Add IPv6 support with --ipv4/-4 and --ipv6/-6 flags #32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: [ push, pull_request, workflow_dispatch ] | |
| jobs: | |
| prep: | |
| runs-on: ubuntu-latest | |
| name: Prepare build | |
| steps: | |
| - name: Extract tag/branch variables | |
| shell: bash | |
| run: | | |
| echo "tag=$(echo ${GITHUB_REF#refs/tags/}|grep -v '/')" >> $GITHUB_OUTPUT | |
| echo "branch=$(echo ${GITHUB_REF#refs/heads/}|grep -v '/')" >> $GITHUB_OUTPUT | |
| id: extract | |
| outputs: | |
| tag: ${{ steps.extract.outputs.tag }} | |
| branch: ${{ steps.extract.outputs.branch }} | |
| build: | |
| runs-on: ubuntu-latest | |
| name: Build package | |
| needs: prep | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up build tools | |
| run: ./.github/workflows/setup.sh | |
| - name: Server-side run of commit hooks in case developer skipped them | |
| run: git diff 4b825dc642cb6eb9a060e54bf8d69288fbee4904 | ./packaging/check-files - | |
| env: | |
| TRAVIS_TAG: ${{ needs.prep.outputs.tag }} | |
| - name: Obtain GPG keys to validate tag signature | |
| if: ${{ needs.prep.outputs.tag != '' }} | |
| run: | | |
| ./packaging/gpg-recv-key phil@firehol.org "0762 9FF7 89EA 6156 012F 9F50 C406 9602 1359 9237" | |
| ./packaging/gpg-recv-key costa@tsaousis.gr "4DFF 624A E564 3B51 2872 1F40 29CA 3358 89B9 A863" | |
| git fetch --tags -f | |
| env: | |
| KEYURL: https://keyserver.ubuntu.com/pks/lookup?exact=on&op=get&search= | |
| - name: Run build | |
| run: fakeroot ./packaging/git-build && ./configure && make check | |
| env: | |
| TRAVIS_TAG: ${{ needs.prep.outputs.tag }} | |
| - name: Create checksums | |
| run: | | |
| for i in *.tar.* | |
| do | |
| md5sum -b $i > $i.md5 | |
| sha512sum -b $i > $i.sha | |
| done | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: | | |
| *.tar.* | |
| publish_branch: | |
| runs-on: ubuntu-latest | |
| name: Publish to website if branch | |
| needs: [ prep, build ] | |
| env: | |
| DEPLOY_ARTIFACTS: "*.tar.*" | |
| DEPLOY_SERVER: travis@firehol.org | |
| DEPLOY_DIR: uploads/iprange/${{needs.prep.outputs.branch}} | |
| SERVER_DEPLOY_LOG: https://firehol.org/travis-project.log | |
| SERVER_DEPLOY_TIMEOUT: 300 | |
| if: >- | |
| ${{ ( needs.prep.outputs.branch == 'main' | |
| || needs.prep.outputs.branch == 'master' | |
| || startsWith( needs.prep.outputs.branch, 'stable-' ) ) }} | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4.1.7 | |
| with: | |
| name: build-artifacts | |
| - name: Setup SSH | |
| id: ssh | |
| run: | | |
| echo "$FIREHOL_ORG_PUBLISH_SSH" > firehol_org_publish_key | |
| chmod 600 firehol_org_publish_key | |
| eval "$(ssh-agent)" | |
| if ssh-add firehol_org_publish_key; then | |
| echo "Key added: setting agent environment" | |
| echo "ssh_agent_pid=$SSH_AGENT_PID" >> $GITHUB_OUTPUT | |
| echo "ssh_auth_sock=$SSH_AUTH_SOCK" >> $GITHUB_OUTPUT | |
| mkdir -p $HOME/.ssh | |
| chmod 700 $HOME/.ssh | |
| echo PasswordAuthentication=no >> $HOME/.ssh/config | |
| chmod 644 $HOME/.ssh/config | |
| else | |
| echo "Key not added: skipping ssh-agent environment" | |
| fi | |
| rm -f firehol_org_publish_key | |
| env: | |
| FIREHOL_ORG_PUBLISH_SSH: ${{secrets.FIREHOL_ORG_PUBLISH_SSH}} | |
| - name: Prepare deployment check | |
| if: ${{ steps.ssh.outputs.ssh_agent_pid != '' }} | |
| run: curl -s -oresult.orig $SERVER_DEPLOY_LOG | |
| - name: Deploy to website ${{needs.prep.outputs.branch}} | |
| if: ${{ steps.ssh.outputs.ssh_agent_pid != '' }} | |
| run: | | |
| ssh-keyscan -H firehol.org >> ~/.ssh/known_hosts | |
| ssh $DEPLOY_SERVER mkdir -p "$DEPLOY_DIR" | |
| rsync -a $DEPLOY_ARTIFACTS "$DEPLOY_SERVER:$DEPLOY_DIR/" | |
| ssh $DEPLOY_SERVER touch "$DEPLOY_DIR/complete.txt" | |
| env: | |
| SSH_AGENT_PID: ${{ steps.ssh.outputs.ssh_agent_pid }} | |
| SSH_AUTH_SOCK: ${{ steps.ssh.outputs.ssh_auth_sock }} | |
| - name: Check deployment | |
| if: ${{ steps.ssh.outputs.ssh_agent_pid != '' }} | |
| run: | | |
| pause=10 | |
| attempts=$(( $SERVER_DEPLOY_TIMEOUT / $pause )) | |
| while [ $attempts -gt 0 ] | |
| do | |
| sleep $pause | |
| attempts=$((attempts - 1)) | |
| curl -s -o result $SERVER_DEPLOY_LOG | |
| if ! cmp -s result result.orig | |
| then | |
| cat result | |
| if grep -q "not deploying" result | |
| then | |
| exit 2 | |
| else | |
| exit 0 | |
| fi | |
| fi | |
| done | |
| exit 1 | |
| publish_tag: | |
| runs-on: ubuntu-latest | |
| name: Publish to github if tag | |
| needs: [ prep, build ] | |
| if: ${{ needs.prep.outputs.tag != '' }} | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4.1.7 | |
| with: | |
| name: build-artifacts | |
| - name: Create Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ github.ref }} | |
| release_name: Release ${{ github.ref }} | |
| draft: true | |
| - name: Upload | |
| uses: actions/github-script@v3 | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| const path = require('path'); | |
| const fs = require('fs'); | |
| const release_id = '${{ steps.create_release.outputs.id }}'; | |
| for (let file of await fs.readdirSync('./')) { | |
| console.log('uploadReleaseAsset', file); | |
| await github.repos.uploadReleaseAsset({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| release_id: release_id, | |
| name: file, | |
| data: await fs.readFileSync(`./${file}`) | |
| }); | |
| } |