fix: reset loop if any tunnel interface is not passing traffic #209

Workflow file for this run

	---
	name: publish to balenaCloud

	on:
	# https://github.com/orgs/community/discussions/26724
	pull_request:
	types: [opened, synchronize, closed]
	branches:
	- master

	env:
	ENVIRONMENT: balena-cloud.com
	BLOCK_PREFIX: belodetek/unzoner
	VERBOSE: true

	jobs:
	versioning:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: true
	outputs:
	semver: ${{ steps.semver.outputs.version }}
	version_tag: ${{ steps.semver.outputs.version_tag }}

	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0

	# https://github.com/marketplace/actions/git-semantic-version
	- name: generate new semantic version
	id: semver
	uses: paulhatch/semantic-version@v4.0.2
	with:
	# https://www.conventionalcommits.org
	format: "${major}.${minor}.${patch}"
	major_pattern: "/major:\\s\|Change-type:\\smajor/gmi"
	minor_pattern: "/minor:\\s\|Change-type:\\sminor/gmi"

	- name: check semver
	run: \|
	[[ ${{ env.VERBOSE }} =~ true\|True\|On\|on\|1 ]] && set -x

	echo 'changed: ${{ steps.semver.outputs.changed }}'
	echo 'increment: ${{ steps.semver.outputs.increment }}'
	echo 'major: ${{ steps.semver.outputs.major }}'
	echo 'minor: ${{ steps.semver.outputs.minor }}'
	echo 'patch: ${{ steps.semver.outputs.patch }}'
	echo 'version: ${{ steps.semver.outputs.version }}'
	echo 'version_tag: ${{ steps.semver.outputs.version_tag }}'

	release-notes:
	runs-on: ubuntu-latest
	needs: versioning
	strategy:
	fail-fast: true
	outputs:
	release_notes: ${{ steps.release-notes.outputs.release_notes }}

	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- uses: actions/setup-node@v3
	with:
	node-version: 18

	# https://github.com/cookpete/auto-changelog
	- name: generate release notes
	id: release-notes
	run: \|
	[[ ${{ env.VERBOSE }} =~ true\|True\|On\|on\|1 ]] && set -x

	sudo npm --location=global install auto-changelog

	tmpfile="$(mktemp)"

	git tag '${{ needs.versioning.outputs.version_tag }}'

	auto-changelog \
	--output "${tmpfile}" \
	--starting-version '${{ needs.versioning.outputs.version_tag }}' \
	--ending-version '${{ needs.versioning.outputs.version_tag }}'

	release_notes="$(cat < "${tmpfile}")" && rm -f "${tmpfile}"

	echo "::set-output name=release_notes::$(echo "${release_notes}" \| openssl base64 -A)"

	publish:
	runs-on: ubuntu-latest
	needs:
	- versioning
	- release-notes
	strategy:
	fail-fast: true
	matrix:
	arch:
	- aarch64
	- amd64
	- armv7hf
	outputs:
	aarch64_release_id: ${{ steps.block.outputs.aarch64_release_id }}
	aarch64_version: ${{ steps.block.outputs.aarch64_version }}
	amd64_release_id: ${{ steps.block.outputs.amd64_release_id }}
	amd64_version: ${{ steps.block.outputs.amd64_version }}
	armv7hf_release_id: ${{ steps.block.outputs.armv7hf_release_id }}
	armv7hf_version: ${{ steps.block.outputs.armv7hf_version }}

	steps:
	- uses: actions/checkout@v3

	- name: install additional dependencies
	if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false
	run: \|
	sudo apt install -y git-secret

	- name: import GPG key
	id: import-gpg-key
	if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false
	uses: crazy-max/ghaction-import-gpg@v4
	with:
	gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.GPG_PASSPHRASE }}

	- name: reveal secrets
	if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false
	run: \|
	git secret reveal -fp '${{ secrets.GPG_PASSPHRASE }}'

	- name: update release version(s)
	run: \|
	[[ ${{ env.VERBOSE }} =~ true\|True\|On\|on\|1 ]] && set -x

	# FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/188
	rm docker-compose.yml

	# https://github.com/mikefarah/yq/issues/439
	#yq -i e '.version="${{ needs.versioning.outputs.semver }}"' unzoner/balena.yml
	sed -i '/version:.*/d' unzoner/balena.yml
	echo 'version: ${{ needs.versioning.outputs.semver }}' >> unzoner/balena.yml

