Daniel Maksymilian Syrnicki
1d75a165c4
The Forgejo runner container is Alpine with a near-empty base — no curl, python3, arp-scan, or sudo out of the box. scripts/smoke-vm.sh needs all four: - curl: every PVE API call - python3: JSON parsing of PVE responses - arp-scan: MAC→IP discovery on the LAN (live ISO has no guest agent) - sudo: so the same script also works from a dev laptop as non-root Without this step the smoke job fails immediately on "curl: not found", regardless of whether the PVE secrets are correctly set. Added to both build-iso.yml (inline smoke after ISO build) and smoke-latest.yml (workflow_dispatch retest path). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
86 lines
3.2 KiB
YAML
86 lines
3.2 KiB
YAML
name: Build ISO
|
|
|
|
# Full ISO build is ~5-7 min. Only run on push-to-main and manual
|
|
# dispatch so feature-branch iteration stays fast. Docs-only changes
|
|
# skip the build — the `paths-ignore` list below covers *.md files,
|
|
# docs/, and the website (Hugo source). Anything that touches code,
|
|
# the ISO overlay, or the workflow itself still triggers a rebuild.
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths-ignore:
|
|
- '**/*.md'
|
|
- 'docs/**'
|
|
- 'website/**'
|
|
- 'CHANGELOG.md'
|
|
- 'RELEASING.md'
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: build-iso-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
build-iso:
|
|
# Run directly on the runner host, not inside a job container.
|
|
# `build.sh` does `docker run -v $REPO_ROOT:/work archlinux:latest`,
|
|
# and host docker interprets the volume source as a host path — so
|
|
# $REPO_ROOT has to be a path on the host, which it only is when
|
|
# we skip the job-container wrapping. The runner VM has git + docker.
|
|
runs-on: self-hosted
|
|
timeout-minutes: 30
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Build ISO
|
|
run: ./iso/build.sh
|
|
|
|
- name: Report ISO hash
|
|
run: |
|
|
iso=$(ls iso/out/*.iso | head -1)
|
|
echo "ISO: $iso"
|
|
sha256sum "$iso"
|
|
|
|
- name: Upload ISO artifact
|
|
# v4+ isn't supported on Forgejo yet (uses newer @actions/artifact
|
|
# protocol that Forgejo's GHES-compatible API doesn't implement).
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: furtka-iso
|
|
path: iso/out/*.iso
|
|
retention-days: 14
|
|
if-no-files-found: error
|
|
|
|
- name: Cache ISO for smoke-latest
|
|
# Persist the ISO to /data/smoke-cache/latest.iso so the
|
|
# smoke-latest.yml workflow_dispatch job can re-test without
|
|
# rebuilding. /data is already mounted into the runner container
|
|
# at a matching host path.
|
|
run: |
|
|
mkdir -p /data/smoke-cache
|
|
iso=$(ls iso/out/*.iso | head -1)
|
|
cp -f "$iso" /data/smoke-cache/latest.iso
|
|
ls -lh /data/smoke-cache/latest.iso
|
|
|
|
- name: Install smoke prerequisites
|
|
# Runner container is Alpine with a near-empty base; smoke-vm.sh
|
|
# needs curl, python3, arp-scan, and sudo (kept so the script
|
|
# also works when invoked from a dev laptop as a non-root user).
|
|
# apk cache survives across jobs so subsequent runs are ~1 s.
|
|
run: apk add --no-cache curl python3 arp-scan sudo
|
|
|
|
- name: Smoke-test ISO on Proxmox test host
|
|
# Inlined as a step (rather than a separate job with `needs:`) so
|
|
# we can reuse the ISO that's already in the workspace — Forgejo's
|
|
# actions/download-artifact@v3 hangs on 1.5 GB files.
|
|
# step-level continue-on-error: a VM-side flake doesn't mark the
|
|
# ISO build red, the ISO itself is still valid and uploaded.
|
|
continue-on-error: true
|
|
env:
|
|
PVE_TEST_HOST: ${{ secrets.PVE_TEST_HOST }}
|
|
PVE_TEST_TOKEN: ${{ secrets.PVE_TEST_TOKEN }}
|
|
SMOKE_SHA: ${{ github.sha }}
|
|
run: |
|
|
iso=$(ls iso/out/*.iso | head -1)
|
|
echo "Smoking $iso"
|
|
./scripts/smoke-vm.sh "$iso"
|