upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-05-28 04:34:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

add docker and snap packaging jobs; compare to .azure-pipelines/templates/stages/test-and-package-stage.yml which is still needed for other pipelines on azure

Browse source
This commit is contained in:
Erica Portnoy 2026-04-29 16:21:58 -07:00
parent 60245411d5
commit 15a0a56b29
2 changed files with 317 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
.github/workflows/docker_packaging_jobs.yml vendored Normal file
View file

@ -0,0 +1,86 @@
name: Docker packaging
on:
workflow_call:
inputs:
dockerTag:
description: 'docker tag to push to'
type: string
permissions:
contents: read
env:
dockerTag: ${{ inputs.dockerTag }}
jobs:
docker_build:
name: Build ${{ matrix.DOCKER_ARCH }}
runs-on:
- ${{ matrix.run-on }}
# The default timeout of 60 minutes is a little low for compiling
# cryptography on ARM architectures.
timeout-minutes: 180
strategy:
fail-fast: false
matrix:
include:
- DOCKER_ARCH: arm64v8
run-on: ubuntu-24.04-arm
- DOCKER_ARCH: amd64
run-on: ubuntu-24.04
- DOCKER_ARCH: arm32v6
run-on: ubuntu-24.04
steps:
- name: checkout
uses: actions/checkout@v6.0.2
with:
persist-credentials: false
- name: Build the Docker images
# We don't filter for the Docker Hub organization to continue to allow
# easy testing of these scripts on forks.
run: tools/docker/build.sh ${{ env.dockerTag }} ${{ matrix.DOCKER_ARCH }}
shell: bash
- name: Save the Docker images
run: |-
DOCKER_IMAGES=$(docker images --filter reference="*/certbot" --filter reference="*/dns-*" --format "{{.Repository}}")
docker save --output images.tar $DOCKER_IMAGES
shell: bash
# If the name of the tar file or artifact changes, the deploy stage will
# also need to be updated.
- name: Prepare Docker artifact
run: mv images.tar ${{ runner.temp }}
shell: bash
- name: Store Docker artifact
uses: actions/upload-artifact@v7.0.0
with:
name: docker_${{ matrix.DOCKER_ARCH }}
path: "${{ runner.temp }}"
docker_test:
name: Test ${{ matrix.DOCKER_ARCH }}
needs:
- docker_build
runs-on:
- ${{ matrix.run-on }}
strategy:
fail-fast: false
matrix:
include:
- DOCKER_ARCH: arm64v8
run-on: ubuntu-24.04-arm
- DOCKER_ARCH: amd64
run-on: ubuntu-24.04
- DOCKER_ARCH: arm32v6
run-on: ubuntu-24.04-arm
steps:
- name: checkout
uses: actions/checkout@v6.0.2
- name: Retrieve Docker images
uses: actions/download-artifact@v8.0.1
with:
name: docker_${{ matrix.DOCKER_ARCH }}
path: "${{ github.workspace }}"
- name: Load Docker images
run: docker load --input ${{ github.workspace }}/images.tar
shell: bash
- name: Run integration tests for Docker images
run: tools/docker/test.sh ${{ env.dockerTag }} ${{ matrix.DOCKER_ARCH }}
shell: bash

231
.github/workflows/snap_packaging_jobs.yml vendored Normal file
View file

@ -0,0 +1,231 @@
name: Snap packaging
on:
workflow_call:
inputs:
snapBuildTimeout:
description: 'timeout for snap builds'
type: number
permissions:
contents: read
env:
snapBuildTimeout: ${{ inputs.snapBuildTimeout }}
jobs:
gha_build_snap:
name: Build certbot ${{ matrix.build-for }}
runs-on: ${{ matrix.build-on }}
strategy:
fail-fast: false
matrix:
include:
- build-for: arm64
build-on: ubuntu-24.04-arm
- build-for: amd64
build-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6.0.2
- uses: snapcore/action-build@v1.3.0
id: build
with:
snapcraft-args: "--build-for=${{ matrix.build-for }}"
- name: Store snap artifact
uses: actions/upload-artifact@v7.0.0
with:
name: snap-certbot-${{ matrix.build-for }}
path: ${{ steps.build.outputs.snap }}
generate_dns_list_matrix:
name: List DNS package names
runs-on: ubuntu-latest
outputs:
dns-dirs: ${{ steps.set-dns-dirs.outputs.dns-dirs }}
steps:
- name: checkout
uses: actions/checkout@v6.0.2
- id: set-dns-dirs
run: |
DNS_NAMES="$(echo certbot-dns-* | jq -R -s -c 'split(" ")[:-1]')"
echo "dns-dirs=$DNS_NAMES" >> "$GITHUB_OUTPUT"
gha_build_dns_snaps:
name: Build ${{ matrix.dns-dir }} ${{ matrix.build-for }}
needs: generate_dns_list_matrix
runs-on: ${{ matrix.build-on }}
strategy:
fail-fast: false
matrix:
dns-dir: ${{ fromJSON(needs.generate_dns_list_matrix.outputs.dns-dirs) }}
build-for: [arm64, amd64]
include:
- build-for: arm64
build-on: ubuntu-24.04-arm
- build-for: amd64
build-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6.0.2
- name: generate dns snapcraft.yamls
run: |
tools/snap/generate_dnsplugins_all.sh # unnecessarily doing every file
- uses: snapcore/action-build@v1.3.0
id: build
with:
snapcraft-args: "--build-for=${{ matrix.build-for }}"
path: ${{ matrix.dns-dir }}
- name: Store snap artifact
uses: actions/upload-artifact@v7.0.0
with:
name: snap-${{ matrix.dns-dir }}-${{ matrix.build-for }}
path: ${{ steps.build.outputs.snap }}
launchpad_build_all:
name: Build armhf snaps
runs-on:
- ubuntu-24.04
env:
SNAP_ARCH: "armhf"
steps:
- name: checkout
uses: actions/checkout@v6.0.2
with:
fetch-depth: 0 # need a non-shallow clone for launchpad
- name: Install dependencies
run: |-
sudo apt-get update
sudo apt-get install -y --no-install-recommends snapd
sudo snap install --classic snapcraft
- uses: actions/setup-python@v5.0.0
with:
python-version: '3.12'
- name: Build snaps
env:
LAUNCHPAD_CREDS: "${{ secrets.LAUNCHPAD_CREDENTIALS }}"
run: |-
git config --global user.email "${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com"
git config --global user.name "${{ github.actor }}"
mkdir -p ~/.local/share/snapcraft/
echo "$LAUNCHPAD_CREDS" > ~/.local/share/snapcraft/launchpad-credentials
python3 tools/snap/build_remote.py ALL --archs "$SNAP_ARCH" --timeout ${{ env.snapBuildTimeout }}
- name: Flatten snaps layout
run: |-
mv *.snap ${{ runner.temp }}
mv certbot-dns-*/*.snap ${{ runner.temp }}
- name: Store snaps artifacts
uses: actions/upload-artifact@v7.0.0
with:
name: snaps_${{ env.SNAP_ARCH }}
path: "${{ runner.temp }}"
snap_run:
name: Test certbot ${{ matrix.arch-name }}
needs:
- gha_build_snap
- launchpad_build_all
runs-on:
- ${{ matrix.run-on }}
strategy:
fail-fast: false
matrix:
include:
- arch-name: arm64
run-on: ubuntu-24.04-arm
- arch-name: amd64
run-on: ubuntu-24.04
- arch-name: armhf
run-on: ubuntu-24.04-arm
steps:
- name: checkout
uses: actions/checkout@v6.0.2
- uses: actions/setup-python@v5.0.0
with:
python-version: '3.12'
- name: Install armhf dependencies
if: ${{ matrix.arch-name == 'armhf' }}
run: |-
sudo dpkg --add-architecture armhf
sudo apt-get update
# apparmor will conflict with snapd:armhf dependency if not removed first
sudo apt-get remove -y apparmor
sudo apt-get install -y --no-install-recommends snapd:armhf nginx-light
- name: Install non-armhf depdencies
if: ${{ matrix.arch-name != 'armhf' }}
run: |-
sudo apt-get update
sudo apt-get install -y --no-install-recommends nginx-light snapd
- name: Setup venv
run: |-
python3 -m venv venv
venv/bin/python tools/pip_install.py -U tox
- name: Retrieve Certbot snaps armhf
if: ${{ matrix.arch-name == 'armhf' }}
uses: actions/download-artifact@v8.0.1
with:
name: snaps_${{ matrix.arch-name }}
path: "${{ github.workspace }}/snap"
- name: Retrieve Certbot snaps non-armhf
if: ${{ matrix.arch-name != 'armhf' }}
uses: actions/download-artifact@v8.0.1
with:
pattern: snap-certbot-${{ matrix.arch-name }}
path: "${{ github.workspace }}/snap"
- name: Install Certbot snap
run: |-
sudo snap install --dangerous --classic snap/certbot_*.snap
- name: Run tox
run: |-
venv/bin/python -m tox run -e integration-external,apacheconftest-external-with-pebble
snap_dns_run:
name: Test DNS ${{ matrix.arch-name }}
needs:
- gha_build_dns_snaps
- gha_build_snap
- launchpad_build_all
runs-on:
- ${{ matrix.run-on }}
strategy:
fail-fast: false
matrix:
include:
- arch-name: arm64
run-on: ubuntu-24.04-arm
- arch-name: amd64
run-on: ubuntu-24.04
- arch-name: armhf
run-on: ubuntu-24.04-arm
steps:
- name: checkout
uses: actions/checkout@v6.0.2
- name: Install armhf dependencies
if: ${{ matrix.arch-name == 'armhf' }}
run: |-
sudo dpkg --add-architecture armhf
sudo apt-get update
# apparmor will conflict with snapd:armhf dependency if not removed first
sudo apt-get remove -y apparmor
sudo apt-get install -y --no-install-recommends snapd:armhf
- name: Install non-armhf depdencies
if: ${{ matrix.arch-name != 'armhf' }}
run: |-
sudo apt-get update
sudo apt-get install -y --no-install-recommends snapd
- uses: actions/setup-python@v5.0.0
with:
python-version: '3.12'
- name: Retrieve Certbot snaps armhf
if: ${{ matrix.arch-name == 'armhf' }}
uses: actions/download-artifact@v8.0.1
with:
name: snaps_${{ matrix.arch-name }}
path: "${{ github.workspace }}/snap"
- name: Retrieve Certbot snaps non-armhf
if: ${{ matrix.arch-name != 'armhf' }}
uses: actions/download-artifact@v8.0.1
with:
pattern: snap-*-${{ matrix.arch-name }}
merge-multiple: true
path: "${{ github.workspace }}/snap"
- name: Display structure of downloaded files
run: ls -R "${{ github.workspace }}/snap"
- name: Prepare Certbot-CI
run: |-
python3 -m venv venv
venv/bin/python tools/pip_install.py -e certbot-ci
- name: Test DNS plugins snaps
run: |-
sudo -E venv/bin/pytest certbot-ci/src/snap_integration_tests/dns_tests --allow-persistent-changes --snap-folder ${{ github.workspace }}/snap --snap-arch ${{ matrix.arch-name }}