From bbfe8b1270d570321012399587606ce9bc00078e Mon Sep 17 00:00:00 2001 From: Seungjae Yoo Date: Wed, 3 Sep 2025 16:28:35 +0900 Subject: [PATCH 1/5] Make update-cache-and-deployment.yaml as reusable --- .github/workflows/postsubmit.yaml | 16 +++++ .github/workflows/scheduled-cache-update.yaml | 14 ++++ .../update-cache-and-deployment.yaml | 64 ++++++++++--------- 3 files changed, 64 insertions(+), 30 deletions(-) create mode 100644 .github/workflows/postsubmit.yaml create mode 100644 .github/workflows/scheduled-cache-update.yaml diff --git a/.github/workflows/postsubmit.yaml b/.github/workflows/postsubmit.yaml new file mode 100644 index 00000000000..3ee50d048b5 --- /dev/null +++ b/.github/workflows/postsubmit.yaml @@ -0,0 +1,16 @@ +name: Postsubmit + +on: + push: + branches: + - main + +jobs: + update-cache-and-deploy: + if: github.repository_owner == 'google' + uses: ./.github/workflows/update-cache-and-deployment.yaml + with: + update-cache: true + deploy-channel: nightly + secrets: + artifact-registry-uploader-json-creds: ${{ secrets.ARTIFACT_REGISTRY_UPLOADER }} diff --git a/.github/workflows/scheduled-cache-update.yaml b/.github/workflows/scheduled-cache-update.yaml new file mode 100644 index 00000000000..1d9b3e716eb --- /dev/null +++ b/.github/workflows/scheduled-cache-update.yaml @@ -0,0 +1,14 @@ +name: Scheduled bazel cache update + +on: + schedule: + - cron: '0 */12 * * *' + +jobs: + update-cache: + if: github.repository_owner == 'google' + uses: ./.github/workflows/update-cache-and-deployment.yaml + with: + update-cache: true + secrets: + artifact-registry-uploader-json-creds: ${{ secrets.ARTIFACT_REGISTRY_UPLOADER }} diff --git a/.github/workflows/update-cache-and-deployment.yaml b/.github/workflows/update-cache-and-deployment.yaml index 71f71acc305..453b877ddf8 100644 --- a/.github/workflows/update-cache-and-deployment.yaml +++ b/.github/workflows/update-cache-and-deployment.yaml @@ -1,15 +1,21 @@ name: Update bazel cache and deploy artifacts on: - push: - branches: - - main - schedule: - - cron: '0 */3 * * *' + workflow_call: + inputs: + update-cache: + required: true + type: boolean + deploy-channel: + required: false + type: string + secrets: + artifact-registry-uploader-json-creds: + required: true jobs: update-cvd-test-bazel-cache: - if: github.repository_owner == 'google' + if: inputs.update-cache runs-on: ubuntu-24.04 steps: - name: Free disk space @@ -22,12 +28,11 @@ jobs: - name: Mount bazel cache uses: ./.github/actions/mount-bazel-cache with: - action-name: "run-cvd-unit-tests" - writable: "true" + action-name: run-cvd-unit-tests + writable: true - name: Run cvd unit tests uses: ./.github/actions/run-cvd-unit-tests update-bazel-cache-and-deploy-debian-package-amd64: - if: github.repository_owner == 'google' environment: deployment runs-on: ubuntu-22.04 steps: @@ -41,22 +46,21 @@ jobs: - name: Mount bazel cache uses: ./.github/actions/mount-bazel-cache with: - action-name: "build-debian-packages" - writable: "true" + action-name: build-debian-packages + writable: '${{ inputs.update-cache }}' - name: Build CF host debian packages uses: ./.github/actions/build-debian-packages - name: Authentication on GCP project android-cuttlefish-artifacts - if: github.event_name == 'push' + if: inputs.deploy-channel == 'nightly' uses: 'google-github-actions/auth@v2' with: - credentials_json: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}' + credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}' - name: Deploy CF host debian packages - if: github.event_name == 'push' + if: inputs.deploy-channel == 'nightly' uses: ./.github/actions/deploy-debian-packages with: path: . update-bazel-cache-and-deploy-debian-package-arm64: - if: github.repository_owner == 'google' environment: deployment runs-on: ubuntu-22.04-arm steps: @@ -70,23 +74,23 @@ jobs: - name: Mount bazel cache uses: ./.github/actions/mount-bazel-cache with: - action-name: "build-debian-packages" - writable: "true" + action-name: build-debian-packages + writable: '${{ inputs.update-cache }}' - name: Build CF host debian packages uses: ./.github/actions/build-debian-packages - name: Authentication on GCP project android-cuttlefish-artifacts - if: github.event_name == 'push' + if: inputs.deploy-channel == 'nightly' uses: 'google-github-actions/auth@v2' with: - credentials_json: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}' + credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}' - name: Deploy CF host debian packages - if: github.event_name == 'push' + if: inputs.deploy-channel == 'nightly' uses: ./.github/actions/deploy-debian-packages with: path: . deploy-docker-image-amd64: - if: github.repository_owner == 'google' && github.event_name == 'push' + if: inputs.deploy-channel == 'nightly' environment: deployment runs-on: ubuntu-22.04 steps: @@ -97,19 +101,19 @@ jobs: - name: Authentication on GCP project android-cuttlefish-artifacts uses: 'google-github-actions/auth@v2' with: - credentials_json: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}' + credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}' - name: Login to Artifact Registry uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # aka v3.5.0 with: registry: us-docker.pkg.dev username: _json_key - password: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}' + password: '${{ secrets.artifact-registry-uploader-json-creds }}' - name: Deploy docker image uses: ./.github/actions/deploy-docker-image with: arch: amd64 deploy-docker-image-arm64: - if: github.repository_owner == 'google' && github.event_name == 'push' + if: inputs.deploy-channel == 'nightly' environment: deployment runs-on: ubuntu-22.04-arm steps: @@ -120,19 +124,19 @@ jobs: - name: Authentication on GCP project android-cuttlefish-artifacts uses: 'google-github-actions/auth@v2' with: - credentials_json: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}' + credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}' - name: Login to Artifact Registry uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # aka v3.5.0 with: registry: us-docker.pkg.dev username: _json_key - password: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}' + password: '${{ secrets.artifact-registry-uploader-json-creds }}' - name: Deploy docker image uses: ./.github/actions/deploy-docker-image with: arch: arm64 deploy-docker-manifest: - if: github.repository_owner == 'google' && github.event_name == 'push' + if: inputs.deploy-channel == 'nightly' needs: [deploy-docker-image-amd64, deploy-docker-image-arm64] environment: deployment runs-on: ubuntu-22.04 @@ -142,13 +146,13 @@ jobs: - name: Authentication on GCP project android-cuttlefish-artifacts uses: 'google-github-actions/auth@v2' with: - credentials_json: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}' + credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}' - name: Login to Artifact Registry uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # aka v3.5.0 with: registry: us-docker.pkg.dev username: _json_key - password: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}' + password: '${{ secrets.artifact-registry-uploader-json-creds }}' - name: Deploy manifests run: | # TODO(b/440196950): Setup condition on this step when we build @@ -161,7 +165,7 @@ jobs: TAG="git${DATE}-${SHORT_SHA}" IMAGE=us-docker.pkg.dev/android-cuttlefish-artifacts/cuttlefish-orchestration/cuttlefish-orchestration - for MANIFEST_TAG in ${TAG} nightly; do + for MANIFEST_TAG in ${TAG} ${{ inputs.deploy-channel }}; do docker manifest create ${IMAGE}:${MANIFEST_TAG} \ --amend ${IMAGE}:${TAG}-amd64 \ --amend ${IMAGE}:${TAG}-arm64 