Upstream Tag Check, Build, Tag & Release #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Upstream Tag Check, Build, Tag & Release | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 3 * * *' | |
| permissions: | |
| contents: write | |
| jobs: | |
| check-upstream-latest-tag: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| new_tag: ${{ steps.compare.outputs.new_tag }} | |
| tag_name: ${{ steps.compare.outputs.tag_name }} | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Fetch latest upstream tag | |
| id: get_latest_tag | |
| run: | | |
| git ls-remote --tags --sort="v:refname" https://github.com/Ralim/IronOS.git \ | |
| | awk '{print $2}' \ | |
| | grep -v '\^{}' \ | |
| | sed 's|refs/tags/||' \ | |
| | tail -n1 > latest_tag.txt | |
| latest_tag=$(cat latest_tag.txt) | |
| echo "latest_tag=$latest_tag" >> $GITHUB_OUTPUT | |
| - name: Compare upstream tag with local and remote tags | |
| id: compare | |
| run: | | |
| latest_tag=$(cat latest_tag.txt) | |
| # Prüfen, ob Tag lokal existiert | |
| if git tag --list | grep -Fxq "$latest_tag"; then | |
| echo "Upstream tag $latest_tag exists locally. No new build needed." | |
| echo "new_tag=false" >> $GITHUB_OUTPUT | |
| echo "tag_name=$latest_tag" >> $GITHUB_OUTPUT | |
| # Prüfen, ob Tag auf Remote (origin) existiert | |
| elif git ls-remote --tags origin | grep -q "refs/tags/$latest_tag$"; then | |
| echo "Upstream tag $latest_tag exists on remote. No new build needed." | |
| echo "new_tag=false" >> $GITHUB_OUTPUT | |
| echo "tag_name=$latest_tag" >> $GITHUB_OUTPUT | |
| else | |
| echo "Upstream tag $latest_tag is new. Build needed." | |
| echo "new_tag=true" >> $GITHUB_OUTPUT | |
| echo "tag_name=$latest_tag" >> $GITHUB_OUTPUT | |
| fi | |
| build: | |
| name: Build ${{ matrix.manufacturer }} ${{ matrix.model }} | |
| needs: check-upstream-latest-tag | |
| if: needs.check-upstream-latest-tag.outputs.new_tag == 'true' | |
| runs-on: ubuntu-latest | |
| container: | |
| image: alpine:3.21 | |
| strategy: | |
| matrix: | |
| include: | |
| - manufacturer: Miniware | |
| model: MHP30 | |
| - manufacturer: Miniware | |
| model: TS100 | |
| - manufacturer: Miniware | |
| model: TS101 | |
| - manufacturer: Miniware | |
| model: TS80 | |
| - manufacturer: Miniware | |
| model: TS80P | |
| - manufacturer: Pine64 | |
| model: Pinecil | |
| - manufacturer: Pine64 | |
| model: Pinecilv2 | |
| - manufacturer: Sequre | |
| model: S60 | |
| - manufacturer: Sequre | |
| model: S60P | |
| - manufacturer: Sequre | |
| model: T55 | |
| steps: | |
| - name: Install dependencies (apk) | |
| run: | | |
| apk add --no-cache gcc-riscv-none-elf g++-riscv-none-elf gcc-arm-none-eabi g++-arm-none-eabi \ | |
| newlib-riscv-none-elf newlib-arm-none-eabi findutils python3 py3-pip python3-dev make git bash sudo \ | |
| build-base musl-dev libc-dev docker docker-compose zip unzip | |
| - name: Set up Python venv for bdflib | |
| run: | | |
| python3 -m venv /tmp/venv | |
| . /tmp/venv/bin/activate | |
