Skip to content

fix: reset loop if any tunnel interface is not passing traffic #194

fix: reset loop if any tunnel interface is not passing traffic

fix: reset loop if any tunnel interface is not passing traffic #194

Workflow file for this run

---
name: publish to balenaCloud
on:
# https://github.com/orgs/community/discussions/26724
pull_request:
types: [opened, synchronize, closed]
branches:
- master
env:
ENVIRONMENT: balena-cloud.com
BLOCK_PREFIX: belodetek/unzoner
VERBOSE: true
jobs:
versioning:
runs-on: ubuntu-latest
strategy:
fail-fast: true
outputs:
semver: ${{ steps.semver.outputs.version }}
version_tag: ${{ steps.semver.outputs.version_tag }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
# https://github.com/marketplace/actions/git-semantic-version
- name: generate new semantic version
id: semver
uses: paulhatch/[email protected]
with:
# https://www.conventionalcommits.org
format: "${major}.${minor}.${patch}"
major_pattern: "/major:\\s*|Change-type:\\s*major/gmi"
minor_pattern: "/minor:\\s*|Change-type:\\s*minor/gmi"
- name: check semver
run: |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x
echo 'changed: ${{ steps.semver.outputs.changed }}'
echo 'increment: ${{ steps.semver.outputs.increment }}'
echo 'major: ${{ steps.semver.outputs.major }}'
echo 'minor: ${{ steps.semver.outputs.minor }}'
echo 'patch: ${{ steps.semver.outputs.patch }}'
echo 'version: ${{ steps.semver.outputs.version }}'
echo 'version_tag: ${{ steps.semver.outputs.version_tag }}'
release-notes:
runs-on: ubuntu-latest
needs: versioning
strategy:
fail-fast: true
outputs:
release_notes: ${{ steps.release-notes.outputs.release_notes }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-node@v3
with:
node-version: 18
# https://github.com/cookpete/auto-changelog
- name: generate release notes
id: release-notes
run: |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x
sudo npm --location=global install auto-changelog
tmpfile="$(mktemp)"
git tag '${{ needs.versioning.outputs.version_tag }}'
auto-changelog \
--output "${tmpfile}" \
--starting-version '${{ needs.versioning.outputs.version_tag }}' \
--ending-version '${{ needs.versioning.outputs.version_tag }}'
release_notes="$(cat < "${tmpfile}")" && rm -f "${tmpfile}"
echo "::set-output name=release_notes::$(echo "${release_notes}" | openssl base64 -A)"
publish:
runs-on: ubuntu-latest
needs:
- versioning
- release-notes
strategy:
fail-fast: true
matrix:
arch:
- aarch64
- amd64
- armv7hf
outputs:
aarch64_release_id: ${{ steps.block.outputs.aarch64_release_id }}
aarch64_version: ${{ steps.block.outputs.aarch64_version }}
amd64_release_id: ${{ steps.block.outputs.amd64_release_id }}
amd64_version: ${{ steps.block.outputs.amd64_version }}
armv7hf_release_id: ${{ steps.block.outputs.armv7hf_release_id }}
armv7hf_version: ${{ steps.block.outputs.armv7hf_version }}
steps:
- uses: actions/checkout@v3
- name: install additional dependencies
if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false
run: |
sudo apt install -y git-secret
- name: import GPG key
id: import-gpg-key
if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: reveal secrets
if: github.event_name == 'pull_request' && github.event.action != 'closed' && github.event.pull_request.merged == false
run: |
git secret reveal -fp '${{ secrets.GPG_PASSPHRASE }}'
- name: update release version(s)
run: |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x
# FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/188
rm docker-compose.yml
# https://github.com/mikefarah/yq/issues/439
#yq -i e '.version="${{ needs.versioning.outputs.semver }}"' unzoner/balena.yml
