name: Build and Upload OS image (scheduled) on: workflow_dispatch: schedule: - cron: "0 21 * * 2" # At 21:00 on Tuesday. - cron: "10 21 * * 2" # At 21:10 on Tuesday. - cron: "20 21 * * 2" # At 21:20 on Tuesday. - cron: "0 21 * * 4" # At 21:00 on Thursday. - cron: "10 21 * * 4" # At 21:10 on Thursday. - cron: "20 21 * * 4" # At 21:20 on Thursday. jobs: stream: runs-on: ubuntu-22.04 outputs: stream: ${{ steps.stream.outputs.stream }} steps: - name: Determine stream id: stream run: | if [[ ${{ github.event_name }} == "workflow_dispatch" ]]; then echo "stream=nightly" | tee -a "$GITHUB_OUTPUT" exit 0 fi case "${{ github.event.schedule }}" in "0 21 * * 4" | "0 21 * * 2") echo "stream=debug" | tee -a "$GITHUB_OUTPUT" ;; "10 21 * * 4" | "10 21 * * 2") echo "stream=console" | tee -a "$GITHUB_OUTPUT" ;; "20 21 * * 4" | "20 21 * * 2") echo "stream=nightly" | tee -a "$GITHUB_OUTPUT" ;; *) echo "::error::Unknown stream for schedule '${{ github.event.schedule }}'" exit 1 ;; esac build-image: needs: stream uses: ./.github/workflows/build-os-image.yml permissions: id-token: write contents: read packages: read secrets: inherit with: stream: ${{ needs.stream.outputs.stream }} ref: ${{ github.head_ref }} update-code: # On nightly stream only. if: | github.event_name == 'workflow_dispatch' || github.event.schedule == '20 21 * * 4' || github.event.schedule == '20 21 * * 2' needs: build-image runs-on: ubuntu-22.04 steps: - name: Checkout uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: ref: ${{ github.head_ref }} - name: Setup Go environment uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version: "1.20.4" - name: Determine version id: version uses: ./.github/actions/pseudo_version - name: Update QEMU/MiniConstellation image version run: | defaultVersionReg='defaultImage = \"[^\"]*\"' # Ensure regexp matches (otherwise the file was changed or the workflow is broken). grep -E "${defaultVersionReg}" internal/config/image_enterprise.go # Update version. newVersion="ref\/${{ steps.version.outputs.branchName }}\/stream\/nightly\/${{ steps.version.outputs.version }}" sed -i "s/${defaultVersionReg}/defaultImage = \"${newVersion}\"/" internal/config/image_enterprise.go - name: Build generateMeasurements tool working-directory: internal/attestation/measurements/measurement-generator run: go build -o generate . - name: Update hardcoded measurements working-directory: internal/attestation/measurements run: ./measurement-generator/generate - name: Cleanup run: rm -f internal/attestation/measurements/measurement-generator/generate - name: Create pull request uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4 with: branch: "image/automated/update-measurements-${{ github.run_number }}" base: main title: "image: update measurements and image version" body: | :robot: *This is an automated PR.* :robot: The PR is triggered as part of the scheduled image build on main. It updates the hardcoded measurements and the image version (for QEMU/MiniConstellation). commit-message: "image: update measurements and image version" committer: edgelessci labels: no changelog # We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work. token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }}