From dbd6cab935aeaebd7dd3570c687516a7cd930319 Mon Sep 17 00:00:00 2001 From: leavesster <11785335+leavesster@users.noreply.github.com> Date: Wed, 1 Apr 2026 10:50:39 +0800 Subject: [PATCH 1/3] ci: update ovmlayer and action versions --- .github/actions/oocana-python/action.yml | 2 +- .github/actions/ovmlayer/action.yml | 78 ++++++++++++++++++++++++ .github/workflows/layer.yml | 27 +++++--- .github/workflows/oocana-python.yml | 20 ++++-- .github/workflows/pr.yml | 8 +-- .github/workflows/publish.yml | 2 +- 6 files changed, 120 insertions(+), 17 deletions(-) create mode 100644 .github/actions/ovmlayer/action.yml diff --git a/.github/actions/oocana-python/action.yml b/.github/actions/oocana-python/action.yml index 1ea77b1a..62cbf193 100644 --- a/.github/actions/oocana-python/action.yml +++ b/.github/actions/oocana-python/action.yml @@ -21,7 +21,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: repository: oomol/oocana-python path: ${{ inputs.path }} diff --git a/.github/actions/ovmlayer/action.yml b/.github/actions/ovmlayer/action.yml new file mode 100644 index 00000000..07cd1862 --- /dev/null +++ b/.github/actions/ovmlayer/action.yml @@ -0,0 +1,78 @@ +name: "setup ovmlayer" +description: "setup ovmlayer on ubuntu-latest" +inputs: + token: + description: "GitHub token with access to the ovmlayer release repository" + required: true + default: ${{ github.token }} + repository: + description: "GitHub repository name under oomol to download ovmlayer releases from" + required: true + use-runtime-setup: + description: "Whether to use ovmlayer setup with an extracted rootfs directory" + required: false + default: "false" + rootfs: + description: "rootfs tar" + required: false + default: "https://github.com/oomol/ovmlayer-rootfs/releases/download/base-rootfs%400.4.0/amd64-rootfs.tar" +runs: + using: "composite" + steps: + - name: setup ovmlayer environment + run: | + sudo apt update + sudo apt install -y --no-install-recommends tar zstd + shell: bash + - name: download ovmlayer + run: | + arch=$(uname -m) + case "$arch" in + x86_64) + arch=amd64 + ;; + aarch64|arm64) + arch=arm64 + ;; + *) + echo "unsupported architecture: $arch" >&2 + exit 1 + ;; + esac + + gh release download --repo "oomol/${{ inputs.repository }}" --pattern "*${arch}*" --clobber -O ovmlayer.tar.zst + + zstd -d ovmlayer.tar.zst -o ovmlayer.tar + mkdir -p ovmlayer-bin + tar -xf ovmlayer.tar -C ovmlayer-bin + + bin=$(find "$(pwd)/ovmlayer-bin" -name ovmlayer -type f | head -n 1) + if [[ -z "$bin" ]]; then + echo "ovmlayer binary not found in downloaded archive" >&2 + exit 1 + fi + + sudo install -m 755 "$bin" /usr/bin/ovmlayer + shell: bash + env: + GH_TOKEN: ${{ inputs.token }} + - name: download base rootfs + run: | + curl -L ${{ inputs.rootfs }} -o base_rootfs.tar + shell: bash + - name: extract base rootfs for runtime setup + if: inputs.use-runtime-setup == 'true' + run: | + mkdir -p base_rootfs + sudo tar -xf base_rootfs.tar -C "$(pwd)/base_rootfs" + shell: bash + - name: setup ovmlayer + run: | + if [[ "${{ inputs.use-runtime-setup }}" == "true" ]]; then + sudo -E ovmlayer setup --runtime /ovmlayer-workspace --external /external_layers --rootfs-path="$(pwd)/base_rootfs" + # GitHub Actions root user workaround: ovmlayer looks for config under $HOME. + sudo ln -sf /home/runner/.ovmlayer_cfg.json /root/.ovmlayer_cfg.json + else + sudo ovmlayer setup dev --base-rootfs="$(pwd)/base_rootfs.tar" --layer-disk=/tmp/layer-disk + fi + shell: bash diff --git a/.github/workflows/layer.yml b/.github/workflows/layer.yml index 04b2247e..3c60c018 100644 --- a/.github/workflows/layer.yml +++ b/.github/workflows/layer.yml @@ -13,7 +13,7 @@ jobs: outputs: should_skip: ${{ steps.filter.outputs.should_skip }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: filter: blob:none fetch-depth: 0 @@ -32,8 +32,11 @@ jobs: runs-on: ubuntu-latest needs: skip if: ${{ needs.skip.outputs.should_skip != 'true' }} + env: + OVMLAYER_REPOSITORY: ${{ vars.OVMLAYER_REPOSITORY || 'ovmlayer-next' }} + OVMLAYER_USE_RUNTIME_SETUP: "true" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: pdm-project/setup-pdm@v4 with: cache: true @@ -49,10 +52,20 @@ jobs: sudo apt-add-repository -y ppa:mosquitto-dev/mosquitto-ppa sudo apt-get update sudo apt-get install -y mosquitto - - uses: oomol/oocana-rust/.github/actions/ovmlayer@main + - name: Generate GitHub App Token for oomol/${{ env.OVMLAYER_REPOSITORY }} + id: app-token + uses: actions/create-github-app-token@v2 with: + app-id: ${{ vars.OOMOL_DOWNLOADER_APP_ID }} + private-key: ${{ secrets.OOMOL_DOWNLOADER_APP_PRIVATE_KEY }} + owner: oomol + repositories: ${{ env.OVMLAYER_REPOSITORY }} + - uses: ./.github/actions/ovmlayer + with: + repository: ${{ env.OVMLAYER_REPOSITORY }} rootfs: https://github.com/oomol/ovmlayer-rootfs/releases/download/base-rootfs%400.4.0/amd64-rootfs.tar - token: ${{ secrets.ACCESS_REPO }} + token: ${{ steps.app-token.outputs.token }} + use-runtime-setup: ${{ env.OVMLAYER_USE_RUNTIME_SETUP }} - name: modify overlayfs # https://github.com/oomol/ovmlayer/issues/25 run: | sudo bash -c 'echo N > /sys/module/overlay/parameters/redirect_always_follow' @@ -68,7 +81,7 @@ jobs: run: | mosquitto -p 47688 -d pdm test - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 - name: test flow examples timeout-minutes: 5 run: | @@ -78,9 +91,9 @@ jobs: npm install npm run test - name: upload logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: oocana-logs path: ~/.oocana/sessions/ retention-days: 1 - if: failure() \ No newline at end of file + if: failure() diff --git a/.github/workflows/oocana-python.yml b/.github/workflows/oocana-python.yml index f22f2457..cd4d768b 100644 --- a/.github/workflows/oocana-python.yml +++ b/.github/workflows/oocana-python.yml @@ -17,12 +17,24 @@ jobs: runs-on: ubuntu-latest env: OVMLAYER_LOG: /tmp/ovmlayer.log + OVMLAYER_REPOSITORY: ${{ vars.OVMLAYER_REPOSITORY || 'ovmlayer-next' }} + OVMLAYER_USE_RUNTIME_SETUP: "true" steps: - - uses: actions/checkout@v4 - - uses: oomol/oocana-rust/.github/actions/ovmlayer@main + - uses: actions/checkout@v6 + - name: Generate GitHub App Token for oomol/${{ env.OVMLAYER_REPOSITORY }} + id: app-token + uses: actions/create-github-app-token@v2 with: + app-id: ${{ vars.OOMOL_DOWNLOADER_APP_ID }} + private-key: ${{ secrets.OOMOL_DOWNLOADER_APP_PRIVATE_KEY }} + owner: oomol + repositories: ${{ env.OVMLAYER_REPOSITORY }} + - uses: ./.github/actions/ovmlayer + with: + repository: ${{ env.OVMLAYER_REPOSITORY }} rootfs: https://github.com/oomol/ovmlayer-rootfs/releases/download/base-rootfs%400.4.0/amd64-rootfs.tar - token: ${{ secrets.ACCESS_REPO }} + token: ${{ steps.app-token.outputs.token }} + use-runtime-setup: ${{ env.OVMLAYER_USE_RUNTIME_SETUP }} - name: setup oocana-python action without layer uses: ./.github/actions/oocana-python with: @@ -36,7 +48,7 @@ jobs: path: "oocana-python" - name: upload log if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: ovmlayer-log path: /tmp/ovmlayer.log diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index