Switch to using Github Actions

With the recent changes to Travis CI, it seemed
like a good time to begin porting netboot.xyz CI
over to Github Actions to keep everything in on
place.  These are the changes for the main
netboot.xyz repo.

.github/workflows/development.yml

@@ -0,0 +1,58 @@
+name: development
+
+on:
+  push:
+    branches:
+      - development
+
+env:
+  AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET_DEV }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  DISCORD_HOOK_URL: ${{ secrets.DISCORD_HOOK_URL }}
+  GITHUB_SHA: ${{ github.sha }}
+
+jobs:
+  development-build:
+    name: Build Development
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Retrieve Certs
+      run: |
+        ./script/retrieve_certs
+      env:
+        GIT_USER: ${{ secrets.GIT_USER }}
+        GIT_AUTH: ${{ secrets.GIT_AUTH }}
+        GIT_URL: ${{ secrets.GIT_URL }}
+        CERTS_KEY: ${{ secrets.CERTS_KEY }}
+
+    - name: Build Development Release
+      run: |
+        ./script/build_release dev
+
+    - name: Deploy development release to bucket/SHA
+      uses: jakejarvis/s3-sync-action@master
+      with:
+        args: --acl public-read --follow-symlinks
+      env:
+        SOURCE_DIR: 's3out'
+        DEST_DIR: '$GITHUB_SHA'
+
+    - name: Deploy development release to bucket
+      uses: jakejarvis/s3-sync-action@master
+      with:
+        args: --acl public-read --follow-symlinks
+      env:
+        SOURCE_DIR: 's3outver'
+
+    - name: Notify Discord on failure
+      if: failure()
+      run: |
+        ./script/message failure
+
+    - name: Notify Discord on completion
+      if: success()
+      run: |
+        ./script/message dev-push

.github/workflows/pull-requests.yml

@@ -0,0 +1,42 @@
+name: pull-requests
+
+on:
+  pull_request:
+    branches:
+      - development
+      - RC
+      - master
+
+jobs:
+  test-pr:
+    name: Test Pull Request
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - uses: actions/setup-python@v2
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install ansible ansible-lint
+
+    - name: Syntax Check
+      run: |
+        ansible-playbook -i inventory site.yml --syntax-check
+
+    - name: Ansible lint
+      run: |
+        ansible-lint -v roles/netbootxyz
+
+  build-pr:
+    name: Build Pull Request
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - uses: actions/setup-python@v2
+
+    - name: Build PR release
+      run: |
+        ./script/build_release pr

.github/workflows/release-candidate.yml

@@ -0,0 +1,82 @@
+name: release-candidate
+
+on:
+  push:
+    branches:
+      - RC
+
+env:
+  DISCORD_HOOK_URL: ${{ secrets.DISCORD_HOOK_URL }}
+  GITHUB_SHA: ${{ github.sha }}
+
+jobs:
+  rc-build:
+    name: Build Release Candidate
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Retrieve Certs
+      run: |
+        ./script/retrieve_certs
+      env:
+        GIT_USER: ${{ secrets.GIT_USER }}
+        GIT_AUTH: ${{ secrets.GIT_AUTH }}
+        GIT_URL: ${{ secrets.GIT_URL }}
+        CERTS_KEY: ${{ secrets.CERTS_KEY }}
+
+    - name: Set Release Tag
+      id: release
+      run: echo "::set-output name=release_tag::$(cat version.txt)-RC"
+
+    - name: Build RC release
+      run: |
+        ./script/build_release rc
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ secrets.AWS_ACCESS_REGION }}
+
+    - name: Deploy RC to release-candidate bucket
+      run: |
+        aws s3 sync --no-progress --acl public-read s3out s3://${{ secrets.AWS_S3_BUCKET_STAGING }}/${{ steps.release.outputs.release_tag }}
+
+    - name: Deploy RC to rolling bucket
+      run: |
+        aws s3 sync --no-progress --acl public-read s3out-latest s3://${{ secrets.AWS_S3_BUCKET_STAGING }}/rc
+
+    - name: Deploy RC version file
+      run: |
+        aws s3 sync --no-progress --acl public-read s3outver s3://${{ secrets.AWS_S3_BUCKET_STAGING }}
+
+    - name: Invalidate Cloudfront
+      run: |
+        aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DIST_ID_STAGING }} --paths "/rc/*" "/rc/ipxe/*"
+
+    - name: Tag RC Release
+      run: |
+        ./script/tag ${{ steps.release.outputs.release_tag }}
+
+    - name: Create RC Release and Upload Assets
+      uses: svenstaro/upload-release-action@v2
+      with:
+        file: githubout/*
+        file_glob: true
+        overwrite: true
+        prerelease: true
+        release_name: ${{ steps.release.outputs.release_tag }}
+        repo_token: ${{ secrets.GITHUB_TOKEN }}
+        tag: ${{ steps.release.outputs.release_tag }}
+
+    - name: Notify Discord on failure
+      if: failure()
+      run: |
+        ./script/message failure
+
+    - name: Notify Discord on completion
+      if: success()
+      run: |
+        ./script/message rc-push