| pip install --upgrade pip | |
| pip install bdflib | |
| - name: Clone Upstream IronOS at tag | |
| env: | |
| TAG_NAME: ${{ needs.check-upstream-latest-tag.outputs.tag_name }} | |
| run: | | |
| echo "Cloning tag: $TAG_NAME" | |
| git clone --depth 1 --branch "$TAG_NAME" https://github.com/Ralim/IronOS.git IronOS | |
| cd IronOS | |
| git submodule update --init --recursive | |
| - name: Prepare toolchains (deploy.sh) | |
| run: | | |
| cd IronOS/scripts | |
| sudo sh deploy.sh | |
| - name: Build Multifirmware ${{ matrix.manufacturer }} ${{ matrix.model }} (DE EN) | |
| run: | | |
| . /tmp/venv/bin/activate | |
| cd IronOS/source | |
| make -j2 model=${{ matrix.model }} custom_multi_langs="DE EN" firmware-multi_compressed_Custom | |
| - name: Rename and clean up firmware for ${{ matrix.manufacturer }} ${{ matrix.model }} | |
| run: | | |
| cd IronOS/source/Hexfile | |
| TAG_NAME="${{ needs.check-upstream-latest-tag.outputs.tag_name }}" | |
| MODEL="${{ matrix.model }}" | |
| case "$MODEL" in | |
| MHP30) | |
| mv MHP30_multi_compressed_Custom.hex "IronOS_${TAG_NAME}_MHP30-DE_EN.hex" | |
| ;; | |
| Pinecil) | |
| mv Pinecil_multi_compressed_Custom.dfu "IronOS_${TAG_NAME}_Pinecil_v1-DE_EN.dfu" | |
| ;; | |
| Pinecilv2) | |
| mv Pinecilv2_multi_compressed_Custom.bin "IronOS_${TAG_NAME}_Pinecil_v2-DE_EN.bin" | |
| ;; | |
| S60) | |
| mv S60_multi_compressed_Custom.hex "IronOS_${TAG_NAME}_S60-DE_EN.hex" | |
| ;; | |
| S60P) | |
| mv S60P_multi_compressed_Custom.hex "IronOS_${TAG_NAME}_S60P-DE_EN.hex" | |
| ;; | |
| T55) | |
| mv T55_multi_compressed_Custom.hex "IronOS_${TAG_NAME}_T55-DE_EN.hex" | |
| ;; | |
| TS80) | |
| mv TS80_multi_compressed_Custom.hex "IronOS_${TAG_NAME}_TS80-DE_EN.hex" | |
| ;; | |
| TS80P) | |
| mv TS80P_multi_compressed_Custom.hex "IronOS_${TAG_NAME}_TS80P-DE_EN.hex" | |
| ;; | |
| TS100) | |
| mv TS100_multi_compressed_Custom.hex "IronOS_${TAG_NAME}_TS100-DE_EN.hex" | |
| ;; | |
| TS101) | |
| mv TS101_multi_compressed_Custom.hex "IronOS_${TAG_NAME}_TS101-DE_EN.hex" | |
| ;; | |
| esac | |
| - name: Generate SHA256 checksum for ${{ matrix.manufacturer }} ${{ matrix.model }} | |
| run: | | |
| cd IronOS/source/Hexfile | |
| TAG_NAME="${{ needs.check-upstream-latest-tag.outputs.tag_name }}" | |
| MODEL="${{ matrix.model }}" | |
| case "$MODEL" in | |
| Pinecil) | |
| FW_FILE="IronOS_${TAG_NAME}_Pinecil_v1-DE_EN.dfu" | |
| ;; | |
| Pinecilv2) | |
| FW_FILE="IronOS_${TAG_NAME}_Pinecil_v2-DE_EN.bin" | |
| ;; | |
| *) | |
| FW_FILE=$(ls IronOS_${TAG_NAME}_${MODEL}-DE_EN.* 2>/dev/null | grep -v '\.sha256$' || true) | |
| ;; | |
| esac | |
| if [ -z "$FW_FILE" ] || [ ! -f "$FW_FILE" ]; then | |
| echo "ERROR: Firmware file not found for $MODEL!" | |
| ls -l | |
| exit 1 | |
| fi | |
| sha256sum "$FW_FILE" > "${FW_FILE}.sha256" | |
| - name: Create zip for ${{ matrix.manufacturer }} ${{ matrix.model }} | |
| run: | | |
| cd IronOS/source/Hexfile | |
| TAG_NAME="${{ needs.check-upstream-latest-tag.outputs.tag_name }}" | |
