Snapshot Build #1031
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# RaspberryMatic Snapshot build | |
# yamllint disable rule:truthy | |
--- | |
name: Snapshot Build | |
on: | |
schedule: | |
- cron: '0 0 * * *' # run at 0 AM UTC | |
workflow_dispatch: | |
inputs: | |
skip_build: | |
description: 'Skip build (for testing workflow)?' | |
required: true | |
default: "false" | |
# default read-only permission | |
permissions: | |
contents: read | |
jobs: | |
repo-check: | |
name: Check for Changes | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: commit-check | |
run: echo "has-commits=$(git --no-pager log --pretty='format:%an' --since='24 hours ago' | grep -v github-actions | wc -l)" >> $GITHUB_OUTPUT | |
outputs: | |
has-commits: ${{ steps.commit-check.outputs.has-commits }} | |
build: | |
permissions: | |
contents: write # actions/upload-artifact | |
name: Snapshot build [${{ matrix.platform }}] | |
if: ${{ github.repository == 'jens-maus/RaspberryMatic' && (github.event_name != 'schedule' || needs.repo-check.outputs.has-commits > 0) }} | |
runs-on: self-hosted | |
needs: repo-check | |
timeout-minutes: 480 | |
outputs: | |
build_datetime: ${{ steps.env.outputs.build_datetime }} | |
build_version: ${{ steps.env.outputs.build_version }} | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: [rpi0, rpi2, rpi3, rpi4, tinkerboard, odroid-c2, odroid-c4, odroid-n2, intelnuc, ova, oci_amd64, oci_arm64, oci_arm] | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v4 | |
- name: Install Dependencies | |
run: | | |
if ! dpkg-query -l wget bc cpio rsync zip python3 file >/dev/null 2>&1; then | |
apt update | |
apt install -y --no-install-recommends wget bc cpio rsync zip python3 file | |
fi | |
if ! getent group | grep -q ^builder:; then groupadd -g 48 builder; fi | |
if ! getent passwd | grep -q ^builder:; then useradd -m -u 1003 -g 48 -G sudo builder; fi | |
if ! grep -q ^builder; then echo "builder ALL=(ALL:ALL) NOPASSWD: ALL" >>/etc/sudoers; fi | |
chown -R builder:builder /home/builder | |
- name: Setup Environment | |
id: env | |
run: | | |
echo "DATE=$(date +%Y%m%d)" >> $GITHUB_ENV | |
echo "OCCU_VERSION=$(grep 'OCCU_VERSION =' buildroot-external/package/occu/occu.mk | cut -d' ' -f3 | cut -d'-' -f1)" >> $GITHUB_ENV | |
echo "VERSION=$(grep 'OCCU_VERSION =' buildroot-external/package/occu/occu.mk | cut -d' ' -f3 | cut -d'-' -f1).$(date +%Y%m%d)" >> $GITHUB_ENV | |
echo "GITHUB_SHA7=$(echo ${GITHUB_SHA::7})" >> $GITHUB_ENV | |
echo "FAKE_BUILD=${{ github.event.inputs.skip_build }}" >> $GITHUB_ENV | |
JLEVEL=0 | |
if [[ -f /sys/fs/cgroup/cpu.max ]]; then # cgroups v2 | |
CPU_QUOTA=$(cut -d ' ' -f1 /sys/fs/cgroup/cpu.max) | |
if [[ "${CPU_QUOTA}" != "max" ]]; then | |
CPU_PERIOD=$(cut -d ' ' -f2 /sys/fs/cgroup/cpu.max) | |
JLEVEL=$((CPU_QUOTA / CPU_PERIOD + 1)) | |
fi | |
elif [[ -f /sys/fs/cgroup/cpu/cpu.cfs_quota_us ]]; then # cgroups v1 | |
CPU_QUOTA=$(cat /sys/fs/cgroup/cpu/cpu.cfs_quota_us) | |
if [[ "${CPU_QUOTA}" != "-1" ]]; then | |
CPU_PERIOD=$(cat /sys/fs/cgroup/cpu/cpu.cfs_period_us) | |
JLEVEL=$((CPU_QUOTA / CPU_PERIOD + 1)) | |
fi | |
fi | |
echo "JLEVEL=${JLEVEL}" >> $GITHUB_ENV | |
echo "build_datetime=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_OUTPUT | |
echo "build_version=$(grep 'OCCU_VERSION =' buildroot-external/package/occu/occu.mk | cut -d' ' -f3 | cut -d'-' -f1).$(date +%Y%m%d)" >> $GITHUB_OUTPUT | |
- name: Switch to experimental EULA files | |
run: | | |
mv -f release/updatepkg/raspmatic_${{ matrix.platform }}/EULA.de_nightly release/updatepkg/raspmatic_${{ matrix.platform }}/EULA.de | |