.github/workflows/release.yml

@@ -0,0 +1,78 @@
+name: release
+
+on:
+  push:
+    branches:
+      - master
+
+env:
+  DISCORD_HOOK_URL: ${{ secrets.DISCORD_HOOK_URL }}
+  GITHUB_SHA: ${{ github.sha }}
+
+jobs:
+  release:
+    name: Build Release
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Retrieve Certs
+      run: |
+        ./script/retrieve_certs
+      env:
+        GIT_USER: ${{ secrets.GIT_USER }}
+        GIT_AUTH: ${{ secrets.GIT_AUTH }}
+        GIT_URL: ${{ secrets.GIT_URL }}
+        CERTS_KEY: ${{ secrets.CERTS_KEY }}
+
+    - name: Set Release Tag
+      id: release
+      run: echo "::set-output name=release_tag::$(cat version.txt)"
+
+    - name: Build release
+      run: |
+        ./script/build_release release
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ secrets.AWS_ACCESS_REGION }}
+
+    - name: Deploy master to release bucket
+      run: |
+        aws s3 sync --no-progress --acl public-read s3out s3://${{ secrets.AWS_S3_BUCKET_PROD }}/${{ steps.release.outputs.release_tag }}
+
+    - name: Deploy master to rolling bucket
+      run: |
+        aws s3 sync --no-progress --acl public-read s3out-latest s3://${{ secrets.AWS_S3_BUCKET_PROD }}
+
+    - name: Invalidate Cloudfront
+      run: |
+        aws cloudfront create-invalidation --distribution-id ${{ secrets.CLOUDFRONT_DIST_ID_PROD }} --paths "/*" "/ipxe/*"
+
+    - name: Tag Release
+      run: |
+        ./script/tag ${{ steps.release.outputs.release_tag }}
+
+    - name: Create Release and Upload Assets
+      uses: svenstaro/upload-release-action@v2
+      with:
+        file: githubout/*
+        file_glob: true
+        overwrite: true
+        prerelease: false
+        release_name: ${{ steps.release.outputs.release_tag }}
+        repo_token: ${{ secrets.GITHUB_TOKEN }}
+        tag: ${{ steps.release.outputs.release_tag }}
+
+    - name: Notify Discord on failure
+      if: failure()
+      run: |
+        ./script/message failure
+
+    - name: Notify Discord on completion
+      if: success()
+      run: |
+        ./script/message live-push

