Merge pull request #656 from OpenVPN/renovate/release/2.6-github-actions #3529
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The name of our workflow | |
name: Build | |
on: | |
push: | |
pull_request: | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkoutjobs: | |
jobs: | |
msvc: | |
strategy: | |
matrix: | |
arch: [x86, amd64, arm64] | |
env: | |
CMAKE: cmake.exe | |
WIX: ${{ github.workspace }}\wix\ | |
name: 'openvpn-build' | |
runs-on: windows-latest | |
steps: | |
- name: Checkout openvpn-build | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
with: | |
fetch-depth: 0 | |
submodules: true | |
- name: Restore from cache and install vcpkg | |
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5 | |
with: | |
vcpkgDirectory: '${{ github.workspace }}/src/vcpkg' | |
vcpkgJsonGlob: '**/src/openvpn/contrib/vcpkg-manifests/windows/vcpkg.json' | |
- name: Get latest CMake and ninja | |
uses: lukka/get-cmake@18d87816d12dd87ec1449d47b9b3a587e0a1cc19 # v3.29.5 | |
- name: Install rst2html | |
run: python -m pip install --upgrade pip docutils | |
- name: Setup MSVC prompt | |
uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 | |
- name: Install Wix 3.14.1 | |
run: | | |
Invoke-WebRequest -Uri "https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314-binaries.zip" -OutFile wix.zip | |
Expand-Archive -Path .\wix.zip -DestinationPath wix\bin | |
- name: Bump version | |
working-directory: windows-msi | |
run: | | |
$NewProductCode = (New-Guid).ToString().ToUpper() | |
$BuildVersion = 10000 + [int]$env:GITHUB_RUN_NUMBER | |
$NewProductVersion = "2.6.$BuildVersion" | |
echo $NewProductCode $NewProductVersion | |
$version_m4 = (Get-Content version.m4) | |
$version_m4 -replace '^define\(\[PRODUCT_CODE\], \[\{(?<ProductCode>.*)\}]\)', "define([PRODUCT_CODE], [{${NewProductCode}}])" ` | |
-replace '^define\(\[PRODUCT_VERSION\], \[(.*?)\]\)', "define([PRODUCT_VERSION], [${NewProductVersion}])" | Out-File -Encoding ASCII version.m4 | |
- name: Build | |
working-directory: windows-msi | |
run: | | |
./build-and-package.ps1 -arch ${{ matrix.arch }} | |
- name: Get openvpn commit id | |
working-directory: src/openvpn | |
run: | | |
$commit = git rev-parse --short HEAD | |
echo "OPENVPN_COMMIT=$commit" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append | |
- name: Get datetime | |
run: | | |
$dt = Get-Date -Format "yyyyMMddThhmm" | |
echo "DATETIME=${dt}" >> $Env:GITHUB_ENV | |
- name: Archive artifacts | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: openvpn-master-${{ env.DATETIME }}-${{ env.OPENVPN_COMMIT }}-${{ matrix.arch }} | |
path: ${{ github.workspace }}\windows-msi\image\*-${{ matrix.arch }}.msi | |
run_tclient_tests: | |
name: Run t_client tests on AWS | |
needs: msvc | |
concurrency: aws_tclient_tests | |
runs-on: ubuntu-latest | |
if: ${{ github.repository == 'openvpn/openvpn-build' && github.event_name != 'pull_request' }} | |
env: | |
AWS_REGION : "eu-west-1" | |
steps: | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
role-to-assume: arn:aws:iam::217307881341:role/GitHubActions | |
role-session-name: githubactions | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Clone openvpn-windows-test repo | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
with: | |
repository: openvpn/openvpn-windows-test | |
ref: master | |
path: openvpn-windows-test | |
- name: Install SSH key for tclient host | |
uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2.7.0 | |
with: | |
key: ${{ secrets.SSH_KEY_FOR_TCLIENT_HOST }} | |
known_hosts: unnecessary | |
- name: Get artifacts | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
path: msi | |
- name: Run AWS test | |
working-directory: openvpn-windows-test | |
shell: pwsh | |
run: | | |
Install-Module -Name AWS.Tools.Installer -Force | |
Install-AWSToolsModule AWS.Tools.EC2 -Force | |
.\Start-AWSTest.ps1 -SSH_KEY ~/.ssh/id_rsa -MSI_PATH $(Get-ChildItem ../msi/*-amd64/*.msi | select -ExpandProperty FullName) | |
