feat: hash-based manual release workflow #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Release | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| permissions: | |
| contents: write | |
| id-token: write | |
| jobs: | |
| build: | |
| name: Build kernels (${{ matrix.arch }}) | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - arch: amd64 | |
| target_arch: x86_64 | |
| runner: ubuntu-24.04 | |
| - arch: arm64 | |
| target_arch: arm64 | |
| runner: ubuntu-24.04-arm | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build kernels | |
| run: sudo TARGET_ARCH=${{ matrix.target_arch }} ./build.sh | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: kernels-${{ matrix.arch }} | |
| path: ./builds | |
| retention-days: 7 | |
| publish: | |
| needs: build | |
| if: github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| path: ./builds | |
| merge-multiple: true | |
| - name: Prepare release assets | |
| run: | | |
| set -euo pipefail | |
| mkdir -p release-assets | |
| for dir in ./builds/vmlinux-*/; do | |
| name=$(basename "$dir") | |
| [ -f "$dir/amd64/vmlinux.bin" ] && cp "$dir/amd64/vmlinux.bin" "release-assets/${name}-amd64.bin" | |
| [ -f "$dir/arm64/vmlinux.bin" ] && cp "$dir/arm64/vmlinux.bin" "release-assets/${name}-arm64.bin" | |
| # Legacy non-arch-suffixed asset (= amd64) for backwards compat. | |
| [ -f "$dir/vmlinux.bin" ] && cp "$dir/vmlinux.bin" "release-assets/${name}.bin" | |
| done | |
| ls -la release-assets/ | |
| - name: Pick calver tag | |
| id: tag | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| set -euo pipefail | |
| base="$(date -u +%Y.%m.%d)" | |
| tag="$base" | |
| n=0 | |
| while gh release view "$tag" >/dev/null 2>&1; do | |
| n=$((n + 1)) | |
| tag="${base}.${n}" | |
| done | |
| echo "tag=$tag" >> "$GITHUB_OUTPUT" | |
| - name: Create release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| set -euo pipefail | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git tag "${{ steps.tag.outputs.tag }}" | |
| git push origin "${{ steps.tag.outputs.tag }}" | |
| gh release create "${{ steps.tag.outputs.tag }}" \ | |
| --title "Kernels ${{ steps.tag.outputs.tag }}" \ | |
| --notes "Built from commit ${{ github.sha }} on ${{ github.ref_name }}" \ | |
| ./release-assets/* | |
| - uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} | |
| - uses: google-github-actions/upload-cloud-storage@v2 | |
| with: | |
| path: ./builds | |
| destination: ${{ vars.GCP_BUCKET_NAME }}/kernels | |
| gzip: false | |
| parent: false |