-
Notifications
You must be signed in to change notification settings - Fork 264
95 lines (83 loc) · 3.51 KB
/
pre.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Pre-CI
on:
push:
pull_request_target:
# branches:
# - main # The workflow would be run based on the workflow file of the base branch to protect against malicious workflow in the PR.
env:
LCOW_ARTIFACT_PROJECT: "ContainerPlatform"
LCOW_ARTIFACT_FEED: "ContainerPlat-Dev"
LCOW_ARTIFACT_NAME: "azurelinux-uvm"
LCOW_ARTIFACT_VERSION: "*.*.*"
LINUX_BOOT_FILES_PATH: ${{ github.workspace }}/LinuxBootFiles
jobs:
# This job downloads the Linux boot files from the Azure Artifact feed and
# create the rootfs containing the local Linux-GCS. It needs to be run on
# the 1ES github runner pool in order to access the Azure Artifact feed.
donwload-linux-boot-files:
runs-on:
- self-hosted
- 1ES.Pool=containerplat-github-runner-pool-east-us-2
- 1ES.ImageOverride=github-mms-ubuntu-22
permissions:
id-token: write # This is required for OIDC login (azure/login) to succeed
contents: read # This is required for actions/checkout to succeed
steps:
- name: Check access
if: ${{ github.event.pull_request.author_association != 'COLLABORATOR' && github.event.pull_request.author_association != 'OWNER' }}
run: |
echo "Author association: ${{ github.event.pull_request.author_association }}"
echo "Pull Request: ${{ github.event.pull_request }}"
echo "Event not triggered by a collaborator. Will not continue CI."
exit 1
# - name: Checkout hcsshim
# uses: actions/checkout@v4
# with:
# show-progress: false
# Install Azure CLI and login to Azure
- name: Azure OIDC Login
uses: azure/login@v2
with:
client-id: "930a0428-2b45-4cf9-9afe-b81bde516504"
tenant-id: "72f988bf-86f1-41af-91ab-2d7cd011db47"
allow-no-subscriptions: true
- name: Download Linux artifact from feed
uses: azure/cli@v2
with:
azcliversion: latest
inlineScript: |
az extension add --name azure-devops
export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
az artifacts universal download \
--organization "https://msazure.visualstudio.com/" \
--project ${{ env.LCOW_ARTIFACT_PROJECT }} \
--scope project \
--feed ${{ env.LCOW_ARTIFACT_FEED }} \
--name ${{ env.LCOW_ARTIFACT_NAME }} \
--version ${{ env.LCOW_ARTIFACT_VERSION }} \
--path ./downloaded_artifacts
- name: Show downloaded lcow artifacts
run: find ./downloaded_artifacts -maxdepth 3 -ls
- name: Create directory for storing linux artifacts
run: |
mkdir -p ./linux_artifacts/
- name: Copy Linux kernel and rootfs tar files
run: |
mv ./downloaded_artifacts/LinuxBootFiles/kernel ./linux_artifacts/
mv ./downloaded_artifacts/LinuxBootFiles/vmlinux ./linux_artifacts/
mv ./downloaded_artifacts/rootfs-*.tar.gz ./linux_artifacts/
# This is a workaround to overcome the limitation of actions/upload-artifact@v4 used in later jobs.
# See https://github.com/actions/upload-artifact/tree/v4/?tab=readme-ov-file#permission-loss.
- name: Tar the files to preserve file permissions prior to upload
run: |
cd linux_artifacts
tar -cvf linux_artifacts.tar .
# Upload the Linux boot files so that they can be used in later jobs.
- name: Upload Linux artifact
uses: actions/upload-artifact@v4
with:
name: linux_artifact
path: linux_artifact.tar
if-no-files-found: error
overwrite: true
retention-days: 1