mirror of
https://github.com/certbot/certbot.git
synced 2026-05-28 04:34:11 -04:00
1efd73e064
Related to https://github.com/certbot/certbot/issues/10581 Following up on #10631 and https://github.com/certbot/certbot/pull/10622, this PR converts the `nightly` [pipeline](https://dev.azure.com/certbot/certbot/_build?definitionId=5) from Azure to Github Actions. `schedule` and `workflow_dispatch` triggers only work on merged branches, not PRs. To see these tests running, I temporarily added a `push` trigger in commit [a2e9c43](a2e9c4303e). You can see the results of those tests [here](https://github.com/certbot/certbot/actions/runs/25688414262). I did not split each file into its own commit this time because I feel like the general idea is clear. The relevant files in azure pipelines to reference are: - the deleted `.azure-pipelines/nightly.yml` --> `.github/workflows/nightly.yml` - `.azure-pipelines/templates/jobs/common-deploy-jobs.yml` --> `.github/workflows/deploy_docker_images.yml` and `.github/workflows/deploy_snaps.yml` - `.azure-pipelines/templates/stages/changelog-stage.yml` --> `.github/workflows/create_changelog.yml` I chose to split `common-deploy-jobs` into `deploy_docker_images` and `deploy_snaps`. This is because the docker arm32v6 build takes a long time, but uploading to docker is quick, while the armhf snaps build varies but is often quicker, but uploading the snaps can take some time. By splitting them, we can specify the dependencies more precisely, and hopefully shave some time off the total. Without the split, tests took [53 minutes total](https://github.com/certbot/certbot/actions/runs/25684264622). After the split, tests took [33 minutes total](https://github.com/certbot/certbot/actions/runs/25688414262)! As before, the "nightly deploy stage" from azure has been omitted for clarity. `rerun.yml` did not exist before. There's not a great built-in way to rerun individual jobs in github actions, which I wanted for the snap builds specifically, since other timeouts can still happen. I could have made an action or additional workflow and wrapped that in a script to retry it, but I figured actually it's nicer to have the ability to rerun anything. This is equivalent to clicking "rerun all failed jobs," which I feel is usually what we want. Unfortunately, I am pretty sure that to test it, the rerun script will need to be merged first, since it relies on `workflow_dispatch`. You can see that packages were successfully uploaded to [dockerhub](https://hub.docker.com/r/certbot/certbot/tags) and the [snap store](https://dashboard.snapcraft.io/stores/snaps/); looking at the timestamps is probably the easiest way to confirm (about 11:45am Monday).
81 lines
2.4 KiB
YAML
81 lines
2.4 KiB
YAML
name: Deploy docker images
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
dockerTag:
|
|
required: true
|
|
description: 'tag to assign docker images'
|
|
type: string
|
|
secrets:
|
|
DOCKERHUB_TOKEN:
|
|
required: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
env:
|
|
DOCKER_TAG: "${{ inputs.dockerTag }}"
|
|
|
|
jobs:
|
|
# The credentials used in the following jobs are for the shared
|
|
# certbotbot account on Docker Hub.
|
|
# They are located under the certbot organization settings,
|
|
# under Secrets and Variables -> Actions.
|
|
# DOCKERHUB_USERNAME is saved as a variable.
|
|
# DOCKERHUB_TOKEN is a secret, and it is a PAT created by
|
|
# following the instructions at
|
|
# https://docs.docker.com/security/access-tokens/
|
|
# with Read and Write permissions. The access token can be deleted
|
|
# on Docker Hub if these credentials need to be revoked.
|
|
# The password is a PAT following the advice given by
|
|
# https://github.com/docker/login-action?tab=readme-ov-file#docker-hub
|
|
publish_docker_by_arch:
|
|
name: Publish docker by arch
|
|
runs-on:
|
|
- 'ubuntu-24.04'
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
DOCKER_ARCH:
|
|
- arm32v6
|
|
- arm64v8
|
|
- amd64
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
- name: Retrieve Docker images
|
|
uses: actions/download-artifact@v8.0.1
|
|
with:
|
|
name: docker_${{ matrix.DOCKER_ARCH }}
|
|
path: "${{ github.workspace }}"
|
|
- name: Load Docker images
|
|
run: docker load --input ${{ github.workspace }}/images.tar
|
|
shell: bash
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v4.1.0
|
|
with:
|
|
username: "${{ vars.DOCKERHUB_USERNAME }}"
|
|
password: "${{ secrets.DOCKERHUB_TOKEN }}"
|
|
- name: Deploy the Docker images by architecture
|
|
run: tools/docker/deploy_images.sh "$DOCKER_TAG" ${{ matrix.DOCKER_ARCH }}
|
|
shell: bash
|
|
publish_docker_multiarch:
|
|
name: Publish docker multiarch
|
|
needs: publish_docker_by_arch
|
|
runs-on:
|
|
- 'ubuntu-24.04'
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6.0.2
|
|
with:
|
|
persist-credentials: false
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v4.1.0
|
|
with:
|
|
username: "${{ vars.DOCKERHUB_USERNAME }}"
|
|
password: "${{ secrets.DOCKERHUB_TOKEN }}"
|
|
- name: Deploy the Docker multiarch manifests
|
|
run: tools/docker/deploy_manifests.sh "$DOCKER_TAG" all
|
|
shell: bash
|