-gomod-deps.yaml@main
with:
tag: ${{ needs.build.outputs.docker_tag }}
create-release:
needs: check-gomod-deps
if: ${{ contains(github.event.workflow_run.head_branch, 'release/') }}
uses: networkservicemesh/.github/.github/workflows/release.yaml@main
secrets:
token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
update_dependent_repositories:
name: update_dependent_repositories
needs: build
if: ${{ github.event_name == 'push' }}
uses: networkservicemesh/govpp/.github/workflows/update-dependent-repositories.yaml@main
with:
docker_tag: ${{ needs.build.outputs.docker_tag }}
secrets:
token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}