PiCompose/.github/workflows/build-image-template.yml at main · florian-asche/PiCompose · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
name: Build PiCompose (Template)

on:
  workflow_call:
    inputs:
      image-name:
        required: true
        type: string
        description: "Final image name"
      stage-list:
        required: true
        type: string
        description: "Comma or whitespace separated list of stages to execute"
      compression:
        required: false
        type: string
        default: "xz"
        description: "Compression to apply on final image (none, zip, xz, gz)"
      compression-level:
        required: false
        type: string
        default: "6"
        description: "Compression level 0-9"
      custom-hostname:
        required: false
        type: string
        default: "picompose"
        description: "Host name of the image"
      enable-rpi-imager-snippet:
        required: false
        type: boolean
        default: false
        description: "Enable rpi-imager.json snippet generation"
      releaseversion:
        required: false
        type: string
        default: "trixie"
        description: "OS Release"

jobs:
  build_images:
    name: Build ${{ inputs.image-name }}
    runs-on: ubuntu-24.04-arm

# The build
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Restore package cache
        uses: actions/cache@v4
        with:
          # Unpacking directly into /var/cache would result in permission errors
          # so we need to work around this a bit.
          path: apt-cache/
          key: ${{ runner.os }}-${{ github.job }}-${{ inputs.image-name }}
          restore-keys: |
            ${{ runner.os }}-${{ github.job }}
            ${{ runner.os }}

      - name: Setup APT proxy on runner
        run: |
          mkdir -p apt-cache
          sudo apt-get install -y apt-cacher-ng --no-install-suggests --no-install-recommends
          sudo bash -c 'echo "Port: 9999" >> /etc/apt-cacher-ng/acng.conf'
          sudo mv -f apt-cache/* /var/cache/apt-cacher-ng/ || true
          sudo chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng
          sudo service apt-cacher-ng restart

      # Only needed for 32bit build on x86_64 runner
      - name: Set up QEMU
        if: matrix.name == '32bit'
        uses: docker/setup-qemu-action@v3

      - name: Build Image with pi-gen
        uses: usimd/pi-gen-action@v1
        id: build
        with:
          # APT proxy for caching
          apt-proxy: http://172.17.0.1:9999

          # Image configuration
          image-name: ${{ inputs.image-name }}
          hostname: ${{ inputs.custom-hostname }}
          username: pi
          password: raspberry

          # Stage list construction
          stage-list: ${{ inputs.stage-list }}

          # Build configuration
          release: ${{ inputs.releaseversion }}
          compression: ${{ inputs.compression }}
          compression-level: ${{ inputs.compression-level }}

          # Pi-gen settings
          pi-gen-repository: RPi-Distro/pi-gen
          pi-gen-version: arm64
          pi-gen-dir: pi-gen

          # Export settings
          export-last-stage-only: true

          # SSH and locale settings
          enable-ssh: 1
          locale: en_US.UTF-8
          keyboard-layout: English (US)
          keyboard-keymap: us
          timezone: Europe/London

          # Security settings
          disable-first-boot-user-rename: 0
          pubkey-only-ssh: 0
          pubkey-ssh-first-user: ''

          # Build options
          enable-noobs: false
          increase-runner-disk-size: false
          verbose-output: true

          # GitHub token
          github-token: ${{ github.token }}

      # Generate SHA256 checksums for image files
      - name: Generate SHA256 checksum, file_size and image_url
        id: sha256
        run: |
          IMAGE_PATH="${{ steps.build.outputs.image-path }}"

          # Determine if image-path is a file
          if [ -f "$IMAGE_PATH" ]; then
            # Calculate SHA256 hash and extract only the hash value
            SHA256_HASH=$(sha256sum "$IMAGE_PATH" | awk '{print $1}')

            # Get file size in bytes
            FILE_SIZE=$(stat -c%s "$IMAGE_PATH")

            # Write hash to sha256 file
            echo "${SHA256_HASH}  $(basename "$IMAGE_PATH")" > "${IMAGE_PATH}.sha256"

            # Set as GitHub Action outputs
            echo "sha256_hash=${SHA256_HASH}" >> $GITHUB_OUTPUT
            echo "file_size=${FILE_SIZE}" >> $GITHUB_OUTPUT

            echo "SHA256 checksum generated for: $IMAGE_PATH"
            echo "SHA256 hash: $SHA256_HASH"
            echo "File size: $FILE_SIZE bytes"
          else
            echo "::warning::Image path not found: $IMAGE_PATH"
          fi

      # Build the image URL for releases
      - name: Build image URL
        id: image-url
        run: |
          # Get current date in YYYY-MM-DD format
          DATE=$(date +%Y-%m-%d)

          # URL-encode the ref name (replace / with %2F)
          REF_NAME="${{ github.ref_name }}"
          REF_ENCODED="${REF_NAME//\//%2F}"

          # Build the filename
          FILENAME="image_${DATE}-${{ inputs.image-name }}.zip"

          # Build the full URL
          IMAGE_URL="https://github.com/${{ github.repository }}/releases/download/${REF_ENCODED}/${FILENAME}"

          # Set as GitHub Action output
          echo "url=${IMAGE_URL}" >> $GITHUB_OUTPUT

          echo "Image URL: $IMAGE_URL"

      # Create Release for Tags
      - name: Create Release for Tags
        if: startsWith(github.ref, 'refs/tags/')
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.ref_name }}
          generate_release_notes: true
          prerelease: false
          draft: false
          files: |
            ${{ steps.build.outputs.image-path }}
            ${{ steps.build.outputs.image-path }}.sha256
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      # Create Release for Branches
      - name: Create Release for Branches
        if: '!startsWith(github.ref, ''refs/tags/'')'
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.ref_name }}
          generate_release_notes: false
          prerelease: true
          draft: false
          files: |
            ${{ steps.build.outputs.image-path }}
            ${{ steps.build.outputs.image-path }}.sha256
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      # Save APT cache for future builds
      - name: Move packages to temp location for caching
        run: |
          mkdir -p apt-cache
          if [ -d "/var/cache/apt-cacher-ng" ]; then
            if [ "$(ls -A /var/cache/apt-cacher-ng)" ]; then
              sudo rm -rf apt-cache/*
              sudo mv -f /var/cache/apt-cacher-ng/* apt-cache/
              echo "APT-Cacher-NG cache was successfully saved."
            else
              echo "::warning::The directory /var/cache/apt-cacher-ng/ exists but is empty. No cache available to save."
            fi
          else
            echo "::warning::The directory /var/cache/apt-cacher-ng/ does not exist. APT-Cacher-NG might not be correctly installed or configured."
          fi

          # Output of logfile for debugging
          if [ -f "/var/log/apt-cacher-ng/apt-cacher.log" ]; then
            echo "Contents of the APT-Cacher-NG logfile:"
            cat /var/log/apt-cacher-ng/apt-cacher.log
          else
            echo "::warning::The logfile /var/log/apt-cacher-ng/apt-cacher.log does not exist."
          fi