Add image making action (#2897)

* Add image making action

* Security fix

* Add more info to the commit message

.github/workflows/build-single.yml

@@ -0,0 +1,222 @@
+name: Build selected
+
+on:
+
+  workflow_dispatch:
+
+    inputs:
+
+      boards:
+        description: 'Comma delimited list'
+        required: true
+        default: 'bananapi'
+
+      repository:
+        description: 'Packages from repository'
+        required: true
+        default: 'yes'
+
+jobs:
+
+    prepare:
+
+      name: Build image(s) for download section
+      runs-on: [self-hosted, Linux, X64, cache]
+      if: ${{ github.repository_owner == 'Armbian' }}
+      steps:
+
+        - name: Fix permissions
+          run: |
+
+            # make sure no temporally dirs are mounted from previous runs
+            while :
+            do
+                sudo pkill compile.sh || true
+                sudo pkill arm-binfmt-P || true
+                sudo pkill aarch64-binfmt-P || true
+                sudo pkill pixz || true
+                [[ "$(df | grep "/.tmp" | wc -l)" -eq 0 ]] && sudo rm -rf build/.tmp && break
+                echo "Mounted temp directories. Trying to unmount."
+                df | grep ".tmp" | awk '{print $6}' | xargs sudo umount 2>/dev/null || true
+                sleep 10
+            done
+
+            sudo chown -R $USER:$USER .
+
+        - name: Checkout Armbian build script
+
+          uses: actions/checkout@v2
+          with:
+            fetch-depth: 0
+            repository: armbian/build
+            path: build
+            ref: master
+            clean: false
+
+        - name: Checkout Armbian support scripts
+
+          uses: actions/checkout@v2
+          with:
+            fetch-depth: 0
+            repository: armbian/scripts
+            token: ${{ secrets.SCRIPTS_ACCESS_TOKEN }}
+            path: scripts
+            clean: true
+
+        - name: Import GPG key
+
+          uses: crazy-max/ghaction-import-gpg@v3
+          with:
+            gpg-private-key: ${{ secrets.GPG_KEY1 }}
+            passphrase: ${{ secrets.GPG_PASSPHRASE1 }}
+            workdir: scripts
+            git-user-signingkey: true
+            git-commit-gpgsign: true
+
+
+        - name: Build beta images
+          env:
+
+            GPG_PASS:        ${{ secrets.GPG_PASSPHRASE1 }}
+            REBUILD_IMAGES:  ${{ github.event.inputs.boards }}
+            REPOSITORY:      ${{ github.event.inputs.repository }}
+
+          run: |
+
+            cd build
+           
+            [[ "${REPOSITORY}" == "yes" ]] && REPOSITORY_INSTALL="u-boot,kernel,armbian-config,armbian-zsh,armbian-firmware"
+            [[ ! -f .ignore_changes ]] && sudo touch .ignore_changes
+            ./compile.sh KERNEL_ONLY="yes" BOARD="bananapi" BRANCH="current" KERNEL_CONFIGURE="no" USE_TORRENT="yes" REPOSITORY_INSTALL="kernel" 'prepare_host'
+            PARALLEL_BUILDS=$(awk '{printf("%d",$1/8000)}' <<<$(($(LC_ALL=C free -w 2>/dev/null | grep "^Mem" | awk '{print $2}' || LC_ALL=C free | grep "^Mem"| awk '{print $2}')/1024)))
+
+            # use prepared configs
+            sudo cp ../scripts/configs/* userpatches/
+
+            # use version from scripts
+            sudo cp ../scripts/VERSION .
+
+            # cleaning leftovers if any
+            rm -rf output/images/* output/debs/*
+            rm -f userpatches/targets.conf
+
+            [[ "${REPOSITORY}" != "yes" ]] && ./compile.sh single IGNORE_HASH="yes" REPOSITORY_INSTALL="${REPOSITORY_INSTALL}" REBUILD_IMAGES="${REBUILD_IMAGES}" KERNEL_ONLY="yes" BETA="no" BUILD_ALL="yes" BSP_BUILD="yes" MAKE_ALL_BETA="yes"
+            ./compile.sh single MULTITHREAD="${PARALLEL_BUILDS}" REPOSITORY_INSTALL="${REPOSITORY_INSTALL}" IGNORE_HASH="yes" IGNORE_UPDATES="yes" REBUILD_IMAGES="${REBUILD_IMAGES}" KERNEL_ONLY="no" BETA="no" BUILD_ALL="yes" GPG_PASS="${GPG_PASS}"