	- name: push draft or finalise release
	id: build
	uses: balena-io/deploy-to-balena-action@master
	with:
	balena_token: ${{ secrets.BALENA_API_KEY }}
	environment: ${{ env.ENVIRONMENT }}
	fleet: ${{ env.BLOCK_PREFIX }}-${{ matrix.arch }}
	github_token: ${{ secrets.GITHUB_TOKEN }}
	source: unzoner

	- name: export block build results
	id: block
	run: \|
	[[ ${{ env.VERBOSE }} =~ true\|True\|On\|on\|1 ]] && set -x

	block_id="$(curl "https://api.${{ env.ENVIRONMENT }}/v6/application?\$filter=slug%20eq%20'${{ env.BLOCK_PREFIX }}-${{ matrix.arch }}'&\$select=id" \
	-H 'Content-Type: application/json' \
	-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
	\| jq -r '.d[].id')"

	# FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/193
	arch_version='${{ steps.build.outputs.version }}'
	release_id='${{ steps.build.outputs.release_id }}'

	if [[ -z $arch_version ]]; then
	arch_version='${{ needs.versioning.outputs.semver }}'
	fi

	if [[ -z $release_id ]]; then
	release_id=$(curl --retry 3 --fail \
	"https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${block_id}&\$select=id,semver,is_final,is_invalidated,release_type" \
	-H 'Content-Type: application/json' \
	-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
	\| jq -r --arg semver '${{ needs.versioning.outputs.semver }}' \
	'.d[] \| select((.semver==$semver) and (.is_final==true) and (.is_invalidated==false) and (.release_type=="final")).id' \
	\| head -n 1)
	fi

	echo "::set-output name=${{ matrix.arch }}_block_id::${block_id}"
	echo "::set-output name=${{ matrix.arch }}_release_id::${release_id}"
	echo "::set-output name=${{ matrix.arch }}_version::${arch_version}"

	# FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/194
	- name: update balena release notes
	run: \|
	[[ ${{ env.VERBOSE }} =~ true\|True\|On\|on\|1 ]] && set -x

	# https://github.com/orgs/community/discussions/25634
	release_id='${{ steps.block.outputs[format('{0}_release_id', matrix.arch)] }}'

	block_id='${{ steps.block.outputs[format('{0}_block_id', matrix.arch)] }}'

	# FIXME: probably require additional escaping of JSON reserved characters
	release_notes="$(echo '${{ needs.release-notes.outputs.release_notes }}' \
	\| base64 -d \
	\| awk '{printf "%s\\n", $0}')"

	curl --retry 3 --fail \
	-X PATCH "https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${block_id}%20and%20id%20eq%20${release_id}" \
	-H 'Content-Type: application/json' \
	-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
	-d "{\"note\":\"${release_notes}\"}"

	deploy:
	runs-on: ubuntu-latest
	needs:
	- publish
	- release-notes
	- versioning
	strategy:
	fail-fast: true
	matrix:
	fleet:
	# black.box Unzoner fleets
	- belodetek/blackbox-aarch64
	- belodetek/blackbox-amd64
	- belodetek/blackbox-amd64-raw
	- belodetek/blackbox-armv7hf
	# https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#expanding-or-adding-matrix-configurations
	include:
	- arch: aarch64
	fleet: belodetek/blackbox-aarch64
	- arch: amd64
	fleet: belodetek/blackbox-amd64
	- arch: amd64
	fleet: belodetek/blackbox-amd64-raw
	- arch: armv7hf
	fleet: belodetek/blackbox-armv7hf

	steps:
	- uses: actions/checkout@v3

	- name: update release version(s)
	run: \|
	[[ ${{ env.VERBOSE }} =~ true\|True\|On\|on\|1 ]] && set -x

	for yaml in unzoner/balena.yml balena.yml; do
	#yq -i e '.version="${{ needs.versioning.outputs.semver }}"' "${yaml}"
	sed -i '/version:.*/d' "${yaml}"
	echo 'version: ${{ needs.versioning.outputs.semver }}' >> "${yaml}"
	done

	arch_version='${{ needs.publish.outputs[format('{0}_version', matrix.arch)] }}'

	sed -i "s#FROM bh.cr/${{ env.BLOCK_PREFIX }}-%%BALENA_ARCH%%#FROM bh.cr/${{ env.BLOCK_PREFIX }}-%%BALENA_ARCH%%/${arch_version}#g" Dockerfile.template

