freeswitch/.github/workflows/build.yml

name: Build and Distribute

on:
  pull_request:
  push:
    branches:
      - master
      - v1.10
    paths:
      - "**"
  workflow_dispatch:
    inputs:
      freeswitch_ref:
        description: 'FreeSWITCH repository ref'
        required: true
        default: master
        type: string
      release:
        description: 'FreeSWITCH release type'
        type: choice
        required: true
        default: unstable
        options:
          - release
          - unstable
      publish:
        description: 'Publish build data'
        required: true
        default: false
        type: boolean

concurrency:
  group: ${{ github.head_ref || github.ref }}

jobs:
  preconfig:
    name: 'Preconfig'
    runs-on: ubuntu-latest
    outputs:
      deb: ${{ steps.deb.outputs.excludes }}
      release: ${{ steps.release.outputs.release }}
    steps:
      - name: Generate Matrix excludes for DEB
        id: deb
        run: |
          JSON="[]"

          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            JSON=$(jq -n '[
              {
                "version": "bookworm",
                "platform": {
                  "name": "arm64v8"
                }
              },
              {
                "version": "bullseye",
                "platform": {
                  "name": "amd64"
                }
              },
              {
                "version": "bullseye",
                "platform": {
                  "name": "arm32v7"
                }
              }
            ]')
          fi

          echo "excludes=$(echo $JSON | jq -c .)" | tee -a $GITHUB_OUTPUT

      - name: Get release type based on branch
        id: release
        run: |
          if [[ '${{ github.event_name }}' == 'pull_request' ]]; then
            if [[ '${{ github.base_ref }}' == 'v1.10' ]]; then
              echo 'release=release' | tee -a $GITHUB_OUTPUT
            else
              echo 'release=unstable' | tee -a $GITHUB_OUTPUT
            fi
          elif [[ '${{ github.event_name }}' == 'workflow_dispatch' ]]; then
            echo 'release=${{ inputs.release }}' | tee -a $GITHUB_OUTPUT
          elif [[ '${{ github.ref }}' == 'refs/heads/v1.10' ]]; then
            echo 'release=release' | tee -a $GITHUB_OUTPUT
          else
            echo 'release=unstable' | tee -a $GITHUB_OUTPUT
          fi

  get-nonce:
    name: 'Get Nonce for token'
    runs-on: freeswitch-repo-auth-client
    outputs:
      nonce: ${{ steps.get-nonce.outputs.nonce }}
    steps:
      - name: Get Nonce
        id: get-nonce
        uses: signalwire/actions-template/.github/actions/repo-auth-client@main
        with:
          mode: nonce

  issue-token:
    name: 'Issue temporary token'
    runs-on: ubuntu-latest
    needs: get-nonce
    outputs:
      token: ${{ steps.issue-token.outputs.token }}
    steps:
      - name: Issue Token
        id: issue-token
        uses: signalwire/actions-template/.github/actions/repo-auth-client@main
        env:
          NONCE: ${{ needs.get-nonce.outputs.nonce }}
        with:
          mode: issue