mv -f release/updatepkg/raspmatic_${{ matrix.platform }}/EULA.en_nightly release/updatepkg/raspmatic_${{ matrix.platform }}/EULA.en | |
# - name: remote debug tmate session | |
# uses: mxschmitt/action-tmate@v1 | |
# if: matrix.platform == 'ova' | |
# major build step | |
- name: Build | |
timeout-minutes: 480 | |
shell: bash | |
run: | | |
sudo -H -E -u builder nice -n 19 make DATE=${{ env.DATE }} BR2_DL_DIR=/mnt/download BR2_CCACHE_DIR=/mnt/ccache/${{ matrix.platform }} BR2_JLEVEL=${{ env.JLEVEL }} clean raspmatic_${{ matrix.platform }}-release | |
mv release/RaspberryMatic-${{ env.VERSION }}-${{ matrix.platform }}.mf release/RaspberryMatic-${{ env.VERSION }}-${{ env.GITHUB_SHA7 }}-${{ matrix.platform }}.mf | |
# cleanup | |
- name: Cleanup | |
run: | | |
rm -f release/*.img* | |
make clean | |
####################### | |
# nightly snapshot uploads | |
- name: Upload build snapshot [rpi*, tinkerboard, odroid-c2, odroid-c4, odroid-n2, intelnuc, ova] | |
if: | | |
github.repository_owner == 'jens-maus' && | |
!startsWith(matrix.platform, 'oci_') | |
uses: WebFreak001/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.DEPLOY_TOKEN }} | |
with: | |
upload_url: https://uploads.github.com/repos/jens-maus/RaspberryMatic/releases/22744592/assets{?name,label} | |
release_id: 22744592 | |
asset_path: release/RaspberryMatic-${{ env.VERSION }}-${{ matrix.platform }}.zip | |
asset_name: RaspberryMatic-${{ env.OCCU_VERSION }}.$$-${{ matrix.platform }}.zip | |
asset_content_type: application/zip | |
max_releases: 1 | |
- name: Upload build snapshot checksum [rpi*, tinkerboard, odroid-c2, odroid-c4, odroid-n2, intelnuc, ova] | |
if: | | |
github.repository_owner == 'jens-maus' && | |
!startsWith(matrix.platform, 'oci_') | |
uses: WebFreak001/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.DEPLOY_TOKEN }} | |
with: | |
upload_url: https://uploads.github.com/repos/jens-maus/RaspberryMatic/releases/22744592/assets{?name,label} | |
release_id: 22744592 | |
asset_path: release/RaspberryMatic-${{ env.VERSION }}-${{ matrix.platform }}.zip.sha256 | |
asset_name: RaspberryMatic-${{ env.OCCU_VERSION }}.$$-${{ matrix.platform }}.zip.sha256 | |
asset_content_type: text/plain | |
max_releases: 1 | |
- name: Upload build snapshot [ccu3] | |
if: | | |
github.repository_owner == 'jens-maus' && | |
matrix.platform == 'rpi3' | |
uses: WebFreak001/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.DEPLOY_TOKEN }} | |
with: | |
upload_url: https://uploads.github.com/repos/jens-maus/RaspberryMatic/releases/22744592/assets{?name,label} | |
release_id: 22744592 | |
asset_path: release/RaspberryMatic-${{ env.VERSION }}-ccu3.tgz | |
asset_name: RaspberryMatic-${{ env.OCCU_VERSION }}.$$-ccu3.tgz | |
asset_content_type: application/gzip | |
max_releases: 1 | |
- name: Upload build snapshot checksum [ccu3] | |
if: | | |
github.repository_owner == 'jens-maus' && | |
matrix.platform == 'rpi3' | |
uses: WebFreak001/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.DEPLOY_TOKEN }} | |
with: | |
upload_url: https://uploads.github.com/repos/jens-maus/RaspberryMatic/releases/22744592/assets{?name,label} | |
release_id: 22744592 | |
asset_path: release/RaspberryMatic-${{ env.VERSION }}-ccu3.tgz.sha256 | |
asset_name: RaspberryMatic-${{ env.OCCU_VERSION }}.$$-ccu3.tgz.sha256 | |
asset_content_type: text/plain | |
max_releases: 1 | |
- name: Upload build snapshot [ova] | |
if: | | |
github.repository_owner == 'jens-maus' && | |
