Skip to content

Packaging

Packaging #800

Workflow file for this run

name: Packaging
on:
push:
# Don't run on dev branches because when testing changes we may want to
# run with the single_job argument set to speed up testing and avoid
# wasting resources, but the automatic run will just run all of the jobs.
branches:
- 'main'
workflow_dispatch:
inputs:
single_job:
description: 'Run only the specified job'
required: false
type: string
default: ''
schedule:
- cron: '0 0 * * 0'
# TODO: Use a matrix here for the different permutations of settings to invoke the reusable workflow with?
jobs:
full:
if: ${{ inputs.single_job == '' || inputs.single_job == 'full' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
secrets: inherit
with:
artifact_prefix: full_
strict_mode: true
cross_build_rules: pkg/rules/cross-build-rules.yml
cross_build_args: --no-default-features
docker_org: ximoneighteen
docker_repo: ploutos-testing_full
docker_build_rules: pkg/rules/docker-build-rules.yml
package_build_rules: |
image:
- "ubuntu:bionic"
- "ubuntu:jammy" # ubuntu/22.04
- "debian:stretch"
- "debian:buster"
- "debian:bullseye"
- "debian:bookworm"
- "centos:7"
- "rockylinux:8" # compatible with RHEL/CentOS 8
- "rockylinux:9" # compatible with RHEL 9
target: x86_64
include:
# package for the Raspberry Pi 1b as an ARMv6 cross compiled variant of the Debian Buster upon which
# Raspbian 10 is based.
- image: "debian:buster"
target: "arm-unknown-linux-gnueabihf"
deb_extra_lintian_args: "--suppress-tags binary-without-manpage,changelog-not-compressed-with-max-compression"
- image: "centos:7"
systemd_service_unit_file: "pkg/common/mytest.mytest.*"
target: "x86_64"
# CentOS 8 became EOL and is in theory still usable as a build container as there is still a Docker image
# available, and package installation can be done by switching the yum config in the container to use packages
# from the CentOS 8 vault rather than the now offline actual CentOS 8 repository. However, due to experiencing
# lots of timed out connections to the vault we will build the CentOS 8 compatible package in a Rocky Linux
# container instead, as Rocky Linux is 100% compatible with CentOS 8. The server at packages.nlnetlabs.nl
# however has a repo for CentOS 8, not Rocky Linux, and determines the repo to publish in based on the name of
# the archive that we produce below which is in turn based by default on the container image used to build. We
# therefore in this case need to specify that the O/S we are building for has a different name than the Docker
# image we are building it in.
- image: "rockylinux:8"
systemd_service_unit_file: "pkg/common/mytest.mytest.*"
target: "x86_64"
os: "centos:8"
rpm_rpmlint_check_filters: "no-documentation no-manual-page-for-binary"
- image: "rockylinux:9"
systemd_service_unit_file: "pkg/common/mytest.mytest.*"
target: "x86_64"
rpm_rpmlint_check_filters: "no-documentation no-manual-page-for-binary"
- image: "ubuntu:bionic"
deb_extra_lintian_args: "--suppress-tags binary-without-manpage,changelog-not-compressed-with-max-compression"
- image: "ubuntu:jammy"
deb_extra_lintian_args: "--suppress-tags no-manual-page,changelog-not-compressed-with-max-compression"
- image: "debian:stretch"
deb_extra_lintian_args: "--suppress-tags binary-without-manpage,changelog-not-compressed-with-max-compression"
- image: "debian:buster"
deb_extra_lintian_args: "--suppress-tags binary-without-manpage,changelog-not-compressed-with-max-compression"
- image: "debian:bullseye"
deb_extra_lintian_args: "--suppress-tags binary-without-manpage,changelog-not-compressed-with-max-compression"
- image: "debian:bookworm"
deb_extra_lintian_args: "--suppress-tags binary-without-manpage,changelog-not-compressed-with-max-compression"
package_test_rules: pkg/rules/package-test-rules.yml
package_test_scripts_path: pkg/test-scripts/test-<package>.sh
deb_extra_build_packages: libssl-dev
deb_apt_key_url: "https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/apt-key.asc"
deb_apt_source: "deb https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/${OS_NAME}/ ${OS_REL} main"
rpm_scriptlets_path: pkg/rpm/scriptlets.toml
rpm_yum_key_url: "https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/yum-key.asc"
rpm_yum_repo: |
[nlnetlabs]
name=NLnet Labs
baseurl=https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/centos/$releasever/main/$basearch
enabled=1
check_full:
if: ${{ inputs.single_job == '' || inputs.single_job == 'full' }}
runs-on: ubuntu-latest
needs: full
steps:
- name: Check Docker image publication
if: ${{ (contains(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && !needs.full.outputs.docker_images_published }}
uses: actions/github-script@v6
with:
script: |
core.setFailed("Expected Docker images to have been published but output `docker_images_published` is false")
- name: Check Docker manifest publication
