From 7c4b588a5cfb876900d9aa630c2b78ac126519f3 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 13 Oct 2022 14:37:28 +0200 Subject: [PATCH 1/6] github: Make workflows fork-friendly This sets up the coreos-overlay submodule inside the SDK container to use the remote of the fork and the base branch from that fork. That way, we can test the workflows in the forks too. --- .../coreos-overlay/.github/workflows/common.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/common.sh b/sdk_container/src/third_party/coreos-overlay/.github/workflows/common.sh index 55126f9b9c..4975c83282 100644 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/common.sh +++ b/sdk_container/src/third_party/coreos-overlay/.github/workflows/common.sh @@ -53,7 +53,7 @@ function prepare_git_repo() { # caller needs to set pass a parameter as a branch name to be created. function checkout_branches() { - TARGET_BRANCH=$1 + local TARGET_BRANCH="${1}" [[ -z "${TARGET_BRANCH}" ]] && echo "No target branch specified. exit." && return 1 @@ -63,16 +63,22 @@ function checkout_branches() { # update submodules like portage-stable under the scripts directories git submodule update --init --recursive + # set up coreos-overlay submodule to use the fork remote, not the + # original remote set for the submodule. + local CO_PATH="${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" + local FORK_URL=$(git remote get-url origin) + git -C "${CO_PATH}" remote add fork "${FORK_URL}" + git -C "${CO_PATH}" fetch fork - if git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" show-ref "remotes/origin/${TARGET_BRANCH}"; then + if git -C "${CO_PATH}" show-ref "remotes/fork/${TARGET_BRANCH}"; then echo "Target branch already exists. exit."; return 1 fi # Each submodule directory should be explicitly set from BASE_BRANCH, # as the submodule refs could be only updated during the night. - git -C "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" checkout \ - -B "${TARGET_BRANCH}" "origin/${BASE_BRANCH}" + git -C "${CO_PATH}" checkout \ + -B "${TARGET_BRANCH}" "fork/${BASE_BRANCH}" git -C "${SDK_OUTER_SRCDIR}/third_party/portage-stable" checkout \ -B "${TARGET_BRANCH}" "origin/${BASE_BRANCH}" } From 522749197cf46ac72b407bf7934f8deec6591680 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 13 Oct 2022 13:04:27 +0200 Subject: [PATCH 2/6] .github: Add a script for figuring out a branch from channel name It will be used for deduplicating the github workflows. --- .../.github/workflows/figure-out-branch.sh | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100755 sdk_container/src/third_party/coreos-overlay/.github/workflows/figure-out-branch.sh diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/figure-out-branch.sh b/sdk_container/src/third_party/coreos-overlay/.github/workflows/figure-out-branch.sh new file mode 100755 index 0000000000..610a35f10b --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/.github/workflows/figure-out-branch.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +# Prints the following github outputs based on channel named passed to +# the script as a parameter. +# +# BRANCH is a name of the git branch related to the passed channel. +# +# SKIP tells whether the rest of the steps should be skipped, will be +# either 0 or 1. +# +# LINK is a link to release mirror for the following channel. Will be +# empty for main channel. +# +# LABEL is going to be mostly the same as the channel name, except +# that lts-old will be labeled as lts. + +set -euo pipefail + +if [[ ${#} -ne 1 ]]; then + echo "Expected a channel name as a parameter" >&2 + exit 1 +fi + +channel_name="${1}" +skip=0 +link='' +branch='' +label='' +case "${channel_name}" in + main) + branch='main' + ;; + lts-old) + curl -fsSLO --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 'https://lts.release.flatcar-linux.net/lts-info' + if [[ $(grep -e ':supported' lts-info | wc -l) -le 1 ]]; then + # Only one supported LTS, skip this workflow run + # as 'lts' matrix branch will handle updating the only + # supported LTS. + skip=1 + else + line=$(grep -e ':supported' lts-info | sort -V | head -n 1) + major=$(awk -F: '{print $1}' <<<"${line}") + year=$(awk -F: '{print $2}' <<<"${line}") + branch="flatcar-${major}" + # Drop this corner case when 2605 is not supported. + if [[ ${major} -eq 2605 ]]; then + branch='flatcar-lts-2605' + fi + link="https://lts.release.flatcar-linux.net/amd64-usr/current-${year}" + label='lts' + fi + rm -f lts-info + ;; + alpha|beta|stable|lts) + link="https://${channel_name}.release.flatcar-linux.net/amd64-usr/current" + major=$(curl -sSL "${link}/version.txt" | awk -F= '/FLATCAR_BUILD=/{ print $2 }') + branch="flatcar-${major}" + ;; + *) + echo "Unknown channel '${channel_name}'" >&2 + exit 1 +esac + +if [[ -z "${label}" ]]; then + label="${channel_name}" +fi + +echo "BRANCH=${branch}" >>"${GITHUB_OUTPUT}" +echo "SKIP=${skip}" >>"${GITHUB_OUTPUT}" +echo "LINK=${link}" >>"${GITHUB_OUTPUT}" +echo "LABEL=${label}" >>"${GITHUB_OUTPUT}" From c1a9aa5a97ca273b5b6b9391efc23ad5c0019942 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Tue, 11 Oct 2022 17:25:26 +0200 Subject: [PATCH 3/6] .github: Deduplicate ca-certificates workflows Also use a newer version of the create pull request action, and apply correct labels ("alpha" or "stable" instead of "flatcar-XXXX"). --- .../.github/workflows/cacerts-release.yml | 55 +++++++++++++++++++ .../workflows/cacerts-releases-alpha.yml | 50 ----------------- .../workflows/cacerts-releases-beta.yml | 50 ----------------- .../workflows/cacerts-releases-lts-2021.yml | 48 ---------------- .../workflows/cacerts-releases-lts.yml | 50 ----------------- .../workflows/cacerts-releases-main.yaml | 47 ---------------- .../workflows/cacerts-releases-stable.yml | 50 ----------------- 7 files changed, 55 insertions(+), 295 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-release.yml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-alpha.yml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-beta.yml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-lts-2021.yml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-lts.yml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-main.yaml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-stable.yml diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-release.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-release.yml new file mode 100644 index 0000000000..5450f0b7e9 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-release.yml @@ -0,0 +1,55 @@ +name: Get the latest ca-certificates release for all maintained branches +on: + schedule: + - cron: '0 7 * * 1' + workflow_dispatch: + +jobs: + get-cacerts-release: + strategy: + matrix: + branch: [main,alpha,beta,stable,lts,lts-old] + fail-fast: false + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Figure out branch + id: figure-out-branch + run: .github/workflows/figure-out-branch.sh '${{ matrix.branch }}' + - name: Fetch latest ca-certificates release + if: steps.figure-out-branch.outputs.SKIP == 0 + id: fetch-latest-release + run: | + git clone --depth=1 --no-checkout https://github.com/nss-dev/nss + nssVersion=$(git -C nss ls-remote --tags origin | cut -f2 | sed -n "s/refs\/tags\/NSS_\([0-9]_[0-9_]*\).*_RTM$/\1/p" | sort -s -t_ -k1,1 -k2,2n -k3,3n | tr '_' '.' | tail -n1) + rm -rf nss + echo "NSS_VERSION=${nssVersion}" >>"${GITHUB_OUTPUT}" + - name: Set up Flatcar SDK + if: steps.figure-out-branch.outputs.SKIP == 0 + id: setup-flatcar-sdk + run: .github/workflows/setup-flatcar-sdk.sh + - name: Apply patch + if: steps.figure-out-branch.outputs.SKIP == 0 + id: apply-patch + env: + TARGET: ${{ steps.figure-out-branch.outputs.BRANCH }} + BASE_BRANCH: ${{ steps.figure-out-branch.outputs.BRANCH }} + PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} + VERSION_NEW: ${{ steps.fetch-latest-release.outputs.NSS_VERSION }} + PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} + SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} + run: .github/workflows/cacerts-apply-patch.sh + - name: Create pull request + if: (steps.figure-out-branch.outputs.SKIP == 0) && (steps.apply-patch.outputs.UPDATE_NEEDED == 1) + uses: peter-evans/create-pull-request@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + base: ${{ steps.figure-out-branch.outputs.BRANCH }} + branch: cacerts-${{ steps.fetch-latest-release.outputs.NSS_VERSION }}-${{ steps.figure-out-branch.outputs.BRANCH }} + author: Flatcar Buildbot + committer: Flatcar Buildbot + title: Upgrade ca-certificates in ${{ steps.figure-out-branch.outputs.BRANCH }} from ${{ steps.apply-patch.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.NSS_VERSION }} + body: Subject says it all. + labels: ${{ steps.figure-out-branch.outputs.LABEL }} diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-alpha.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-alpha.yml deleted file mode 100644 index 13a75af638..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-alpha.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Get the latest ca-certificates release for the Alpha maintenance branch -on: - schedule: - - cron: '0 7 * * 1' - workflow_dispatch: - -jobs: - get-cacerts-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest ca-certificates release - id: fetch-latest-release - env: - CHANNEL: alpha - run: | - git clone --depth=1 --no-checkout https://github.com/nss-dev/nss - versionMaintenance=$(git -C nss ls-remote --tags origin | cut -f2 | sed -n "s/refs\/tags\/NSS_\([0-9]_[0-9_]*\).*_RTM$/\1/p" | sort -s -t_ -k1,1 -k2,2n -k3,3n | tr '_' '.' | tail -n1) - rm -rf nss - maintenanceBranch=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/version.txt" | grep -m 1 FLATCAR_BUILD= | cut -d = -f 2-) - echo ::set-output name=BASE_BRANCH_MAINTENANCE::$(echo flatcar-${maintenanceBranch}) - echo ::set-output name=VERSION_MAINTENANCE::$(echo ${versionMaintenance}) - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for maintenance branch - id: apply-patch-maintenance - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/cacerts-apply-patch.sh - - name: Create pull request for maintenance branch - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-maintenance.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - branch: cacerts-${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }}-${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - commit-message: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - body: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - labels: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-beta.