wip: enabling support for wireguard and firewall #2068
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Debian-based ISO and SquashFS | |
on: | |
workflow_call: | |
workflow_dispatch: | |
inputs: | |
environment: | |
type: choice | |
description: Environment | |
options: | |
- NONE | |
- dev | |
- unstable | |
- dev-unstable | |
runner: | |
type: choice | |
description: Runner | |
options: | |
- standard | |
- fast | |
platform: | |
type: choice | |
description: Platform | |
options: | |
- ALL | |
- x86_64 | |
- x86_64-nonfree | |
- aarch64 | |
- aarch64-nonfree | |
- raspberrypi | |
deploy: | |
type: choice | |
description: Deploy | |
options: | |
- NONE | |
- alpha | |
- beta | |
push: | |
branches: | |
- master | |
- next/* | |
pull_request: | |
branches: | |
- master | |
- next/* | |
env: | |
NODEJS_VERSION: "20.16.0" | |
ENVIRONMENT: '${{ fromJson(format(''["{0}", ""]'', github.event.inputs.environment || ''dev''))[github.event.inputs.environment == ''NONE''] }}' | |
jobs: | |
compile: | |
name: Compile Base Binaries | |
strategy: | |
fail-fast: true | |
matrix: | |
arch: >- | |
${{ | |
fromJson('{ | |
"x86_64": ["x86_64"], | |
"x86_64-nonfree": ["x86_64"], | |
"aarch64": ["aarch64"], | |
"aarch64-nonfree": ["aarch64"], | |
"raspberrypi": ["aarch64"], | |
"ALL": ["x86_64", "aarch64"] | |
}')[github.event.inputs.platform || 'ALL'] | |
}} | |
runs-on: ${{ fromJson('["ubuntu-22.04", "buildjet-32vcpu-ubuntu-2204"]')[github.event.inputs.runner == 'fast'] }} | |
steps: | |
- run: | | |
sudo mount -t tmpfs tmpfs . | |
if: ${{ github.event.inputs.runner == 'fast' }} | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.x" | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODEJS_VERSION }} | |
- name: Set up docker QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up system dependencies | |
run: sudo apt-get update && sudo apt-get install -y qemu-user-static systemd-container squashfuse | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Make | |
run: make ARCH=${{ matrix.arch }} compiled-${{ matrix.arch }}.tar | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: compiled-${{ matrix.arch }}.tar | |
path: compiled-${{ matrix.arch }}.tar | |
image: | |
name: Build Image | |
needs: [compile] | |
strategy: | |
fail-fast: false | |
matrix: | |
platform: >- | |
${{ | |
fromJson( | |
format( | |
'[ | |
["{0}"], | |
["x86_64", "x86_64-nonfree", "aarch64", "aarch64-nonfree", "raspberrypi"] | |
]', | |
github.event.inputs.platform || 'ALL' | |
) | |
)[(github.event.inputs.platform || 'ALL') == 'ALL'] | |
}} | |
runs-on: >- | |
${{ | |
fromJson( | |
format( | |
'["ubuntu-22.04", "{0}"]', | |
fromJson('{ | |
"x86_64": "buildjet-8vcpu-ubuntu-2204", | |
"x86_64-nonfree": "buildjet-8vcpu-ubuntu-2204", | |
"aarch64": "buildjet-8vcpu-ubuntu-2204-arm", | |
"aarch64-nonfree": "buildjet-8vcpu-ubuntu-2204-arm", | |
"raspberrypi": "buildjet-8vcpu-ubuntu-2204-arm", | |
}')[matrix.platform] | |
) | |
)[github.event.inputs.runner == 'fast'] | |
}} | |
env: | |
ARCH: >- | |
${{ | |
fromJson('{ | |
"x86_64": "x86_64", | |
"x86_64-nonfree": "x86_64", | |
"aarch64": "aarch64", | |
"aarch64-nonfree": "aarch64", | |
"raspberrypi": "aarch64", | |
}')[matrix.platform] | |
}} | |
steps: | |
- name: Free space | |
run: rm -rf /opt/hostedtoolcache* | |
if: ${{ github.event.inputs.runner != 'fast' }} | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.x" | |