  deb-public:
    name: 'DEB-PUBLIC'
    permissions:
      id-token: write
      contents: read
    needs:
      - preconfig
      - issue-token
    uses: signalwire/actions-template/.github/workflows/cicd-docker-build-and-distribute.yml@main
    strategy:
      # max-parallel: 1
      fail-fast: false
      matrix:
        os:
          - debian
        version:
          - bookworm
          - bullseye
        platform:
          - name: amd64
            runner: ubuntu-latest
          - name: arm32v7
            runner: linux-arm64-4-core-public
          - name: arm64v8
            runner: linux-arm64-4-core-public
        release:
          - ${{ needs.preconfig.outputs.release }}
        exclude: ${{ fromJson(needs.preconfig.outputs.deb) }}
    with:
      RUNNER: ${{ matrix.platform.runner }}
      REF: ${{ inputs.freeswitch_ref }}
      ARTIFACTS_PATTERN: '.*\.(deb|dsc|changes|tar.bz2|tar.gz|tar.lzma|tar.xz)$'
      DOCKERFILE: .github/docker/${{ matrix.os }}/${{ matrix.version }}/${{ matrix.platform.name }}/public.${{ matrix.release }}.Dockerfile
      MAINTAINER: 'Andrey Volk <andrey@signalwire.com>'
      META_FILE_PATH_PREFIX: /var/www/freeswitch/public/${{ matrix.release }}/${{ github.ref_name }}/${{ github.run_id }}-${{ github.run_number }}
      PLATFORM: ${{ matrix.platform.name }}
      REPO_DOMAIN: 'freeswitch.signalwire.com'
      TARGET_ARTIFACT_NAME: ${{ matrix.os }}-${{ matrix.version }}-${{ matrix.platform.name }}-public-${{ matrix.release }}-artifact
      UPLOAD_BUILD_ARTIFACTS: >-
        ${{
          (github.event.pull_request.head.repo.full_name == github.repository) &&
          (
            (
              github.event_name != 'pull_request' &&
              github.event_name != 'workflow_dispatch'
            ) ||
            (github.event_name == 'workflow_dispatch' && inputs.publish)
          )
        }}
    secrets:
      GH_BOT_DEPLOY_TOKEN: ${{ secrets.PAT }}
      HOSTNAME: ${{ secrets.HOSTNAME }}
      PROXY_URL: ${{ secrets.PROXY_URL }}
      USERNAME: ${{ secrets.USERNAME }}
      TELEPORT_TOKEN: ${{ secrets.TELEPORT_TOKEN }}
      REPO_USERNAME: 'SWUSERNAME'
      REPO_PASSWORD: ${{ needs.issue-token.outputs.token }}

  revoke-token:
    name: 'Revoke temporary token'
    runs-on: ubuntu-latest
    # if: always()
    needs:
      - issue-token
      - deb-public
    steps:
      - name: Revoke Token
        id: revoke-token
        uses: signalwire/actions-template/.github/actions/repo-auth-client@main
        env:
          TOKEN: ${{ needs.issue-token.outputs.token }}
        with:
          mode: revoke

  meta:
    name: 'Publish build data to meta-repo'
    if: >-
      ${{
        (github.event.pull_request.head.repo.full_name == github.repository) &&
        (
          (
            github.event_name != 'pull_request' &&
            github.event_name != 'workflow_dispatch'
          ) ||
          (github.event_name == 'workflow_dispatch' && inputs.publish)
        )
      }}
    needs:
      - deb-public
    permissions:
      id-token: write
      contents: read
    uses: signalwire/actions-template/.github/workflows/meta-repo-content.yml@main
    with:
      META_CONTENT: '/var/www/freeswitch/public/{release,unstable}/${{ github.ref_name }}/${{ github.run_id }}-${{ github.run_number }}'
      META_REPO: signalwire/bamboo_gha_trigger
      META_REPO_BRANCH: trigger/freeswitch/${{ github.ref_name }}
    secrets:
      GH_BOT_DEPLOY_TOKEN: ${{ secrets.PAT }}
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`name: Build and Distribute`

			`on:`
			`pull_request:`
			`push:`
			`branches:`
			`- master`
[GHA] Disable repo name check. 2024-07-22 14:39:05 +00:00			`- v1.10`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`paths:`
			`- "**"`
			`workflow_dispatch:`
[GHA] Use temporary token to build artifacts, extend manual run options. 2024-12-11 00:18:37 +00:00			`inputs:`
			`freeswitch_ref:`
			`description: 'FreeSWITCH repository ref'`
			`required: true`
			`default: master`
			`type: string`
			`release:`
			`description: 'FreeSWITCH release type'`
			`type: choice`
			`required: true`
			`default: unstable`
			`options:`
			`- release`
			`- unstable`
			`publish:`
			`description: 'Publish build data'`
			`required: true`
			`default: false`
			`type: boolean`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00
			`concurrency:`
			`group: ${{ github.head_ref \|\| github.ref }}`

			`jobs:`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`preconfig:`
[GHA] Use temporary token to build artifacts, extend manual run options. 2024-12-11 00:18:37 +00:00			`name: 'Preconfig'`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`runs-on: ubuntu-latest`
			`outputs:`
			`deb: ${{ steps.deb.outputs.excludes }}`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`release: ${{ steps.release.outputs.release }}`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`steps:`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`- name: Generate Matrix excludes for DEB`
			`id: deb`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`run: \|`
			`JSON="[]"`

