google · 0405ysj · Sep 4, 2025 · Sep 3, 2025 · Sep 3, 2025 · Sep 3, 2025
diff --git a/.github/actions/build-debian-packages/action.yaml b/.github/actions/build-debian-packages/action.yaml
@@ -1,16 +1,17 @@
 name: 'Build debian packages for Cuttlefish host'
+inputs:
+  deploy-channel:
+    required: false
 runs:
   using: "composite"
   steps:
-  - name: Setup nightly version
+  - name: Modify version for unstable/nightly channel
+    if: inputs.deploy-channel != 'stable'
     run: |
-      # TODO(b/440196950): Setup condition on this step when we build
-      # stable/unstable versions here too.
-
       # Modify debian/changelog to build debian package with desired version
       # format.
-      # Stable/Unstable version format : X.Y.Z
-      # Nightly version format         : X.Y.Z~gitYYYYMMDD.<Github SHA 8 digit>
+      # Stable version format           : X.Y.Z
+      # Unstable/nightly version format : X.Y.Z~gitYYYYMMDD.<Github SHA 8 digit>
       DATE=$(date -u +'%Y%m%d')
       SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-8)
       SUFFIX="~git${DATE}.${SHORT_SHA}"

diff --git a/.github/actions/deploy-debian-packages/action.yaml b/.github/actions/deploy-debian-packages/action.yaml
@@ -1,5 +1,7 @@
 name: 'Deploy debian packages for Cuttlefish host'
 inputs:
+  deploy-channel:
+    required: true
   path:
     required: true
 runs:
@@ -11,11 +13,17 @@ runs:
       version: '>= 363.0.0'
   - name: Deploy deb packages into Artifact Registry
     run: |
+      if [[ ${{ inputs.deploy-channel }} == "stable" )]]; then
+        REPO=android-cuttlefish
+      else
+        REPO=android-cuttlefish-${{ inputs.deploy-channel }}
+      fi
+
       pushd ${{ inputs.path }}
       for var in base user orchestration; do
         gcloud --project=android-cuttlefish-artifacts \
           artifacts apt upload \
-          android-cuttlefish-nightly \
+          ${REPO} \
           --location=us \
           --source=$(find . -name cuttlefish-${var}_*.deb)
       done

diff --git a/.github/workflows/postsubmit.yaml b/.github/workflows/postsubmit.yaml
@@ -0,0 +1,16 @@
+name: Postsubmit
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  update-cache-and-deploy:
+    if: github.repository_owner == 'google'
+    uses: ./.github/workflows/update-cache-and-deployment.yaml
+    with:
+      update-cache: true
+      deploy-channel: nightly
+    secrets:
+      artifact-registry-uploader-json-creds: ${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}
diff --git a/.github/workflows/scheduled-cache-update.yaml b/.github/workflows/scheduled-cache-update.yaml
@@ -0,0 +1,14 @@
+name: Scheduled bazel cache update
+
+on:
+  schedule:
+    - cron: '0 */12 * * *'
+
+jobs:
+  update-cache:
+    if: github.repository_owner == 'google'
+    uses: ./.github/workflows/update-cache-and-deployment.yaml
+    with:
+      update-cache: true
+    secrets:
+      artifact-registry-uploader-json-creds: ${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}
diff --git a/.github/workflows/stable-channel.yaml b/.github/workflows/stable-channel.yaml
@@ -0,0 +1,16 @@
+name: Stable channel
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  deploy:
+    if: github.repository_owner == 'google'
+    uses: ./.github/workflows/update-cache-and-deployment.yaml
+    with:
+      update-cache: false
+      deploy-channel: stable
+    secrets:
+      artifact-registry-uploader-json-creds: ${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}
diff --git a/.github/workflows/unstable-channel.yaml b/.github/workflows/unstable-channel.yaml
@@ -0,0 +1,16 @@
+name: Unstable channel
+
+on:
+  push:
+    branches:
+      - 'version-[0-9]+.[0-9]+-dev'
+
+jobs:
+  deploy:
+    if: github.repository_owner == 'google'
+    uses: ./.github/workflows/update-cache-and-deployment.yaml
+    with:
+      update-cache: false
+      deploy-channel: unstable
+    secrets:
+      artifact-registry-uploader-json-creds: ${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}
diff --git a/.github/workflows/update-cache-and-deployment.yaml b/.github/workflows/update-cache-and-deployment.yaml
@@ -1,15 +1,21 @@
 name: Update bazel cache and deploy artifacts
 
 on:
-  push:
-    branches:
-      - main
-  schedule:
-    - cron: '0 */3 * * *'
+  workflow_call:
+    inputs:
+      update-cache:
+        required: true
+        type: boolean
+      deploy-channel:
+        required: false
+        type: string
+    secrets:
+      artifact-registry-uploader-json-creds:
+        required: true
 
