test(workflows): testing adding trixie to examples #279
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Example Reusable Integration | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: write | |
| attestations: write | |
| # This workflow demonstrates the complete CI/CD pipeline using all reusable | |
| # workflows from shared-workflows. It shows how to chain workflows together to | |
| # create a production-ready artifact pipeline with build-info aggregation. | |
| # | |
| # WORKFLOW FLOW: | |
| # 1. extract-version: Extract version from test file | |
| # 2. build-packages: Build packages across multiple platforms using matrix strategy (uses reusable_execute-build.yaml) | |
| # 3. package-built-artifacts: Package built artifacts into distributable formats (handles packaging in this example but could be done in the build step) | |
| # 4. sign-artifacts: GPG sign the packaged artifacts for security (uses reusable_sign-artifacts.yaml) | |
| # 5. deploy-artifacts: Deploy signed artifacts to JFrog Artifactory (uses reusable_deploy-artifacts.yaml) | |
| # 6. create-release-bundle: Create a release bundle from deployed artifacts (uses reusable_create-release-bundle.yaml) | |
| # | |
| # | |
| # USAGE: | |
| # This example demonstrates best practices for integrating shared-workflows | |
| # components into a complete CI/CD pipeline with build-info aggregation. | |
| # ============================================================================= | |
| jobs: | |
| # Manual dispatches should not take arguments. | |
| # here we use a file (VERSION.example) to set the test version that will be used. | |
| # Since this action actually produces an immutable release bundle you must remove it or change the version | |
| # to remove the test bundle use the command `jf rbdell test-release --project test 1.2.3` | |
| # In a real CI/CD pipeline you could trigger on version tag or commit also. Here we use the file so we can show the behaviour on demand. | |
| extract-version: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Extract Version | |
| id: extract | |
| uses: ./.github/actions/extract-version-from-tag | |
| with: | |
| version-file: .github/workflows/VERSION.example | |
| outputs: | |
| version: ${{ steps.extract.outputs.version }} | |
| git_tag: ${{ steps.extract.outputs.git_tag }} | |
| # reusable_execute-build.yaml is a reusable workflow that enables building the project. This step | |
| # could be done another way, but the advantage of using the reusable workflow is that it allows | |
| # a single workflow that can be instrumented in the future. | |
| # This is also an example of using a matrix strategy to build in GHA | |
| build-packages: | |
| uses: aerospike/shared-workflows/.github/workflows/[email protected] | |
| needs: extract-version | |
| # Matrix strategy: Multi-platform builds across Ubuntu/Debian/RPM families (x86_64 native, ARM64 emulated) | |
| strategy: | |
| matrix: | |
| include: | |
| # Ubuntu/Debian family (x86_64) | |
| - distro: jammy | |
| arch: x86_64 | |
| runs-on: ubuntu-22.04 | |
| emulated: false | |
| - distro: noble | |
| arch: x86_64 | |
| runs-on: ubuntu-22.04 | |
| emulated: false | |
| - distro: trixie | |
| arch: x86_64 | |
| runs-on: ubuntu-22.04 | |
| emulated: false | |
| # - distro: focal | |
| # arch: x86_64 | |
| # runs-on: ubuntu-22.04 | |
| # emulated: false | |
| # - distro: bullseye | |
| # arch: x86_64 | |
| # runs-on: ubuntu-22.04 | |