be74892c..7efde741 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -13,7 +13,7 @@ jobs: outputs: should_skip: ${{ steps.filter.outputs.should_skip }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: filter: blob:none fetch-depth: 0 @@ -33,7 +33,7 @@ jobs: needs: skip if: ${{ needs.skip.outputs.should_skip != 'true' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: pdm-project/setup-pdm@v4 with: cache: true @@ -53,7 +53,7 @@ jobs: run: | mosquitto -p 47688 -d pdm test - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 with: node-version: 22.x - name: test flow examples @@ -68,7 +68,7 @@ jobs: # if: ${{ failure() }} # uses: mxschmitt/action-tmate@v3 - name: upload logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: oocana-logs path: | diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d5a0eb15..cf4567f9 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -40,7 +40,7 @@ jobs: needs: vars runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - uses: pdm-project/setup-pdm@v4 with: cache: true From f0190e0729341de47a0115a0dca26b91d6baac54 Mon Sep 17 00:00:00 2001 From: leavesster <11785335+leavesster@users.noreply.github.com> Date: Wed, 1 Apr 2026 11:27:19 +0800 Subject: [PATCH 2/3] ci: update remaining action versions --- .github/workflows/layer.yml | 4 ++-- .github/workflows/oocana-python.yml | 2 +- .github/workflows/pr.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/layer.yml b/.github/workflows/layer.yml index 3c60c018..9a26265c 100644 --- a/.github/workflows/layer.yml +++ b/.github/workflows/layer.yml @@ -17,7 +17,7 @@ jobs: with: filter: blob:none fetch-depth: 0 - - uses: leavesster/pull-request-path-filter@v0.2.2 + - uses: leavesster/pull-request-path-filter@v0.2 id: "filter" with: paths: | @@ -54,7 +54,7 @@ jobs: sudo apt-get install -y mosquitto - name: Generate GitHub App Token for oomol/${{ env.OVMLAYER_REPOSITORY }} id: app-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: app-id: ${{ vars.OOMOL_DOWNLOADER_APP_ID }} private-key: ${{ secrets.OOMOL_DOWNLOADER_APP_PRIVATE_KEY }} diff --git a/.github/workflows/oocana-python.yml b/.github/workflows/oocana-python.yml index cd4d768b..f23dbd38 100644 --- a/.github/workflows/oocana-python.yml +++ b/.github/workflows/oocana-python.yml @@ -23,7 +23,7 @@ jobs: - uses: actions/checkout@v6 - name: Generate GitHub App Token for oomol/${{ env.OVMLAYER_REPOSITORY }} id: app-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: app-id: ${{ vars.OOMOL_DOWNLOADER_APP_ID }} private-key: ${{ secrets.OOMOL_DOWNLOADER_APP_PRIVATE_KEY }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 7efde741..82992ab3 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -17,7 +17,7 @@ jobs: with: filter: blob:none fetch-depth: 0 - - uses: leavesster/pull-request-path-filter@v0.2.2 + - uses: leavesster/pull-request-path-filter@v0.2 id: "filter" with: paths: | From f4df5965d88ebf2f86b4706468c751da83861549 Mon Sep 17 00:00:00 2001 From: leavesster <11785335+leavesster@users.noreply.github.com> Date: Wed, 1 Apr 2026 12:01:36 +0800 Subject: [PATCH 3/3] ci: reuse shared ovmlayer action --- .github/actions/ovmlayer/action.yml | 78 ----------------------------- .github/workflows/layer.yml | 2 +- .github/workflows/oocana-python.yml | 2 +- 3 files changed, 2 insertions(+), 80 deletions(-) delete mode 100644 .github/actions/ovmlayer/action.yml diff --git a/.github/actions/ovmlayer/action.yml b/.github/actions/ovmlayer/action.yml deleted file mode 100644 index 07cd1862..00000000 --- a/.github/actions/ovmlayer/action.