if: ${{ (contains(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && !needs.full.outputs.docker_manifest_published }}
uses: actions/github-script@v6
with:
script: |
core.setFailed("Expected Docker manifest to have been published but output `docker_manifest_published` is false")
minimal:
if: ${{ inputs.single_job == '' || inputs.single_job == 'minimal' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
no_test_scripts:
if: ${{ inputs.single_job == '' || inputs.single_job == 'no_test_scripts' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
secrets: inherit
with:
artifact_prefix: no_test_scripts_
cross_build_args: --no-default-features
docker_org: ximoneighteen
docker_repo: ploutos-testing_no_test_scripts
docker_build_rules: pkg/rules/docker-build-rules.yml
package_build_rules: pkg/rules/package-build-rules.yml
package_test_rules: pkg/rules/package-test-rules.yml
deb_extra_build_packages: libssl-dev
deb_apt_key_url: 'https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/apt-key.asc'
deb_apt_source: 'deb https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/${OS_NAME}/ ${OS_REL} main'
rpm_scriptlets_path: pkg/rpm/scriptlets.toml
rpm_yum_key_url: 'https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/yum-key.asc'
rpm_yum_repo: |
[nlnetlabs]
name=NLnet Labs
baseurl=https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/centos/$releasever/main/$basearch
enabled=1
default_tests:
if: ${{ inputs.single_job == '' || inputs.single_job == 'default_tests' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
secrets: inherit
with:
artifact_prefix: default_tests_
cross_build_args: --no-default-features
docker_org: ximoneighteen
docker_repo: ploutos-testing_default_tests
docker_build_rules: pkg/rules/docker-build-rules.yml
package_build_rules: pkg/rules/package-build-rules.yml
package_test_scripts_path: pkg/test-scripts/test-<package>.sh
deb_extra_build_packages: libssl-dev
deb_apt_key_url: 'https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/apt-key.asc'
deb_apt_source: 'deb https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/${OS_NAME}/ ${OS_REL} main'
rpm_scriptlets_path: pkg/rpm/scriptlets.toml
default_tests_with_upgrades:
if: ${{ inputs.single_job == '' || inputs.single_job == 'default_tests_with_upgrades' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
secrets: inherit
with:
artifact_prefix: default_tests_with_upgrades_
package_build_rules: |
pkg:
- "mytest"
image:
- "ubuntu:bionic"
- "ubuntu:jammy"
- "debian:buster"
- "rockylinux:8"
mode:
- "fresh-install"
target:
- "x86_64"
test-image:
- ""
include:
- pkg: "mytest"
image: "ubuntu:jammy"
target: "x86_64"
mode: "upgrade-from-published"
- pkg: "mytest"
image: "rockylinux:8"
systemd_service_unit_file: "pkg/common/mytest.mytest.*"
target: "x86_64"
mode: "fresh-install"
- pkg: "mytest"
image: "rockylinux:8"
systemd_service_unit_file: "pkg/common/mytest.mytest.*"
target: "x86_64"
mode: "upgrade-from-published"
- pkg: "mytest"
image: "rockylinux:8"
target: "x86_64"
test-image: "almalinux:8"
- pkg: "mytest"
image: "rockylinux:8"
target: "x86_64"
test-image: "centos:9-Stream"
package_test_scripts_path: pkg/test-scripts/test-<package>.sh
deb_extra_build_packages: libssl-dev
deb_apt_key_url: 'https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/apt-key.asc'
deb_apt_source: 'deb https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/${OS_NAME}/ ${OS_REL} main'
rpm_scriptlets_path: pkg/rpm/scriptlets.toml
rpm_yum_key_url: 'https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/yum-key.asc'
rpm_yum_repo: |
[nlnetlabs]
name=NLnet Labs
baseurl=https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/centos/$releasever/main/$basearch
enabled=1
no_tests:
if: ${{ inputs.single_job == '' || inputs.single_job == 'no_tests' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
secrets: inherit
with:
artifact_prefix: no_tests_
cross_build_args: --no-default-features
docker_org: ximoneighteen
docker_repo: ploutos-testing_no_tests
docker_build_rules: pkg/rules/docker-build-rules.yml
package_build_rules: pkg/rules/package-build-rules.yml
package_test_rules: none
deb_extra_build_packages: libssl-dev
deb_apt_key_url: 'https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/apt-key.asc'
deb_apt_source: 'deb https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/${OS_NAME}/ ${OS_REL} main'
rpm_scriptlets_path: pkg/rpm/scriptlets.toml
rpm_yum_key_url: 'https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/yum-key.asc'
rpm_yum_repo: |
[nlnetlabs]
name=NLnet Labs
baseurl=https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/centos/$releasever/main/$basearch
enabled=1
no_docker:
if: ${{ inputs.single_job == '' || inputs.single_job == 'no_docker' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
with:
artifact_prefix: no_docker_
cross_build_args: --no-default-features
package_build_rules: pkg/rules/package-build-rules.yml
