127a36c5c8
Some checks failed
Build Archipelago ISO / build-iso (push) Has been cancelled
Install & Onboarding:
- Remove DEV_MODE=true from production ISO service file (auto-created
users, skipped password setup)
- Auto-install no longer overwrites rootfs service file with bad template
- Login.vue always checks auth.isSetup — shows password creation form
on fresh install without requiring dev build flag
- Deploy image-versions.sh to /opt/archipelago/scripts/ on installed nodes
- First-boot-containers sources image-versions.sh, runs podman as
archipelago user (rootless), enables linger + podman.socket
- Correct volume ownership (100000:100000 for rootless UID mapping)
Container Security:
- FileBrowser: add --cap-add=DAC_OVERRIDE for rootless podman volume access
- FileBrowser: add --read-only, /data volume for database, proper cmd args
- First-boot script matches backend config (security hardening + health check)
CI Pipeline:
- Add vue-tsc type check + vitest run to build-iso.yml (runs every push)
- Add post-install-tests.yml workflow (workflow_dispatch, SSH to target)
- Build report: set +eo pipefail, fix rootfs path, add || true guards
- Bundle run-post-install-tests.sh into ISO
E2E Test Suite (scripts/run-post-install-tests.sh):
- Phase 1: Install verification (files, services, podman, linger, DEV_MODE check)
- Phase 2: Onboarding flow (auth.isSetup, auth.setup, login, DID, complete)
- Phase 3: Container lifecycle (install 3 apps via package.install RPC,
verify running, stop, verify stopped, restart, verify running, health)
- Phase 4: Log verification (first-boot log, diagnostics, journal errors)
- Correct package.install params: {"id", "dockerImage"}
Frontend:
- Fix backdrop-filter tab-switch bug (keep animations paused during rebuild)
- Dashboard glitch animations paused during tab-hidden
- Gamepad nav: auto-focus first container on route change
- Tab roving: Left/Right on role="tab" cycles and activates sibling tabs
- ContainerApps: data-controller-launch on running app cards
- 515 tests passing (fixed 30 broken, added 19 new keyboard nav tests)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
131 lines
6.7 KiB
YAML
131 lines
6.7 KiB
YAML
name: Build Archipelago ISO
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build-iso:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 45
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 1
|
|
clean: false
|
|
|
|
- name: Build backend
|
|
run: |
|
|
source $HOME/.cargo/env 2>/dev/null || true
|
|
cargo build --release --manifest-path core/Cargo.toml
|
|
|
|
- name: Build frontend
|
|
run: cd neode-ui && npm ci && npm run build
|
|
|
|
- name: Type check frontend
|
|
run: cd neode-ui && npx vue-tsc -b --noEmit
|
|
|
|
- name: Run frontend tests
|
|
run: cd neode-ui && npx vitest run
|
|
|
|
- name: Cache Debian Live ISO
|
|
run: |
|
|
WORK_DIR="image-recipe/build/auto-installer"
|
|
mkdir -p "$WORK_DIR"
|
|
CACHED="/home/archipelago/archy/image-recipe/build/auto-installer/debian-live-installer.iso"
|
|
if [ -f "$CACHED" ] && [ ! -f "$WORK_DIR/debian-live-installer.iso" ]; then
|
|
cp "$CACHED" "$WORK_DIR/debian-live-installer.iso"
|
|
echo "Cached Debian Live ISO copied ($(du -h "$WORK_DIR/debian-live-installer.iso" | cut -f1))"
|
|
fi
|
|
|
|
- name: Configure root podman for insecure registry
|
|
run: |
|
|
sudo mkdir -p /etc/containers/registries.conf.d
|
|
echo '[[registry]]
|
|
location = "80.71.235.15:3000"
|
|
insecure = true' | sudo tee /etc/containers/registries.conf.d/archipelago.conf
|
|
|
|
- name: Build unbundled ISO
|
|
run: |
|
|
cd image-recipe
|
|
export ARCHIPELAGO_BIN="$(pwd)/../core/target/release/archipelago"
|
|
ls -la "$ARCHIPELAGO_BIN" || echo "WARNING: binary not found"
|
|
sudo -E UNBUNDLED=1 DEV_SERVER=localhost BUILD_FROM_SOURCE=0 \
|
|
ARCHIPELAGO_BIN="$ARCHIPELAGO_BIN" \
|
|
./build-auto-installer-iso.sh
|
|
|
|
- name: Copy to Builds
|
|
run: |
|
|
ISO=$(ls image-recipe/results/archipelago-installer-unbundled-*.iso 2>/dev/null | head -1)
|
|