- name: Install dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y qemu-user-static | |
wget https://deb.debian.org/debian/pool/main/d/debspawn/debspawn_0.6.2-1_all.deb | |
sha256sum ./debspawn_0.6.2-1_all.deb | grep 37ef27458cb1e35e8bce4d4f639b06b4b3866fc0b9191ec6b9bd157afd06a817 | |
sudo apt-get install -y ./debspawn_0.6.2-1_all.deb | |
- name: Configure debspawn | |
run: | | |
sudo mkdir -p /etc/debspawn/ | |
echo "AllowUnsafePermissions=true" | sudo tee /etc/debspawn/global.toml | |
sudo mkdir -p /var/tmp/debspawn | |
- run: sudo mount -t tmpfs tmpfs /var/tmp/debspawn | |
if: ${{ github.event.inputs.runner == 'fast' && (matrix.platform == 'x86_64' || matrix.platform == 'x86_64-nonfree') }} | |
- name: Download compiled artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: compiled-${{ env.ARCH }}.tar | |
- name: Extract compiled artifacts | |
run: tar -xvf compiled-${{ env.ARCH }}.tar | |
- name: Prevent rebuild of compiled artifacts | |
run: | | |
mkdir -p web/node_modules | |
mkdir -p web/dist/raw | |
mkdir -p core/startos/bindings | |
mkdir -p sdk/base/lib/osBindings | |
mkdir -p container-runtime/node_modules | |
mkdir -p container-runtime/dist | |
mkdir -p container-runtime/dist/node_modules | |
mkdir -p core/startos/bindings | |
mkdir -p sdk/dist | |
mkdir -p sdk/baseDist | |
mkdir -p patch-db/client/node_modules | |
mkdir -p patch-db/client/dist | |
mkdir -p web/.angular | |
mkdir -p web/dist/raw/ui | |
mkdir -p web/dist/raw/install-wizard | |
mkdir -p web/dist/raw/setup-wizard | |
mkdir -p web/dist/static/ui | |
mkdir -p web/dist/static/install-wizard | |
mkdir -p web/dist/static/setup-wizard | |
PLATFORM=${{ matrix.platform }} make -t compiled-${{ env.ARCH }}.tar | |
- run: git status | |
- name: Run iso build | |
run: PLATFORM=${{ matrix.platform }} make iso | |
if: ${{ matrix.platform != 'raspberrypi' }} | |
- name: Run img build | |
run: PLATFORM=${{ matrix.platform }} make img | |
if: ${{ matrix.platform == 'raspberrypi' }} | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.platform }}.squashfs | |
path: results/*.squashfs | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.platform }}.iso | |
path: results/*.iso | |
if: ${{ matrix.platform != 'raspberrypi' }} | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.platform }}.img | |
path: results/*.img | |
if: ${{ matrix.platform == 'raspberrypi' }} | |
- name: Upload OTA to registry | |
run: >- | |
PLATFORM=${{ matrix.platform }} make upload-ota TARGET="${{ | |
fromJson('{ | |
"alpha": "alpha-registry-x.start9.com", | |
"beta": "beta-registry.start9.com", | |
}')[github.event.inputs.deploy] | |
}}" KEY="${{ | |
fromJson( | |
format('{{ | |
"alpha": "{0}", | |
"beta": "{1}", | |
}}', secrets.ALPHA_INDEX_KEY, secrets.BETA_INDEX_KEY) | |
)[github.event.inputs.deploy] | |
}}" | |
if: ${{ github.event.inputs.deploy != '' && github.event.inputs.deploy != 'NONE' }} | |
index: | |
if: ${{ github.event.inputs.deploy != '' && github.event.inputs.deploy != 'NONE' }} | |
needs: [image] | |
runs-on: ubuntu-22.04 | |
steps: | |
- run: >- | |
curl "https://${{ | |
fromJson('{ | |
"alpha": "alpha-registry-x.start9.com", | |
"beta": "beta-registry.start9.com", | |
}')[github.event.inputs.deploy] | |
}}:8443/resync.cgi?key=${{ | |
fromJson( | |
format('{{ | |
"alpha": "{0}", | |
"beta": "{1}", | |
}}', secrets.ALPHA_INDEX_KEY, secrets.BETA_INDEX_KEY) | |
)[github.event.inputs.deploy] | |
}}" |