Merge pull request #2732 from pi-hole/dependabot-github_actions-devel… #7107
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test, Deploy | |
| permissions: | |
| id-token: write | |
| contents: write # needed for softprops/action-gh-release | |
| attestations: write | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| pull_request: | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| jobs: | |
| smoke-tests: | |
| if: | | |
| github.event_name == 'push' | |
| || github.event_name == 'release' | |
| || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) | |
| || github.event_name == 'workflow_dispatch' | |
| outputs: | |
| GIT_TAG: ${{ steps.variables.outputs.GIT_TAG }} | |
| GIT_BRANCH: ${{ steps.variables.outputs.GIT_BRANCH }} | |
| OUTPUT_DIR: ${{ steps.variables.outputs.OUTPUT_DIR }} | |
| DO_DEPLOY: ${{ steps.variables.outputs.DO_DEPLOY }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - | |
| name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 | |
| - | |
| name: "Calculate required variables" | |
| id: variables | |
| run: | | |
| GIT_TAG=${{ github.event.release.tag_name }} | |
| # If GIT_TAG is set then GIT BRANCH should be "master", else set it from GITHUB_REF | |
| GIT_BRANCH=$([ -n "${GIT_TAG}" ] && echo "master" || echo "${GITHUB_REF#refs/*/}") | |
| echo "GIT_BRANCH=${GIT_BRANCH}" >> $GITHUB_OUTPUT | |
| echo "GIT_TAG=${GIT_TAG}" >> $GITHUB_OUTPUT | |
| echo "OUTPUT_DIR=${GIT_TAG:-${GIT_BRANCH}}" >> $GITHUB_OUTPUT | |
| echo "DO_DEPLOY=${{ github.event_name != 'pull_request' && secrets.SSH_KEY != '' && github.actor != 'dependabot[bot]' }}" >> $GITHUB_OUTPUT | |
| - | |
| name: "Check git branch name depth" | |
| env: | |
| GIT_BRANCH: ${{ steps.variables.outputs.GIT_BRANCH }} | |
| run: | | |
| IFS='/'; | |
| read -r -a branch <<<"${GIT_BRANCH}"; | |
| if [[ "${#branch[@]}" -gt 2 ]]; then echo "Error: Your branch name contains more than one subdir, which will cause issues with the build process." && FAIL=1; fi; | |
| unset IFS; | |
| # If FAIL is 1 then we fail. | |
| [[ $FAIL == 1 ]] && exit 1 || echo "Branch name depth check passed." | |
| shell: bash | |
| build-test-deploy: | |
| needs: smoke-tests | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - platform: linux/amd64 | |
| bin_name: pihole-FTL-amd64 | |
| runner: ubuntu-24.04 | |
| build_opts: "" | |
| - platform: linux/amd64 | |
| bin_name: pihole-FTL-amd64-clang | |
| runner: ubuntu-24.04 | |
| build_opts: clang | |
| - platform: linux/386 | |
| bin_name: pihole-FTL-386 | |
| runner: ubuntu-24.04 | |
| build_opts: "" | |
| - platform: linux/arm/v6 | |
| bin_name: pihole-FTL-armv6 | |
| runner: ubuntu-24.04-arm | |
| build_opts: "" | |
| - platform: linux/arm/v7 | |
| bin_name: pihole-FTL-armv7 | |
| runner: ubuntu-24.04-arm | |
| build_opts: "" | |
| - platform: linux/arm64/v8 | |
| bin_name: pihole-FTL-arm64 | |
| runner: ubuntu-24.04-arm | |
| build_opts: "" | |
| - platform: linux/riscv64 | |
| bin_name: pihole-FTL-riscv64 | |
| runner: ubuntu-24.04-arm | |
| build_opts: "" | |
| runs-on: ${{ matrix.runner }} | |
| env: | |
| CI_ARCH: ${{ matrix.platform }} | |
| GIT_BRANCH: ${{ needs.smoke-tests.outputs.GIT_BRANCH }} | |
| GIT_TAG: ${{ needs.smoke-tests.outputs.GIT_TAG }} | |
| DO_DEPLOY: ${{ needs.smoke-tests.outputs.DO_DEPLOY }} | |
| steps: | |
| - | |
| name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 | |
