-
Notifications
You must be signed in to change notification settings - Fork 239
260 lines (221 loc) · 9.11 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
# The name of our workflow
name: Build
on:
push:
pull_request:
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkoutjobs
jobs:
msvc:
strategy:
matrix:
arch: [x86, amd64, arm64]
env:
CMAKE: cmake.exe
WIX: ${{ github.workspace }}\wix\
name: 'openvpn-build'
runs-on: windows-latest
steps:
- name: Checkout openvpn-build
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
submodules: true
- name: Restore from cache and install vcpkg
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
vcpkgDirectory: '${{ github.workspace }}/src/vcpkg'
vcpkgJsonGlob: '**/src/openvpn/contrib/vcpkg-manifests/windows/vcpkg.json'
- name: Get latest CMake and ninja
uses: lukka/get-cmake@5979409e62bdf841487c5fb3c053149de97a86d3 # v3.31.2
- name: Install rst2html
run: python -m pip install --upgrade pip docutils
- name: Setup MSVC prompt
uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
- name: Install Wix 3.14.1
run: |
Invoke-WebRequest -Uri "https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314-binaries.zip" -OutFile wix.zip
Expand-Archive -Path .\wix.zip -DestinationPath wix\bin
- name: Bump version
working-directory: windows-msi
run: |
$NewProductCode = (New-Guid).ToString().ToUpper()
$BuildVersion = 10000 + [int]$env:GITHUB_RUN_NUMBER
$NewProductVersion = "2.6.$BuildVersion"
echo $NewProductCode $NewProductVersion
$version_m4 = (Get-Content version.m4)
$version_m4 -replace '^define\(\[PRODUCT_CODE\], \[\{(?<ProductCode>.*)\}]\)', "define([PRODUCT_CODE], [{${NewProductCode}}])" `
-replace '^define\(\[PRODUCT_VERSION\], \[(.*?)\]\)', "define([PRODUCT_VERSION], [${NewProductVersion}])" | Out-File -Encoding ASCII version.m4
- name: Build
working-directory: windows-msi
run: |
./build-and-package.ps1 -arch ${{ matrix.arch }}
- name: Get openvpn commit id
working-directory: src/openvpn
run: |
$commit = git rev-parse --short HEAD
echo "OPENVPN_COMMIT=$commit" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
- name: Get datetime
run: |
$dt = Get-Date -Format "yyyyMMddThhmm"
echo "DATETIME=${dt}" >> $Env:GITHUB_ENV
- name: Archive artifacts
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: openvpn-master-${{ env.DATETIME }}-${{ env.OPENVPN_COMMIT }}-${{ matrix.arch }}
path: ${{ github.workspace }}\windows-msi\image\*-${{ matrix.arch }}.msi
run_tclient_tests:
name: Run t_client tests on AWS
needs: msvc
concurrency: aws_tclient_tests
runs-on: ubuntu-latest
if: ${{ github.repository == 'openvpn/openvpn-build' && github.event_name != 'pull_request' }}
env:
AWS_REGION : "eu-west-1"
steps:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::217307881341:role/GitHubActions
role-session-name: githubactions
aws-region: ${{ env.AWS_REGION }}
- name: Clone openvpn-windows-test repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: openvpn/openvpn-windows-test
ref: master
path: openvpn-windows-test
- name: Install SSH key for tclient host
uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2.7.0
with:
key: ${{ secrets.SSH_KEY_FOR_TCLIENT_HOST }}
known_hosts: unnecessary
- name: Get artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
pattern: "*-amd64"
path: msi
- name: Run AWS test
working-directory: openvpn-windows-test
shell: pwsh
run: |
Install-Module -Name AWS.Tools.Installer -Force
Install-AWSToolsModule AWS.Tools.EC2 -Force
.\Start-AWSTest.ps1 -SSH_KEY ~/.ssh/id_rsa -MSI_PATH $(Get-ChildItem ../msi/*-amd64/*.msi | select -ExpandProperty FullName)