.travis.yml

@@ -1,190 +0,0 @@
-os: linux
-dist: focal
-language: shell
-services:
-  - docker
-env:
-  global:
-    - DEBIAN_FRONTEND="noninteractive"
-jobs:
-  include:
-    - stage: test
-      if: type = pull_request
-      language: python
-      install:
-        - pip install ansible ansible-lint
-        - ansible-lint --version
-      script:
-        - ansible-playbook -i inventory site.yml --syntax-check
-        - ansible-lint -v roles/netbootxyz
-
-    - stage: development
-      if: branch = development AND type != pull_request
-      before_install:
-        - ./script/retrieve_certs
-      script:
-        - ./script/build_release dev
-      after_failure:
-        - ./script/message failure
-      deploy:
-        - provider: s3
-          edge: true
-          access_key_id: $AWS_ACCESS_KEY_ID
-          secret_access_key: $AWS_SECRET_ACCESS_KEY
-          bucket: $BUCKET_DEV
-          local_dir: s3out
-          upload_dir: $TRAVIS_COMMIT
-          skip_cleanup: true
-          on:
-            branch: development
-        - provider: s3
-          edge: true
-          access_key_id: $AWS_ACCESS_KEY_ID
-          secret_access_key: $AWS_SECRET_ACCESS_KEY
-          bucket: $BUCKET_DEV
-          local_dir: s3outver
-          skip_cleanup: true
-          on:
-            branch: development
-      after_deploy:
-        - >
-          if ! [ "$AFTER_DEPLOY_RUN" ]; then
-            export AFTER_DEPLOY_RUN=1;
-            ./script/message dev-push
-          fi
-          
-    - stage: pull-request
-      if: type = pull_request
-      script:
-        - ./script/build_release pr
-
-    - stage: release-candidate
-      if: branch = RC AND type != pull_request
-      before_install:
-        - ./script/retrieve_certs
-      script:
-        - ./script/build_release rc
-      workspaces:
-        create:
-          name: githubassets
-          paths:
-            - githubout 
-      after_failure:
-        - ./script/message failure
-      before_deploy:
-        - export RELEASE_TAG=$(cat version.txt)-RC
-      deploy:
-        - provider: s3
-          edge: true
-          access_key_id: $AWS_ACCESS_KEY_ID
-          secret_access_key: $AWS_SECRET_ACCESS_KEY
-          bucket: $BUCKET_STAGING
-          local_dir: s3out-latest
-          upload_dir: rc
-          skip_cleanup: true
-          on:
-            branch: RC
-        - provider: s3
-          edge: true
-          access_key_id: $AWS_ACCESS_KEY_ID
-          secret_access_key: $AWS_SECRET_ACCESS_KEY
-          bucket: $BUCKET_STAGING
-          local_dir: s3out
-          upload_dir: $RELEASE_TAG
-          skip_cleanup: true
-          on:
-            branch: RC
-        - provider: s3
-          edge: true
-          access_key_id: $AWS_ACCESS_KEY_ID
-          secret_access_key: $AWS_SECRET_ACCESS_KEY
-          bucket: $BUCKET_STAGING
-          local_dir: s3outver
-          skip_cleanup: true
-          on:
-            branch: RC
-
-    - stage: rc-github
-      if: branch = RC AND type != pull_request
-      before_install:
-        - ./script/pre_install
-      workspaces:
-        use: githubassets
-      script: skip
-      before_deploy:
-        - export RELEASE_TAG=$(cat version.txt)-RC
-        - ./script/tag
-      deploy:
-        - provider: releases
-          token: $GITHUB_TOKEN
-          file_glob: true
-          file: githubout/*
-          name: $RELEASE_TAG
-          prerelease: true
-          skip_cleanup: true
-          on:
-            branch: RC
-      after_deploy:
-        - aws configure set preview.cloudfront true
-        - aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DIST_ID_STAGING --paths "rc/*" "rc/ipxe/*"
-        - ./script/message rc-push
-
-    - stage: release
-      if: branch = master AND type != pull_request
-      before_install:
-        - ./script/retrieve_certs
-      script:
-        - ./script/build_release release
-      workspaces:
-        create:
-          name: githubassets
-          paths:
-            - githubout 
-      after_failure:
-        - ./script/message failure
-      before_deploy:
-        - export RELEASE_TAG=$(cat version.txt)
-      deploy:
-        - provider: s3
-          edge: true
-          access_key_id: $AWS_ACCESS_KEY_ID
-          secret_access_key: $AWS_SECRET_ACCESS_KEY
-          bucket: $BUCKET_PROD
-          local_dir: s3out-latest
-          skip_cleanup: true
-          on:
-            branch: master
-        - provider: s3
-          edge: true
-          access_key_id: $AWS_ACCESS_KEY_ID
-          secret_access_key: $AWS_SECRET_ACCESS_KEY
-          bucket: $BUCKET_PROD
-          local_dir: s3out
-          upload_dir: $RELEASE_TAG
-          skip_cleanup: true
-          on:
-            branch: master
-
-    - stage: release-github
-      if: branch = master AND type != pull_request
-      before_install:
-        - ./script/pre_install
-      workspaces:
-        use: githubassets
-      script: skip
-      before_deploy:
-        - export RELEASE_TAG=$(cat version.txt)
-        - git tag ${RELEASE_TAG}
-      deploy:
-        - provider: releases
-          token: $GITHUB_TOKEN
-          file_glob: true
-          file: githubout/*
-          name: $RELEASE_TAG
-          skip_cleanup: true
-          on:
-            branch: master
-      after_deploy:
-        - aws configure set preview.cloudfront true
-        - aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DIST_ID_PROD --paths "/*" "/ipxe/*"
-        - ./script/message live-push

README.md

@@ -1,6 +1,6 @@
 ## netboot.xyz
 
-[![Build Status](https://travis-ci.com/netbootxyz/netboot.xyz.svg?branch=master)](https://travis-ci.com/netbootxyz/netboot.xyz)
+[![Build Status](https://github.com/netbootxyz/netboot.xyz/workflows/release/badge.svg)](https://travis-ci.com/netbootxyz/netboot.xyz)
 [![Discord](https://img.shields.io/discord/425186187368595466)](https://discord.gg/An6PA2a)
 [![Release](https://img.shields.io/github/v/release/netbootxyz/netboot.xyz?color=hunter%20green)](https://github.com/netbootxyz/netboot.xyz/releases/latest)
 

script/build_release

@@ -11,8 +11,8 @@ DOCKER_FILE="Dockerfile-build.production"
 
