-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reusable debian package builder workflow (#21)
* Create reusable-builder-debian.yml
- Loading branch information
1 parent
ec018eb
commit 4a26b95
Showing
1 changed file
with
92 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
# Copyright 2020 Wayback Archiver. All rights reserved. | ||
# Use of this source code is governed by the MIT license | ||
# that can be found in the LICENSE file. | ||
|
||
name: Debian Package Builder | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
product: | ||
type: string | ||
required: true | ||
description: 'Product or package name' | ||
go-arch: | ||
type: string | ||
default: 'amd64' | ||
description: 'Golang version, defaults to amd64' | ||
go-arm: | ||
type: string | ||
description: 'Golang arm environment' | ||
artifact-path: | ||
type: string | ||
required: true | ||
description: 'Path to stores artifacts.' | ||
secrets: | ||
wayback-ipfs-apikey: | ||
description: 'Managed IPFS credential for distribution binaries.' | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
debian-builder: | ||
name: Debian Package Builder | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34 # v1.5.0 | ||
with: | ||
egress-policy: block | ||
disable-telemetry: true | ||
allowed-endpoints: > | ||
github.com:443 | ||
api.github.com:443 | ||
deb.debian.org:443 | ||
auth.docker.io:443 | ||
registry-1.docker.io:443 | ||
production.cloudflare.docker.com:443 | ||
storage.googleapis.com:443 | ||
proxy.golang.org:443 | ||
sum.golang.org:443 | ||
- name: Check out code base | ||
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' | ||
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 | ||
with: | ||
fetch-depth: 0 | ||
persist-credentials: false | ||
|
||
- name: Check out code base | ||
if: github.event_name == 'pull_request' | ||
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 | ||
with: | ||
fetch-depth: 0 | ||
persist-credentials: false | ||
ref: ${{ github.event.pull_request.head.sha }} | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 | ||
|
||
- name: Build Debian package | ||
id: builder | ||
env: | ||
WAYBACK_IPFS_APIKEY: ${{ secrets.wayback-ipfs-apikey }} | ||
GOARCH: ${{ inputs.go-arch }} | ||
GOARM: ${{ inputs.go-arm }} | ||
run: | | ||
TARGET="${GOARCH}" | ||
if [[ -n "${GOARM}" ]]; then | ||
TARGET="${GOARCH}v${GOARM}" | ||
fi | ||
PKG_ARCH="${TARGET//v8}" | ||
PKG_ARCH="${PKG_ARCH//32}" | ||
make debian DEB_IMG_ARCH=${TARGET} PKG_ARCH=${PKG_ARCH} | ||
echo "filename=${{ inputs.product }}-deb-${PKG_ARCH}" >> $GITHUB_OUTPUT | ||
- name: Upload artifacts | ||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 | ||
with: | ||
name: ${{ steps.builder.outputs.filename }} | ||
path: ${{ inputs.artifact-path }} | ||
if-no-files-found: error |