chore: Bump actions/checkout from 3 to 4 #48
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy to a Single Device | |
| on: | |
| push: | |
| branches: [ "master" ] | |
| pull_request: | |
| branches: [ "master" ] | |
| env: | |
| MENDER_SERVER_URL: https://hosted.mender.io # Mender server URL | |
| MENDER_DEPLOYMENT_NAME: my-app-v1.0-dev # Mender deployment name | |
| MENDER_RELEASE_NAME: change-the-world-to-better-v1.0 # Mender release name | |
| MENDER_ARTIFACT_NAME: artifact.mender # Mender artifact name | |
| jobs: | |
| upload: | |
| runs-on: ubuntu-latest | |
| # conrainer with pre-installed mender-artifact and mender-cli tools | |
| container: | |
| image: mendersoftware/mender-ci-tools:master | |
| name: Deploy a dummy Mender Artifact | |
| steps: | |
| # Checkout git repository | |
| - uses: actions/checkout@v4 | |
| # Download Mender bash client | |
| - name: Setup environment | |
| shell: bash | |
| run: | | |
| apt-get update && apt-get install -y jq | |
| # secrets are not passed to the runner when a workflow is triggered from a forked repository | |
| # https://docs.github.com/en/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow | |
| if [[ -z "${{ secrets.MENDER_TENANT_TOKEN }}" ]]; then | |
| echo "ERROR: MENDER_TENANT_TOKEN is empty." | |
| exit 1 | |
| fi | |
| if [[ -z "${{ secrets.MENDER_SERVER_ACCESS_TOKEN }}" ]]; then | |
| echo "ERROR: MENDER_SERVER_ACCESS_TOKEN is empty." | |
| exit 1 | |
| fi | |
| - name: Setup Mender bash client | |
| shell: bash | |
| run: | | |
| curl -O https://raw.githubusercontent.com/mendersoftware/bash-mender-client/master/mender-client.sh | |
| chmod +x mender-client.sh | |
| mkdir keys | |
| openssl genpkey -algorithm RSA -out keys/private.key -pkeyopt rsa_keygen_bits:3072 | |
| openssl rsa -in keys/private.key -out keys/private.key | |
| openssl rsa -in keys/private.key -out keys/public.key -pubout | |
| # Accept the client | |
| - name: Start Mender bash client and accept the device | |
| shell: bash | |
| run: | | |
| # check number of pending devices | |
| get_pending_devices_count() { | |
| local file=$1 | |
| curl -s -H "Authorization: Bearer ${{ secrets.MENDER_SERVER_ACCESS_TOKEN }}" "${MENDER_SERVER_URL}/api/management/v2/devauth/devices?status=pending" > ${file} | |
| local devices_count=$(jq '.[].id' ${file} | wc -l) | |
| echo ${devices_count} | |
| } | |
| BEFORE_DEVICES=/tmp/devauth.json | |
| BEFORE_DEVICES_COUNT="$(get_pending_devices_count ${BEFORE_DEVICES})" | |
| # start Mender bash client | |
| ./mender-client.sh -s "${MENDER_SERVER_URL}" -k ./keys -d raspberrypi4 -t ${{ secrets.MENDER_TENANT_TOKEN }} 2>&1 >/tmp/device.log & | |
| # wait while the device appears in pending | |
| CURRENT_DEVICES=/tmp/devauth_current.json | |
| count=0 | |
| while [ $(get_pending_devices_count ${CURRENT_DEVICES}) -eq ${BEFORE_DEVICES_COUNT} ]; do | |
| let count=$count+1 | |
| if [ $count -ge 10 ]; then | |
| echo "ERROR: the device doesn't appear as pending" | |
| exit 1 | |
| fi | |
| sleep 2 | |
| done | |
| # accept a device | |
| for id in $(jq -r '.[].id' ${CURRENT_DEVICES}); do | |
| if ! grep -q ${id} ${BEFORE_DEVICES}; then | |
| auth_set_id=$(curl -s -X GET ${MENDER_SERVER_URL}/api/management/v2/devauth/devices/${id} \ | |
| -H "Accept: application/json" \ | |
| -H "Authorization: Bearer ${{ secrets.MENDER_SERVER_ACCESS_TOKEN }}" | jq -r '.auth_sets[].id') | |