matrix.platform == 'ova' | |
uses: WebFreak001/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.DEPLOY_TOKEN }} | |
with: | |
upload_url: https://uploads.github.com/repos/jens-maus/RaspberryMatic/releases/22744592/assets{?name,label} | |
release_id: 22744592 | |
asset_path: release/RaspberryMatic-${{ env.VERSION }}.ova | |
asset_name: RaspberryMatic-${{ env.OCCU_VERSION }}.$$.ova | |
asset_content_type: application/gzip | |
max_releases: 1 | |
- name: Upload build snapshot checksum [ova] | |
if: | | |
github.repository_owner == 'jens-maus' && | |
matrix.platform == 'ova' | |
uses: WebFreak001/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.DEPLOY_TOKEN }} | |
with: | |
upload_url: https://uploads.github.com/repos/jens-maus/RaspberryMatic/releases/22744592/assets{?name,label} | |
release_id: 22744592 | |
asset_path: release/RaspberryMatic-${{ env.VERSION }}.ova.sha256 | |
asset_name: RaspberryMatic-${{ env.OCCU_VERSION }}.$$.ova.sha256 | |
asset_content_type: text/plain | |
max_releases: 1 | |
- name: Upload build snapshot [oci] | |
if: | | |
github.repository_owner == 'jens-maus' && | |
startsWith(matrix.platform, 'oci_') | |
uses: WebFreak001/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.DEPLOY_TOKEN }} | |
with: | |
upload_url: https://uploads.github.com/repos/jens-maus/RaspberryMatic/releases/22744592/assets{?name,label} | |
release_id: 22744592 | |
asset_path: release/RaspberryMatic-${{ env.VERSION }}-${{ matrix.platform }}.tgz | |
asset_name: RaspberryMatic-${{ env.OCCU_VERSION }}.$$-${{ matrix.platform }}.tgz | |
asset_content_type: application/gzip | |
max_releases: 1 | |
- name: Upload build snapshot checksum [oci] | |
if: | | |
github.repository_owner == 'jens-maus' && | |
startsWith(matrix.platform, 'oci_') | |
uses: WebFreak001/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.DEPLOY_TOKEN }} | |
with: | |
upload_url: https://uploads.github.com/repos/jens-maus/RaspberryMatic/releases/22744592/assets{?name,label} | |
release_id: 22744592 | |
asset_path: release/RaspberryMatic-${{ env.VERSION }}-${{ matrix.platform }}.tgz.sha256 | |
asset_name: RaspberryMatic-${{ env.OCCU_VERSION }}.$$-${{ matrix.platform }}.tgz.sha256 | |
asset_content_type: text/plain | |
max_releases: 1 | |
######################## | |
# upload build artifacts (oci only) | |
- name: Upload build artifact [oci] | |
if: | | |
startsWith(matrix.platform, 'oci_') | |
uses: actions/upload-artifact@v3 | |
with: | |
path: release/RaspberryMatic-${{ env.VERSION }}-${{ matrix.platform }}.tgz* | |
name: RaspberryMatic-${{ env.VERSION }}-${{ env.GITHUB_SHA7 }}-${{ matrix.platform }}.tgz | |
continue-on-error: true | |
####################### | |
# manifest file artifact upload | |
- name: Upload manifest artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
path: release/RaspberryMatic-${{ env.VERSION }}-${{ env.GITHUB_SHA7 }}-${{ matrix.platform }}.mf | |
name: RaspberryMatic-${{ env.VERSION }}-${{ env.GITHUB_SHA7 }}-${{ matrix.platform }}.mf | |
########################################## | |
# OCI/Docker build and registry push step | |
oci-multiarch-build-push: | |
permissions: | |
packages: write # docker/build-push-action | |
name: OCI/Docker Build+Push | |
runs-on: ubuntu-22.04 | |
needs: build | |
if: github.event_name != 'pull_request' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Environment | |
run: | | |
echo "BUILD_DATETIME=${{ needs.build.outputs.build_datetime }}" >> $GITHUB_ENV | |
echo "BUILD_VERSION=${{ needs.build.outputs.build_version }}" >> $GITHUB_ENV | |
