diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index d18d8a8c..16585ced 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -1,6 +1,5 @@ name: Builds on: - pull_request: push: branches: - 5.0-candidate @@ -33,55 +32,32 @@ jobs: snap: name: Trigger snap build - runs-on: ubuntu-22.04 needs: lxd-migrate - if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.event_name == 'push' && github.actor != 'dependabot[bot]' }} + runs-on: ubuntu-24.04 + if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.actor != 'dependabot[bot]' }} + env: + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + PACKAGE: "lxd" + REPO: "git+ssh://lxdbot@git.launchpad.net/~canonical-lxd/lxd" + BRANCH: ${{ github.ref_name }} steps: - name: Checkout code uses: actions/checkout@v4 - - name: Setup Launchpad SSH access - env: - SSH_AUTH_SOCK: /tmp/ssh_agent.sock - LAUNCHPAD_LXD_BOT_KEY: ${{ secrets.LAUNCHPAD_LXD_BOT_KEY }} - run: | - set -eux - mkdir -m 0700 -p ~/.ssh/ - ssh-agent -a "${SSH_AUTH_SOCK}" > /dev/null - ssh-add - <<< "${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}" - ssh-add -L > ~/.ssh/id_ed25519.pub - # In ephemeral environments like GitHub Action runners, relying on TOFU isn't providing any security - # so require the key obtained by `ssh-keyscan` to match the expected hash from https://help.launchpad.net/SSHFingerprints - ssh-keyscan git.launchpad.net >> ~/.ssh/known_hosts - ssh-keygen -qlF git.launchpad.net | grep -xF 'git.launchpad.net RSA SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo' - - - name: Install Go - uses: actions/setup-go@v5 + - uses: canonical/lxd/.github/actions/lp-snap-build@main with: - go-version: 1.22.x + ssh-key: "${{ secrets.LAUNCHPAD_LXD_BOT_KEY}}" - name: Trigger Launchpad snap build - env: - SSH_AUTH_SOCK: /tmp/ssh_agent.sock - TARGET: ${{ github.ref_name }} run: | set -eux - git config --global transfer.fsckobjects true - git config --global user.name "Canonical LXD Bot" - git config --global user.email "lxd@lists.canonical.com" - git config --global commit.gpgsign true - git config --global gpg.format "ssh" - git config --global user.signingkey ~/.ssh/id_ed25519.pub localRev="$(git rev-parse HEAD)" - go install github.com/canonical/lxd-ci/lxd-snapcraft@latest - git clone -b "${TARGET}" git+ssh://lxdbot@git.launchpad.net/~canonical-lxd/lxd ~/lxd-pkg-snap-lp # XXX: `originVer` contains an array with the 2 versions - originVer=($(lxd-snapcraft -package lxd -get-version -file snapcraft.yaml)) - rsync -a --exclude .git --delete . ~/lxd-pkg-snap-lp/ - cd ~/lxd-pkg-snap-lp + originVer=($(lxd-snapcraft -package "${PACKAGE}" -get-version -file snapcraft.yaml)) + rsync -a --exclude .git --delete . ~/"${PACKAGE}-pkg-snap-lp"/ + cd ~/"${PACKAGE}-pkg-snap-lp" lxd-snapcraft -package lxd -set-version "${originVer[0]}-${localRev:0:7}" -set-source-commit "" git add --all - git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${TARGET})" -m "Upstream commit: ${localRev}" + git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${BRANCH})" -m "Upstream commit: ${localRev}" git show git push --quiet - diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml index bacbcb17..88d14a80 100644 --- a/.github/workflows/commits.yml +++ b/.github/workflows/commits.yml @@ -6,23 +6,10 @@ permissions: contents: read jobs: - dco-check: - permissions: - pull-requests: read # for tim-actions/get-pr-commits to get list of commits from the PR - name: Signed-off-by (DCO) and branch target - runs-on: ubuntu-22.04 + commits: + name: Branch target + runs-on: ubuntu-24.04 steps: - - name: Get PR Commits - id: 'get-pr-commits' - uses: tim-actions/get-pr-commits@master - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Check that all commits are signed-off - uses: tim-actions/dco@master - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - - name: Check branch target env: TARGET: ${{ github.event.pull_request.base.ref }}