Skip to content

Update CI pipeline and fix security vulnerabilities #168

Update CI pipeline and fix security vulnerabilities

Update CI pipeline and fix security vulnerabilities #168

name: Debian Package
on:
# PR testing before merge
pull_request:
types:
- opened
- edited
- synchronize
# For Testing
push:
branches:
- feature_debian_*
# For Release
workflow_run:
workflows: ["Versioning"]
types:
- completed
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
name: Starlight Daemon
#runs-on: self-hosted
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Get SemVer
id: get-version
run: |
echo "semver="`git describe --tags --match "v*" | cut -d '-' -f 1 || echo "v0.0.0"` >> $GITHUB_OUTPUT
echo "major="`git describe --tags --match "v*" | cut -d '-' -f 1 | sed -e "s/^v//" | cut -d '.' -f 1` >> $GITHUB_OUTPUT
echo "minor="`git describe --tags --match "v*" | cut -d '-' -f 1 | sed -e "s/^v//" | cut -d '.' -f 2` >> $GITHUB_OUTPUT
echo "patch="`git describe --tags --match "v*" | cut -d '-' -f 1 | sed -e "s/^v//" | cut -d '.' -f 3` >> $GITHUB_OUTPUT
- name: Build deb package
# This needs container image from reg.yuri.moe. It is a small image that you can upload your deb package to. and save in a patial directory.
# Please make sure that the registry is available
# status is available at: http://status-production.mc256.workers.dev
env:
APT_UPLOAD_AUTH: ${{ secrets.APT_UPLOAD_AUTH }}
run: |
sudo apt update -y
sudo apt upgrade -y
sudo apt install net-tools
curl -fsSL https://get.docker.com -o /tmp/get-docker.sh
sh /tmp/get-docker.sh
docker run --privileged --rm tonistiigi/binfmt --install all
docker run -d --hostname helper --expose 8080 --name helper -v "$(pwd)"/sandbox:/app/upload:rw reg.yuri.moe/public/helper:latest
export UPLOAD_URL=http://`docker inspect helper | grep "IPAddress" | grep -o -E '[0-9.]+' | head -n 1`:8080/
make docker-buildx-multi-arch
- name: Release
uses: softprops/action-gh-release@v1
if: ${{ github.event.workflow_run.conclusion == 'success' }}
with:
tag_name: ${{ steps.get-version.outputs.semver }}
files: ./sandbox/*.deb