From 95f2398a08f2de6cd907cfc02a090673af906b39 Mon Sep 17 00:00:00 2001 From: Seungjae Yoo Date: Wed, 3 Sep 2025 16:28:36 +0900 Subject: [PATCH 2/5] Let GH action build-debian-packages deal with deploy-channel as input --- .github/actions/build-debian-packages/action.yaml | 13 +++++++------ .github/workflows/update-cache-and-deployment.yaml | 4 ++++ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/actions/build-debian-packages/action.yaml b/.github/actions/build-debian-packages/action.yaml index 7c0e60856d6..1466bc6503c 100644 --- a/.github/actions/build-debian-packages/action.yaml +++ b/.github/actions/build-debian-packages/action.yaml @@ -1,16 +1,17 @@ name: 'Build debian packages for Cuttlefish host' +inputs: + deploy-channel: + required: false runs: using: "composite" steps: - - name: Setup nightly version + - name: Modify version for unstable/nightly channel + if: inputs.deploy-channel != 'stable' run: | - # TODO(b/440196950): Setup condition on this step when we build - # stable/unstable versions here too. - # Modify debian/changelog to build debian package with desired version # format. - # Stable/Unstable version format : X.Y.Z - # Nightly version format : X.Y.Z~gitYYYYMMDD. + # Stable version format : X.Y.Z + # Unstable/nightly version format : X.Y.Z~gitYYYYMMDD. DATE=$(date -u +'%Y%m%d') SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-8) SUFFIX="~git${DATE}.${SHORT_SHA}" diff --git a/.github/workflows/update-cache-and-deployment.yaml b/.github/workflows/update-cache-and-deployment.yaml index 453b877ddf8..b9ae123112b 100644 --- a/.github/workflows/update-cache-and-deployment.yaml +++ b/.github/workflows/update-cache-and-deployment.yaml @@ -50,6 +50,8 @@ jobs: writable: '${{ inputs.update-cache }}' - name: Build CF host debian packages uses: ./.github/actions/build-debian-packages + with: + deploy-channel: ${{ inputs.deploy-channel }} - name: Authentication on GCP project android-cuttlefish-artifacts if: inputs.deploy-channel == 'nightly' uses: 'google-github-actions/auth@v2' @@ -78,6 +80,8 @@ jobs: writable: '${{ inputs.update-cache }}' - name: Build CF host debian packages uses: ./.github/actions/build-debian-packages + with: + deploy-channel: ${{ inputs.deploy-channel }} - name: Authentication on GCP project android-cuttlefish-artifacts if: inputs.deploy-channel == 'nightly' uses: 'google-github-actions/auth@v2' From 0e9ac1e2b43d283e1fb23f6bcd2e48a60c091106 Mon Sep 17 00:00:00 2001 From: Seungjae Yoo Date: Wed, 3 Sep 2025 16:28:36 +0900 Subject: [PATCH 3/5] Let GH action deploy-debian-packages deal with deploy-channel as input --- .github/actions/deploy-debian-packages/action.yaml | 10 +++++++++- .github/workflows/update-cache-and-deployment.yaml | 2 ++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/actions/deploy-debian-packages/action.yaml b/.github/actions/deploy-debian-packages/action.yaml index 5ae314d6146..a9d7a2cc003 100644 --- a/.github/actions/deploy-debian-packages/action.yaml +++ b/.github/actions/deploy-debian-packages/action.yaml @@ -1,5 +1,7 @@ name: 'Deploy debian packages for Cuttlefish host' inputs: + deploy-channel: + required: true path: required: true runs: @@ -11,11 +13,17 @@ runs: version: '>= 363.0.0' - name: Deploy deb packages into Artifact Registry run: | + if [[ ${{ inputs.deploy-channel }} == "stable" )]]; then + REPO=android-cuttlefish + else + REPO=android-cuttlefish-${{ inputs.deploy-channel }} + fi + pushd ${{ inputs.path }} for var in base user orchestration; do gcloud --project=android-cuttlefish-artifacts \ artifacts apt upload \ - android-cuttlefish-nightly \ + ${REPO} \ --location=us \ --source=$(find . -name cuttlefish-${var}_*.deb) done diff --git a/.github/workflows/update-cache-and-deployment.yaml b/.github/workflows/update-cache-and-deployment.yaml index