diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index 1bf71a46..00000000 --- a/.drone.yml +++ /dev/null @@ -1,183 +0,0 @@ ---- -kind: pipeline -type: kubernetes -name: default - -steps: - - name: setup-ci - image: autonomy/build-container:latest - commands: - - git fetch --tags - - install-ci-key - - setup-buildx-amd64-arm64 - environment: - SSH_KEY: - from_secret: ssh_key - resources: - requests: - cpu: 24000 - memory: 48GiB - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: build-pull-request - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - commands: - - make - when: - event: - include: - - pull_request - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: build-nonfree-pull-request - depends_on: - - build-pull-request - image: autonomy/build-container:latest - pull: always - commands: - - make nonfree - when: - event: - include: - - pull_request - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: reproducibility-test - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - commands: - - make reproducibility-test - when: - target: - include: - - integration-reproducibility - event: - exclude: - - pull_request - - tag - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: reproducibility-test-cron - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - commands: - - make reproducibility-test - when: - cron: - - weekly - event: - exclude: - - pull_request - - tag - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - - - name: build-and-publish - depends_on: - - setup-ci - image: autonomy/build-container:latest - pull: always - environment: - GHCR_USERNAME: - from_secret: ghcr_username - GHCR_PASSWORD: - from_secret: ghcr_token - commands: - - docker login ghcr.io --username "$${GHCR_USERNAME}" --password "$${GHCR_PASSWORD}" - - make PUSH=true - - make nonfree PUSH=true - when: - event: - exclude: - - pull_request - - promote - - cron - volumes: - - name: docker-socket - path: /var/run - - name: ssh - path: /root/.ssh - - name: docker - path: /root/.docker/buildx - -trigger: - branch: - exclude: - - renovate/* - - dependabot/* - -volumes: - - name: docker-socket - host: - path: /var/ci-docker - - name: docker - temp: {} - - name: ssh - temp: {} ---- -kind: pipeline -type: kubernetes -name: notify - -clone: - disable: true - -steps: - - name: slack - image: plugins/slack - settings: - webhook: - from_secret: slack_webhook - channel: proj-talos-maintainers - when: - status: - - success - - failure - -trigger: - branch: - exclude: - - renovate/* - - dependabot/* - status: - - success - - failure - -depends_on: - - default diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 00000000..0a2b09bc --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,104 @@ +name: default +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +on: + push: + branches: + - main + - release-* + tags: + - v* + pull_request: + branches: + - main + - release-* +jobs: + default: + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) + permissions: + packages: write + runs-on: + - self-hosted + - pkgs + outputs: + labels: ${{ steps.workflow-run-info.outputs.pullRequestLabels }} + services: + buildkitd: + image: moby/buildkit:buildx-stable-1 + ports: + - 1234:1234 + options: --privileged + volumes: + - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit + - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml + steps: + - name: checkout + uses: actions/checkout@v3 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://localhost:1234 + append: | + - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 + platforms: linux/arm64 + - name: build + run: | + make + - name: build nonfree + run: | + make nonfree + - name: Login to registry + if: github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + username: ${{ github.repository_owner }} + - name: Push to registry + if: github.event_name != 'pull_request' + run: | + make PUSH=true + make nonfree PUSH=true + - name: Retrieve workflow info + id: workflow-run-info + uses: potiuk/get-workflow-origin@v1_5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + reproducibility: + runs-on: + - self-hosted + - pkgs + if: contains(needs.default.outputs.labels, 'integration/reproducibility') + needs: + - default + services: + buildkitd: + image: moby/buildkit:buildx-stable-1 + ports: + - 1234:1234 + options: --privileged + volumes: + - /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit + - /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml + steps: + - name: checkout + uses: actions/checkout@v3 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://localhost:1234 + append: | + - endpoint: tcp://buildkit-arm64.ci.svc.cluster.local:1234 + platforms: linux/arm64 + - name: reproducibility + run: | + make reproducibility-test diff --git a/.github/workflows/slack-notify.yaml b/.github/workflows/slack-notify.yaml new file mode 100644 index 00000000..218fc031 --- /dev/null +++ b/.github/workflows/slack-notify.yaml @@ -0,0 +1,87 @@ +name: slack-notify +"on": + workflow_run: + workflows: + - default + - weekly + types: + - completed +jobs: + slack-notify: + runs-on: + - self-hosted + if: ${{ github.event.workflow_run.conclusion != 'skipped' }} + steps: + - name: Retrieve Workflow Run Info + id: retrieve-workflow-run-info + uses: potiuk/get-workflow-origin@v1_5 + with: + sourceRunId: ${{ github.event.workflow_run.id }} + token: ${{ secrets.GITHUB_TOKEN }} + - name: Slack Notify + uses: slackapi/slack-github-action@v1 + with: + channel-id: proj-talos-maintainers + payload: | + { + "attachments": [ + { + "color": "${{ github.event.workflow_run.conclusion == 'success' && '#2EB886' || github.event.workflow_run.conclusion == 'failure' && '#A30002' || '#FFCC00' }}", + "fallback": "test", + "blocks": [ + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "${{ github.event.workflow_run.event == 'pull_request' && format('*Pull Request:* {0} (`{1}`)\n<{2}/pull/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, steps.retrieve-workflow-run-info.outputs.pullRequestNumber, github.event.workflow_run.display_title) || format('*Build:* {0}#{1} (`{2}`)', github.repository, github.sha, github.ref_name) }}" + }, + { + "type": "mrkdwn", + "text": "*Status:*\n`${{ github.event.workflow_run.conclusion }}`" + } + ] + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Author:*\n`${{ github.actor }}`" + }, + { + "type": "mrkdwn", + "text": "*Event:*\n`${{ github.event.workflow_run.event }}`" + } + ] + }, + { + "type": "divider" + }, + { + "type": "actions", + "elements": [ + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Logs" + }, + "url": "${{ github.event.workflow_run.html_url }}" + }, + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Commit" + }, + "url": "${{ github.event.repository.html_url }}/commit/${{ github.sha }}" + } + ] + } + ] + } + ] + } + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/ipmitool/pkg.yaml b/ipmitool/pkg.yaml index 14c3b14a..f168e320 100644 --- a/ipmitool/pkg.yaml +++ b/ipmitool/pkg.yaml @@ -10,6 +10,8 @@ steps: destination: ipmitool.tar.gz sha256: "{{ .ipmitool_sha256 }}" sha512: "{{ .ipmitool_sha512 }}" + env: + SOURCE_DATE_EPOCH: {{ .BUILD_ARG_SOURCE_DATE_EPOCH }} prepare: - | tar -xzf ipmitool.tar.gz --strip-components=1 @@ -52,6 +54,8 @@ steps: - | cd build make install DESTDIR=/rootfs + # ipmitool downloads this file, so set a static timestamp + touch -ch -t $(date -d @${SOURCE_DATE_EPOCH} +%Y%m%d0000) /rootfs/usr/share/misc/enterprise-numbers finalize: - from: /rootfs to: /