sed -i '/version:.*/d' unzoner/balena.yml
echo 'version: ${{ needs.versioning.outputs.semver }}' >> unzoner/balena.yml
- name: push draft or finalise release
id: build
uses: balena-io/deploy-to-balena-action@master
with:
balena_token: ${{ secrets.BALENA_API_KEY }}
environment: ${{ env.ENVIRONMENT }}
fleet: ${{ env.BLOCK_PREFIX }}-${{ matrix.arch }}
github_token: ${{ secrets.GITHUB_TOKEN }}
source: unzoner
- name: export block build results
id: block
run: |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x
block_id="$(curl "https://api.${{ env.ENVIRONMENT }}/v6/application?\$filter=slug%20eq%20'${{ env.BLOCK_PREFIX }}-${{ matrix.arch }}'&\$select=id" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
| jq -r '.d[].id')"
# FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/193
arch_version='${{ steps.build.outputs.version }}'
release_id='${{ steps.build.outputs.release_id }}'
if [[ -z $arch_version ]]; then
arch_version='${{ needs.versioning.outputs.semver }}'
fi
if [[ -z $release_id ]]; then
release_id=$(curl --retry 3 --fail \
"https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${block_id}&\$select=id,semver,is_final,is_invalidated,release_type" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
| jq -r --arg semver '${{ needs.versioning.outputs.semver }}' \
'.d[] | select((.semver==$semver) and (.is_final==true) and (.is_invalidated==false) and (.release_type=="final")).id' \
| head -n 1)
fi
echo "::set-output name=${{ matrix.arch }}_block_id::${block_id}"
echo "::set-output name=${{ matrix.arch }}_release_id::${release_id}"
echo "::set-output name=${{ matrix.arch }}_version::${arch_version}"
# FIXME: https://github.com/balena-io/deploy-to-balena-action/issues/194
- name: update balena release notes
run: |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x
# https://github.com/orgs/community/discussions/25634
release_id='${{ steps.block.outputs[format('{0}_release_id', matrix.arch)] }}'
block_id='${{ steps.block.outputs[format('{0}_block_id', matrix.arch)] }}'
# FIXME: probably require additional escaping of JSON reserved characters
release_notes="$(echo '${{ needs.release-notes.outputs.release_notes }}' \
| base64 -d \
| awk '{printf "%s\\n", $0}')"
curl --retry 3 --fail \
-X PATCH "https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${block_id}%20and%20id%20eq%20${release_id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
-d "{\"note\":\"${release_notes}\"}"
deploy:
runs-on: ubuntu-latest
needs:
- publish
- release-notes
- versioning
strategy:
fail-fast: true
matrix:
fleet:
# black.box Unzoner fleets
- belodetek/blackbox-aarch64
- belodetek/blackbox-amd64
- belodetek/blackbox-amd64-raw
- belodetek/blackbox-armv7hf
# https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#expanding-or-adding-matrix-configurations
include:
- arch: aarch64
fleet: belodetek/blackbox-aarch64
- arch: amd64
fleet: belodetek/blackbox-amd64
- arch: amd64
fleet: belodetek/blackbox-amd64-raw
- arch: armv7hf
fleet: belodetek/blackbox-armv7hf
steps:
- uses: actions/checkout@v3
- name: update release version(s)
run: |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x
for yaml in unzoner/balena.yml balena.yml; do
#yq -i e '.version="${{ needs.versioning.outputs.semver }}"' "${yaml}"
sed -i '/version:.*/d' "${yaml}"
echo 'version: ${{ needs.versioning.outputs.semver }}' >> "${yaml}"
done
arch_version='${{ needs.publish.outputs[format('{0}_version', matrix.arch)] }}'
sed -i "s#FROM bh.cr/${{ env.BLOCK_PREFIX }}-%%BALENA_ARCH%%#FROM bh.cr/${{ env.BLOCK_PREFIX }}-%%BALENA_ARCH%%/${arch_version}#g" Dockerfile.template