| # emulated: false | |
| # - distro: bookworm | |
| # arch: x86_64 | |
| # runs-on: ubuntu-22.04 | |
| # emulated: false | |
| # # Ubuntu/Debian family (arm64) - emulated by default | |
| # # set emulated to false to run on real arm64 runners but as of 8/14/2025, the queue times are too long | |
| # - distro: jammy | |
| # arch: arm64 | |
| # runs-on: ubuntu-22.04 | |
| # emulated: true | |
| # - distro: noble | |
| # arch: arm64 | |
| # runs-on: ubuntu-22.04 | |
| # emulated: true | |
| # - distro: focal | |
| # arch: arm64 | |
| # runs-on: ubuntu-22.04 | |
| # emulated: true | |
| # - distro: bullseye | |
| # arch: arm64 | |
| # runs-on: ubuntu-22.04 | |
| # emulated: true | |
| # - distro: bookworm | |
| # arch: arm64 | |
| # runs-on: ubuntu-22.04 | |
| # emulated: true | |
| # # RPM family (x86_64 only - no ARM support) | |
| - distro: el8 | |
| arch: x86_64 | |
| runs-on: ubuntu-22.04 | |
| emulated: false | |
| - distro: el9 | |
| arch: x86_64 | |
| runs-on: ubuntu-22.04 | |
| emulated: false | |
| # - distro: amzn2023 | |
| # arch: x86_64 | |
| # runs-on: ubuntu-22.04 | |
| # emulated: false | |
| # RPM family (arm64) - requires real ARM runners (commented out due to queue times) | |
| # - distro: el8 | |
| # arch: arm64 | |
| # runs-on: ubuntu-latest-arm64 | |
| # emulated: false | |
| # - distro: el9 | |
| # arch: arm64 | |
| # runs-on: ubuntu-latest-arm64 | |
| # emulated: false | |
| # - distro: amzn2023 | |
| # arch: arm64 | |
| # runs-on: ubuntu-latest-arm64 | |
| # emulated: false | |
| with: | |
| runs-on: ${{ matrix.runs-on }} | |
| jf-project: test | |
| jf-build-name: test-build | |
| jf-build-id: ${{ github.run_number }}-buildinfo-${{ matrix.distro }}-${{ matrix.arch }} | |
| gh-checkout-path: project-location # In the case of running in shared_workflows gh_checkout_path and gh_source_path will have the same content but we put them here by way of example. | |
| # gh-workflows-ref: v2.0.2 | |
| gh-source-path: repo-source | |
| working-directory: repo-source/.github/workflows/execute-build/test_apps/hi | |
| build-script: | | |
| echo "DISTRO: ${{ matrix.distro }}" | |
| echo "ARCH: ${{ matrix.arch }}" | |
| echo "EMULATED: ${{ matrix.emulated }}" | |
| echo "MAKEFILE: " | |
| cat Makefile | |
| which gcc | |
| pwd | |
| find . | |
| DISTRO=${{ matrix.distro }} \ | |
| ARCH=${{ matrix.arch }} \ | |
| EMULATED=${{ matrix.emulated }} \ | |
| make docker-build | |
| gh-artifact-directory: build | |
| gh-artifact-name: build-artifacts-${{ matrix.distro }}-${{ matrix.arch }} | |
| gh-retention-days: 1 # default | |
| jf-url: https://artifact.aerospike.io # default | |
| oidc-provider-name: gh-dev-test | |
| oidc-audience: aerospike/testing | |
| publish-build-info: true | |
| dry-run: false # default | |
| # This job demonstrates custom packaging logic using standard GitHub Actions (actions/checkout, actions/download-artifact, actions/upload-artifact) | |
| # No reusable actions from shared-workflows are used here - this is custom packaging logic that could be done in the build step | |
| # In this case it is using fpm to generate debs and rpms and uploading them to be processed further. | |
| # building and packaging could be done in the build step if we wanted to package on the distro as the build | |
| # but here we do it separate. It takes the output from the matrix builds and uploads them to gitub in a single directory. | |
| package-built-artifacts: | |
