kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[GHA] Use temporary token to build artifacts, extend manual run options.

This commit is contained in:
s3rj1k 2024-12-11 01:18:37 +01:00
parent c429987181
commit 1f4d1e323e
No known key found for this signature in database
1 changed files with 90 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
.github/workflows/build.yml vendored
View File

@ -9,12 +9,32 @@ on:
paths: paths:
- "**" - "**"
workflow_dispatch: workflow_dispatch:
inputs:
freeswitch_ref:
description: 'FreeSWITCH repository ref'
required: true
default: master
type: string
release:
description: 'FreeSWITCH release type'
type: choice
required: true
default: unstable
options:
- release
- unstable
publish:
description: 'Publish build data'
required: true
default: false
type: boolean
concurrency: concurrency:
group: ${{ github.head_ref || github.ref }} group: ${{ github.head_ref || github.ref }}
jobs: jobs:
preconfig: preconfig:
name: 'Preconfig'
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
deb: ${{ steps.deb.outputs.excludes }} deb: ${{ steps.deb.outputs.excludes }}
@ -59,6 +79,8 @@ jobs:
elif [[ '${{ github.base_ref }}' == 'v1.10' ]]; then elif [[ '${{ github.base_ref }}' == 'v1.10' ]]; then
echo 'release=release' | tee -a $GITHUB_OUTPUT echo 'release=release' | tee -a $GITHUB_OUTPUT
fi fi
elif [[ '${{ github.event_name }}' == 'workflow_dispatch' ]]; then
echo 'release=${{ inputs.release }}' | tee -a $GITHUB_OUTPUT
elif [[ '${{ github.ref }}' == 'refs/heads/master' ]]; then elif [[ '${{ github.ref }}' == 'refs/heads/master' ]]; then
echo 'release=unstable' | tee -a $GITHUB_OUTPUT echo 'release=unstable' | tee -a $GITHUB_OUTPUT
elif [[ '${{ github.ref }}' == 'refs/heads/v1.10' ]]; then elif [[ '${{ github.ref }}' == 'refs/heads/v1.10' ]]; then
@ -67,6 +89,33 @@ jobs:
exit 1 exit 1
fi fi
get-nonce:
name: 'Get Nonce for token'
runs-on: freeswitch-repo-auth-client
outputs:
nonce: ${{ steps.get-nonce.outputs.nonce }}
steps:
- name: Get Nonce
id: get-nonce
uses: signalwire/actions-template/.github/actions/repo-auth-client@main
with:
mode: nonce
issue-token:
name: 'Issue temporary token'
runs-on: ubuntu-latest
needs: get-nonce
outputs:
token: ${{ steps.issue-token.outputs.token }}
steps:
- name: Issue Token
id: issue-token
uses: signalwire/actions-template/.github/actions/repo-auth-client@main
env:
NONCE: ${{ needs.get-nonce.outputs.nonce }}
with:
mode: issue
deb-public: deb-public:
name: 'DEB-PUBLIC' name: 'DEB-PUBLIC'
permissions: permissions:
@ -74,6 +123,7 @@ jobs:
contents: read contents: read
needs: needs:
- preconfig - preconfig
- issue-token
uses: signalwire/actions-template/.github/workflows/cicd-docker-build-and-distribute.yml@main uses: signalwire/actions-template/.github/workflows/cicd-docker-build-and-distribute.yml@main
strategy: strategy:
# max-parallel: 1 # max-parallel: 1
@ -96,6 +146,7 @@ jobs:
exclude: ${{ fromJson(needs.preconfig.outputs.deb) }} exclude: ${{ fromJson(needs.preconfig.outputs.deb) }}
with: with:
RUNNER: ${{ matrix.platform.runner }} RUNNER: ${{ matrix.platform.runner }}
REF: ${{ inputs.freeswitch_ref }}
ARTIFACTS_PATTERN: '.*\.(deb|dsc|changes|tar.bz2|tar.gz|tar.lzma|tar.xz)$' ARTIFACTS_PATTERN: '.*\.(deb|dsc|changes|tar.bz2|tar.gz|tar.lzma|tar.xz)$'
DOCKERFILE: .github/docker/${{ matrix.os }}/${{ matrix.version }}/${{ matrix.platform.name }}/public.${{ matrix.release }}.Dockerfile DOCKERFILE: .github/docker/${{ matrix.os }}/${{ matrix.version }}/${{ matrix.platform.name }}/public.${{ matrix.release }}.Dockerfile
MAINTAINER: 'Andrey Volk <andrey@signalwire.com>' MAINTAINER: 'Andrey Volk <andrey@signalwire.com>'
@ -103,7 +154,17 @@ jobs:
PLATFORM: ${{ matrix.platform.name }} PLATFORM: ${{ matrix.platform.name }}
REPO_DOMAIN: 'freeswitch.signalwire.com' REPO_DOMAIN: 'freeswitch.signalwire.com'
TARGET_ARTIFACT_NAME: ${{ matrix.os }}-${{ matrix.version }}-${{ matrix.platform.name }}-public-${{ matrix.release }}-artifact TARGET_ARTIFACT_NAME: ${{ matrix.os }}-${{ matrix.version }}-${{ matrix.platform.name }}-public-${{ matrix.release }}-artifact
UPLOAD_BUILD_ARTIFACTS: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.title, ':upload-artifacts') }} UPLOAD_BUILD_ARTIFACTS: >-
${{
(github.event.pull_request.head.repo.full_name == github.repository) &&
(
(
github.event_name != 'pull_request' &&
github.event_name != 'workflow_dispatch'
) ||
(github.event_name == 'workflow_dispatch' && inputs.publish)
)
}}
secrets: secrets:
GH_BOT_DEPLOY_TOKEN: ${{ secrets.PAT }} GH_BOT_DEPLOY_TOKEN: ${{ secrets.PAT }}
HOSTNAME: ${{ secrets.HOSTNAME }} HOSTNAME: ${{ secrets.HOSTNAME }}
@ -111,11 +172,37 @@ jobs:
USERNAME: ${{ secrets.USERNAME }} USERNAME: ${{ secrets.USERNAME }}
TELEPORT_TOKEN: ${{ secrets.TELEPORT_TOKEN }} TELEPORT_TOKEN: ${{ secrets.TELEPORT_TOKEN }}
REPO_USERNAME: 'SWUSERNAME' REPO_USERNAME: 'SWUSERNAME'
REPO_PASSWORD: ${{ secrets.REPOTOKEN }} REPO_PASSWORD: ${{ needs.issue-token.outputs.token }}
revoke-token:
name: 'Revoke temporary token'
runs-on: ubuntu-latest
# if: always()
needs:
- issue-token
- deb-public
steps:
- name: Revoke Token
id: revoke-token
uses: signalwire/actions-template/.github/actions/repo-auth-client@main
env:
TOKEN: ${{ needs.issue-token.outputs.token }}
with:
mode: revoke
meta: meta:
name: 'Publish build data to meta-repo' name: 'Publish build data to meta-repo'
if: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.title, ':upload-artifacts') }} if: >-
${{
(github.event.pull_request.head.repo.full_name == github.repository) &&
(
(
github.event_name != 'pull_request' &&
github.event_name != 'workflow_dispatch'
) ||
(github.event_name == 'workflow_dispatch' && inputs.publish)
)
}}
needs: needs:
- deb-public - deb-public
permissions: permissions: