Skip to content

Repository update #2229

Repository update

Repository update #2229

name: Repository update (admin)
on:
repository_dispatch:
types: ["Repository update"]
workflow_dispatch:
inputs:
partial:
type: boolean
description: "Add https://netcup.armbian.com/partial/ to stable repo"
default: false
concurrency:
group: pipeline
cancel-in-progress: false
jobs:
Check:
name: "Check membership" # Only release manager can execute this manually
runs-on: fast
steps:
- name: "Check membership"
uses: armbian/actions/team-check@main
with:
ORG_MEMBERS: ${{ secrets.ORG_MEMBERS }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TEAM: "Release manager"
external:
name: "Download external"
needs: Check
if: ${{ github.repository_owner == 'Armbian' }}
uses: armbian/scripts/.github/workflows/download-and-test-external.yml@main
with:
ACCESS_NAME: armbian
BUILD_RUNNER: "ubuntu-latest"
secrets:
GPG_KEY1: ${{ secrets.GPG_KEY1 }}
GPG_PASSPHRASE1: ${{ secrets.GPG_PASSPHRASE1 }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
KEY_UPLOAD: ${{ secrets.KEY_UPLOAD }}
HOST_UPLOAD: ${{ secrets.HOST_UPLOAD }}
HOST_UPLOAD_USER: ${{ secrets.HOST_UPLOAD_USER }}
HOST_UPLOAD_PORT: ${{ secrets.HOST_UPLOAD_PORT }}
KNOWN_HOSTS_ARMBIAN_UPLOAD: ${{ secrets.KNOWN_HOSTS_ARMBIAN_UPLOAD }}
gradle:
needs: external
strategy:
fail-fast: false
max-parallel: 8
matrix:
repository: ["debs-beta","debs"]
name: Make
runs-on: repository
steps:
- name: Checkout build repository
uses: actions/checkout@v4
with:
repository: armbian/build
fetch-depth: 1
clean: false
- name: Import GPG key
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_KEY1 }}
passphrase: ${{ secrets.GPG_PASSPHRASE1 }}
- name: "Build repository ${{ matrix.repository }}"
run: |
REPOSITORY="${{ matrix.repository }}"
TARGET=${REPOSITORY/debs/repository}
sudo chown -R ${USER}:${USER} /outgoing/${TARGET} /incoming/${REPOSITORY}
# delete older packages
declare -A delete_packages
DELETE_AFTER="22.08"
delete_packages=(
["discord"]="% *"
["fastfetch"]="% *"
["test_delete_pkg"]="% *"
)
# Loop over the array of packages
for key in "${!delete_packages[@]}"
do
tools/repository/repo \
-i /incoming/${{ matrix.repository }} \
-o /outgoing/${TARGET} \
-p ${{ secrets.GPG_PASSPHRASE1 }} -c delete -l "Name (% $key*), \$Version (${delete_packages[$key]})"
done
# include packages from manually made images
if [[ "${{ github.event.inputs.partial }}" == "true" ]]; then
if [[ "${{ matrix.repository }}" == "debs" ]]; then
# add from partial
sudo chown -R ${USER}:${USER} /incoming/partial/
tools/repository/repo -i /incoming/partial/debs -o /outgoing/repository -p ${{ secrets.GPG_PASSPHRASE1 }} -c update
fi
else
# beta is always made from scratch
if [[ "${{ matrix.repository }}" == "debs-beta" ]]; then
sudo rm -rf /outgoing/repository-beta/*
fi
# add from incoming
tools/repository/repo -i /incoming/${{ matrix.repository }} -o /outgoing/${TARGET} -p ${{ secrets.GPG_PASSPHRASE1 }} -c update
fi
# fix folder permissions
sudo chown -R ${{ secrets.HOST_UPLOAD_USER }}:${{ secrets.HOST_UPLOAD_USER }} /incoming/${REPOSITORY}
Prepare:
name: "Upload to servers"
needs: gradle
outputs:
matrix: ${{steps.json.outputs.JSON_CONTENT}}
runs-on: ubuntu-latest
steps:
- name: Get primary mirrors from database
id: json
run: |
echo 'JSON_CONTENT<<EOF' >> $GITHUB_OUTPUT
curl -H "Authorization: Token ${{ secrets.NETBOX_TOKEN }}" -H "Accept: application/json; indent=4" \
"https://stuff.armbian.com/netbox/api/virtualization/virtual-machines/?limit=500&name__empty=false&device_role=Mirror&tag=push&status=active" \
| jq '.results[] | .name' | grep -v null | sed "s/\"//g" | jq -cnR '[inputs | select(length>0)]' | jq >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
Sync:
name: "Files"
runs-on: repository-sync
needs: Prepare
outputs:
matrix: ${{needs.Prepare.outputs.matrix}}
if: ${{ needs.Prepare.outputs.matrix != '[]' && needs.Prepare.outputs.matrix != '' }}
timeout-minutes: 90
strategy:
max-parallel: 8
fail-fast: false
matrix:
node: ${{fromJson(needs.Prepare.outputs.matrix)}}
steps:
- name: Install SSH key
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.KEY_UPLOAD }}
