44 push :
55 branches :
66 - master
7+ - ci
78
89jobs :
910 build :
10- runs-on : ubuntu-latest
11+ runs-on : ubuntu-22.04
1112 steps :
1213 - name : Check out repository
1314 uses : actions/checkout@v2
1415
16+ - name : Extract branch name
17+ id : extract_branch
18+ shell : bash
19+ run : echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
20+
1521 - name : Generate release tag
1622 id : tag
17- run : echo "::set-output name= tag:: $(date -u +'%s')"
23+ run : echo "tag= $(date -u '+%y%m%d%H%M')-${{steps.extract_branch.outputs.branch}}" >> $GITHUB_OUTPUT
1824
19- - uses : uraimo/run-on-arch-action@v2
25+ - uses : uraimo/run-on-arch-action@v2.5.0
2026 name : Build deb
2127 with :
2228 arch : armv6
@@ -37,14 +43,21 @@ jobs:
3743 apt-get update -q -y
3844
3945 # Install Python, fpm deps (ruby) and the kitchen sink required to build everything...
40- apt-get install -q -y git python3 python3-venv python3-dev build-essential libffi-dev libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev libgdbm-dev libc6-dev libbz2-dev rustc cargo squashfs-tools ruby-full jq libpq-dev postgresql postgresql-contrib
46+ apt-get install -q -y git python3 python3-venv python3-dev python3-pip build-essential libffi-dev libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev libgdbm-dev libc6-dev libbz2-dev rustc cargo squashfs-tools ruby-full jq libpq-dev postgresql postgresql-contrib
4147
4248 # Install FPM
4349 gem install fpm
4450
4551 # Install Poetry (requires 1.2.0+)
46- curl -sSL https://install.python-poetry.org | python3 - --yes || true
47- export PATH=$PATH:/root/.local/bin
52+ # curl -sSL https://install.python-poetry.org | POETRY_VERSION=1.5.0 python3 - --yes || true
53+ # export PATH=$PATH:/root/.local/bin
54+
55+ # poetry requires cryptography, but the latest version wants to be compiled by Rust, and this environment doesn't like Rust.
56+ # the easy way out is to install an older version of cryptography.
57+ # the same logic applies to the cryptography installation in the run section.
58+ pip install cryptography==3.4.8
59+ # using pip to install poetry, instead of shell script in Adam's work
60+ pip install poetry==1.5.1
4861
4962run : |
5063 set -x
6073 python3 -m venv /opt/hackman
6174 . /opt/hackman/bin/activate
6275
76+ # workaround for poetry installation stalling. what's happening here: use pip to install the packages specified in poetry.
77+ # source: https://github.com/python-poetry/poetry/issues/7148#issuecomment-1398322105
78+ # 2 things are happening here that makes poetry stall.
79+ # the first is poetry wants to compile cryptography and gevent from source, which stalls
80+ # the second is if pip install from requirements.txt, cryptography and gevent stall as well. To get around this is to install both of them specifically using pip.
81+ poetry export -f requirements.txt --output requirements.txt
82+ pip install cryptography==3.4.8
83+ pip install gevent==22.10.1
84+ pip install -r requirements.txt
85+
6386 # Install dependencies
64- poetry install --no-interaction --no-root --no-dev
87+ poetry install --no-interaction --no-root --only main
88+ # ^^^ this should practically do nothing, becasue the work is already done by pip. ^^^
6589
6690 # Install self into env
6791 poetry build -f wheel -n
@@ -134,10 +158,182 @@ jobs:
134158 mv *.deb /artifacts/
135159
136160name : Upload binaries to release
161+ id : upload_deb
137162 uses : svenstaro/upload-release-action@v2
138163 with :
139164 repo_token : ${{ secrets.GITHUB_TOKEN }}
140165 file : ./artifacts/*
141166 file_glob : true
142167 tag : ${{ steps.tag.outputs.tag }}
143168 overwrite : true
169+
170+ - name : Print artifacts url
171+ run : echo "${{ steps.upload_deb.outputs.browser_download_url }}"
172+ # ^^^ end of building debian package ^^^ #
173+
174+ # vvv start of pi-gen image vvv #
175+ - name : Create files for stage2a
176+ run : |
177+ # the name stage2a came from developing on the pi-gen repository
178+
179+ mkdir -p stage2a/01-install-hackman/
180+
181+ cat > stage2a/01-install-hackman/00-packages <<-EOF
182+ redis-server
183+ nginx
184+ libffi-dev
185+ libpq-dev
186+ postgresql
187+ postgresql-contrib
188+ EOF
189+
190+ cat stage2a/01-install-hackman/00-packages
191+
192+ RRRR=stage2a/01-install-hackman/01-run.sh
193+ echo "#!/bin/bash -e" >> $RRRR
194+ echo "on_chroot << EOF" >> $RRRR
195+ echo "curl -sLO ${{ steps.upload_deb.outputs.browser_download_url }}" >> $RRRR
196+ echo "dpkg -i hackman*.deb" >> $RRRR
197+ echo "EOF" >> $RRRR
198+
199+ cat stage2a/01-install-hackman/01-run.sh
200+
201+ cat > stage2a/prerun.sh <<-EOF
202+ #!/bin/bash -e
203+ if [ ! -d "\${ROOTFS_DIR}" ]; then
204+ copy_previous
205+ fi
206+ EOF
207+
208+ cat stage2a/prerun.sh
209+
210+ chmod +x stage2a/01-install-hackman/01-run.sh
211+ chmod +x stage2a/prerun.sh
212+
213+ name : PiGen image
214+ uses : usimd/pi-gen-action@v1
215+ id : pigen
216+ with :
217+ # Compression to apply on final image (either "none", "zip", "xz" or "gz").
218+ compression : zip
219+
220+ # Compression level to be used. From 0 to 9 (refer to the tool man page for more
221+ # information on this. Usually 0 is no compression but very fast, up to 9 with the
222+ # best compression but very slow).
223+ compression-level : 6
224+
225+ # Disable the renaming of the first user during the first boot. This make it so
226+ # 'username' stays activated. 'username' must be set for this to work. Please be
227+ # aware of the implied security risk of defining a default username and password
228+ # for your devices.
229+ disable-first-boot-user-rename : 1
230+
231+ # Additional options to include in PIGEN_DOCKER_OPTS
232+ docker-opts : ' '
233+
234+ # Set whether a NOOBS image should be built as well. If enabled, the output
235+ # directory containing the NOOBS files will be saved as output variable
236+ # 'image-noobs-path'.
237+ enable-noobs : false
238+
239+ # Enable SSH access to Pi.
240+ enable-ssh : 1
241+
242+ # If this feature is enabled, the action will configure pi-gen to not export any
243+ # stage as image but the last one defined in property 'stage-list'. This is
244+ # helpful when building a single image flavor (in contrast to building a
245+ # lite/server and full-blown desktop image), since it speeds up the build process
246+ # significantly.
247+ export-last-stage-only : true
248+
249+ # Comma or whitespace separated list of additional packages to install on host
250+ # before running pi-gen. Use this list to add any packages your custom stages may
251+ # require. Note that this is not affecting the final image. In order to add
252+ # additional packages, you need to add a respective 'XX-packages' file in your
253+ # custom stage.
254+ extra-host-dependencies : ' '
255+
256+ # Comma or whitespace separated list of additional modules to load on host before
257+ # running pi-gen. If your custom stage requires additional software or kernel
258+ # modules to be loaded, add them here. Note that this is not meant to configure
259+ # modules to be loaded in the target image.
260+ extra-host-modules : ' '
261+
262+ # Token to use for checking out pi-gen repo.
263+ github-token : ${{ github.token }}
264+
265+ # Host name of the image.
266+ hostname : door
267+
268+ # Final image name.
269+ image-name : " door-${{steps.tag.outputs.tag}}"
270+
271+ # Default keyboard keymap.
272+ keyboard-keymap : us
273+
274+ # Default keyboard layout.
275+ keyboard-layout : English (US)
276+
277+ # Default locale of the system image.
278+ locale : en_US.UTF-8
279+
280+ # Password of the intial user account, locked if empty.
281+ password : ' door' # fixme
282+
283+ # Path where selected pi-gen ref will be checked out to. If the path does not yet
284+ # exist, it will be created (including its parents).
285+ pi-gen-dir : pi-gen
286+
287+ # GitHub repository to fetch pi-gen from, must be a fork from RPi-Distro/pi-gen.
288+ pi-gen-repository : RPi-Distro/pi-gen
289+
290+ # Release version of pi-gen to use. This can both be a branch or tag name known in
291+ # the pi-gen repository.
292+ pi-gen-version : 2023-05-03-raspios-bullseye
293+
294+ # The release version to build images against. Valid values are jessie, stretch,
295+ # buster, bullseye, and testing.
296+ release : bullseye
297+
298+ # Setting to `1` will prevent pi-gen from dropping the "capabilities" feature.
299+ # Generating the root filesystem with capabilities enabled and running it from a
300+ # filesystem that does not support capabilities (like NFS) can cause issues. Only
301+ # enable this if you understand what it is.
302+ setfcap : ' '
303+
304+ # List of stage name to execute in given order. Relative and absolute paths to
305+ # custom stage directories are allowed here. Note that by default pi-gen exports
306+ # images in stage2 (lite), stage4 and stage5. You probably want to hook in custom
307+ # stages before one of the exported stages. Otherwise, the action will make sure
308+ # any custom stage will include an image export directive.
309+ stage-list : stage0 stage1 stage2 ./stage2a
310+
311+ # System timezone.
312+ timezone : Asia/Hong_Kong
313+
314+ # Use qcow2 images to reduce space and runtime requirements.
315+ use-qcow2 : 1
316+
317+ # Name of the initial user account.
318+ username : pi
319+
320+ # Print all output from pi-gen.
321+ verbose-output : true
322+
323+ # Wifi country code of default network to connect to.
324+ wpa-country : ' '
325+
326+ # SSID of a default wifi network to connect to.
327+ wpa-essid : ' '
328+
329+ # Password of default wifi network to connect to.
330+ wpa-password : ' '
331+
332+ - name : Upload pi-gen image to release
333+ uses : svenstaro/upload-release-action@v2
334+ with :
335+ repo_token : ${{ secrets.GITHUB_TOKEN }}
336+ file : ${{ steps.pigen.outputs.image-path }}
337+ file_glob : true
338+ tag : ${{ steps.tag.outputs.tag }}
339+ overwrite : true
0 commit comments