fix: reset loop if any tunnel interface is not passing traffic #196
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: publish to balenaCloud | |
on: | |
# https://github.com/orgs/community/discussions/26724 | |
pull_request: | |
types: [opened, synchronize, closed] | |
branches: | |
- master | |
env: | |
ENVIRONMENT: balena-cloud.com | |
BLOCK_PREFIX: belodetek/unzoner | |
VERBOSE: true | |
jobs: | |
versioning: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: true | |
outputs: | |
semver: ${{ steps.semver.outputs.version }} | |
version_tag: ${{ steps.semver.outputs.version_tag }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
# https://github.com/marketplace/actions/git-semantic-version | |
- name: generate new semantic version | |
id: semver | |
uses: paulhatch/[email protected] | |
with: | |
# https://www.conventionalcommits.org | |
format: "${major}.${minor}.${patch}" | |
major_pattern: "/major:\\s*|Change-type:\\s*major/gmi" | |
minor_pattern: "/minor:\\s*|Change-type:\\s*minor/gmi" | |
- name: check semver | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
echo 'changed: ${{ steps.semver.outputs.changed }}' | |
echo 'increment: ${{ steps.semver.outputs.increment }}' | |
echo 'major: ${{ steps.semver.outputs.major }}' | |
echo 'minor: ${{ steps.semver.outputs.minor }}' | |
echo 'patch: ${{ steps.semver.outputs.patch }}' | |
echo 'version: ${{ steps.semver.outputs.version }}' | |
echo 'version_tag: ${{ steps.semver.outputs.version_tag }}' | |
release-notes: | |
runs-on: ubuntu-latest | |
needs: versioning | |
strategy: | |
fail-fast: true | |
outputs: | |
release_notes: ${{ steps.release-notes.outputs.release_notes }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
# https://github.com/cookpete/auto-changelog | |
- name: generate release notes | |
id: release-notes | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
sudo npm --location=global install auto-changelog | |
tmpfile="$(mktemp)" | |
git tag '${{ needs.versioning.outputs.version_tag }}' | |
auto-changelog \ | |
--output "${tmpfile}" \ | |
--starting-version '${{ needs.versioning.outputs.version_tag }}' \ | |
--ending-version '${{ needs.versioning.outputs.version_tag }}' | |
release_notes="$(cat < "${tmpfile}")" && rm -f "${tmpfile}" | |
echo "::set-output name=release_notes::$(echo "${release_notes}" | openssl base64 -A)" | |
publish: | |
runs-on: ubuntu-latest | |
needs: | |
- versioning | |
- release-notes | |
strategy: | |
fail-fast: true | |
matrix: | |
arch: | |
- aarch64 | |
- amd64 | |
- armv7hf | |
outputs: | |
aarch64_release_id: ${{ steps.block.outputs.aarch64_release_id }} | |
aarch64_version: ${{ steps.block.outputs.aarch64_version }} | |
amd64_release_id: ${{ steps.block.outputs.amd64_release_id }} | |
amd64_version: ${{ steps.block.outputs.amd64_version }} | |
armv7hf_release_id: ${{ steps.block.outputs.armv7hf_release_id }} | |
armv7hf_version: ${{ steps.block.outputs.armv7hf_version }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: install additional dependencies | |
if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false | |
run: | | |
sudo apt install -y git-secret | |
- name: import GPG key | |
id: import-gpg-key | |
if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false | |
uses: crazy-max/ghaction-import-gpg@v4 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
- name: reveal secrets | |
if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false | |
run: | | |
git secret reveal -fp '${{ secrets.GPG_PASSPHRASE }}' | |
- name: update release version(s) | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
# FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/188 | |
rm docker-compose.yml | |
# https://github.com/mikefarah/yq/issues/439 | |
#yq -i e '.version="${{ needs.versioning.outputs.semver }}"' unzoner/balena.yml | |
sed -i '/version:.*/d' unzoner/balena.yml | |
echo 'version: ${{ needs.versioning.outputs.semver }}' >> unzoner/balena.yml | |