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: "setup ovmlayer" -description: "setup ovmlayer on ubuntu-latest" -inputs: - token: - description: "GitHub token with access to the ovmlayer release repository" - required: true - default: ${{ github.token }} - repository: - description: "GitHub repository name under oomol to download ovmlayer releases from" - required: true - use-runtime-setup: - description: "Whether to use ovmlayer setup with an extracted rootfs directory" - required: false - default: "false" - rootfs: - description: "rootfs tar" - required: false - default: "https://github.com/oomol/ovmlayer-rootfs/releases/download/base-rootfs%400.4.0/amd64-rootfs.tar" -runs: - using: "composite" - steps: - - name: setup ovmlayer environment - run: | - sudo apt update - sudo apt install -y --no-install-recommends tar zstd - shell: bash - - name: download ovmlayer - run: | - arch=$(uname -m) - case "$arch" in - x86_64) - arch=amd64 - ;; - aarch64|arm64) - arch=arm64 - ;; - *) - echo "unsupported architecture: $arch" >&2 - exit 1 - ;; - esac - - gh release download --repo "oomol/${{ inputs.repository }}" --pattern "*${arch}*" --clobber -O ovmlayer.tar.zst - - zstd -d ovmlayer.tar.zst -o ovmlayer.tar - mkdir -p ovmlayer-bin - tar -xf ovmlayer.tar -C ovmlayer-bin - - bin=$(find "$(pwd)/ovmlayer-bin" -name ovmlayer -type f | head -n 1) - if [[ -z "$bin" ]]; then - echo "ovmlayer binary not found in downloaded archive" >&2 - exit 1 - fi - - sudo install -m 755 "$bin" /usr/bin/ovmlayer - shell: bash - env: - GH_TOKEN: ${{ inputs.token }} - - name: download base rootfs - run: | - curl -L ${{ inputs.rootfs }} -o base_rootfs.tar - shell: bash - - name: extract base rootfs for runtime setup - if: inputs.use-runtime-setup == 'true' - run: | - mkdir -p base_rootfs - sudo tar -xf base_rootfs.tar -C "$(pwd)/base_rootfs" - shell: bash - - name: setup ovmlayer - run: | - if [[ "${{ inputs.use-runtime-setup }}" == "true" ]]; then - sudo -E ovmlayer setup --runtime /ovmlayer-workspace --external /external_layers --rootfs-path="$(pwd)/base_rootfs" - # GitHub Actions root user workaround: ovmlayer looks for config under $HOME. - sudo ln -sf /home/runner/.ovmlayer_cfg.json /root/.ovmlayer_cfg.json - else - sudo ovmlayer setup dev --base-rootfs="$(pwd)/base_rootfs.tar" --layer-disk=/tmp/layer-disk - fi - shell: bash diff --git a/.github/workflows/layer.yml b/.github/workflows/layer.yml index 9a26265c..5b73c27a 100644 --- a/.github/workflows/layer.yml +++ b/.github/workflows/layer.yml @@ -60,7 +60,7 @@ jobs: private-key: ${{ secrets.OOMOL_DOWNLOADER_APP_PRIVATE_KEY }} owner: oomol repositories: ${{ env.OVMLAYER_REPOSITORY }} - - uses: ./.github/actions/ovmlayer + - uses: oomol/oocana-rust/.github/actions/ovmlayer@main with: repository: ${{ env.OVMLAYER_REPOSITORY }} rootfs: https://github.com/oomol/ovmlayer-rootfs/releases/download/base-rootfs%400.4.0/amd64-rootfs.tar diff --git a/.github/workflows/oocana-python.yml b/.github/workflows/oocana-python.yml index f23dbd38..09818081 100644 --- a/.github/workflows/oocana-python.yml +++ b/.github/workflows/oocana-python.yml @@ -29,7 +29,7 @@ jobs: private-key: ${{ secrets.OOMOL_DOWNLOADER_APP_PRIVATE_KEY }} owner: oomol repositories: ${{ env.OVMLAYER_REPOSITORY }} - - uses: ./.github/actions/ovmlayer + - uses: oomol/oocana-rust/.github/actions/ovmlayer@main with: repository: ${{ env.OVMLAYER_REPOSITORY }} rootfs: https://github.com/oomol/ovmlayer-rootfs/releases/download/base-rootfs%400.4.0/amd64-rootfs.tar