known_hosts: ${{ secrets.KNOWN_HOSTS_ARMBIAN_UPLOAD }}
if_key_exists: replace
- name: What to sync?
run: |
JSON=$(curl -H "Authorization: Token ${{ secrets.NETBOX_TOKEN }}" -H "Accept: application/json; indent=4" \
"https://stuff.armbian.com/netbox/api/virtualization/virtual-machines/?limit=500&name__empty=false&name=${{ matrix.node }}" | jq)
SERVER_PATH=$(echo $JSON | jq '.results[] | .custom_fields["path"]' | sed "s/\"//g")
SERVER_PORT=$(echo $JSON | jq '.results[] | .custom_fields["port"]' | sed "s/\"//g")
SERVER_USERNAME=$(echo $JSON | jq '.results[] | .custom_fields["username"]' | sed "s/\"//g")
TARGETS=($(echo $JSON | jq '.results[] | .tags' | jq '.[].name' | grep -v null | grep -v Push | sed "s/\"//g"))
for target in "${TARGETS[@]}"; do
ssh-keygen -f "${HOME}/.ssh/known_hosts" -R "${{ matrix.node }}"
echo "Synching $target" >> $GITHUB_STEP_SUMMARY
if [[ "$target" == "debs" ]]; then rsync -ar --checksum --progress -e "ssh -p ${SERVER_PORT} -o StrictHostKeyChecking=accept-new" --exclude "dists" --exclude "control" /outgoing/repository/public/ ${SERVER_USERNAME}@${{ matrix.node }}:${SERVER_PATH}/apt ; fi
if [[ "$target" == "debs-beta" && "${{ github.event.inputs.partial }}" != "true" ]]; then rsync -ar --checksum --progress -e "ssh -p ${SERVER_PORT} -o StrictHostKeyChecking=accept-new" --exclude "dists" --exclude "control" /outgoing/repository-beta/public/ ${SERVER_USERNAME}@${{ matrix.node }}:${SERVER_PATH}/beta ; fi
done
Index:
name: "Index"
runs-on: repository-sync
needs: Sync
if: ${{ needs.Sync.outputs.matrix != '[]' && needs.Sync.outputs.matrix != '' }}
timeout-minutes: 60
strategy:
max-parallel: 8
fail-fast: false
matrix:
node: ${{fromJson(needs.Sync.outputs.matrix)}}
steps:
- name: Install SSH key
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.KEY_UPLOAD }}
known_hosts: ${{ secrets.KNOWN_HOSTS_ARMBIAN_UPLOAD }}
if_key_exists: replace
- name: What to sync?
run: |
JSON=$(curl -H "Authorization: Token ${{ secrets.NETBOX_TOKEN }}" -H "Accept: application/json; indent=4" \
"https://stuff.armbian.com/netbox/api/virtualization/virtual-machines/?limit=500&name__empty=false&name=${{ matrix.node }}" | jq)
SERVER_PATH=$(echo $JSON | jq '.results[] | .custom_fields["path"]' | sed "s/\"//g")
SERVER_PORT=$(echo $JSON | jq '.results[] | .custom_fields["port"]' | sed "s/\"//g")
SERVER_USERNAME=$(echo $JSON | jq '.results[] | .custom_fields["username"]' | sed "s/\"//g")
TARGETS=($(echo $JSON | jq '.results[] | .tags' | jq '.[].name' | grep -v null | grep -v Push | sed "s/\"//g"))
for target in "${TARGETS[@]}"; do
ssh-keygen -f "${HOME}/.ssh/known_hosts" -R "${{ matrix.node }}"
echo "Synching $target" >> $GITHUB_STEP_SUMMARY
if [[ "$target" == "debs-beta" && "${{ github.event.inputs.partial }}" != "true" ]]; then rsync -ar --checksum --progress -e "ssh -p ${SERVER_PORT} -o StrictHostKeyChecking=accept-new" /outgoing/repository-beta/public/ ${SERVER_USERNAME}@${{ matrix.node }}:${SERVER_PATH}/beta ; fi
# delete at the end
if [[ "$target" == "debs-beta" && "${{ github.event.inputs.partial }}" != "true" ]]; then rsync -ar --checksum --progress --delete -e "ssh -p ${SERVER_PORT} -o StrictHostKeyChecking=accept-new" /outgoing/repository-beta/public/ ${SERVER_USERNAME}@${{ matrix.node }}:${SERVER_PATH}/beta ; fi
done
# fix folder permissions
sudo chown -R ${{ secrets.HOST_UPLOAD_USER }}:${{ secrets.HOST_UPLOAD_USER }} /incoming/
dispatch:
name: "Refresh web and redirector index"
if: ${{ github.repository_owner == 'Armbian' }}
needs: Index
runs-on: ubuntu-latest
steps:
- name: "Run webindex update action"
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.DISPATCH }}
repository: armbian/os
event-type: "Webindex update"
- name: "Run redirector update action"
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.DISPATCH }}
repository: armbian/os
event-type: "Redirector update"
#
# - name: Repository Dispatch
# uses: peter-evans/repository-dispatch@v3
# with:
# token: ${{ secrets.DISPATCH }}
# repository: 'armbian/os'
# event-type: "Smoke tests"
# client-payload: '{"powermanagement": true}'