 jobs:
   update-cvd-test-bazel-cache:
-    if: github.repository_owner == 'google'
+    if: inputs.update-cache
     runs-on: ubuntu-24.04
     steps:
     - name: Free disk space
@@ -22,12 +28,11 @@ jobs:
     - name: Mount bazel cache
       uses: ./.github/actions/mount-bazel-cache
       with:
-        action-name: "run-cvd-unit-tests"
-        writable: "true"
+        action-name: run-cvd-unit-tests
+        writable: true
     - name: Run cvd unit tests
       uses: ./.github/actions/run-cvd-unit-tests
   update-bazel-cache-and-deploy-debian-package-amd64:
-    if: github.repository_owner == 'google'
     environment: deployment
     runs-on: ubuntu-22.04
     steps:
@@ -41,22 +46,24 @@ jobs:
     - name: Mount bazel cache
       uses: ./.github/actions/mount-bazel-cache
       with:
-        action-name: "build-debian-packages"
-        writable: "true"
+        action-name: build-debian-packages
+        writable: '${{ inputs.update-cache }}'
     - name: Build CF host debian packages
       uses: ./.github/actions/build-debian-packages
+      with:
+        deploy-channel: ${{ inputs.deploy-channel }}
     - name: Authentication on GCP project android-cuttlefish-artifacts
-      if: github.event_name == 'push'
+      if: inputs.deploy-channel != ''
       uses: 'google-github-actions/auth@v2'
       with:
-        credentials_json: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}'
+        credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}'
     - name: Deploy CF host debian packages
-      if: github.event_name == 'push'
+      if: inputs.deploy-channel != ''
       uses: ./.github/actions/deploy-debian-packages
       with:
+        deploy-channel: ${{ inputs.deploy-channel }}
         path: .
   update-bazel-cache-and-deploy-debian-package-arm64:
-    if: github.repository_owner == 'google'
     environment: deployment
     runs-on: ubuntu-22.04-arm
     steps:
@@ -70,23 +77,26 @@ jobs:
     - name: Mount bazel cache
       uses: ./.github/actions/mount-bazel-cache
       with:
-        action-name: "build-debian-packages"
-        writable: "true"
+        action-name: build-debian-packages
+        writable: '${{ inputs.update-cache }}'
     - name: Build CF host debian packages
       uses: ./.github/actions/build-debian-packages
+      with:
+        deploy-channel: ${{ inputs.deploy-channel }}
     - name: Authentication on GCP project android-cuttlefish-artifacts
-      if: github.event_name == 'push'
+      if: inputs.deploy-channel != ''
       uses: 'google-github-actions/auth@v2'
       with:
-        credentials_json: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}'
+        credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}'
     - name: Deploy CF host debian packages
-      if: github.event_name == 'push'
+      if: inputs.deploy-channel != ''
       uses: ./.github/actions/deploy-debian-packages
       with:
+        deploy-channel: ${{ inputs.deploy-channel }}
         path: .
 
   deploy-docker-image-amd64:
-    if: github.repository_owner == 'google' && github.event_name == 'push'
+    if: inputs.deploy-channel == 'nightly'
     environment: deployment
     runs-on: ubuntu-22.04
     steps:
@@ -97,19 +107,19 @@ jobs:
     - name: Authentication on GCP project android-cuttlefish-artifacts
       uses: 'google-github-actions/auth@v2'
       with:
-        credentials_json: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}'
+        credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}'
     - name: Login to Artifact Registry
       uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # aka v3.5.0
       with:
         registry: us-docker.pkg.dev
         username: _json_key
-        password: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}'
+        password: '${{ secrets.artifact-registry-uploader-json-creds }}'
     - name: Deploy docker image
       uses: ./.github/actions/deploy-docker-image
       with:
         arch: amd64
   deploy-docker-image-arm64:
-    if: github.repository_owner == 'google' && github.event_name == 'push'
+    if: inputs.deploy-channel == 'nightly'
     environment: deployment
     runs-on: ubuntu-22.04-arm
     steps:
@@ -120,19 +130,19 @@ jobs:
     - name: Authentication on GCP project android-cuttlefish-artifacts
       uses: 'google-github-actions/auth@v2'
       with:
-        credentials_json: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}'
+        credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}'
     - name: Login to Artifact Registry
       uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # aka v3.5.0
       with:
         registry: us-docker.pkg.dev
         username: _json_key
-        password: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}'
+        password: '${{ secrets.artifact-registry-uploader-json-creds }}'
     - name: Deploy docker image
       uses: ./.github/actions/deploy-docker-image
       with:
         arch: arm64
   deploy-docker-manifest:
-    if: github.repository_owner == 'google' && github.event_name == 'push'
+    if: inputs.deploy-channel == 'nightly'
     needs: [deploy-docker-image-amd64, deploy-docker-image-arm64]
     environment: deployment
     runs-on: ubuntu-22.04
@@ -142,13 +152,13 @@ jobs:
     - name: Authentication on GCP project android-cuttlefish-artifacts
       uses: 'google-github-actions/auth@v2'
       with:
-        credentials_json: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}'
+        credentials_json: '${{ secrets.artifact-registry-uploader-json-creds }}'
     - name: Login to Artifact Registry
       uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # aka v3.5.0
       with:
         registry: us-docker.pkg.dev
         username: _json_key
-        password: '${{ secrets.ARTIFACT_REGISTRY_UPLOADER }}'
+        password: '${{ secrets.artifact-registry-uploader-json-creds }}'
     - name: Deploy manifests
       run: |
         # TODO(b/440196950): Setup condition on this step when we build
@@ -161,7 +171,7 @@ jobs:
         TAG="git${DATE}-${SHORT_SHA}"
         IMAGE=us-docker.pkg.dev/android-cuttlefish-artifacts/cuttlefish-orchestration/cuttlefish-orchestration
 
-        for MANIFEST_TAG in ${TAG} nightly; do
+        for MANIFEST_TAG in ${TAG} ${{ inputs.deploy-channel }}; do
           docker manifest create ${IMAGE}:${MANIFEST_TAG} \
             --amend ${IMAGE}:${TAG}-amd64 \
             --amend ${IMAGE}:${TAG}-arm64