| curl -i -s -X PUT ${MENDER_SERVER_URL}/api/management/v2/devauth/devices/${id}/auth/${auth_set_id}/status \ | |
| -H "Content-Type: application/json" \ | |
| -H "Accept: application/json" \ | |
| -H "Authorization: Bearer ${{ secrets.MENDER_SERVER_ACCESS_TOKEN }}" \ | |
| -d "{\"status\": \"accepted\"}" | |
| echo "MENDER_DEVICES_LIST=[\\\"${id}\\\"]" >> ${GITHUB_ENV} | |
| echo "MENDER_DEVICE_ID=${id}" >> ${GITHUB_ENV} | |
| break | |
| fi | |
| done | |
| # Creates Mender Artifact | |
| - name: Create Mender Artifact | |
| shell: bash | |
| run: | | |
| echo key > authorized_keys | |
| single-file-artifact-gen \ | |
| --device-type raspberrypi4 \ | |
| -o ${MENDER_ARTIFACT_NAME} \ | |
| -n ${MENDER_RELEASE_NAME} \ | |
| --software-name authorized_keys \ | |
| --software-version 1.0 \ | |
| --dest-dir /home/root/.ssh \ | |
| authorized_keys | |
| # Uploads Mender Artifact to a Mender server | |
| - name: Upload Mender Artifacts to Mender server | |
| uses: mendersoftware/mender-gh-action-upload-artifact@master | |
| with: | |
| mender_pat: ${{ secrets.MENDER_SERVER_ACCESS_TOKEN }} | |
| mender_artifact: ${{ env.MENDER_ARTIFACT_NAME }} | |
| mender_uri: ${{ env.MENDER_SERVER_URL }} | |
| # Creates a deployment on a Mender server | |
| - name: Create deployment on Mender server | |
| uses: ./ | |
| with: | |
| mender_pat: ${{ secrets.MENDER_SERVER_ACCESS_TOKEN }} | |
| mender_uri: ${{ env.MENDER_SERVER_URL }} | |
| mender_deployment_name: ${{ env.MENDER_DEPLOYMENT_NAME }} | |
| mender_release_name: ${{ env.MENDER_RELEASE_NAME }} | |
| mender_devices_list: ${{ env.MENDER_DEVICES_LIST }} | |
| - name: Wait while the deloyment finishes | |
| if: always() | |
| shell: bash | |
| run: | | |
| deployment_id=$(curl -s -X GET ${MENDER_SERVER_URL}/api/management/v1/deployments/deployments?status=pending \ | |
| -H "Accept: application/json" \ | |
| -H "Authorization: Bearer ${{ secrets.MENDER_SERVER_ACCESS_TOKEN }}" | jq -r '.[].id') | |
| count=0 | |
| while true; do | |
| status=$(curl -s -X GET ${MENDER_SERVER_URL}/api/management/v1/deployments/deployments/${deployment_id} \ | |
| -H "Accept: application/json" \ | |
| -H "Authorization: Bearer ${{ secrets.MENDER_SERVER_ACCESS_TOKEN }}" | jq -r '.status') | |
| if [ "${status}" == "finished" ]; then | |
| break | |
| fi | |
| let count=$count+1 | |
| [ $count -ge 100 ] && { echo "ERROR: deployment '${deployment_id}' isn't finished"; exit 1; } | |
| sleep 2 | |
| done | |
| - name: Cleanup - delete artifact | |
| if: always() | |
| shell: bash | |
| run: | | |
| artifact_id=$(curl -s -X GET ${MENDER_SERVER_URL}/api/management/v1/deployments/artifacts/list?name=${MENDER_RELEASE_NAME} \ | |
| -H "Accept: application/json" \ | |
| -H "Authorization: Bearer ${{ secrets.MENDER_SERVER_ACCESS_TOKEN }}" | jq -r '.[].id') | |
| curl -i -X DELETE ${MENDER_SERVER_URL}/api/management/v1/deployments/artifacts/${artifact_id} \ | |
| -H "Accept: application/json" \ | |
| -H "Authorization: Bearer ${{ secrets.MENDER_SERVER_ACCESS_TOKEN }}" | |
| - name: Cleanup - delete device | |
| if: always() | |
| shell: bash | |
| run: | | |
| curl -i -X DELETE ${MENDER_SERVER_URL}/api/management/v2/devauth/devices/${MENDER_DEVICE_ID} \ | |
| -H "Accept: application/json" \ | |
| -H "Authorization: Bearer ${{ secrets.MENDER_SERVER_ACCESS_TOKEN }}" |