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-beta.yml deleted file mode 100644 index 070c7e142a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-beta.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Get the latest ca-certificates release for the Beta maintenance branch -on: - schedule: - - cron: '0 7 * * 1' - workflow_dispatch: - -jobs: - get-cacerts-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest ca-certificates release - id: fetch-latest-release - env: - CHANNEL: beta - run: | - git clone --depth=1 --no-checkout https://github.com/nss-dev/nss - versionMaintenance=$(git -C nss ls-remote --tags origin | cut -f2 | sed -n "s/refs\/tags\/NSS_\([0-9]_[0-9_]*\).*_RTM$/\1/p" | sort -s -t_ -k1,1 -k2,2n -k3,3n | tr '_' '.' | tail -n1) - rm -rf nss - maintenanceBranch=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/version.txt" | grep -m 1 FLATCAR_BUILD= | cut -d = -f 2-) - echo ::set-output name=BASE_BRANCH_MAINTENANCE::$(echo flatcar-${maintenanceBranch}) - echo ::set-output name=VERSION_MAINTENANCE::$(echo ${versionMaintenance}) - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for maintenance branch - id: apply-patch-maintenance - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/cacerts-apply-patch.sh - - name: Create pull request for maintenance branch - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-maintenance.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - branch: cacerts-${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }}-${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - commit-message: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - body: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - labels: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-lts-2021.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-lts-2021.yml deleted file mode 100644 index c64aea3750..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-lts-2021.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: Get the latest ca-certificates release for the LTS-2021 maintenance branch -on: - schedule: - - cron: '0 7 * * 1' - workflow_dispatch: - -jobs: - get-cacerts-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest ca-certificates release - id: fetch-latest-release - run: | - git clone --depth=1 --no-checkout https://github.com/nss-dev/nss - versionMaintenance=$(git -C nss ls-remote --tags origin | cut -f2 | sed -n "s/refs\/tags\/NSS_\([0-9]_[0-9_]*\).*_RTM$/\1/p" | sort -s -t_ -k1,1 -k2,2n -k3,3n | tr '_' '.' | tail -n1) - rm -rf nss - maintenanceBranch=2605 - echo ::set-output name=BASE_BRANCH_MAINTENANCE::$(echo flatcar-lts-${maintenanceBranch}) - echo ::set-output name=VERSION_MAINTENANCE::$(echo ${versionMaintenance}) - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for maintenance branch - id: apply-patch-maintenance - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/cacerts-apply-patch.sh - - name: Create pull request for maintenance branch - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-maintenance.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - branch: cacerts-${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }}-${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - commit-message: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - body: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - labels: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-lts.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-lts.yml deleted file mode 100644 index 71db47da19..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-lts.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Get the latest ca-certificates release for the current LTS maintenance branch -on: - schedule: - - cron: '0 7 * * 1' - workflow_dispatch: - -jobs: - get-cacerts-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest ca-certificates release - id: fetch-latest-release - env: - CHANNEL: lts - run: | - git clone --depth=1 --no-checkout https://github.com/nss-dev/nss - versionMaintenance=$(git -C nss ls-remote --tags origin | cut -f2 | sed -n "s/refs\/tags\/NSS_\([0-9]_[0-9_]*\).*_RTM$/\1/p" | sort -s -t_ -k1,1 -k2,2n -k3,3n | tr '_' '.' | tail -n1) - rm -rf nss - maintenanceBranch=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/version.txt" | grep -m 1 FLATCAR_BUILD= | cut -d = -f 2-) - echo ::set-output name=BASE_BRANCH_MAINTENANCE::$(echo flatcar-${maintenanceBranch}) - echo ::set-output name=VERSION_MAINTENANCE::$(echo ${versionMaintenance}) - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for maintenance branch - id: apply-patch-maintenance - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/cacerts-apply-patch.sh - - name: Create pull request for maintenance branch - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-maintenance.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - branch: cacerts-${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }}-${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - commit-message: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - body: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - labels: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-main.yaml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-main.yaml deleted file mode 100644 index 962530b21e..