From 1cccbf481ef9645f29b026a66506efb079243225 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Pe=C4=8Dovnik?= Date: Sat, 18 Jun 2022 23:53:45 +0200 Subject: [PATCH] Several small fixes to CI scripting (#3905) * Restore permission to make script work We need to rework this, but until then things has to work. * Permission issuers * We don't try to cancel previous as it doesn't work * Update * Renaming, remove deprecated * Add comments * Prevent running scorecard on forks * Update --- ...image-docker.yml => build-deskktop-pr.yml} | 11 +++++- .github/workflows/build-images.yml | 12 +++++- ...-merge-request.yml => build-kernel-pr.yml} | 15 +++----- .github/workflows/build-train.yml | 9 +++-- .github/workflows/build-u-boot.yml | 4 ++ .github/workflows/bump-version.yml | 5 ++- .github/workflows/cleanup.yml | 21 +++++++++++ ...-merge-request.yml => lint-scripts-pr.yml} | 5 ++- .github/workflows/rebase.yml | 5 +++ .github/workflows/scorecard.yml | 3 +- .github/workflows/smoke-tests.yml | 3 ++ .../{build-cache.yml => update-cache.yml} | 2 +- .github/workflows/update-docker.yml | 7 +++- .github/workflows/update-repository.yml | 37 ------------------- 14 files changed, 80 insertions(+), 59 deletions(-) rename .github/workflows/{build-test-image-docker.yml => build-deskktop-pr.yml} (78%) rename .github/workflows/{build-kernel-on-merge-request.yml => build-kernel-pr.yml} (85%) create mode 100644 .github/workflows/cleanup.yml rename .github/workflows/{lint-scripts-on-merge-request.yml => lint-scripts-pr.yml} (92%) rename .github/workflows/{build-cache.yml => update-cache.yml} (98%) delete mode 100644 .github/workflows/update-repository.yml diff --git a/.github/workflows/build-test-image-docker.yml b/.github/workflows/build-deskktop-pr.yml similarity index 78% rename from .github/workflows/build-test-image-docker.yml rename to .github/workflows/build-deskktop-pr.yml index 151240765..40928c793 100644 --- a/.github/workflows/build-test-image-docker.yml +++ b/.github/workflows/build-deskktop-pr.yml @@ -1,9 +1,14 @@ -name: Build desktop images at PR +name: Build Desktops at PR +# +# Generates supported desktops for uefi-arm64, uefi-x86 and rpi4 if label "desktop is set" +# on: workflow_dispatch: + pull_request: types: [ready_for_review] + pull_request_review: types: [submitted] @@ -12,9 +17,11 @@ permissions: jobs: - Maintain: + Maintain: + permissions: contents: none + if: ${{ github.repository_owner == 'Armbian' && contains( github.event.pull_request.labels.*.name, 'Desktop :desktop_computer:') }} uses: armbian/scripts/.github/workflows/build-test-image-docker.yml@master diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index 82776805d..4ce85244b 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -1,4 +1,8 @@ name: Build Images +# +# Generates beta, stable or RC images. You can select build runners. By default it generates all images, but you can build images only for one target +# Images are placed at www.arnmbian.com and nighly beta also at https://github.com/armbian/build/releases/tag/latest +# on: @@ -6,7 +10,9 @@ on: - cron: "30 2 */2 * *" workflow_dispatch: + inputs: + choice: type: choice description: Build targets @@ -14,16 +20,19 @@ on: - beta - stable - rc + runner: type: choice description: Build runners for CLI options: - small - ubuntu-latest + sourcerepo: description: Source repository required: false default: 'nightly' + advanced: description: 'Single board (grep -w tinkerboard |)' required: false @@ -33,7 +42,7 @@ jobs: Cancel: name: "Cancel currently active" - if: ${{ github.repository_owner == 'Armbian' }} + if: ${{ github.repository_owner == 'Armbian' && github.event.schedule == '' }} runs-on: small steps: - uses: n1hility/cancel-previous-runs@v2 @@ -64,6 +73,7 @@ jobs: steps: - run: | + echo "Env: ${{ github.event.inputs.choice }}" echo "Env: ${{ github.event.inputs.runner }}" echo "Env: ${{ github.event.inputs.sourcerepo }}" diff --git a/.github/workflows/build-kernel-on-merge-request.yml b/.github/workflows/build-kernel-pr.yml similarity index 85% rename from .github/workflows/build-kernel-on-merge-request.yml rename to .github/workflows/build-kernel-pr.yml index b4f8e2653..417c94f62 100644 --- a/.github/workflows/build-kernel-on-merge-request.yml +++ b/.github/workflows/build-kernel-pr.yml @@ -1,4 +1,8 @@ -name: Build at pull request +name: Build Kernels at PR +# +# Generates kernels at PR if their code, patches or config was changed in any way. Packages are uploaded as Github action build artefakts +# Build starts if review is requested or if PR is marked for review +# on: workflow_dispatch: @@ -7,14 +11,9 @@ on: paths-ignore: - .github/workflows -permissions: - contents: read - jobs: Check: - permissions: - contents: none name: Checking if: ${{ success() && github.repository_owner == 'Armbian' }} uses: armbian/scripts/.github/workflows/check-for-changes.yml@master @@ -24,8 +23,6 @@ jobs: runner: small Build: - permissions: - contents: none needs: Check if: ${{ success() && github.repository_owner == 'Armbian' }} uses: armbian/scripts/.github/workflows/build-kernel.yml@master @@ -46,8 +43,6 @@ jobs: KNOWN_HOSTS_UPLOAD: ${{ secrets.KNOWN_HOSTS_UPLOAD }} jobsend: - permissions: - contents: none name: Cleanup needs: [Build] runs-on: "small" diff --git a/.github/workflows/build-train.yml b/.github/workflows/build-train.yml index 66a686d87..e650dd7b0 100644 --- a/.github/workflows/build-train.yml +++ b/.github/workflows/build-train.yml @@ -1,4 +1,8 @@ name: Build train +# +# Generates kernels at push if their code, patches or config was changed in any way. If those conditions are met, then it also rebuild +# desktops, firmware, u-boot, update repository and increment nighlty build version. +# on: workflow_dispatch: @@ -226,7 +230,7 @@ jobs: # Store build hashes for future comparission # # # ########################################################################################## - + Deploycheck: permissions: contents: none @@ -318,8 +322,7 @@ jobs: ########################################################################################## Bump: - permissions: - contents: none + needs: [apt-armbian-com,beta-armbian-com,sync-servers] if: ${{ success() && github.repository_owner == 'Armbian' }} uses: armbian/scripts/.github/workflows/update-version.yml@master diff --git a/.github/workflows/build-u-boot.yml b/.github/workflows/build-u-boot.yml index 70bd6b2aa..4e3997fdf 100644 --- a/.github/workflows/build-u-boot.yml +++ b/.github/workflows/build-u-boot.yml @@ -1,4 +1,8 @@ name: Build u-boot & BSP +# +# Manually generates u-boot & BSP packages +# + on: workflow_dispatch: diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index c1638febf..c6d86924e 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -1,4 +1,7 @@ -name: Bump version +name: Bump Version +# +# Manually bump version of nightly builds +# on: workflow_dispatch: diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml new file mode 100644 index 000000000..e012c2937 --- /dev/null +++ b/.github/workflows/cleanup.yml @@ -0,0 +1,21 @@ +name: Clean Workflow Logs + +on: + workflow_dispatch: + inputs: + days_old: + description: "The amount of days old to delete" + default: "7" + required: false + +jobs: + clean-logs: + if: ${{ github.repository_owner == 'Armbian' }} + runs-on: ubuntu-latest + steps: + - uses: igorjs/gh-actions-clean-workflow@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + owner: ${{ github.repository_owner }} + repo: ${{ github.event.repository.name }} + days_old: ${{ github.event.inputs.days_old }} diff --git