echo "GIT_REF=$(git symbolic-ref -q --short HEAD || git describe --tags --exact-match)" >> $GITHUB_ENV | |
echo "GITHUB_SHA7=$(echo ${GITHUB_SHA::7})" >> $GITHUB_ENV | |
# download OCI platform artifacts | |
- name: Download oci_amd64 artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: RaspberryMatic-${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}-oci_amd64.tgz | |
- name: Download oci_arm64 artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: RaspberryMatic-${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}-oci_arm64.tgz | |
- name: Download oci_arm artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: RaspberryMatic-${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}-oci_arm.tgz | |
- name: Extract OCI artifacts | |
run: | | |
mkdir -p oci_build | |
cd oci_build | |
for f in ../*-oci_*.tgz; do | |
tar --wildcards --strip-components 1 -xf $f "*/layer.tar" | |
mv -f layer.tar $(basename $f .tgz).tar | |
rm -f $f | |
done | |
- name: Build OCI tags | |
shell: bash | |
run: | | |
BASE_TAG="ghcr.io/${{ github.repository_owner }}/raspberrymatic" | |
UNIQUE_TAG="${BASE_TAG}:${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}" | |
if [[ ${GITHUB_EVENT_NAME} == 'schedule' || ${GITHUB_EVENT_NAME} == 'workflow_dispatch' ]]; then | |
BRANCH="${GITHUB_REF##*/}" | |
if [[ ${BRANCH} == 'master' ]]; then | |
BRANCH_TAG="${BASE_TAG}:snapshot" | |
else | |
BRANCH_TAG="${BASE_TAG}:snapshot-${BRANCH}" | |
fi | |
fi | |
echo "unique_tag=${UNIQUE_TAG}" >> $GITHUB_OUTPUT | |
echo "branch_tag=${BRANCH_TAG}" >> $GITHUB_OUTPUT | |
id: extract_branch | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/[email protected] | |
with: | |
install: true | |
- name: Login to GitHub Container Registry | |
uses: docker/[email protected] | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.CR_PAT }} | |
- name: Build and push container image | |
uses: docker/[email protected] | |
id: docker_build | |
with: | |
context: oci_build | |
file: buildroot-external/board/oci/Dockerfile | |
platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
push: true | |
build-args: | | |
tar_prefix=RaspberryMatic-${{ env.BUILD_VERSION }}-oci_ | |
labels: | | |
org.opencontainers.image.title=RaspberryMatic | |
org.opencontainers.image.description=Alternative OS for your HomeMatic CCU | |
org.opencontainers.image.vendor=RasperryMatic OpenSource Project | |
org.opencontainers.image.authors=RaspberryMatic OpenSource Team | |
org.opencontainers.image.licenses=Apache-2.0 | |
org.opencontainers.image.url=https://raspberrymatic.de | |
org.opencontainers.image.source=https://github.com/${{ github.repository }} | |
org.opencontainers.image.documentation=https://github.com/${{ github.repository }}/wiki | |
org.opencontainers.image.created=${{ env.BUILD_DATETIME }} | |
org.opencontainers.image.ref.name=${{ env.GIT_REF }} | |
org.opencontainers.image.revision=${{ github.sha }} | |
org.opencontainers.image.version=${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }} | |
io.hass.name=RaspberryMatic CCU | |
io.hass.description=HomeMatic/homematicIP CCU central based on RaspberryMatic | |
io.hass.url=https://github.com/${{ github.repository }}/tree/master/home-assistant-addon | |
io.hass.version=${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }} | |
io.hass.type=addon | |
io.hass.arch=armv7|aarch64|amd64 | |
tags: | | |
${{ steps.extract_branch.outputs.unique_tag }} | |
${{ steps.extract_branch.outputs.branch_tag }} | |
- name: Image digest | |
run: echo ${{ steps.docker_build.outputs.digest }} | |
