Use GitHub Actions (#1005)

* Initial version of release workflow using GitHub Actions Add release workflow using GitHub Actions to replace the current Azure DevOps pipeline. Currently the same functionality is implemented. This uses multiple builds in parallel to make better use of CPU resources. Remove Azure DevOps pipeline. * Add GitHub Actions workflow for pull-request checks Lint Dockerfile and shell scripts when PRs are opened. * Use multiple runners in parallel Buildroot has stretches where CPU resources are not fully utilized. Spawn multiple builds accross builders to increase load. Also sort them by architecture to maximize ccache hit rate. * Checkout before validate version
2020-11-19 12:29:21 +01:00
parent 7c25f7c187
commit 3f5b28a0b4
4 changed files with 157 additions and 150 deletions
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -0,0 +1,20 @@
+# Home Assistant Operating System pull-request checks
+
+name: PR checks
+
+on: [pull_request]
+
+jobs:
+  linters:
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v1
+    - name: Check Dockerfile
+      uses: brpaz/hadolint-action@v1.1.0
+      with:
+        dockerfile: Dockerfile
+    - name: Check shell scripts
+      uses: ludeeus/action-shellcheck@1.0.0
+      with:
+        ignore: "buildroot"
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -0,0 +1,137 @@
+# Home Assistant Operating System release build workflow
+
+name: Release build
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  validate_release:
+    name: Validate release
+    runs-on: [ "ubuntu-20.04" ]
+    outputs:
+      version: ${{ steps.version_check.outputs.version }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Validate version
+        id: version_check
+        run: |
+          major=$(cat ${GITHUB_WORKSPACE}/buildroot-external/meta | grep VERSION_MAJOR | cut -d'=' -f2)
+          build=$(cat ${GITHUB_WORKSPACE}/buildroot-external/meta | grep VERSION_BUILD | cut -d'=' -f2)
+          if [ "${major}.${build}" != "${{ github.event.release.tag_name }}" ]; then
+            echo "Version number in Buildroot metadata is does not match tag (${major}.${build} vs ${{ github.event.release.tag_name }})."
+            exit 1
+          fi
+          echo "::set-output name=version::${major}.${build}"
+
+  build:
+    name: Release build for ${{ matrix.board.name }}
+    needs: validate_release
+    strategy:
+      matrix:
+        board:
+          - {"name": "ova", "output": "ova", "runner": "x86-64-runner"}
+          - {"name": "intel_nuc", "output": "intel-nuc", "runner": "x86-64-runner"}
+          - {"name": "odroid_c2", "output": "odroid-c2", "runner": "aarch64-runner"}
+          - {"name": "odroid_c4", "output": "odroid-c4", "runner": "aarch64-runner"}
+          - {"name": "odroid_n2", "output": "odroid-n2", "runner": "aarch64-runner"}
+          - {"name": "odroid_xu4", "output": "odroid-xu4" , "runner": "aarch64-runner"}
+          - {"name": "rpi", "output": "rpi", "runner": "arm-runner"}
+          - {"name": "rpi0_w", "output": "rpi0-w", "runner": "arm-runner"}
+          - {"name": "rpi2", "output": "rpi2", "runner": "arm-runner"}
+          - {"name": "rpi3", "output": "rpi3", "runner": "arm-runner"}
+          - {"name": "rpi3_64", "output": "rpi3-64", "runner": "aarch64-runner"}
+          - {"name": "rpi4", "output": "rpi4", "runner": "arm-runner"}
+          - {"name": "rpi4_64", "output": "rpi4-64", "runner": "aarch64-runner"}
+          - {"name": "tinker", "output": "tinker", "runner": "arm-runner"}
+    runs-on: ${{ matrix.board.runner }}
+
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v2
+
+      - name: Build container
+        run: docker build -t haos-builder .
+
+      - name: 'Add release PKI certs'
+        env:
+          RAUC_CERTIFICATE: ${{ secrets.RAUC_CERTIFICATE }}
+          RAUC_PRIVATE_KEY: ${{ secrets.RAUC_PRIVATE_KEY }}
+        run: |
+          echo -e "-----BEGIN CERTIFICATE-----\n${RAUC_CERTIFICATE}\n-----END CERTIFICATE-----" > cert.pem
+          echo -e "-----BEGIN PRIVATE KEY-----\n${RAUC_PRIVATE_KEY}\n-----END PRIVATE KEY-----" > key.pem
+
+      - name: Build
+        run: |
+          BUILDER_UID="$(id -u)"
+          BUILDER_GID="$(id -g)"
+          docker run --rm --privileged -v "${GITHUB_WORKSPACE}:/build" \
+            -e BUILDER_UID="${BUILDER_UID}" -e BUILDER_GID="${BUILDER_GID}" \
+            -v "${{ matrix.board.runner }}-build-cache:/cache" \
+            haos-builder make ${{ matrix.board.name }}
+
+      - name: Upload disk image
+        if: ${{ matrix.board.name != 'ova' }}
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ${{ github.workspace }}/release/hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.img.gz
+          asset_name: hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.img.gz
+          asset_content_type: application/gzip
+
+      - name: Upload rauc update
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ${{ github.workspace }}/release/hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.raucb
+          asset_name: hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.raucb
+          asset_content_type: application/octet-stream
+
+      - name: Upload qcow2 image
+        if: ${{ matrix.board.name == 'ova' }}
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ${{ github.workspace }}/release/hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.qcow2.gz
+          asset_name: hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.qcow2.gz
+          asset_content_type: application/gzip
+
+      - name: Upload vdi image
+        if: ${{ matrix.board.name == 'ova' }}
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ${{ github.workspace }}/release/hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.vdi.gz
+          asset_name: hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.vdi.gz
+          asset_content_type: application/gzip
+
+      - name: Upload vhdx image
+        if: ${{ matrix.board.name == 'ova' }}
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ${{ github.workspace }}/release/hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.vhdx.gz
+          asset_name: hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.vhdx.gz
+          asset_content_type: application/gzip
+
+      - name: Upload vmdk image
+        if: ${{ matrix.board.name == 'ova' }}
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ${{ github.workspace }}/release/hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.vmdk.gz
+          asset_name: hassos_${{ matrix.board.output }}-${{ needs.validate_release.outputs.version }}.vmdk.gz
+          asset_content_type: application/gzip