feat(ips): adding rules management #3233
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build NethSecurity image" | |
on: | |
workflow_dispatch: | |
inputs: | |
target: | |
description: "Target architecture" | |
required: true | |
default: 'x86_64' | |
type: choice | |
options: | |
- x86_64 | |
- lamobo | |
push: | |
branches: | |
- 'main' | |
paths: | |
- 'config/**' | |
- 'files/**' | |
- 'packages/**' | |
- 'patches/**' | |
tags: | |
- '*' | |
pull_request: | |
paths: | |
- 'config/**' | |
- 'files/**' | |
- 'packages/**' | |
- 'patches/**' | |
jobs: | |
publish_images: | |
name: 'Build NethSecurity image' | |
runs-on: self-hosted | |
env: | |
DO_SPACE_NAME: 'nethsecurity' | |
DO_SPACE_REGION: 'ams3' | |
CDN_NAME: 'updates.nethsecurity.nethserver.org' | |
USIGN_PUB_KEY: ${{ secrets.USIGN_PUB_KEY }} | |
USIGN_PRIV_KEY: ${{ secrets.USIGN_PRIV_KEY }} | |
NETIFYD_ACCESS_TOKEN: ${{ secrets.NETIFYD_ACCESS_TOKEN }} | |
TARGET: ${{ github.event.inputs.target }} | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GH_REPO: ${{ github.repository }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 500 | |
- name: Fetch tag annotations | |
run: | | |
# Fetch tag manually because fetch-tags option for checkout@v4 does not work | |
git fetch --force --tags --depth 500 | |
- id: read_tag | |
name: Set VERSION env variable | |
if: ${{ startsWith(github.ref, 'refs/tags') }} | |
run: | | |
# Set tag from GitHub: using git describe for tags inside the run script | |
# seems not working | |
echo "VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
- id: build | |
name: Build the image | |
run: | | |
# Build the image | |
# The run script will set VERSION, REPO_CHANNEL, and OWRT_VERSION env variables | |
./run | |
- id: release | |
name: Update latest_release file | |
run: | | |
# Create release file pointing to 8-VERSION | |
echo 8-${{ env.VERSION }} > latest_release | |
- uses: actions/upload-artifact@v4 | |
name: Publish image as temporary artifact | |
with: | |
name: image | |
compression-level: 0 | |
path: | | |
bin/targets/**/nethsecurity-*.img.gz | |
!bin/targets/**/nethsecurity-*rootfs.img.gz | |
- uses: BetaHuhn/do-spaces-action@v2 | |
name: Publish packages inside the rolling repository | |
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} | |
with: | |
access_key: ${{ secrets.DO_SPACE_ACCESS_KEY }} | |
secret_key: ${{ secrets.DO_SPACE_SECRET_KEY }} | |
space_name: ${{ env.DO_SPACE_NAME }} | |
space_region: ${{ env.DO_SPACE_REGION }} | |
cdn_domain: ${{ env.CDN_DOMAIN }} | |
source: bin/packages | |
out_dir: ${{ env.REPO_CHANNEL }}/${{ env.OWRT_VERSION }}/packages | |
- uses: BetaHuhn/do-spaces-action@v2 | |
name: Publish images inside the rolling repository | |
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} | |
with: | |
access_key: ${{ secrets.DO_SPACE_ACCESS_KEY }} | |
secret_key: ${{ secrets.DO_SPACE_SECRET_KEY }} | |
space_name: ${{ env.DO_SPACE_NAME }} | |
space_region: ${{ env.DO_SPACE_REGION }} | |
cdn_domain: ${{ env.CDN_DOMAIN }} | |
source: bin/targets | |
out_dir: ${{ env.REPO_CHANNEL }}/${{ env.OWRT_VERSION }}/targets | |
- uses: BetaHuhn/do-spaces-action@v2 | |
name: Publish packages inside the fixed repository | |
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} | |
with: | |
access_key: ${{ secrets.DO_SPACE_ACCESS_KEY }} | |
secret_key: ${{ secrets.DO_SPACE_SECRET_KEY }} | |
space_name: ${{ env.DO_SPACE_NAME }} | |
space_region: ${{ env.DO_SPACE_REGION }} | |
cdn_domain: ${{ env.CDN_DOMAIN }} | |
source: bin/packages | |
out_dir: ${{ env.REPO_CHANNEL }}/8-${{ env.VERSION }}/packages | |
- uses: BetaHuhn/do-spaces-action@v2 | |
name: Publish images inside the fixed repository | |
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} | |
with: | |
access_key: ${{ secrets.DO_SPACE_ACCESS_KEY }} | |
secret_key: ${{ secrets.DO_SPACE_SECRET_KEY }} | |
space_name: ${{ env.DO_SPACE_NAME }} | |
space_region: ${{ env.DO_SPACE_REGION }} | |
cdn_domain: ${{ env.CDN_DOMAIN }} | |
source: bin/targets | |
out_dir: ${{ env.REPO_CHANNEL }}/8-${{ env.VERSION }}/targets | |
- uses: BetaHuhn/do-spaces-action@v2 | |
name: Publish latest_release inside the repository | |
if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags') }} | |
with: | |
access_key: ${{ secrets.DO_SPACE_ACCESS_KEY }} | |
secret_key: ${{ secrets.DO_SPACE_SECRET_KEY }} | |
space_name: ${{ env.DO_SPACE_NAME }} | |
space_region: ${{ env.DO_SPACE_REGION }} | |
cdn_domain: ${{ env.CDN_DOMAIN }} | |
source: latest_release | |
out_dir: ${{ env.REPO_CHANNEL }}/ | |
- id: issue_comment | |
name: Add comment for issue ready to be tested | |
if: ${{ github.ref == 'refs/heads/main' }} | |
run: | | |
tools/issue-comment | |
- id: bumper | |
name: Bump ns-packages | |
if: ${{ github.ref == 'refs/heads/main' }} | |
run: | | |
tools/package-bumper |