a/.github/workflows/lint-scripts-on-merge-request.yml b/.github/workflows/lint-scripts-pr.yml similarity index 92% rename from .github/workflows/lint-scripts-on-merge-request.yml rename to .github/workflows/lint-scripts-pr.yml index 5e05fef5c..19dd73407 100644 --- a/.github/workflows/lint-scripts-on-merge-request.yml +++ b/.github/workflows/lint-scripts-pr.yml @@ -1,4 +1,7 @@ -name: Lint scripts +name: Lint On Scripts +# +# Run ShellCheck on all scripts and generates report as build artefact +# on: workflow_dispatch: diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index 50be6cd54..77037b5cb 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -1,4 +1,9 @@ name: Automatic Rebase +# +# If you comment "/rebase" to the PR this action rebase the PR +# + + on: issue_comment: types: [created] diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 71c46ba7b..dc1c3bc61 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -1,4 +1,4 @@ -name: Scorecards supply-chain security +name: Scorecards Security Scan on: # Only the default branch is supported. branch_protection_rule: @@ -13,6 +13,7 @@ permissions: read-all jobs: analysis: + if: ${{ github.repository_owner == 'Armbian' }} name: Scorecards analysis runs-on: ubuntu-latest permissions: diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index 329b9d97f..5725c2059 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -1,4 +1,7 @@ name: Smoke tests on DUTs +# +# Runs varios tests with latest nighly codebase on a real hardware +# on: workflow_dispatch: diff --git a/.github/workflows/build-cache.yml b/.github/workflows/update-cache.yml similarity index 98% rename from .github/workflows/build-cache.yml rename to .github/workflows/update-cache.yml index e41df9c84..63e19d68d 100644 --- a/.github/workflows/build-cache.yml +++ b/.github/workflows/update-cache.yml @@ -1,4 +1,4 @@ -name: Rootfs Caches +name: Update Rootfs Cache on: workflow_dispatch: diff --git a/.github/workflows/update-docker.yml b/.github/workflows/update-docker.yml index 714155d54..fcad68545 100644 --- a/.github/workflows/update-docker.yml +++ b/.github/workflows/update-docker.yml @@ -1,4 +1,7 @@ name: Update Docker +# +# Update Docker images we use for building CI +# on: workflow_dispatch: @@ -15,7 +18,7 @@ jobs: contents: none if: ${{ github.repository_owner == 'Armbian' }} uses: armbian/scripts/.github/workflows/update-docker-image.yml@master - + secrets: CR_PAT: ${{ secrets.CR_PAT }} @@ -23,7 +26,7 @@ jobs: permissions: contents: none needs: Docker - if: ${{ github.repository_owner == 'Armbian' }} + if: ${{ github.repository_owner == 'Armbian' }} uses: armbian/scripts/.github/workflows/build-test-image-docker.yml@master with: diff --git a/.github/workflows/update-repository.yml b/.github/workflows/update-repository.yml deleted file mode 100644 index e88df92b3..000000000 --- a/.github/workflows/update-repository.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Update Repository - -on: - workflow_dispatch: - -permissions: - contents: read - -jobs: - - apt-armbian-com: - permissions: - contents: none - uses: armbian/scripts/.github/workflows/update-repository.yml@master - - with: - KEY_ID: 'repository' - - secrets: - KEY_REPOSITORY: ${{ secrets.KEY_REPOSITORY }} - USER_REPOSITORY: ${{ secrets.USER_REPOSITORY }} - HOST_REPOSITORY: ${{ secrets.HOST_REPOSITORY }} - KNOWN_HOSTS_REPOSITORY: ${{ secrets.KNOWN_HOSTS_REPOSITORY }} - - beta-armbian-com: - permissions: - contents: none - uses: armbian/scripts/.github/workflows/update-repository.yml@master - - with: - KEY_ID: 'repository-beta' - - secrets: - KEY_REPOSITORY: ${{ secrets.KEY_REPOSITORY_BETA }} - USER_REPOSITORY: ${{ secrets.USER_REPOSITORY }} - HOST_REPOSITORY: ${{ secrets.HOST_REPOSITORY }} - KNOWN_HOSTS_REPOSITORY: ${{ secrets.KNOWN_HOSTS_REPOSITORY }}