| MANUFACTURER="${{ matrix.manufacturer }}" | |
| MODEL="${{ matrix.model }}" | |
| case "$MODEL" in | |
| Pinecil) | |
| FW_FILE="IronOS_${TAG_NAME}_Pinecil_v1-DE_EN.dfu" | |
| ;; | |
| Pinecilv2) | |
| FW_FILE="IronOS_${TAG_NAME}_Pinecil_v2-DE_EN.bin" | |
| ;; | |
| *) | |
| FW_FILE=$(ls IronOS_${TAG_NAME}_${MODEL}-DE_EN.* 2>/dev/null | grep -v '\.sha256$' || true) | |
| ;; | |
| esac | |
| if [ -z "$FW_FILE" ] || [ ! -f "$FW_FILE" ]; then | |
| echo "ERROR: Firmware file not found for $MODEL!" | |
| ls -l | |
| exit 1 | |
| fi | |
| ZIP_NAME="IronOS_${TAG_NAME}_${MANUFACTURER}_${MODEL}-DE_EN.zip" | |
| zip "$ZIP_NAME" "$FW_FILE" "${FW_FILE}.sha256" | |
| mv "$ZIP_NAME" $GITHUB_WORKSPACE/ | |
| - name: Upload zip as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.manufacturer }}_${{ matrix.model }}_zip | |
| path: IronOS_*_*_*-DE_EN.zip | |
| create-tag-and-release: | |
| needs: [check-upstream-latest-tag, build] | |
| if: needs.check-upstream-latest-tag.outputs.new_tag == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Download all zip artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| - name: Move all firmware zip files to workspace | |
| run: | | |
| find artifacts -type f -name 'IronOS_*_*_*-DE_EN.zip' -exec mv {} . \; | |
| - name: Install GitHub CLI | |
| run: sudo apt-get update && sudo apt-get install -y gh | |
| - name: Set up Git user | |
| run: | | |
| git config --global user.name "Steven Seifried" | |
| git config --global user.email "[email protected]" | |
| - name: Import GPG key and configure git signing | |
| env: | |
| GPGKEY: ${{ secrets.GPGKEY }} | |
| run: | | |
| echo "$GPGKEY" | base64 --decode | gpg --batch --import | |
| KEYID=$(gpg --list-secret-keys --with-colons | grep '^sec' | cut -d: -f5 | head -n1) | |
| echo "Using GPG Key: $KEYID" | |
| git config --global user.signingkey "$KEYID" | |
| git config --global gpg.program gpg | |
| git config --global tag.gpgSign true | |
| export GPG_TTY=$(tty) | |
| - name: Create signed tag if not exists | |
| run: | | |
| TAG="${{ needs.check-upstream-latest-tag.outputs.tag_name }}" | |
| # Prüfe, ob Tag auf Remote existiert | |
| if git ls-remote --tags origin | grep -q "refs/tags/$TAG$"; then | |
| echo "Tag $TAG exists on remote, skipping creation." | |
| else | |
| git tag -s "$TAG" -m "Upstream release $TAG" | |
| git push origin "$TAG" | |
| echo "New signed tag $TAG created and pushed." | |
| fi | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ needs.check-upstream-latest-tag.outputs.tag_name }} | |
| name: IronOS ${{ needs.check-upstream-latest-tag.outputs.tag_name }} | |
| body: | | |
| Automatic release for IronOS ${{ needs.check-upstream-latest-tag.outputs.tag_name }}. | |
| For changelog see https://github.com/Ralim/IronOS/releases/tag/${{ needs.check-upstream-latest-tag.outputs.tag_name }} | |
| prerelease: ${{ contains(needs.check-upstream-latest-tag.outputs.tag_name, 'rc') }} | |
| files: IronOS_*_*_*-DE_EN.zip | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |