Skip to content
🏗️ Build

Bump Django to versions 3.2.23/4.2.7 (security fix). #807

Sign in to view logs

Bump Django to versions 3.2.23/4.2.7 (security fix).

Bump Django to versions 3.2.23/4.2.7 (security fix). #807

Workflow file for this run

.github/workflows/arm-runner.yml at 2ebd00a
name: 🏗️ Build
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+*'
- 'fl[0-9]+.[0-9]+.[0-9]+*'
- 'fx[0-9]+.[0-9]+.[0-9]+*'
branches:
- 'releng'
workflow_dispatch:
jobs:
test_suite:
name: Run test suite
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
target: [zero_raspbian, zero_raspios, zero_dietpi]
include:
- target: zero_raspbian
cpu: arm1176
cpu_info: cpuinfo/raspberrypi_zero_w
base_image: raspbian_lite:latest
- target: zero_raspios
cpu: arm1176
cpu_info: cpuinfo/raspberrypi_zero_w
base_image: raspios_lite:2023-05-03
- target: zero_dietpi
cpu: arm1176
cpu_info: cpuinfo/raspberrypi_zero_w
base_image: dietpi:rpi_armv6_bullseye
steps:
- name: Checkout pynab
uses: actions/checkout@v3
- name: Run test suite in chroot environment
uses: f-laurens/arm-runner-action@v2
id: arm_runner_tests
with:
image_additional_mb: 4096
base_image: ${{ matrix.base_image }}
cpu: ${{ matrix.cpu }}
cpu_info: ${{ matrix.cpu_info }}
copy_repository_path: /opt/pynab
optimize_image: no
commands: |
# Disable IPv6 in case it is configured but does not work
ping6 -c 1 www.ietf.org || sudo sysctl -w net.ipv6.conf.eth0.disable_ipv6=1
sudo useradd pi || true
sudo sh -c "[ ! -f /etc/sudoers.d/010_pi-nopasswd ] && usermod -aG sudo pi && echo 'pi ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/010_pi-nopasswd || true"
sudo chown -hR pi:pi /opt/pynab
sudo apt-get update -y --allow-releaseinfo-change
sudo apt-get install --no-install-recommends -y postgresql libpq-dev git python3 python3-venv python3-dev gettext nginx openssl libssl-dev libffi-dev libmpg123-dev libasound2-dev libatlas-base-dev libgfortran5 libopenblas-dev liblapack-dev zram-tools
sudo mkdir -p /run/systemd/timesync/ && sudo touch /run/systemd/timesync/synchronized
sudo apt-get install --no-install-recommends -y alsa-utils xz-utils avahi-daemon
# Tests only run on a single CPU, postgresql aborts otherwise.
# It might be because armv6l binaries are not thread safe, but
# Pi Zero 2 do execute 32 bits code concurrently.
# And it also fails with aarch64 binaries of postgresql.
sudo -u pi taskset -c 0 /bin/bash /opt/pynab/install.sh ci-chroot-test
create_image:
name: Build image
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
target: [zero_raspbian, zero_raspios, zero_dietpi]
include:
- target: zero_raspbian
cpu: arm1176
cpu_info: cpuinfo/raspberrypi_zero_w
base_image: raspbian_lite:latest
- target: zero_raspios
cpu: arm1176
cpu_info: cpuinfo/raspberrypi_zero_w
base_image: raspios_lite:2023-05-03
- target: zero_dietpi
cpu: arm1176
cpu_info: cpuinfo/raspberrypi_zero_w
base_image: dietpi:rpi_armv6_bullseye
steps:
- name: Checkout pynab
uses: actions/checkout@v3
- name: Define the image name
id: image_and_branch_name
run: |
if [ ${GITHUB_REF/refs\/tags\//} != ${GITHUB_REF} ]; then
echo "LOCAL_BRANCH=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
echo "RELEASE_NAME=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
echo "IMAGE_NAME_SUFFIX=${GITHUB_REF/refs\/tags\//}-${{ matrix.target }}" >> $GITHUB_OUTPUT
echo "CLONE_RELEASE=yes" >> $GITHUB_OUTPUT
elif [ ${GITHUB_REF/refs\/heads\//} = "releng" ]; then
echo "LOCAL_BRANCH=releng" >> $GITHUB_OUTPUT
echo "RELEASE_NAME=releng" >> $GITHUB_OUTPUT
echo "IMAGE_NAME_SUFFIX=releng-${{ matrix.target }}" >> $GITHUB_OUTPUT
echo "CLONE_RELEASE=yes" >> $GITHUB_OUTPUT
elif [ ${GITHUB_REF/refs\/heads\//} != "${GITHUB_REF}" ]; then