- name: push draft or finalise release | |
id: build | |
uses: balena-io/deploy-to-balena-action@master | |
with: | |
balena_token: ${{ secrets.BALENA_API_KEY }} | |
environment: ${{ env.ENVIRONMENT }} | |
fleet: ${{ env.BLOCK_PREFIX }}-${{ matrix.arch }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
source: unzoner | |
- name: export block build results | |
id: block | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
block_id="$(curl "https://api.${{ env.ENVIRONMENT }}/v6/application?\$filter=slug%20eq%20'${{ env.BLOCK_PREFIX }}-${{ matrix.arch }}'&\$select=id" \ | |
-H 'Content-Type: application/json' \ | |
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
| jq -r '.d[].id')" | |
# FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/193 | |
arch_version='${{ steps.build.outputs.version }}' | |
release_id='${{ steps.build.outputs.release_id }}' | |
if [[ -z $arch_version ]]; then | |
arch_version='${{ needs.versioning.outputs.semver }}' | |
fi | |
if [[ -z $release_id ]]; then | |
release_id=$(curl --retry 3 --fail \ | |
"https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${block_id}&\$select=id,semver,is_final,is_invalidated,release_type" \ | |
-H 'Content-Type: application/json' \ | |
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
| jq -r --arg semver '${{ needs.versioning.outputs.semver }}' \ | |
'.d[] | select((.semver==$semver) and (.is_final==true) and (.is_invalidated==false) and (.release_type=="final")).id' \ | |
| head -n 1) | |
fi | |
echo "::set-output name=${{ matrix.arch }}_block_id::${block_id}" | |
echo "::set-output name=${{ matrix.arch }}_release_id::${release_id}" | |
echo "::set-output name=${{ matrix.arch }}_version::${arch_version}" | |
# FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/194 | |
- name: update balena release notes | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
# https://github.com/orgs/community/discussions/25634 | |
release_id='${{ steps.block.outputs[format('{0}_release_id', matrix.arch)] }}' | |
block_id='${{ steps.block.outputs[format('{0}_block_id', matrix.arch)] }}' | |
# FIXME: probably require additional escaping of JSON reserved characters | |
release_notes="$(echo '${{ needs.release-notes.outputs.release_notes }}' \ | |
| base64 -d \ | |
| awk '{printf "%s\\n", $0}')" | |
curl --retry 3 --fail \ | |
-X PATCH "https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${block_id}%20and%20id%20eq%20${release_id}" \ | |
-H 'Content-Type: application/json' \ | |
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
-d "{\"note\":\"${release_notes}\"}" | |
deploy: | |
runs-on: ubuntu-latest | |
needs: | |
- publish | |
- release-notes | |
- versioning | |
strategy: | |
fail-fast: true | |
matrix: | |
fleet: | |
# black.box Unzoner fleets | |
- belodetek/blackbox-aarch64 | |
- belodetek/blackbox-amd64 | |
- belodetek/blackbox-amd64-raw | |
- belodetek/blackbox-armv7hf | |
# https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#expanding-or-adding-matrix-configurations | |
include: | |
- arch: aarch64 | |
fleet: belodetek/blackbox-aarch64 | |
- arch: amd64 | |
fleet: belodetek/blackbox-amd64 | |
- arch: amd64 | |
fleet: belodetek/blackbox-amd64-raw | |
- arch: armv7hf | |
fleet: belodetek/blackbox-armv7hf | |
steps: | |
- uses: actions/checkout@v3 | |
- name: update release version(s) | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
for yaml in unzoner/balena.yml balena.yml; do | |
#yq -i e '.version="${{ needs.versioning.outputs.semver }}"' "${yaml}" | |
sed -i '/version:.*/d' "${yaml}" | |
echo 'version: ${{ needs.versioning.outputs.semver }}' >> "${yaml}" | |
done | |
arch_version='${{ needs.publish.outputs[format('{0}_version', matrix.arch)] }}' | |
sed -i "s#FROM bh.cr/${{ env.BLOCK_PREFIX }}-%%BALENA_ARCH%%#FROM bh.cr/${{ env.BLOCK_PREFIX }}-%%BALENA_ARCH%%/${arch_version}#g" Dockerfile.template | |
- name: push draft or finalise release | |