package_test_rules: pkg/rules/package-test-rules.yml
package_test_scripts_path: pkg/test-scripts/test-<package>.sh
deb_extra_build_packages: libssl-dev
deb_apt_key_url: 'https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/apt-key.asc'
deb_apt_source: 'deb https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/${OS_NAME}/ ${OS_REL} main'
rpm_scriptlets_path: pkg/rpm/scriptlets.toml
rpm_yum_key_url: 'https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/yum-key.asc'
rpm_yum_repo: |
[nlnetlabs]
name=NLnet Labs
baseurl=https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/centos/$releasever/main/$basearch
enabled=1
only_docker:
if: ${{ inputs.single_job == '' || inputs.single_job == 'only_docker' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
secrets: inherit
with:
artifact_prefix: only_docker_
cross_build_args: --no-default-features
docker_org: ximoneighteen
docker_repo: ploutos-testing_only_docker
docker_build_rules: pkg/rules/docker-build-rules.yml
check_only_docker:
if: ${{ inputs.single_job == '' || inputs.single_job == 'only_docker' }}
runs-on: ubuntu-latest
needs: only_docker
steps:
- name: Check Docker image publication
if: ${{ (contains(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && !needs.only_docker.outputs.docker_images_published }}
uses: actions/github-script@v6
with:
script: |
core.setFailed("Expected Docker images to have been published but output `docker_images_published` is false")
- name: Check Docker manifest publication
if: ${{ (contains(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && !needs.only_docker.outputs.docker_manifest_published }}
uses: actions/github-script@v6
with:
script: |
core.setFailed("Expected Docker manifest to have been published but output `docker_manifest_published` is false")
docker_no_secrets:
if: ${{ inputs.single_job == '' || inputs.single_job == 'docker_no_secrets' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
with:
artifact_prefix: docker_no_secrets_
docker_org: ximoneighteen
docker_repo: ploutos-testing_docker_no_secrets
docker_build_rules: |
platform: ["linux/amd64"]
shortname: ["amd64"]
mode: ["build"]
no_cross:
if: ${{ inputs.single_job == '' || inputs.single_job == 'no_cross' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
secrets: inherit
with:
artifact_prefix: no_cross_
docker_org: ximoneighteen
docker_repo: ploutos-testing_no_cross
docker_build_rules: pkg/rules/docker-build-rules-no-cross.yml
package_build_rules: pkg/rules/package-build-rules-no-cross.yml
package_test_rules: pkg/rules/package-test-rules-no-cross.yml
package_test_scripts_path: pkg/test-scripts/test-<package>.sh
deb_extra_build_packages: libssl-dev
deb_apt_key_url: 'https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/apt-key.asc'
deb_apt_source: 'deb https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/${OS_NAME}/ ${OS_REL} main'
rpm_scriptlets_path: pkg/rpm/scriptlets.toml
rpm_yum_key_url: 'https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/yum-key.asc'
rpm_yum_repo: |
[nlnetlabs]
name=NLnet Labs
baseurl=https://raw.githubusercontent.com/NLnetLabs/ploutos-testing/main/repo/linux/centos/$releasever/main/$basearch
enabled=1
check_no_cross:
if: ${{ inputs.single_job == '' || inputs.single_job == 'no_cross' }}
runs-on: ubuntu-latest
needs: no_cross
steps:
- name: Check Docker image publication
if: ${{ (contains(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && !needs.no_cross.outputs.docker_images_published }}
uses: actions/github-script@v6
with:
script: |
core.setFailed("Expected Docker images to have been published but output `docker_images_published` is false")
- name: Check Docker manifest publication
if: ${{ (contains(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') && !needs.no_cross.outputs.docker_manifest_published }}
uses: actions/github-script@v6
with:
script: |
core.setFailed("Expected Docker manifest to have been published but output `docker_manifest_published` is false")
test_with_alt_pkg:
if: ${{ inputs.single_job == '' || inputs.single_job == 'test_with_alt_pkg' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
secrets: inherit
with:
artifact_prefix: test_with_alt_pkg
package_build_rules: |
pkg:
- "mytest"
- "myalt"
image:
- "rockylinux:9"
mode:
- "fresh-install"
target:
- "x86_64"
include:
- pkg: "mytest"
image: "rockylinux:9"
systemd_service_unit_file: "pkg/common/mytest.mytest.*"
target: "x86_64"
package_test_scripts_path: pkg/test-scripts/test-<package>.sh
rpm_scriptlets_path: pkg/rpm/scriptlets.toml
test_with_alt_cargo_toml:
if: ${{ inputs.single_job == '' || inputs.single_job == 'test_with_alt_cargo_toml' }}
uses: NLnetLabs/ploutos/.github/workflows/pkg-rust.yml@v7
secrets: inherit
with:
artifact_prefix: test_with_alt_cargo_toml
manifest_dir: virtual
workspace_package: app
package_build_rules: |
pkg:
- "app"
image:
- "rockylinux:8"
- "ubuntu:jammy"
mode:
- "fresh-install"
target:
- "x86_64"