- name: Archive openvpn logs | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
if: ${{ always() }} | |
with: | |
name: t_client_openvpn_logs | |
path: openvpn-windows-test/openvpn-logs.zip | |
upload_msis: | |
needs: run_tclient_tests | |
name: upload-msis | |
runs-on: ubuntu-latest | |
if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/master' && github.repository == 'openvpn/openvpn-build' }} | |
steps: | |
- name: Install knock | |
run: sudo apt install knockd | |
- name: Get artifacts | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
path: msi | |
- name: Flatter and rename artifacts | |
working-directory: msi | |
run: | | |
find -name '*.msi' -printf "%p\n" | while read f; do mv $f $(dirname $f).msi; rm -rf $(dirname $f); done | |
rm -rf t_client_openvpn_logs | |
- name: Knock ports on remote | |
run: knock -d 500 ${{ secrets.MSI_UPLOAD_REMOTE_HOST }} ${{ secrets.MSI_UPLOAD_REMOTE_KNOCK_SEQUENCE }} ; sleep 1 | |
- name: Copy MSI to remote | |
uses: garygrossgarten/github-action-scp@8a27854bb4f124a497a67316e83783efda770119 # v0.8.0 | |
with: | |
local: msi | |
remote: ${{ secrets.MSI_UPLOAD_REMOTE_PATH }} | |
host: ${{ secrets.MSI_UPLOAD_REMOTE_HOST }} | |
port: ${{ secrets.MSI_UPLOAD_REMOTE_PORT }} | |
username: ${{ secrets.MSI_UPLOAD_USERNAME }} | |
privateKey: ${{ secrets.MSI_UPLOAD_PRIVATE_KEY }} | |
passphrase: ${{ secrets.MSI_UPLOAD_KEY_PASSPHRASE }} | |
debian: | |
name: Build Debian packages | |
runs-on: ubuntu-latest | |
env: | |
CHROOT_CONF: chroots/chroot.d.tar | |
OPENVPN_CURRENT_TAG: HEAD | |
OPENVPN_DCO_CURRENT_TAG: HEAD | |
USE_LOCAL_SOURCE: 1 | |
steps: | |
- name: Checkout openvpn-build | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
with: | |
fetch-depth: 0 | |
submodules: true | |
- name: Install dependencies | |
run: | | |
sudo apt-get update | |
# for sbuild | |
sudo apt-get install -y sbuild git quilt debhelper dkms | |
# for ./configure && make dist | |
sudo apt-get install -y autoconf automake libcap-ng-dev libssl-dev python3-docutils | |
- name: Prepare release files | |
working-directory: release | |
run: | | |
ln -s vars.example vars | |
mkdir ../output | |
# we need to have ability to git tag the versions | |
# we do not push those tags | |
git config --global user.name "gha_user" | |
git config --global user.email "[email protected]" | |
./version-and-tags.sh | |
./create-release-files.sh | |
# So that the caches expire after a while | |
- name: Get Date for cache key | |
id: get-date | |
run: | | |
echo "date=$(/bin/date -u '+%Y%m')" >> $GITHUB_OUTPUT | |
- name: Restore cached chroots | |
id: chroots-restore | |
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: | | |
debian-sbuild/chroots | |
key: chroots-${{ hashFiles('**/config/variants.amd64.conf') }}-${{ steps.get-date.outputs.date }} | |
restore-keys: | | |
chroots-${{ hashFiles('**/config/variants.amd64.conf') }}- | |
chroots- | |
- name: Prepare environment | |
working-directory: debian-sbuild | |
run: | | |
[ ! -f "$CHROOT_CONF" ] || ( tar -xvf "$CHROOT_CONF" -C chroots; sudo install -m644 chroots/chroot.d/* /etc/schroot/chroot.d/ ) | |
sudo chown root:root chroots/*.tar.gz || true | |
scripts/setup.sh | |
sudo scripts/setup_chroots.sh | |
sudo scripts/update-all.sh | |
sudo sbuild-adduser runner | |
tar -cvf "$CHROOT_CONF" -C /etc/schroot/ chroot.d/ | |
- name: Save chroots | |
if: steps.chroots-restore.outputs.cache-hit != 'true' | |
id: chroots-save | |
uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
with: | |
path: | | |
debian-sbuild/chroots | |
key: ${{ steps.chroots-restore.outputs.cache-primary-key }} | |
- name: Prepare package build | |
working-directory: debian-sbuild | |
run: | | |
scripts/prepare-all.sh | |
- name: Build packages | |
working-directory: debian-sbuild | |
run: | | |
sg sbuild ./scripts/build-all.sh | |
- name: Archive packages | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: openvpn-debian | |
path: | | |
output |