- name: Archive openvpn logs
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ always() }}
with:
name: t_client_openvpn_logs
path: openvpn-windows-test/openvpn-logs.zip
upload_msis:
needs: run_tclient_tests
name: upload-msis
runs-on: ubuntu-latest
if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/master' && github.repository == 'openvpn/openvpn-build' }}
steps:
- name: Install knock
run: sudo apt install knockd
- name: Get artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
path: msi
- name: Flatten and rename artifacts
working-directory: msi
run: |
find -name '*.msi' -printf "%p\n" | while read f; do mv -v $f $(dirname $f).msi; rm -rvf $(dirname $f); done
rm -rf t_client_openvpn_logs
rm -rf openvpn-debian
find
- name: Knock ports on remote
run: knock -d 500 ${{ secrets.MSI_UPLOAD_REMOTE_HOST }} ${{ secrets.MSI_UPLOAD_REMOTE_KNOCK_SEQUENCE }} ; sleep 1
- name: Copy MSI to remote
working-directory: msi
run: |
set -x
eval $(ssh-agent -s)
mkdir -v -m 700 $HOME/.ssh
ssh-keyscan -H ${{ secrets.MSI_UPLOAD_REMOTE_HOST }} > $HOME/.ssh/known_hosts
echo "${{ secrets.MSI_UPLOAD_PRIVATE_KEY }}" > $HOME/.ssh/key
chmod 400 $HOME/.ssh/key
scp -i $HOME/.ssh/key *.msi ${{ secrets.MSI_UPLOAD_USERNAME }}@${{ secrets.MSI_UPLOAD_REMOTE_HOST }}:${{ secrets.MSI_UPLOAD_REMOTE_PATH }}
debian:
name: Build Debian packages
runs-on: ubuntu-latest
env:
CHROOT_CONF: chroots/chroot.d.tar
OPENVPN_CURRENT_TAG: HEAD
OPENVPN_DCO_CURRENT_TAG: HEAD
USE_LOCAL_SOURCE: 1
steps:
- name: Checkout openvpn-build
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
submodules: true
- name: Install dependencies
run: |
sudo apt-get update
# for sbuild
sudo apt-get install -y sbuild git quilt debhelper dkms
# for ./configure && make dist
sudo apt-get install -y autoconf automake libcap-ng-dev libssl-dev python3-docutils
- name: Prepare release files
working-directory: release
run: |
ln -s vars.example vars
mkdir ../output
# we need to have ability to git tag the versions
# we do not push those tags
git config --global user.name "gha_user"
git config --global user.email "gha@openvpn.invalid"
./version-and-tags.sh
./create-release-files.sh
# So that the caches expire after a while
- name: Get Date for cache key
id: get-date
run: |
echo "date=$(/bin/date -u '+%Y%m')" >> $GITHUB_OUTPUT
- name: Restore cached chroots
id: chroots-restore
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
debian-sbuild/chroots
key: chroots-${{ hashFiles('**/config/variants.amd64.conf') }}-${{ steps.get-date.outputs.date }}
restore-keys: |
chroots-${{ hashFiles('**/config/variants.amd64.conf') }}-
chroots-
- name: Prepare environment
working-directory: debian-sbuild
run: |
[ ! -f "$CHROOT_CONF" ] || ( tar -xvf "$CHROOT_CONF" -C chroots; sudo install -m644 chroots/chroot.d/* /etc/schroot/chroot.d/ )
sudo chown root:root chroots/*.tar.gz || true
scripts/setup.sh
sudo scripts/setup_chroots.sh
sudo scripts/update-all.sh
sudo sbuild-adduser runner
tar -cvf "$CHROOT_CONF" -C /etc/schroot/ chroot.d/
- name: Save chroots
if: steps.chroots-restore.outputs.cache-hit != 'true'
id: chroots-save
uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: |
debian-sbuild/chroots
key: ${{ steps.chroots-restore.outputs.cache-primary-key }}
- name: Prepare package build
working-directory: debian-sbuild
run: |
scripts/prepare-all.sh
- name: Build packages
working-directory: debian-sbuild
run: |
sg sbuild ./scripts/build-all.sh
- name: Archive packages
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: openvpn-debian
path: |
output