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-main.yaml +++ /dev/null @@ -1,47 +0,0 @@ -name: Get the latest ca-certificates release for main -on: - schedule: - - cron: '0 7 * * 1' - workflow_dispatch: - -jobs: - get-cacerts-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest ca-certificates release - id: fetch-latest-release - run: | - git clone --depth=1 --no-checkout https://github.com/nss-dev/nss - versionMain=$(git -C nss ls-remote --tags origin | cut -f2 | sed -n "s/refs\/tags\/NSS_\([0-9]_[0-9_]*\).*_RTM$/\1/p" | sort -s -t_ -k1,1 -k2,2n -k3,3n | tr '_' '.' | tail -n1) - rm -rf nss - echo ::set-output name=BASE_BRANCH_MAIN::main - echo ::set-output name=VERSION_MAIN::$(echo ${versionMain}) - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for main - id: apply-patch-main - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAIN }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAIN }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAIN }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/cacerts-apply-patch.sh - - name: Create pull request for main - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-main.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAIN }} - branch: cacerts-${{ steps.fetch-latest-release.outputs.VERSION_MAIN }}-${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAIN }} - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade ca-certificates in main from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAIN }} - commit-message: Upgrade ca-certificates in main from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAIN }} - body: Upgrade ca-certificates in main from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAIN }} - labels: main diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-stable.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-stable.yml deleted file mode 100644 index ef7f406536..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-releases-stable.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Get the latest ca-certificates release for the Stable maintenance branch -on: - schedule: - - cron: '0 7 * * 1' - workflow_dispatch: - -jobs: - get-cacerts-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest ca-certificates release - id: fetch-latest-release - env: - CHANNEL: stable - run: | - git clone --depth=1 --no-checkout https://github.com/nss-dev/nss - versionMaintenance=$(git -C nss ls-remote --tags origin | cut -f2 | sed -n "s/refs\/tags\/NSS_\([0-9]_[0-9_]*\).*_RTM$/\1/p" | sort -s -t_ -k1,1 -k2,2n -k3,3n | tr '_' '.' | tail -n1) - rm -rf nss - maintenanceBranch=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/version.txt" | grep -m 1 FLATCAR_BUILD= | cut -d = -f 2-) - echo ::set-output name=BASE_BRANCH_MAINTENANCE::$(echo flatcar-${maintenanceBranch}) - echo ::set-output name=VERSION_MAINTENANCE::$(echo ${versionMaintenance}) - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for maintenance branch - id: apply-patch-maintenance - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/cacerts-apply-patch.sh - - name: Create pull request for maintenance branch - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-maintenance.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - branch: cacerts-${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }}-${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - commit-message: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - body: Upgrade ca-certificates in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - labels: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} From 8d00adc16cf823b3b6a0ee1b09fbaad3bffa7fbd Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Tue, 11 Oct 2022 17:25:52 +0200 Subject: [PATCH 4/6] .github: Simplify ca-certificates patch script No point in setting UPDATE_NEEDED to zero if we exit the script without doing anything with the just set variable. Also fix the mismatch in branch names - we normally create a branch like "cacerts-${NSS_VERSION}-${BRANCH}" in the last workflow step whereas we were checking if a branch like "${NSS_VERSION}-${BRANCH}" existed in the script. To avoid repetition, export the branch name as a github workflow step output, so the follow-up steps can pick it up and use. --- .../.github/workflows/cacerts-apply-patch.sh | 13 ++++++------- .../.github/workflows/cacerts-release.yml | 2 +- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-apply-patch.sh b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-apply-patch.sh index d74de66f6c..893453538c 100755 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-apply-patch.sh +++ b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-apply-patch.sh @@ -2,14 +2,13 @@ set -euo pipefail -UPDATE_NEEDED=1 - . .github/workflows/common.sh +BRANCH_NAME="cacerts-${VERSION_NEW}-${TARGET}" + prepare_git_repo -if ! checkout_branches "${VERSION_NEW}-${TARGET}"; then - UPDATE_NEEDED=0 +if ! checkout_branches "${BRANCH_NAME}"; then exit 0 fi @@ -19,7 +18,6 @@ pushd "${SDK_OUTER_SRCDIR}/third_party/coreos-overlay" >/dev/null || exit VERSION_OLD=$(sed -n "s/^DIST nss-\([0-9]*\.