if [ -n "$ISO" ]; then
|
|
DATE=$(date +%Y%m%d-%H%M)
|
|
DEST="/var/lib/archipelago/filebrowser/Builds/archipelago-unbundled-${DATE}.iso"
|
|
sudo cp "$ISO" "$DEST"
|
|
sudo chown 1000:1000 "$DEST"
|
|
echo "ISO: archipelago-unbundled-${DATE}.iso"
|
|
echo "Size: $(du -h "$DEST" | cut -f1)"
|
|
echo "SHA256: $(sha256sum "$DEST" | cut -d' ' -f1)"
|
|
fi
|
|
|
|
- name: Build report
|
|
if: always()
|
|
continue-on-error: true
|
|
run: |
|
|
set +eo pipefail
|
|
echo "══════════════════════════════════════════"
|
|
echo "BUILD REPORT"
|
|
echo "══════════════════════════════════════════"
|
|
echo "Commit: $(git rev-parse --short HEAD) ($(git log -1 --format=%s))"
|
|
echo "Branch: ${GITHUB_REF_NAME:-unknown}"
|
|
echo "Date: $(date -u '+%Y-%m-%d %H:%M:%S UTC')"
|
|
echo "Runner: $(hostname)"
|
|
echo ""
|
|
echo "── Artifacts ──"
|
|
ls -lh image-recipe/results/*.iso 2>/dev/null || echo " No ISO produced"
|
|
ls -lh /var/lib/archipelago/filebrowser/Builds/archipelago-unbundled-*.iso 2>/dev/null | tail -3
|
|
echo ""
|
|
echo "── Rootfs contents check ──"
|
|
ROOTFS=$(ls image-recipe/build/auto-installer/archipelago-rootfs.tar 2>/dev/null) || true
|
|
if [ -n "$ROOTFS" ]; then
|
|
echo " rootfs.tar: $(sudo du -h "$ROOTFS" 2>/dev/null | cut -f1 || echo 'unknown')"
|
|
echo " nginx config: $(sudo tar tf "$ROOTFS" ./etc/nginx/sites-available/archipelago 2>/dev/null && echo 'PRESENT' || echo 'MISSING')"
|
|
echo " SSL cert: $(sudo tar tf "$ROOTFS" ./etc/archipelago/ssl/archipelago.crt 2>/dev/null && echo 'PRESENT' || echo 'MISSING')"
|
|
echo " keyboard config: $(sudo tar tf "$ROOTFS" ./etc/default/keyboard 2>/dev/null && echo 'PRESENT' || echo 'MISSING')"
|
|
echo " console-setup: $(sudo tar tf "$ROOTFS" ./etc/default/console-setup 2>/dev/null && echo 'PRESENT' || echo 'MISSING')"
|
|
echo " kiosk launcher: $(sudo tar tf "$ROOTFS" ./usr/local/bin/archipelago-kiosk-launcher 2>/dev/null && echo 'PRESENT' || echo 'MISSING')"
|
|
echo " logind lid: $(sudo tar tf "$ROOTFS" ./etc/systemd/logind.conf.d/lid-ignore.conf 2>/dev/null && echo 'PRESENT' || echo 'MISSING')"
|
|
echo " backend binary: $(sudo tar tf "$ROOTFS" ./usr/local/bin/archipelago 2>/dev/null && echo 'PRESENT' || echo 'MISSING')"
|
|
echo " web-ui index: $(sudo tar tf "$ROOTFS" ./opt/archipelago/web-ui/index.html 2>/dev/null && echo 'PRESENT' || echo 'MISSING')"
|
|
else
|
|
echo " rootfs.tar not found in workspace"
|
|
fi
|
|
echo ""
|
|
echo "── ISO contents check ──"
|
|
ISO=$(ls image-recipe/results/archipelago-installer-unbundled-*.iso 2>/dev/null | head -1) || true
|
|
if [ -n "$ISO" ]; then
|
|
echo " ISO size: $(sudo du -h "$ISO" 2>/dev/null | cut -f1 || echo 'unknown')"
|
|
ISO_MOUNT=$(mktemp -d)
|
|
if sudo mount -o loop,ro "$ISO" "$ISO_MOUNT" 2>/dev/null; then
|
|
echo " auto-install.sh: $([ -f "$ISO_MOUNT/archipelago/auto-install.sh" ] && echo 'PRESENT' || echo 'MISSING')"
|
|
echo " rootfs.tar: $([ -f "$ISO_MOUNT/archipelago/rootfs.tar" ] && echo "PRESENT ($(sudo du -h "$ISO_MOUNT/archipelago/rootfs.tar" 2>/dev/null | cut -f1))" || echo 'MISSING')"
|
|
echo " backend bin: $([ -f "$ISO_MOUNT/archipelago/bin/archipelago" ] && echo "PRESENT ($(sudo du -h "$ISO_MOUNT/archipelago/bin/archipelago" 2>/dev/null | cut -f1))" || echo 'MISSING')"
|
|
echo " frontend: $([ -f "$ISO_MOUNT/archipelago/web-ui/index.html" ] && echo 'PRESENT' || echo 'MISSING')"
|
|
echo " image-versions: $([ -f "$ISO_MOUNT/archipelago/scripts/image-versions.sh" ] && echo 'PRESENT' || echo 'MISSING')"
|
|
sudo umount "$ISO_MOUNT" 2>/dev/null || true
|
|
else
|
|
echo " Could not mount ISO for inspection"
|
|
fi
|
|
rmdir "$ISO_MOUNT" 2>/dev/null || true
|
|
fi
|
|
echo "══════════════════════════════════════════"
|
|
|
|
- name: Fix workspace permissions
|
|
if: always()
|
|
run: |
|
|
sudo chown -R $(id -u):$(id -g) . 2>/dev/null || true
|
|
sudo chmod -R u+rwX . 2>/dev/null || true
|
|
sudo chown -R $(id -u):$(id -g) "$HOME/.cache/act" 2>/dev/null || true
|
|
sudo chmod -R u+rwX "$HOME/.cache/act" 2>/dev/null || true
|