| # QEMU should come before Buildx | |
| - | |
| name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 #v3.7.0 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1 | |
| - | |
| name: Print directory contents | |
| shell: bash | |
| run: ls -l | |
| - | |
| name: Build FTL in ftl-build container (QEMU) | |
| # Creates an image to build FTL and load it into the local Docker daemon | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 #v3.0.2 | |
| with: | |
| max_attempts: 3 | |
| timeout_minutes: 15 | |
| command: | | |
| docker buildx build \ | |
| --platform ${{ matrix.platform }} \ | |
| --pull \ | |
| --load \ | |
| --build-arg "CI_ARCH=${{ matrix.platform }}" \ | |
| --build-arg "GIT_BRANCH=${{ env.GIT_BRANCH }}" \ | |
| --build-arg "GIT_TAG=${{ env.GIT_TAG }}" \ | |
| --build-arg "BUILD_OPTS=${{ matrix.build_opts }}" \ | |
| --tag ftl-builder:local \ | |
| --file .github/Dockerfile . | |
| - | |
| name: Test FTL in ftl-build container (QEMU) | |
| # Uses the ftl-builder image to run tests | |
| # set STATIC to true for all except clang builds as we do in build.sh | |
| uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 #v3.0.2 | |
| with: | |
| max_attempts: 3 | |
| timeout_minutes: 10 | |
| command: | | |
| STATIC="true" | |
| if [ "${{ matrix.build_opts }}" = "clang" ]; then STATIC="false"; fi | |
| docker run --rm \ | |
| --platform ${{ matrix.platform }} \ | |
| --env CI_ARCH=${{ matrix.platform }} \ | |
| --env BUILD_OPTS=${{ matrix.build_opts }} \ | |
| --env STATIC=${STATIC} \ | |
| ftl-builder:local \ | |
| /bin/bash -c "test/arch_test.sh && test/run.sh" | |
| - | |
| name: Export FTL files from ftl-build container (QEMU) | |
| # Create a temporary container to extract the built files | |
| run: | | |
| docker create --platform ${{ matrix.platform }} --name temp-container ftl-builder:local | |
| docker cp temp-container:/pihole-FTL ./pihole-FTL | |
| docker cp temp-container:/api-docs.tar.gz ./api-docs.tar.gz | |
| docker cp temp-container:/pihole.toml ./pihole.toml | |
| docker rm temp-container | |
| - | |
| name: List files in current directory | |
| shell: bash | |
| run: ls -l | |
| - | |
| name: "Generate checksum file" | |
| shell: bash | |
| run: | | |
| mv pihole-FTL "${{ matrix.bin_name }}" | |
| sha1sum pihole-FTL-* > ${{ matrix.bin_name }}.sha1 | |
| - | |
| name: Upload pihole-FTL binary | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 #v5.0.0 | |
| with: | |
| name: ${{ matrix.bin_name }}-binary | |
| path: '${{ matrix.bin_name }}*' | |
| - | |
| name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a #v3.0.0 | |
| # Skip attestation if ACTIONS_ID_TOKEN_REQUEST_URL env variable is not | |
| # available (e.g., PR originating from a fork) | |
| if: env.DO_DEPLOY == 'true' && env.ACTIONS_ID_TOKEN_REQUEST_URL != '' | |
| with: | |
| subject-path: ${{ matrix.bin_name }} | |
| - | |
| name: Upload documentation files | |
| if: matrix.bin_name == 'pihole-FTL-amd64' | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 #v5.0.0 | |
| with: | |
| name: pihole-api-docs | |
| path: 'api-docs.tar.gz' | |
| - | |
| name: Upload pihole.toml template | |
| if: matrix.bin_name == 'pihole-FTL-amd64' | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 #v5.0.0 | |
| with: | |
| name: pihole-toml | |
| path: 'pihole.toml' | |
| - | |
| name: Get binaries built in previous jobs | |