[0-9]*\).*$/\1/p" app-misc/ca-certificates/Manifest | sort -ruV | head -n1) if [[ "${VERSION_NEW}" = "${VERSION_OLD}" ]]; then echo "already the latest ca-certificates, nothing to do" - UPDATE_NEEDED=0 exit 0 fi @@ -37,5 +35,6 @@ generate_patches app-misc ca-certificates ca-certificates apply_patches -echo ::set-output name=VERSION_OLD::"${VERSION_OLD}" -echo ::set-output name=UPDATE_NEEDED::"${UPDATE_NEEDED}" +echo "VERSION_OLD=${VERSION_OLD}" >>"${GITHUB_OUTPUT}" +echo "UPDATE_NEEDED=1" >>"${GITHUB_OUTPUT}" +echo "BRANCH_NAME=${BRANCH_NAME}" >>"${GITHUB_OUTPUT}" diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-release.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-release.yml index 5450f0b7e9..e30def30df 100644 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-release.yml +++ b/sdk_container/src/third_party/coreos-overlay/.github/workflows/cacerts-release.yml @@ -47,7 +47,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} base: ${{ steps.figure-out-branch.outputs.BRANCH }} - branch: cacerts-${{ steps.fetch-latest-release.outputs.NSS_VERSION }}-${{ steps.figure-out-branch.outputs.BRANCH }} + branch: ${{ steps.apply-patch.outputs.BRANCH_NAME }} author: Flatcar Buildbot committer: Flatcar Buildbot title: Upgrade ca-certificates in ${{ steps.figure-out-branch.outputs.BRANCH }} from ${{ steps.apply-patch.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.NSS_VERSION }} From b15055684e45be627b954f954d499b21e7de5e71 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 13 Oct 2022 13:09:42 +0200 Subject: [PATCH 5/6] .github: Deduplicate kernel workflows Also use a newer version of the create pull request action, and apply correct labels ("alpha" or "stable" instead of "flatcar-XXXX"). --- .../.github/workflows/kernel-release.yml | 61 +++++++++++++++++++ .../workflows/kernel-releases-alpha.yml | 51 ---------------- .../workflows/kernel-releases-beta.yml | 51 ---------------- .../workflows/kernel-releases-lts-2021.yml | 51 ---------------- .../.github/workflows/kernel-releases-lts.yml | 51 ---------------- .../workflows/kernel-releases-main.yml | 49 --------------- .../workflows/kernel-releases-stable.yml | 51 ---------------- 7 files changed, 61 insertions(+), 304 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-release.yml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-alpha.yml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-beta.yml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-lts-2021.yml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-lts.yml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-main.yml delete mode 100644 sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-stable.yml diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-release.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-release.yml new file mode 100644 index 0000000000..001f523ae1 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-release.yml @@ -0,0 +1,61 @@ +name: Get the latest Kernel release for all maintained branches +on: + schedule: + - cron: '0 7 * * *' + workflow_dispatch: + +jobs: + get-kernel-release: + strategy: + matrix: + branch: [main,alpha,beta,stable,lts,lts-old] + fail-fast: false + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Figure out branch + id: figure-out-branch + run: .github/workflows/figure-out-branch.sh '${{ matrix.branch }}' + - name: Fetch latest Linux release + if: steps.figure-out-branch.outputs.SKIP == 0 + id: fetch-latest-release + run: | + CHANNEL='${{ matrix.branch }}' + if [[ "${CHANNEL}" = 'main' ]]; then + KV=$(git ls-files 'sys-kernel/coreos-kernel/*ebuild' | head -n 1 | cut -d '-' -f 5- | cut -d . -f 1-2) + else + KV=$(curl -s -S -f -L '${{ steps.figure-out-branch.outputs.LINK }}/flatcar_production_image_packages.txt' | grep -o 'coreos-kernel.*' | cut -d '-' -f 3- | cut -d . -f 1-2) + fi + git clone --depth=1 --no-checkout https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux + kernelVersion=$(git -C linux ls-remote --tags origin | cut -f2 | sed -n "/refs\/tags\/v${KV}\.[0-9]*$/s/^refs\/tags\/v//p" | sort -ruV | head -1) + rm -rf linux + echo "KERNEL_VERSION=${kernelVersion}" >>"${GITHUB_OUTPUT}" + - name: Set up Flatcar SDK + if: steps.figure-out-branch.outputs.SKIP == 0 + id: setup-flatcar-sdk + run: .github/workflows/setup-flatcar-sdk.sh + - name: Apply patch + if: steps.figure-out-branch.outputs.SKIP == 0 + id: apply-patch + env: + TARGET: ${{ steps.figure-out-branch.outputs.BRANCH }} + BASE_BRANCH: ${{ steps.figure-out-branch.outputs.BRANCH }} + PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} + VERSION_NEW: ${{ steps.fetch-latest-release.outputs.KERNEL_VERSION }} + PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} + SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} + run: .github/workflows/kernel-apply-patch.sh + - name: Create pull request + if: (steps.figure-out-branch.outputs.SKIP == 0) && (steps.apply-patch.outputs.UPDATE_NEEDED == 1) + uses: peter-evans/create-pull-request@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + base: ${{ steps.figure-out-branch.outputs.BRANCH }} + branch: linux-${{ steps.fetch-latest-release.outputs.KERNEL_VERSION }}-${{ steps.figure-out-branch.outputs.BRANCH }} + author: Flatcar Buildbot + committer: Flatcar Buildbot + title: Upgrade Linux Kernel for ${{ steps.figure-out-branch.outputs.BRANCH }} from ${{ steps.apply-patch.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.KERNEL_VERSION }} + body: Subject says it all. + labels: ${{ steps.figure-out-branch.outputs.LABEL }} diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-alpha.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-alpha.yml deleted file mode 100644 index a3121e7451..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-alpha.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Get the latest Kernel release for the Alpha maintenance branch -on: - schedule: - - cron: '0 7 * * *' - workflow_dispatch: - -jobs: - get-kernel-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest Kernel release - id: fetch-latest-release - env: - CHANNEL: alpha - run: | - KV_MAIN=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/flatcar_production_image_packages.txt" | grep -o 'coreos-kernel.*' | cut -d '-' -f 3- | cut -d . -f 1-2) - git clone --depth=1 --no-checkout https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux - versionMaintenance=$(git -C linux ls-remote --tags origin | cut -f2 | sed -n "/refs\/tags\/v${KV_MAIN}\.[0-9]*$/s/^refs\/tags\/v//p" | sort -ruV | head -1) - rm -rf linux - maintenanceBranch=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/version.txt" | grep -m 1 FLATCAR_BUILD= | cut -d = -f 2-) - echo ::set-output name=VERSION_MAINTENANCE::$(echo ${versionMaintenance}) - echo ::set-output name=BASE_BRANCH_MAINTENANCE::$(echo flatcar-${maintenanceBranch}) - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for maintenance branch - id: apply-patch-maintenance - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/kernel-apply-patch.sh - - name: Create pull request for maintenance branch - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-maintenance.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - branch: linux-${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }}-${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade Linux Kernel for ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - commit-message: Upgrade Linux Kernel in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - body: Upgrade Linux Kernel in ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - labels: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-beta.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-beta.yml deleted file mode 100644 index ca21f3b47c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-beta.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Get the latest Kernel release for the Beta maintenance branch -on: - schedule: - - cron: '0 7 * * *' - workflow_dispatch: - -jobs: - get-kernel-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest Kernel release - id: fetch-latest-release - env: - CHANNEL: beta - run: | - KV_MAIN=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/flatcar_production_image_packages.txt" | grep -o 'coreos-kernel.*' | cut -d '-' -f 3- | cut -d . -f 1-2) - git clone --depth=1 --no-checkout https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux - versionMaintenance=$(git -C linux ls-remote --tags origin | cut -f2 | sed -n "/refs\/tags\/v${KV_MAIN}\.[0-9]*$/s/^refs\/tags\/v//p" | sort -ruV | head -1) - rm -rf linux - maintenanceBranch=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/version.txt" | grep -m 1 FLATCAR_BUILD= | cut -d = -f 2-) - echo ::set-output name=VERSION_MAINTENANCE::$(echo ${versionMaintenance}) - echo ::set-output name=BASE_BRANCH_MAINTENANCE::$(echo flatcar-${maintenanceBranch}) - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for maintenance branch - id: apply-patch-maintenance - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/kernel-apply-patch.sh - - name: Create pull request for maintenance branch - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-maintenance.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - branch: linux-${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }}-${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade Linux Kernel for ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - commit-message: Upgrade Linux Kernel in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - body: Upgrade Linux Kernel in ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - labels: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-lts-2021.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-lts-2021.yml deleted file mode 100644 index 184e6c3931..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-lts-2021.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Get the latest Kernel release for the LTS-2021 maintenance branch -on: - schedule: - - cron: '0 7 * * *' - workflow_dispatch: - -jobs: - get-kernel-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest Kernel release - id: fetch-latest-release - env: - CHANNEL: lts - run: | - KV_MAIN=5.4 - git clone --depth=1 --no-checkout https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux - versionMaintenance=$(git -C linux ls-remote --tags origin | cut -f2 | sed -n "/refs\/tags\/v${KV_MAIN}\.