| needs: [build-packages, extract-version] | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 1 | |
| - name: Download All Matrix Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: build-artifacts | |
| merge-multiple: true | |
| - name: Package Artifacts | |
| run: | | |
| .github/workflows/execute-build/test_apps/hi/package.sh --target hi --version ${{ needs.extract-version.outputs.version }} \ | |
| --packages-dir build-artifacts --output-dir packaged-artifacts | |
| - name: Upload packaged Artifacts | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: build-artifacts | |
| path: packaged-artifacts | |
| overwrite: true | |
| retention-days: 1 | |
| sign-artifacts: | |
| needs: package-built-artifacts | |
| uses: aerospike/shared-workflows/.github/workflows/[email protected] #update to 2.0.2 once released | |
| with: | |
| gh-retention-days: 1 | |
| gh-artifact-name: packaged-artifacts | |
| # gh-workflows-ref: v2.0.2 # Use specific shared-workflows version | |
| secrets: | |
| gpg-private-key: ${{ secrets.GPG_SECRET_KEY }} | |
| gpg-public-key: ${{ secrets.GPG_PUBLIC_KEY }} | |
| gpg-key-pass: ${{ secrets.GPG_PASS }} | |
| deploy-artifacts: | |
| needs: [sign-artifacts, extract-version] | |
| uses: aerospike/shared-workflows/.github/workflows/[email protected] | |
| with: | |
| jf-project: test | |
| jf-build-name: test-build | |
| jf-metadata-build-id: ${{ github.run_number }}-buildinfo | |
| jf-build-id: ${{ github.run_number }} | |
| gh-artifact-name: ${{ needs.sign-artifacts.outputs.gh-artifact-name }} | |
| version: ${{ needs.extract-version.outputs.version }} | |
| gh-retention-days: 1 | |
| # gh-workflows-ref: v2.0.2 # Use specific shared-workflows version | |
| oidc-provider-name: gh-dev-test | |
| oidc-audience: aerospike/testing | |
| dry-run: false | |
| build-docker-deploy: | |
| uses: aerospike/shared-workflows/.github/workflows/[email protected] | |
| needs: [extract-version, package-built-artifacts] #don't really need package-built-artifacts but we need that to finish first. | |
| with: | |
| jf-project: test | |
| image-name: test-image | |
| tag: artifact.aerospike.io/test-container-dev-local/test-image:${{ needs.extract-version.outputs.version }} | |
| context: ./.github/workflows/execute-build/test_apps/hi | |
| file: ./.github/workflows/execute-build/test_apps/hi/Dockerfile | |
| jf-build-name: test-build-container | |
| use-artifacts: | |
| needs: [build-docker-deploy, extract-version, deploy-artifacts] | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Install JFrog CLI | |
| id: jf | |
| uses: jfrog/setup-jfrog-cli@5b06f730cc5a6f55d78b30753f8583454b08c0aa # v4.8.1 | |
| env: | |
| JF_URL: https://artifact.aerospike.io | |
| JF_PROJECT: test | |
| with: | |
| oidc-provider-name: gh-dev-test | |
| oidc-audience: aerospike/testing | |
| - name: Docker login to Artifactory | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: artifact.aerospike.io/test-container-dev-local | |
| username: ${{ steps.jf.outputs.oidc-user }} | |
| password: ${{ steps.jf.outputs.oidc-token }} | |
| - name: execute-docker-build | |
| run: | | |
| docker run --rm --platform linux/amd64 artifact.aerospike.io/test-container-dev-local/test-image:${{ needs.extract-version.outputs.version }} | |
| - name: Install packages | |
| run: | | |
| set -euo pipefail | |
| wget -qO - https://artifact.aerospike.io/artifactory/api/security/keypair/aerospike/public \ | |
| | sudo gpg --dearmor -o /usr/share/keyrings/aerospike.gpg | |
