forked from ThyMYthOS/folding-at-home
-
Notifications
You must be signed in to change notification settings - Fork 2
89 lines (77 loc) · 3.41 KB
/
package_and_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
on:
push:
branches:
- main
pull_request:
branches: [main]
types: [opened, synchronize]
schedule:
# this string has quotes because '*' is a special character in YAML
- cron: '0 */12 * * *' # Every 12 hours at minute 0
jobs:
packaging_snap:
runs-on: ubuntu-22.04
env:
SNAP_NAME: folding-at-home-fcole90
steps:
- name: Install Review Tools
run: sudo snap install review-tools
# Download the snap, check notices, inline the JSON output and save as 'env.CVEs'
- name: Check CVEs
if: ${{ github.event_name == 'schedule' }}
run: |
snap download ${{ env.SNAP_NAME }}
review-tools.check-notices ${{ env.SNAP_NAME }}*.snap --with-cves
echo "CVEs=$(review-tools.check-notices ${{ env.SNAP_NAME }}*.snap --with-cves | sed -Ez 's/\n//g')" >> $GITHUB_ENV
rm ${{ env.SNAP_NAME }}*.snap
# Print notices on screen and set 'HAS_CVE' to 'true' or 'false' ( /!\ Note that it is a string)
- name: Print Notices and Set HAS_CVE env variable
if: ${{ github.event_name == 'schedule' }}
run: |
echo "Notices: ${{ env.CVEs }}"
echo "Notices: ${{ toJSON(fromJSON(env.CVEs)) }}"
echo "HAS_CVE=${{ !contains(toJSON((fromJSON(env.CVEs).*.*)), '{}') }}" >> $GITHUB_ENV
echo "Has CVE? ${{ !contains(toJSON((fromJSON(env.CVEs).*.*)), '{}') }}"
- name: Decide if should rebuild
run: |
echo SHOULD_BUILD=$(echo ${{ github.event_name == 'push' || (github.event_name == 'schedule' && env.HAS_CVE == 'true') }}) >> $GITHUB_ENV
- uses: actions/checkout@v3
if: ${{ fromJSON(env.SHOULD_BUILD) }}
- name: Install and Configure LXD and Snapcraft
if: ${{ fromJSON(env.SHOULD_BUILD) }}
run: |
echo "Get latest LXD"
sudo snap refresh --channel=stable lxd
echo "Add usermod..."
sudo usermod --append --groups lxd $USER
echo "Waiting LXD to be ready..."
sudo /snap/bin/lxd waitready
echo "Initialise LXD (auto)..."
sudo /snap/bin/lxd init --auto
echo "Get socket ownership..."
sudo chown $USER:$USER /var/snap/lxd/common/lxd/unix.socket
echo "Installing snapcraft in the LXD container..."
sg lxd -c "sudo snap install snapcraft --classic"
- name: Disable firewall
if: ${{ fromJSON(env.SHOULD_BUILD) }}
run: |
sudo ufw disable
- name: Snap Store Login Verification
if: ${{ fromJSON(env.SHOULD_BUILD) }}
env: # Export secret as an environment variable
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
run: |
snapcraft whoami || (echo "Cannot determine who I am." && exit 1)
- name: Build Snap
if: ${{ fromJSON(env.SHOULD_BUILD) }}
run: sg lxd -c "SNAPCRAFT_BUILD_INFO=1 snapcraft --use-lxd"
- name: Check Files
run: ls
- name: Review Snap
if: ${{ fromJSON(env.SHOULD_BUILD) }}
run: review-tools.snap-review ${{ env.SNAP_NAME }}*.snap
- name: Snap Store Release
if: ${{ fromJSON(env.SHOULD_BUILD) }}
env: # Export secret as an environment variable
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
run: snapcraft upload --release=stable ${{ env.SNAP_NAME }}*.snap