[0-9]*$/s/^refs\/tags\/v//p" | sort -ruV | head -1) - rm -rf linux - maintenanceBranch=2605 - echo ::set-output name=VERSION_MAINTENANCE::$(echo ${versionMaintenance}) - echo ::set-output name=BASE_BRANCH_MAINTENANCE::$(echo flatcar-lts-${maintenanceBranch}) - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for maintenance branch - id: apply-patch-maintenance - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/kernel-apply-patch.sh - - name: Create pull request for maintenance branch - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-maintenance.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - branch: linux-${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }}-${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade Linux Kernel for ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - commit-message: Upgrade Linux Kernel in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - body: Upgrade Linux Kernel in ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - labels: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-lts.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-lts.yml deleted file mode 100644 index cd03aceabd..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-lts.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Get the latest Kernel release for the current LTS maintenance branch -on: - schedule: - - cron: '0 7 * * *' - workflow_dispatch: - -jobs: - get-kernel-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest Kernel release - id: fetch-latest-release - env: - CHANNEL: lts - run: | - KV_MAIN=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/flatcar_production_image_packages.txt" | grep -o 'coreos-kernel.*' | cut -d '-' -f 3- | cut -d . -f 1-2) - git clone --depth=1 --no-checkout https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux - versionMaintenance=$(git -C linux ls-remote --tags origin | cut -f2 | sed -n "/refs\/tags\/v${KV_MAIN}\.[0-9]*$/s/^refs\/tags\/v//p" | sort -ruV | head -1) - rm -rf linux - maintenanceBranch=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/version.txt" | grep -m 1 FLATCAR_BUILD= | cut -d = -f 2-) - echo ::set-output name=VERSION_MAINTENANCE::$(echo ${versionMaintenance}) - echo ::set-output name=BASE_BRANCH_MAINTENANCE::$(echo flatcar-${maintenanceBranch}) - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for maintenance branch - id: apply-patch-maintenance - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/kernel-apply-patch.sh - - name: Create pull request for maintenance branch - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-maintenance.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - branch: linux-${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }}-${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade Linux Kernel for ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - commit-message: Upgrade Linux Kernel in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - body: Upgrade Linux Kernel in ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - labels: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-main.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-main.yml deleted file mode 100644 index 9c45e24520..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-main.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Get the latest Kernel release for main -on: - schedule: - - cron: '0 7 * * *' - workflow_dispatch: - -jobs: - get-kernel-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest Kernel release - id: fetch-latest-release - env: - KV_MAIN: "5.15" - run: | - git clone --depth=1 --no-checkout https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux - versionMain=$(git -C linux ls-remote --tags origin | cut -f2 | sed -n "/refs\/tags\/v${KV_MAIN}\.[0-9]*$/s/^refs\/tags\/v//p" | sort -ruV | head -1) - rm -rf linux - echo ::set-output name=VERSION_MAIN::$(echo ${versionMain}) - echo ::set-output name=BASE_BRANCH_MAIN::main - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for main - id: apply-patch-main - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAIN }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAIN }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAIN }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/kernel-apply-patch.sh - - name: Create pull request for main - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-main.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAIN }} - branch: linux-${{ steps.fetch-latest-release.outputs.VERSION_MAIN }}-main - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade Linux Kernel in main from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAIN }} - commit-message: Upgrade Linux Kernel in main from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAIN }} - body: Upgrade Linux Kernel in main from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAIN }} - labels: main diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-stable.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-stable.yml deleted file mode 100644 index 2196470a75..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-releases-stable.