| if: env.DO_DEPLOY == 'true' | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 | |
| id: download | |
| with: | |
| path: ftl_builds/ | |
| pattern: ${{ matrix.bin_name }}-binary | |
| merge-multiple: true | |
| - | |
| name: Get documentation files built in previous jobs | |
| if: env.DO_DEPLOY == 'true' && matrix.bin_name == 'pihole-FTL-amd64' | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 | |
| with: | |
| path: ftl_builds/ | |
| name: pihole-api-docs | |
| - | |
| name: Get pihole.toml built in previous job | |
| if: env.DO_DEPLOY == 'true' && matrix.bin_name == 'pihole-FTL-amd64' | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 | |
| with: | |
| path: ftl_builds/ | |
| name: pihole-toml | |
| - | |
| name: Display structure of downloaded files | |
| if: env.DO_DEPLOY == 'true' | |
| shell: bash | |
| run: ls -R | |
| working-directory: ${{steps.download.outputs.download-path}} | |
| - | |
| name: Install SSH Key | |
| if: env.DO_DEPLOY == 'true' | |
| uses: benoitchantre/setup-ssh-authentication-action@8e8bd40230ad7d206617c475f35624828640ceb3 #1.0.1 | |
| with: | |
| private-key: ${{ secrets.SSH_KEY }} | |
| private-key-name: id_rsa | |
| known-hosts: ${{ secrets.KNOWN_HOSTS }} | |
| - | |
| name: Set private key permissions | |
| if: env.DO_DEPLOY == 'true' | |
| shell: bash | |
| run: chmod 600 ~/.ssh/id_rsa | |
| - | |
| name: Untar documentation files | |
| if: env.DO_DEPLOY == 'true' && matrix.bin_name == 'pihole-FTL-amd64' | |
| working-directory: ftl_builds/ | |
| shell: bash | |
| run: | | |
| mkdir docs/ | |
| tar xzvf api-docs.tar.gz -C docs/ | |
| - | |
| name: Display structure of files ready for upload | |
| if: env.DO_DEPLOY == 'true' | |
| working-directory: ftl_builds/ | |
| shell: bash | |
| run: ls -R | |
| - | |
| name: Transfer Builds to Pi-hole server for pihole checkout | |
| if: env.DO_DEPLOY == 'true' | |
| env: | |
| USER: ${{ secrets.SSH_USER }} | |
| HOST: ${{ secrets.SSH_HOST }} | |
| TARGET_DIR: ${{ needs.smoke-tests.outputs.OUTPUT_DIR }} | |
| SOURCE_DIR: ftl_builds/ | |
| shell: bash | |
| run: | | |
| bash ./deploy.sh | |
| - | |
| name: Attach binaries to release | |
| if: github.event_name == 'release' | |
| uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b #v2.5.0 | |
| with: | |
| tag_name: ${{ github.event.release.tag_name }} | |
| files: | | |
| ftl_builds/* | |
| - | |
| name: Pull docs repository to update configuation page from pihole.toml | |
| if: env.GIT_BRANCH == 'master' && env.DO_DEPLOY == 'true' && matrix.bin_name == 'pihole-FTL-amd64' | |
| run: | | |
| git clone https://github.com/pi-hole/docs.git docs-repo | |
| python3 tools/pihole_toml_to_markdown.py ftl_builds/pihole.toml docs-repo/docs/ftldns/configfile.md | |
| - | |
| name: Create Pull Request to pi-hole/docs | |
| if: env.GIT_BRANCH == 'master' && env.DO_DEPLOY == 'true' && matrix.bin_name == 'pihole-FTL-amd64' | |
| uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 #v7.0.11 | |
| with: | |
| token: ${{ secrets.PRALOR_PULL_REQUESTS }} | |
| commit-message: "docs: update pihole.toml documentation" | |
| title: "Update pihole.toml documentation" | |
| body: "Automated PR to update pihole.toml documentation from FTL build." | |
| branch: update-pihole-toml-docs | |
| base: master | |
| path: docs-repo | |
| add-paths: | | |
| docs/ftldns/configfile.md |