- name: push draft or finalise release
id: build
uses: balena-io/deploy-to-balena-action@master
with:
balena_token: ${{ secrets.BALENA_API_KEY }}
environment: ${{ env.ENVIRONMENT }}
fleet: ${{ matrix.fleet }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: update balena release notes
run: |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x
fleet_id="$(curl "https://api.${{ env.ENVIRONMENT }}/v6/application?\$filter=slug%20eq%20'${{ matrix.fleet }}'&\$select=id" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
| jq -r '.d[].id')"
release_id='${{ steps.build.outputs.release_id }}'
if [[ -z $release_id ]]; then
release_id=$(curl --retry 3 --fail \
"https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${fleet_id}&\$select=id,semver,is_final,is_invalidated,release_type" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
| jq -r --arg semver '${{ needs.versioning.outputs.semver }}' \
'.d[] | select((.semver==$semver) and (.is_final==true) and (.is_invalidated==false) and (.release_type=="final")).id' \
| head -n 1)
fi
release_notes="$(echo '${{ needs.release-notes.outputs.release_notes }}' \
| base64 -d \
| awk '{printf "%s\\n", $0}')"
curl --retry 3 --fail \
-X PATCH "https://api.${{ env.ENVIRONMENT }}/v6/release?\$filter=belongs_to__application%20eq%20${fleet_id}%20and%20id%20eq%20${release_id}" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ${{ secrets.BALENA_API_KEY }}' \
-d "{\"note\":\"${release_notes}\"}"
commit:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true
needs:
- versioning
- deploy
strategy:
fail-fast: true
steps:
- uses: actions/checkout@v3
with:
# https://github.com/marketplace/actions/git-auto-commit#push-to-protected-branches
# https://github.com/orgs/community/discussions/25305
token: ${{ secrets.PAT }}
fetch-depth: 0
- uses: actions/setup-node@v3
with:
node-version: 18
# https://github.com/cookpete/auto-changelog
- name: set release version(s) and prepare CHANGELOG.md
run: |
[[ ${{ env.VERBOSE }} =~ true|True|On|on|1 ]] && set -x
sudo npm --location=global install auto-changelog
git tag '${{ needs.versioning.outputs.version_tag }}'
for yaml in unzoner/balena.yml balena.yml; do
#yq -i e '.version="${{ needs.versioning.outputs.semver }}"' "${yaml}"
sed -i '/version:.*/d' "${yaml}"
echo 'version: ${{ needs.versioning.outputs.semver }}' >> "${yaml}"
done
auto-changelog
git tag --delete '${{ needs.versioning.outputs.version_tag }}'
- name: import GPG key
id: import-gpg-key
uses: crazy-max/ghaction-import-gpg@v4
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
# https://github.com/marketplace/actions/git-auto-commit
- name: Commit CHANGELOG and versioned asset(s)
uses: stefanzweifel/git-auto-commit-action@v4
# https://stackoverflow.com/a/61565445/1559300
with:
add_options: -u
branch: ${{ github.base_ref }}
commit_author: ${{ steps.import-gpg-key.outputs.name }} <${{ steps.import-gpg-key.outputs.email }}>
commit_message: |
ci: Update CHANGELOG and ${{ needs.versioning.outputs.version_tag }} asset(s)
Signed-off-by: ${{ steps.import-gpg-key.outputs.name }} <${{ steps.import-gpg-key.outputs.email }}>
commit_options: --no-verify --signoff
commit_user_email: ${{ steps.import-gpg-key.outputs.email }}
commit_user_name: ${{ steps.import-gpg-key.outputs.name }}
disable_globbing: true
file_pattern: CHANGELOG.md balena.yml unzoner/balena.yml
push_options: --force
skip_checkout: true
skip_dirty_check: true
skip_fetch: true
status_options: --untracked-files=no
tagging_message: ${{ needs.versioning.outputs.version_tag }}