	- name: push draft or finalise release
	id: build
	uses: balena-io/deploy-to-balena-action@master
	with:
	balena_token: ${{ secrets.BALENA_API_KEY }}
	environment: ${{ env.ENVIRONMENT }}
	fleet: ${{ matrix.fleet }}
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: update balena release notes
	run: \|
	[[ ${{ env.VERBOSE }} =~ true\|True\|On\|on\|1 ]] && set -x

	fleet_id="$(curl "https://api.${{ env.ENVIRONMENT }}/v6/application?\$filter=slug%20eq%20'${{ matrix.fleet }}'&\$select=id" \
	-H 'Content-Type: application/json' \
	-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
	\| jq -r '.d[].id')"

	release_id='${{ steps.build.outputs.release_id }}'

	if [[ -z $release_id ]]; then
	release_id=$(curl --retry 3 --fail \
	"https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${fleet_id}&\$select=id,semver,is_final,is_invalidated,release_type" \
	-H 'Content-Type: application/json' \
	-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
	\| jq -r --arg semver '${{ needs.versioning.outputs.semver }}' \
	'.d[] \| select((.semver==$semver) and (.is_final==true) and (.is_invalidated==false) and (.release_type=="final")).id' \
	\| head -n 1)
	fi

	release_notes="$(echo '${{ needs.release-notes.outputs.release_notes }}' \
	\| base64 -d \
	\| awk '{printf "%s\\n", $0}')"

	curl --retry 3 --fail \
	-X PATCH "https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${fleet_id}%20and%20id%20eq%20${release_id}" \
	-H 'Content-Type: application/json' \
	-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
	-d "{\"note\":\"${release_notes}\"}"

	commit:
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true
	needs:
	- versioning
	- deploy
	strategy:
	fail-fast: true

	steps:
	- uses: actions/checkout@v3
	with:
	# https://github.com/marketplace/actions/git-auto-commit#push-to-protected-branches
	# https://github.com/orgs/community/discussions/25305
	token: ${{ secrets.PAT }}
	fetch-depth: 0

	- uses: actions/setup-node@v3
	with:
	node-version: 18

	# https://github.com/cookpete/auto-changelog
	- name: set release version(s) and prepare CHANGELOG.md
	run: \|
	[[ ${{ env.VERBOSE }} =~ true\|True\|On\|on\|1 ]] && set -x

	sudo npm --location=global install auto-changelog

	git tag '${{ needs.versioning.outputs.version_tag }}'

	for yaml in unzoner/balena.yml balena.yml; do
	#yq -i e '.version="${{ needs.versioning.outputs.semver }}"' "${yaml}"
	sed -i '/version:.*/d' "${yaml}"
	echo 'version: ${{ needs.versioning.outputs.semver }}' >> "${yaml}"
	done

	auto-changelog

	git tag --delete '${{ needs.versioning.outputs.version_tag }}'

	- name: import GPG key
	id: import-gpg-key
	uses: crazy-max/ghaction-import-gpg@v4
	with:
	gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.GPG_PASSPHRASE }}
	git_config_global: true
	git_user_signingkey: true
	git_commit_gpgsign: true

	# https://github.com/marketplace/actions/git-auto-commit
	- name: Commit CHANGELOG and versioned asset(s)
	uses: stefanzweifel/git-auto-commit-action@v4
	# https://stackoverflow.com/a/61565445/1559300
	with:
	add_options: -u
	branch: ${{ github.base_ref }}
	commit_author: ${{ steps.import-gpg-key.outputs.name }} <${{ steps.import-gpg-key.outputs.email }}>
	commit_message: \|
	ci: Update CHANGELOG and ${{ needs.versioning.outputs.version_tag }} asset(s)

	Signed-off-by: ${{ steps.import-gpg-key.outputs.name }} <${{ steps.import-gpg-key.outputs.email }}>

	commit_options: --no-verify --signoff
	commit_user_email: ${{ steps.import-gpg-key.outputs.email }}
	commit_user_name: ${{ steps.import-gpg-key.outputs.name }}
	disable_globbing: true
	file_pattern: CHANGELOG.md balena.yml unzoner/balena.yml
	push_options: --force
	skip_checkout: true
	skip_dirty_check: true
	skip_fetch: true
	status_options: --untracked-files=no
	tagging_message: ${{ needs.versioning.outputs.version_tag }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: reset loop if any tunnel interface is not passing traffic #209

Workflow file

fix: reset loop if any tunnel interface is not passing traffic #209

Jobs

Run details

Workflow file for this run