[GHA] Rework `pull_request_target` workflow. 2024-06-25 18:35:43 +00:00			`if [[ "${{ github.event_name }}" == "pull_request" ]]; then`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`JSON=$(jq -n '[`
			`{`
			`"version": "bookworm",`
			`"platform": {`
[GHA] Remove Debian `Buster`. 2024-08-02 16:54:28 +00:00			`"name": "arm64v8"`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`}`
			`},`
			`{`
[GHA] Remove Debian `Buster`. 2024-08-02 16:54:28 +00:00			`"version": "bullseye",`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`"platform": {`
[GHA] Remove Debian `Buster`. 2024-08-02 16:54:28 +00:00			`"name": "amd64"`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`}`
			`},`
			`{`
[GHA] Remove Debian `Buster`. 2024-08-02 16:54:28 +00:00			`"version": "bullseye",`
			`"platform": {`
			`"name": "arm32v7"`
			`}`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`}`
			`]')`
			`fi`

			`echo "excludes=$(echo $JSON \| jq -c .)" \| tee -a $GITHUB_OUTPUT`

[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`- name: Get release type based on branch`
			`id: release`
			`run: \|`
			`if [[ '${{ github.event_name }}' == 'pull_request' ]]; then`
[GHA] Default to `release=unstable` in build workflow. 2024-12-12 14:12:38 +00:00			`if [[ '${{ github.base_ref }}' == 'v1.10' ]]; then`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`echo 'release=release' \| tee -a $GITHUB_OUTPUT`
[GHA] Default to `release=unstable` in build workflow. 2024-12-12 14:12:38 +00:00			`else`
			`echo 'release=unstable' \| tee -a $GITHUB_OUTPUT`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`fi`
[GHA] Use temporary token to build artifacts, extend manual run options. 2024-12-11 00:18:37 +00:00			`elif [[ '${{ github.event_name }}' == 'workflow_dispatch' ]]; then`
			`echo 'release=${{ inputs.release }}' \| tee -a $GITHUB_OUTPUT`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`elif [[ '${{ github.ref }}' == 'refs/heads/v1.10' ]]; then`
			`echo 'release=release' \| tee -a $GITHUB_OUTPUT`
			`else`
[GHA] Default to `release=unstable` in build workflow. 2024-12-12 14:12:38 +00:00			`echo 'release=unstable' \| tee -a $GITHUB_OUTPUT`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`fi`

[GHA] Use temporary token to build artifacts, extend manual run options. 2024-12-11 00:18:37 +00:00			`get-nonce:`
			`name: 'Get Nonce for token'`
			`runs-on: freeswitch-repo-auth-client`
			`outputs:`
			`nonce: ${{ steps.get-nonce.outputs.nonce }}`
			`steps:`
			`- name: Get Nonce`
			`id: get-nonce`
			`uses: signalwire/actions-template/.github/actions/repo-auth-client@main`
			`with:`
			`mode: nonce`

			`issue-token:`
			`name: 'Issue temporary token'`
			`runs-on: ubuntu-latest`
			`needs: get-nonce`
			`outputs:`
			`token: ${{ steps.issue-token.outputs.token }}`
			`steps:`
			`- name: Issue Token`
			`id: issue-token`
			`uses: signalwire/actions-template/.github/actions/repo-auth-client@main`
			`env:`
			`NONCE: ${{ needs.get-nonce.outputs.nonce }}`
			`with:`
			`mode: issue`

[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`deb-public:`
			`name: 'DEB-PUBLIC'`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`permissions:`
			`id-token: write`
			`contents: read`
			`needs:`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`- preconfig`
[GHA] Use temporary token to build artifacts, extend manual run options. 2024-12-11 00:18:37 +00:00			`- issue-token`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`uses: signalwire/actions-template/.github/workflows/cicd-docker-build-and-distribute.yml@main`
			`strategy:`
			`# max-parallel: 1`
			`fail-fast: false`
			`matrix:`
			`os:`
			`- debian`
			`version:`
			`- bookworm`
			`- bullseye`
			`platform:`
			`- name: amd64`
			`runner: ubuntu-latest`
			`- name: arm32v7`
			`runner: linux-arm64-4-core-public`
			`- name: arm64v8`
			`runner: linux-arm64-4-core-public`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`release:`
			`- ${{ needs.preconfig.outputs.release }}`
			`exclude: ${{ fromJson(needs.preconfig.outputs.deb) }}`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`with:`
			`RUNNER: ${{ matrix.platform.runner }}`
[GHA] Use temporary token to build artifacts, extend manual run options. 2024-12-11 00:18:37 +00:00			`REF: ${{ inputs.freeswitch_ref }}`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`ARTIFACTS_PATTERN: '.*\.(deb\|dsc\|changes\|tar.bz2\|tar.gz\|tar.lzma\|tar.xz)$'`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`DOCKERFILE: .github/docker/${{ matrix.os }}/${{ matrix.version }}/${{ matrix.platform.name }}/public.${{ matrix.release }}.Dockerfile`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`MAINTAINER: 'Andrey Volk <andrey@signalwire.com>'`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`META_FILE_PATH_PREFIX: /var/www/freeswitch/public/${{ matrix.release }}/${{ github.ref_name }}/${{ github.run_id }}-${{ github.run_number }}`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`PLATFORM: ${{ matrix.platform.name }}`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`REPO_DOMAIN: 'freeswitch.signalwire.com'`
			`TARGET_ARTIFACT_NAME: ${{ matrix.os }}-${{ matrix.version }}-${{ matrix.platform.name }}-public-${{ matrix.release }}-artifact`
[GHA] Use temporary token to build artifacts, extend manual run options. 2024-12-11 00:18:37 +00:00			`UPLOAD_BUILD_ARTIFACTS: >-`
			`${{`
			`(github.event.pull_request.head.repo.full_name == github.repository) &&`
			`(`
			`(`
			`github.event_name != 'pull_request' &&`
			`github.event_name != 'workflow_dispatch'`
			`) \|\|`
			`(github.event_name == 'workflow_dispatch' && inputs.publish)`
			`)`
			`}}`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`secrets:`
			`GH_BOT_DEPLOY_TOKEN: ${{ secrets.PAT }}`
			`HOSTNAME: ${{ secrets.HOSTNAME }}`
			`PROXY_URL: ${{ secrets.PROXY_URL }}`
			`USERNAME: ${{ secrets.USERNAME }}`
			`TELEPORT_TOKEN: ${{ secrets.TELEPORT_TOKEN }}`
[GHA] Increase verbosity for `mount=type=secret`. 2024-06-25 15:00:45 +00:00			`REPO_USERNAME: 'SWUSERNAME'`
[GHA] Use temporary token to build artifacts, extend manual run options. 2024-12-11 00:18:37 +00:00			`REPO_PASSWORD: ${{ needs.issue-token.outputs.token }}`

			`revoke-token:`
			`name: 'Revoke temporary token'`
			`runs-on: ubuntu-latest`
			`# if: always()`
			`needs:`
			`- issue-token`
			`- deb-public`
			`steps:`
			`- name: Revoke Token`
			`id: revoke-token`
			`uses: signalwire/actions-template/.github/actions/repo-auth-client@main`
			`env:`
			`TOKEN: ${{ needs.issue-token.outputs.token }}`
			`with:`
			`mode: revoke`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00
			`meta:`
			`name: 'Publish build data to meta-repo'`
[GHA] Use temporary token to build artifacts, extend manual run options. 2024-12-11 00:18:37 +00:00			`if: >-`
			`${{`
			`(github.event.pull_request.head.repo.full_name == github.repository) &&`
			`(`
			`(`
			`github.event_name != 'pull_request' &&`
			`github.event_name != 'workflow_dispatch'`
			`) \|\|`
			`(github.event_name == 'workflow_dispatch' && inputs.publish)`
			`)`
			`}}`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`needs:`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`- deb-public`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`permissions:`
			`id-token: write`
			`contents: read`
			`uses: signalwire/actions-template/.github/workflows/meta-repo-content.yml@main`
			`with:`
[GHA] Migrate to new project layout. 2024-09-21 11:19:22 +00:00			`META_CONTENT: '/var/www/freeswitch/public/{release,unstable}/${{ github.ref_name }}/${{ github.run_id }}-${{ github.run_number }}'`
[GHA] Add build workflow. 2024-06-06 21:59:10 +00:00			`META_REPO: signalwire/bamboo_gha_trigger`
			`META_REPO_BRANCH: trigger/freeswitch/${{ github.ref_name }}`
			`secrets:`
			`GH_BOT_DEPLOY_TOKEN: ${{ secrets.PAT }}`