| export DEBIAN_FRONTEND=noninteractive | |
| CODENAME=$(lsb_release -sc) # e.g. bookworm, jammy, noble | |
| ARCH=$(dpkg --print-architecture) # e.g. amd64, arm64 | |
| KEYRING=/usr/share/keyrings/aerospike.gpg | |
| REPO="artifact.aerospike.io/artifactory/test-deb-dev-local" | |
| sudo install -m 600 /dev/null /etc/apt/auth.conf.d/aerospike.conf | |
| { | |
| echo "machine artifact.aerospike.io" | |
| echo "login ${{ steps.jf.outputs.oidc-user }}" | |
| echo "password ${{ steps.jf.outputs.oidc-token }}" | |
| } | sudo tee /etc/apt/auth.conf.d/aerospike.conf >/dev/null | |
| cat <<EOF | sudo tee /etc/apt/sources.list.d/aerospike.list | |
| deb [arch=$ARCH signed-by=$KEYRING] https://$REPO $CODENAME main | |
| EOF | |
| sudo apt-get update && sudo apt-get install hi -y | |
| echo "the test binary says:" | |
| hi | |
| use-rpm-artifacts: | |
| runs-on: ubuntu-22.04 | |
| container: | |
| image: rockylinux:9 | |
| needs: [extract-version, deploy-artifacts] | |
| steps: | |
| - name: Install JFrog CLI | |
| id: jf | |
| uses: jfrog/setup-jfrog-cli@5b06f730cc5a6f55d78b30753f8583454b08c0aa # v4.8.1 | |
| env: | |
| JF_URL: https://artifact.aerospike.io | |
| JF_PROJECT: test | |
| with: | |
| oidc-provider-name: gh-dev-test | |
| oidc-audience: aerospike/testing | |
| - name: Set up RPM repository | |
| run: | # Detect OS distro and version | |
| JF_USERNAME=${{ steps.jf.outputs.oidc-user }} | |
| JF_TOKEN=${{ steps.jf.outputs.oidc-token }} | |
| if [ -f /etc/os-release ]; then | |
| . /etc/os-release | |
| case "$ID" in | |
| rhel|centos|almalinux|rocky) | |
| DIST="el${VERSION_ID%%.*}" | |
| ;; | |
| amzn) | |
| if [[ "$VERSION_ID" == "2023" ]]; then | |
| DIST="amzn2023" | |
| else | |
| echo "Unsupported Amazon Linux version: $VERSION_ID" | |
| exit 1 | |
| fi | |
| ;; | |
| *) | |
| echo "Unsupported distro: $ID" | |
| exit 1 | |
| ;; | |
| esac | |
| else | |
| echo "Cannot determine OS version" | |
| exit 1 | |
| fi | |
| ARCH=$(uname -m) # e.g., x86_64, aarch64 | |
| REPO_FILE="/etc/yum.repos.d/aerospike-${DIST,,}-all.repo" | |
| # Write .repo content | |
| tee "$REPO_FILE" > /dev/null <<EOF | |
| [aerospike-${DIST,,}-test] | |
| name=Aerospike RPM Repo DEV for ${DIST^^} (\$basearch) | |
| baseurl=https://artifact.aerospike.io/artifactory/test-rpm-dev-local/${DIST,,}/$ARCH/ | |
| username=${JF_USERNAME} | |
| password=${JF_TOKEN} | |
| enabled=1 | |
| gpgcheck=1 | |
| gpgkey=https://artifact.aerospike.io/artifactory/api/security/keypair/aerospike/public | |
| EOF | |
| echo "--------------------------------" | |
| cat "$REPO_FILE" | |
| echo "--------------------------------" | |
| echo "Aerospike .repo file written to $REPO_FILE" | |
| - name: Install RPMs | |
| run: | | |
| yum install hi -y | |
| echo "the test binary says:" | |
| hi | |
| create-release-bundle: | |
| needs: [use-artifacts, use-rpm-artifacts, extract-version, deploy-artifacts] | |
| uses: aerospike/shared-workflows/.github/workflows/[email protected] | |
| if: github.event_name == 'workflow_dispatch' | |
| with: | |
| jf-project: test | |
| jf-build-names: test-build:${{ github.run_number }},test-build-container:${{ github.run_number }} | |
| jf-bundle-name: test-release | |
| version: ${{ needs.extract-version.outputs.version }} | |
| # gh-workflows-ref: v2.0.2 # Use specific shared-workflows version | |
| oidc-provider-name: gh-dev-test | |
| oidc-audience: aerospike/testing | |
| dry-run: false |