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: Get the latest Kernel release for the Stable maintenance branch -on: - schedule: - - cron: '0 7 * * *' - workflow_dispatch: - -jobs: - get-kernel-release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Fetch latest Kernel release - id: fetch-latest-release - env: - CHANNEL: stable - run: | - KV_MAIN=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/flatcar_production_image_packages.txt" | grep -o 'coreos-kernel.*' | cut -d '-' -f 3- | cut -d . -f 1-2) - git clone --depth=1 --no-checkout https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux - versionMaintenance=$(git -C linux ls-remote --tags origin | cut -f2 | sed -n "/refs\/tags\/v${KV_MAIN}\.[0-9]*$/s/^refs\/tags\/v//p" | sort -ruV | head -1) - rm -rf linux - maintenanceBranch=$(curl -s -S -f -L "https://${CHANNEL}.release.flatcar-linux.net/amd64-usr/current/version.txt" | grep -m 1 FLATCAR_BUILD= | cut -d = -f 2-) - echo ::set-output name=VERSION_MAINTENANCE::$(echo ${versionMaintenance}) - echo ::set-output name=BASE_BRANCH_MAINTENANCE::$(echo flatcar-${maintenanceBranch}) - - name: Set up Flatcar SDK - id: setup-flatcar-sdk - run: .github/workflows/setup-flatcar-sdk.sh - - name: Apply patch for maintenance branch - id: apply-patch-maintenance - env: - TARGET: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - BASE_BRANCH: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - PATH: ${{ steps.setup-flatcar-sdk.outputs.path }} - VERSION_NEW: ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }} - SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }} - run: .github/workflows/kernel-apply-patch.sh - - name: Create pull request for maintenance branch - uses: peter-evans/create-pull-request@v3 - if: steps.apply-patch-maintenance.outputs.UPDATE_NEEDED == 1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - branch: linux-${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }}-${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} - author: Flatcar Buildbot - committer: Flatcar Buildbot - title: Upgrade Linux Kernel for ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - commit-message: Upgrade Linux Kernel in maintenance branch from ${{ steps.apply-patch-maintenance.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - body: Upgrade Linux Kernel in ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} from ${{ steps.apply-patch-main.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.VERSION_MAINTENANCE }} - labels: ${{ steps.fetch-latest-release.outputs.BASE_BRANCH_MAINTENANCE }} From 053fe006d3b2ede4088bc62c6614be5f3950bd1e Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 13 Oct 2022 13:15:23 +0200 Subject: [PATCH 6/6] .github: Simplify kernel patch script No point in setting UPDATE_NEEDED to zero if we exit the script without doing anything with the just set variable. Also to avoid mismatches in branch names, export the branch name as a github workflow step output, so the follow-up steps can pick it up and use. --- .../.github/workflows/kernel-apply-patch.sh | 11 +++++------ .../.github/workflows/kernel-release.yml | 2 +- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-apply-patch.sh b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-apply-patch.sh index 9846ccc5f8..b11004332c 100755 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-apply-patch.sh +++ b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-apply-patch.sh @@ -4,14 +4,13 @@ set -euo pipefail # trim the 3rd part in the input semver, e.g. from 5.4.1 to 5.4 VERSION_SHORT=${VERSION_NEW%.*} -UPDATE_NEEDED=1 +BRANCH_NAME="linux-${VERSION_NEW}-${TARGET}" . .github/workflows/common.sh prepare_git_repo -if ! checkout_branches "linux-${VERSION_NEW}-${TARGET}"; then - UPDATE_NEEDED=0 +if ! checkout_branches "${BRANCH_NAME}"; then exit 0 fi @@ -23,7 +22,6 @@ if [[ -z "${VERSION_OLD}" ]]; then fi if [[ "${VERSION_NEW}" = "${VERSION_OLD}" ]]; then echo "already the latest Kernel, nothing to do" - UPDATE_NEEDED=0 exit 0 fi @@ -77,5 +75,6 @@ generate_patches sys-kernel coreos-sources Kernel apply_patches -echo ::set-output name=VERSION_OLD::"${VERSION_OLD}" -echo ::set-output name=UPDATE_NEEDED::"${UPDATE_NEEDED}" +echo "VERSION_OLD=${VERSION_OLD}" >>"${GITHUB_OUTPUT}" +echo "UPDATE_NEEDED=1" >>"${GITHUB_OUTPUT}" +echo "BRANCH_NAME=${BRANCH_NAME}" >>"${GITHUB_OUTPUT}" diff --git a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-release.yml b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-release.yml index 001f523ae1..a365a66287 100644 --- a/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-release.yml +++ b/sdk_container/src/third_party/coreos-overlay/.github/workflows/kernel-release.yml @@ -53,7 +53,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} base: ${{ steps.figure-out-branch.outputs.BRANCH }} - branch: linux-${{ steps.fetch-latest-release.outputs.KERNEL_VERSION }}-${{ steps.figure-out-branch.outputs.BRANCH }} + branch: ${{ steps.apply-patch.outputs.BRANCH_NAME }} author: Flatcar Buildbot committer: Flatcar Buildbot title: Upgrade Linux Kernel for ${{ steps.figure-out-branch.outputs.BRANCH }} from ${{ steps.apply-patch.outputs.VERSION_OLD }} to ${{ steps.fetch-latest-release.outputs.KERNEL_VERSION }}