id: build | |
uses: balena-io/deploy-to-balena-action@master | |
with: | |
balena_token: ${{ secrets.BALENA_API_KEY }} | |
environment: ${{ env.ENVIRONMENT }} | |
fleet: ${{ matrix.fleet }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: update balena release notes | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
fleet_id="$(curl "https://api.${{ env.ENVIRONMENT }}/v6/application?\$filter=slug%20eq%20'${{ matrix.fleet }}'&\$select=id" \ | |
-H 'Content-Type: application/json' \ | |
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
| jq -r '.d[].id')" | |
release_id='${{ steps.build.outputs.release_id }}' | |
if [[ -z $release_id ]]; then | |
release_id=$(curl --retry 3 --fail \ | |
"https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${fleet_id}&\$select=id,semver,is_final,is_invalidated,release_type" \ | |
-H 'Content-Type: application/json' \ | |
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
| jq -r --arg semver '${{ needs.versioning.outputs.semver }}' \ | |
'.d[] | select((.semver==$semver) and (.is_final==true) and (.is_invalidated==false) and (.release_type=="final")).id' \ | |
| head -n 1) | |
fi | |
release_notes="$(echo '${{ needs.release-notes.outputs.release_notes }}' \ | |
| base64 -d \ | |
| awk '{printf "%s\\n", $0}')" | |
curl --retry 3 --fail \ | |
-X PATCH "https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${fleet_id}%20and%20id%20eq%20${release_id}" \ | |
-H 'Content-Type: application/json' \ | |
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \ | |
-d "{\"note\":\"${release_notes}\"}" | |
commit: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true | |
needs: | |
- versioning | |
- deploy | |
strategy: | |
fail-fast: true | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
# https://github.com/marketplace/actions/git-auto-commit#push-to-protected-branches | |
# https://github.com/orgs/community/discussions/25305 | |
token: ${{ secrets.PAT }} | |
fetch-depth: 0 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
# https://github.com/cookpete/auto-changelog | |
- name: set release version(s) and prepare CHANGELOG.md | |
run: | | |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x | |
sudo npm --location=global install auto-changelog | |
git tag '${{ needs.versioning.outputs.version_tag }}' | |
for yaml in unzoner/balena.yml balena.yml; do | |
#yq -i e '.version="${{ needs.versioning.outputs.semver }}"' "${yaml}" | |
sed -i '/version:.*/d' "${yaml}" | |
echo 'version: ${{ needs.versioning.outputs.semver }}' >> "${yaml}" | |
done | |
auto-changelog | |
git tag --delete '${{ needs.versioning.outputs.version_tag }}' | |
- name: import GPG key | |
id: import-gpg-key | |
uses: crazy-max/ghaction-import-gpg@v4 | |
with: | |
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
git_config_global: true | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
# https://github.com/marketplace/actions/git-auto-commit | |
- name: Commit CHANGELOG and versioned asset(s) | |
uses: stefanzweifel/git-auto-commit-action@v4 | |
# https://stackoverflow.com/a/61565445/1559300 | |
with: | |
add_options: -u | |
branch: ${{ github.base_ref }} | |
commit_author: ${{ steps.import-gpg-key.outputs.name }} <${{ steps.import-gpg-key.outputs.email }}> | |
commit_message: | | |
ci: Update CHANGELOG and ${{ needs.versioning.outputs.version_tag }} asset(s) | |
Signed-off-by: ${{ steps.import-gpg-key.outputs.name }} <${{ steps.import-gpg-key.outputs.email }}> | |
commit_options: --no-verify --signoff | |
commit_user_email: ${{ steps.import-gpg-key.outputs.email }} | |
commit_user_name: ${{ steps.import-gpg-key.outputs.name }} | |
disable_globbing: true | |
file_pattern: CHANGELOG.md balena.yml unzoner/balena.yml | |
push_options: --force | |
skip_checkout: true | |
skip_dirty_check: true | |
skip_fetch: true | |
status_options: --untracked-files=no | |
tagging_message: ${{ needs.versioning.outputs.version_tag }} |