helm: | |
permissions: | |
contents: write # stefanprodan/helm-gh-pages | |
name: Build K8s Helm chart | |
runs-on: ubuntu-22.04 | |
needs: [build, oci-multiarch-build-push] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Environment | |
id: env | |
run: | | |
echo "GITHUB_SHA7=$(echo ${GITHUB_SHA::7})" >> $GITHUB_ENV | |
- name: Publish Helm chart | |
uses: stefanprodan/helm-gh-pages@master | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
charts_dir: helm | |
chart_version: 0.1 # Latest snapshot | |
app_version: ${{ needs.build.outputs.build_version }}-${{ env.GITHUB_SHA7 }} | |
########################################## | |
# Publish new version to public | |
publish-build: | |
permissions: | |
contents: write # github-actions[bot] repo write access | |
name: Publish build | |
runs-on: ubuntu-22.04 | |
needs: [build, oci-multiarch-build-push] | |
if: github.event_name != 'pull_request' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Environment | |
run: | | |
echo "BUILD_VERSION=${{ needs.build.outputs.build_version }}" >> $GITHUB_ENV | |
echo "GITHUB_SHA7=$(echo ${GITHUB_SHA::7})" >> $GITHUB_ENV | |
- name: Bump HomeAssistant add-on version | |
run: | | |
VERSION=${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }} | |
sed -i "s/^\(version:\)\(.*\)/\1 ${VERSION}/" home-assistant-addon-dev/config.yaml | |
# download rpi manifest files | |
- name: Download rpi0 manifest | |
uses: actions/download-artifact@v3 | |
with: | |
name: RaspberryMatic-${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}-rpi0.mf | |
- name: Download rpi2 manifest | |
uses: actions/download-artifact@v3 | |
with: | |
name: RaspberryMatic-${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}-rpi2.mf | |
- name: Download rpi3 manifest | |
uses: actions/download-artifact@v3 | |
with: | |
name: RaspberryMatic-${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}-rpi3.mf | |
- name: Download rpi4 manifest | |
uses: actions/download-artifact@v3 | |
with: | |
name: RaspberryMatic-${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}-rpi4.mf | |
- name: Bump rpi-imager version | |
run: | | |
release/rpi-imager-update.sh release/rpi-imager-dev.json \ | |
RaspberryMatic-${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}-rpi0.mf \ | |
RaspberryMatic-${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}-rpi2.mf \ | |
RaspberryMatic-${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}-rpi3.mf \ | |
RaspberryMatic-${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}-rpi4.mf | |
- name: Commit changes | |
run: | | |
git config user.name "github-actions" | |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git pull --rebase --autostash | |
git commit -a -m "snapshot bump [${{ env.BUILD_VERSION }}-${{ env.GITHUB_SHA7 }}]" | |
git push | |
cleanup: | |
permissions: | |
contents: write # c-hive/gha-remove-artifacts | |
actions: write # c-hive/gha-remove-artifacts | |
name: Cleanup artifacts/packages | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Remove old artifacts | |
uses: c-hive/[email protected] | |
with: | |
age: '2 months' | |
skip-tags: true | |
skip-recent: 15 | |
continue-on-error: true | |
- name: Remove old unused container images | |
uses: snok/[email protected] | |
with: | |
image-names: raspberrymatic | |
cut-off: One month ago UTC | |
timestamp-to-use: created_at | |
keep-at-least: 5 | |
account-type: personal | |
skip-tags: latest, snapshot | |
filter-tags: "*-???????" | |
token: ${{ secrets.CR_PAT }} | |
continue-on-error: true |