 # Set boot domain
 if [[ "${TYPE}" == "dev" ]]; then
-  BOOT_DOMAIN="s3.amazonaws.com/${DEV_URL}/${TRAVIS_COMMIT}"
-  BOOT_VERSION="${TRAVIS_COMMIT}"
+  BOOT_DOMAIN="s3.amazonaws.com/${DEV_URL}/${GITHUB_SHA}"
+  BOOT_VERSION="${GITHUB_SHA}"
 elif [[ "${TYPE}" == "pr" ]]; then
   BOOT_DOMAIN="test.com"
   BOOT_VERSION="test"
@@ -33,7 +33,7 @@ sed -i \
 
 # Build release
 docker build -t localbuild -f ${DOCKER_FILE} .
-docker run --rm -it -v $(pwd):/buildout localbuild
+docker run --rm -i -v $(pwd):/buildout localbuild
 
 # Generate folder outputs
 mkdir -p s3out
@@ -68,7 +68,7 @@ if [[ "${TYPE}" == "release" ]] || [[ "${TYPE}" == "rc" ]]; then
       -e "/^boot_domain/c\boot_domain: ${STAGING_URL}/rc" \
       user_overrides.yml
     docker build -t localbuild -f ${DOCKER_FILE} .
-    docker run --rm -it -v $(pwd):/buildout localbuild
+    docker run --rm -i -v $(pwd):/buildout localbuild
   fi
   mkdir -p s3out-latest
   cp -r buildout/* s3out-latest/

script/message

@@ -4,39 +4,38 @@ set -e
 TYPE=$1
 
 if [ "${TYPE}" == "dev-push" ]; then
-  BOOT_URL="https://s3.amazonaws.com/${BUCKET_DEV}/${TRAVIS_COMMIT}/index.html"
+  BOOT_URL="https://s3.amazonaws.com/dev.boot.netboot.xyz/${GITHUB_SHA}/index.html"
 elif [ "${TYPE}" == "rc-push" ]; then
   BOOT_URL="https://staging.boot.netboot.xyz/$(cat version.txt)-RC/index.html"
 elif [ "${TYPE}" == "live-push" ]; then
   BOOT_URL="https://boot.netboot.xyz/$(cat version.txt)/index.html"
 fi
 
-
 # send status to discord
 if [ "${TYPE}" == "failure" ]; then
   curl -X POST -H "Content-Type: application/json" --data \
   '{
-    "avatar_url": "https://unavatar.now.sh/twitter/travisci",
+    "avatar_url": "https://unavatar.now.sh/twitter/github",
     "embeds": [
       {
         "color": 16711680,
-        "description": "__**Failed to Build**__ \n**Build:**  '${TRAVIS_BUILD_WEB_URL}'\n**Status:**  Failure\n**Change:** https://github.com/netbootxyz/netboot.xyz/commit/'${TRAVIS_COMMIT}'\n"
+        "description": "__**Failed to Build**__ \n**Build:**  'https://github.com/netbootxyz/netboot.xyz/actions/runs/${GITHUB_RUN_ID}'\n**Status:**  Failure\n**Change:** https://github.com/netbootxyz/netboot.xyz/commit/'${GITHUB_SHA}'\n"
       }
     ],
-    "username": "Travis CI"
+    "username": "Github"
   }' \
   ${DISCORD_HOOK_URL}
 else
   curl -X POST -H "Content-Type: application/json" --data \
   '{
-    "avatar_url": "https://unavatar.now.sh/twitter/travisci",
+    "avatar_url": "https://unavatar.now.sh/twitter/github",
     "embeds": [
       {
         "color": 1681177,
-        "description": "__**Boot Menu Published**__ \n**Files:** '${BOOT_URL}' \n**Build:**  '${TRAVIS_BUILD_WEB_URL}'\n**Change:** https://github.com/netbootxyz/netboot.xyz/commit/'${TRAVIS_COMMIT}'\n"
+        "description": "__**Boot Menu Published**__ \n**Files:** '${BOOT_URL}' \n**Build:**  'https://github.com/netbootxyz/netboot.xyz/actions/runs/${GITHUB_RUN_ID}'\n**Change:** https://github.com/netbootxyz/netboot.xyz/commit/'${GITHUB_SHA}'\n"
       }
     ],
-    "username": "Travis CI"
+    "username": "Github"
   }' \
   ${DISCORD_HOOK_URL}
 fi

script/retrieve_certs

@@ -4,5 +4,5 @@ set -e
 # retrieve certs
 git clone https://$GIT_USER:$GIT_AUTH@$GIT_URL certs
 cp certs/certs.tar.enc .
-openssl aes-256-cbc -K $encrypted_9ca5918f08ba_key -iv $encrypted_9ca5918f08ba_iv -in certs.tar.enc -out certs.tar -d
+openssl aes-256-cbc -pass pass:$CERTS_KEY -d -salt -pbkdf2 -a -in certs.tar.enc -out certs.tar
 tar xf certs.tar -C certs