echo "LOCAL_BRANCH=${GITHUB_REF/refs\/heads\//}" >> $GITHUB_OUTPUT
echo "RELEASE_NAME=${GITHUB_REF/refs\/heads\//}" >> $GITHUB_OUTPUT
echo "IMAGE_NAME_SUFFIX=${GITHUB_REF/refs\/heads\//}-${{ matrix.target }}" >> $GITHUB_OUTPUT
echo "CLONE_RELEASE=yes" >> $GITHUB_OUTPUT
else
echo "LOCAL_BRANCH=${GITHUB_REF}" >> $GITHUB_OUTPUT
echo "IMAGE_NAME_SUFFIX=${GITHUB_REF//\//-}-${{ matrix.target }}" >> $GITHUB_OUTPUT
echo "CLONE_RELEASE=no" >> $GITHUB_OUTPUT
fi
- name: Create a release image in chroot environment
uses: f-laurens/arm-runner-action@v2
id: arm_runner_install
with:
image_additional_mb: 4096
base_image: ${{ matrix.base_image }}
cpu: ${{ matrix.cpu }}
cpu_info: ${{ matrix.cpu_info }}
optimize_image: yes
copy_repository_path: /opt/pynab
commands: |
# Disable IPv6 in case it is configured but does not work
ping6 -c 1 www.ietf.org || sudo sysctl -w net.ipv6.conf.eth0.disable_ipv6=1
sudo apt-get update -y --allow-releaseinfo-change
echo GITHUB_BRANCH=${{ steps.image_and_branch_name.outputs.LOCAL_BRANCH }}
echo GITHUB_REPOSITORY=${{ github.repository }}
cd /tmp
sudo cp -p /opt/pynab/setup /tmp/setup
if [ ${{ steps.image_and_branch_name.outputs.CLONE_RELEASE }} = "yes" ]; then
sudo rm -rf /opt/pynab
else
sudo useradd tagtagtag -u 1000 -g 1000 -m || true
sudo chown -hR 1000:1000 /opt/pynab
fi
if [ `uname -m` = 'armv6l' -o `uname -m` = 'armv7l' ]; then
sudo GITHUB_BRANCH=${{ steps.image_and_branch_name.outputs.LOCAL_BRANCH }} GITHUB_REPOSITORY=${{ github.repository }} taskset -c 0 /bin/bash /tmp/setup ci-chroot
else
sudo GITHUB_BRANCH=${{ steps.image_and_branch_name.outputs.LOCAL_BRANCH }} GITHUB_REPOSITORY=${{ github.repository }} /bin/bash /tmp/setup ci-chroot
fi
sudo rm /tmp/setup
sudo apt-get autoremove --purge -y
sudo apt-get clean
- name: Compress the release image
run: |
mv ${{ steps.arm_runner_install.outputs.image }} pynab-${{ steps.image_and_branch_name.outputs.IMAGE_NAME_SUFFIX }}.img
sudo xz -T 0 -v pynab-${{ steps.image_and_branch_name.outputs.IMAGE_NAME_SUFFIX }}.img
- name: Upload the image artifact
uses: actions/upload-artifact@v3
with:
name: pynab-${{ steps.image_and_branch_name.outputs.IMAGE_NAME_SUFFIX }}.img.xz
path: pynab-${{ steps.image_and_branch_name.outputs.IMAGE_NAME_SUFFIX }}.img.xz
if-no-files-found: error
retention-days: 1
create_release:
name: Release
runs-on: ubuntu-latest
needs:
- test_suite
- create_image
if: github.ref == 'refs/heads/releng' || startsWith(github.ref, 'refs/tags/')
steps:
- name: Define the release name
id: release_name
run: |
if [ ${GITHUB_REF/refs\/tags\//} != ${GITHUB_REF} ]; then
echo "RELEASE_NAME=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
elif [ ${GITHUB_REF/refs\/heads\//} = "releng" ]; then
echo "RELEASE_NAME=releng" >> $GITHUB_OUTPUT
else
echo "RELEASE_NAME=${GITHUB_REF/refs\/heads\//}" >> $GITHUB_OUTPUT
fi
- name: Download the image artifacts
uses: actions/download-artifact@v3
- name: Create release with releng image
if: github.ref == 'refs/heads/releng'
uses: "marvinpinto/[email protected]"
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
automatic_release_tag: "latest"
prerelease: true
draft: true
title: "Prerelease"
files: pynab-${{ steps.release_name.outputs.RELEASE_NAME }}-*.img.xz/pynab-${{ steps.release_name.outputs.RELEASE_NAME }}-*.img.xz
- name: Create release with release image
if: startsWith(github.ref, 'refs/tags/')
uses: "marvinpinto/[email protected]"
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
automatic_release_tag: ${{ steps.release_name.outputs.RELEASE_NAME }}
prerelease: false
draft: true
title: ${{ steps.release_name.outputs.RELEASE_NAME }}
files: pynab-${{ steps.release_name.outputs.RELEASE_NAME }}-*.img.xz/pynab-${{ steps.release_name.outputs.RELEASE_NAME }}-*.img.xz