b9ae123112b..cb3c0b4276c 100644 --- a/.github/workflows/update-cache-and-deployment.yaml +++ b/.github/workflows/update-cache-and-deployment.yaml @@ -61,6 +61,7 @@ jobs: if: inputs.deploy-channel == 'nightly' uses: ./.github/actions/deploy-debian-packages with: + deploy-channel: ${{ inputs.deploy-channel }} path: . update-bazel-cache-and-deploy-debian-package-arm64: environment: deployment @@ -91,6 +92,7 @@ jobs: if: inputs.deploy-channel == 'nightly' uses: ./.github/actions/deploy-debian-packages with: + deploy-channel: ${{ inputs.deploy-channel }} path: . deploy-docker-image-amd64: From 90c89d7f299c61c991db4c126b48468983a23237 Mon Sep 17 00:00:00 2001 From: Seungjae Yoo Date: Wed, 3 Sep 2025 16:28:36 +0900 Subject: [PATCH 4/5] Define Github workflow for unstable channel --- .github/workflows/unstable-channel.yaml | 16 ++++++++++++++++ .../workflows/update-cache-and-deployment.yaml | 8 ++++---- 2 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/unstable-channel.yaml diff --git a/.github/workflows/unstable-channel.yaml b/.github/workflows/unstable-channel.yaml new file mode 100644 index 00000000000..3ca26ff5884 --- /dev/null +++ b/.github/workflows/unstable-channel.yaml @@ -0,0 +1,16 @@ +name: Unstable channel + +on: + push: + branches: + - 'version-[0-9]+.[0-9]+-dev' + +jobs: + deploy: + if: github.repository_owner == 'google' + uses: ./.github/workflows/update-cache-and-deployment.yaml + with: + update-cache: false + deploy-channel: unstable + secrets: + artifact-registry-uploader-json-creds: ${{ secrets.ARTIFACT_REGISTRY_UPLOADER }} diff --git a/.github/workflows/update-cache-and-deployment.yaml b/.github/workflows/update-cache-and-deployment.yaml index cb3c0b4276c..82b7570737e 100644 --- a/.github/workflows/update-cache-and-deployment.yaml +++ b/.github/workflows/update-cache-and-deployment.yaml @@ -53,12 +53,12 @@ jobs: with: deploy-channel: ${{ inputs.deploy-channel }} - name: Authentication on GCP project android-cuttlefish-artifacts - if: inputs.deploy-channel == 'nightly' + if: inputs.deploy-channel != '' uses: 'google-github-actions/auth@v2' with: credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}' - name: Deploy CF host debian packages - if: inputs.deploy-channel == 'nightly' + if: inputs.deploy-channel != '' uses: ./.github/actions/deploy-debian-packages with: deploy-channel: ${{ inputs.deploy-channel }} @@ -84,12 +84,12 @@ jobs: with: deploy-channel: ${{ inputs.deploy-channel }} - name: Authentication on GCP project android-cuttlefish-artifacts - if: inputs.deploy-channel == 'nightly' + if: inputs.deploy-channel != '' uses: 'google-github-actions/auth@v2' with: credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}' - name: Deploy CF host debian packages - if: inputs.deploy-channel == 'nightly' + if: inputs.deploy-channel != '' uses: ./.github/actions/deploy-debian-packages with: deploy-channel: ${{ inputs.deploy-channel }} From 5b75e743a5cc3306c0fe001a9567ad7f9914fbce Mon Sep 17 00:00:00 2001 From: Seungjae Yoo Date: Wed, 3 Sep 2025 16:28:36 +0900 Subject: [PATCH 5/5] Define Github workflow for stable channel --- .github/workflows/stable-channel.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/workflows/stable-channel.yaml diff --git a/.github/workflows/stable-channel.yaml b/.github/workflows/stable-channel.yaml new file mode 100644 index 00000000000..8cef205c6be --- /dev/null +++ b/.github/workflows/stable-channel.yaml @@ -0,0 +1,16 @@ +name: Stable channel + +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + +jobs: + deploy: + if: github.repository_owner == 'google' + uses: ./.github/workflows/update-cache-and-deployment.yaml + with: + update-cache: false + deploy-channel: stable + secrets: + artifact-registry-uploader-json-creds: ${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}