+
+        - name: Make BSP packages if we build from sources
+
+          if: ${{ success() && github.event.inputs.repository != 'yes' }}
+
+          run: |
+
+            cd build
+            sudo rm -f .tmp/bump
+            if [[ $(cat .tmp/n 2> /dev/null) -ne 0 ]]; then
+              ./compile.sh all-new-stable-bsp
+              sudo touch .tmp/bump
+            fi
+
+        - name: Bump stable version if we build from sources
+
+          if: ${{ success() && github.event.inputs.repository != 'yes' }}
+
+          run: |
+
+            cd scripts
+            sudo git clean -ffdx && git reset --hard HEAD
+            git config pull.rebase false
+            VERSION=$(cat VERSION | cut -d. -f1,2)
+            PATCH=$(cat VERSION | cut -d. -f3,3)
+            echo $VERSION"."$(($PATCH + 1)) | tee VERSION
+            git config --global user.email "info@armbian.com"
+            git config --global user.name "Armbianworker"
+            git pull
+            git add VERSION
+            git commit -m "Bump stable version" -m "" -m "Adding following kernels:" -m "$(find output/debs-beta/ -type f -name "linux-image*.deb" -printf "%f\n" | sort)"
+            git push
+
+        - name: Install SSH key for storage
+          uses: shimataro/ssh-key-action@v2
+          with:
+
+            key: ${{ secrets.KEY_FOR_TORRENT }}
+            known_hosts: ${{ secrets.KNOWN_HOSTS_TORRENT }}
+            if_key_exists: replace
+
+        - name: Deploy images to server
+          if: ${{ success() }}
+          run: |
+
+            sudo apt-get -y -qq install lftp
+            sudo chown -R $USER:$USER $(pwd)/build/output/images/
+            lftp -u upload, -e "set net:timeout 4;set net:max-retries 6;mirror --Remove-source-files -R --no-empty-dirs --parallel=8 --no-perms $(pwd)/build/output/images/ images/ ;bye" sftp://users.armbian.com
+
+        - name: Deploy packages to server
+          if: ${{ success() && github.event.inputs.repository != 'yes' }}
+
+          run: |
+
+            lftp -u upload, -e "set net:timeout 4;set net:max-retries 6;mirror --Remove-source-files -R --no-empty-dirs --parallel=8 --no-perms $(pwd)/build/output/debs/ debs/ ;bye" sftp://users.armbian.com
+
+    repository:
+
+      #
+      # Rebuilds package repository
+      #
+
+      name: Update package repository
+      needs: [prepare]
+      if: ${{ github.event.inputs.repository != 'yes' && github.repository_owner == 'Armbian' }}
+      runs-on: [self-hosted, Linux, local]
+      steps:
+
+        - name: Install SSH key for repository
+
+          uses: shimataro/ssh-key-action@v2
+          with:
+            key: ${{ secrets.KEY_REPOSITORY }}
+            name: id_repository # optional
+            known_hosts: ${{ secrets.KNOWN_HOSTS_REPOSITORY }}
+            if_key_exists: replace
+
+        - name: Update repository
+
+          run: ssh -T -i ~/.ssh/id_repository ${{ secrets.USER_REPOSITORY }}@${{ secrets.HOST_REPOSITORY }}
+
+
+    torrents:
+
+      #
+      # Rebuilt torrent files for rootfs cache
+      #
+
+      name: Update download infrastructure
+      needs: [prepare]
+      runs-on: [self-hosted, Linux, local]
+      if: ${{ github.repository_owner == 'Armbian' }}
+      steps:
+
+        - name: Install SSH key for torrent
+
+          uses: shimataro/ssh-key-action@v2
+          with:
+            key: ${{ secrets.KEY_TORRENTS }}
+            name: id_torrent # optional
+            known_hosts: ${{ secrets.KNOWN_HOSTS_TORRENTS }}
+            if_key_exists: replace
+
+        - name: Create torrents
+
+          run: ssh -T -i ~/.ssh/id_torrent ${{ secrets.USER_TORRENTS }}@${{ secrets.HOST_TORRENTS }}
+
+
+    finish:
+
+      name: Cleaning
+      needs: [torrents, repository]
+      runs-on: [self-hosted, Linux]
+      steps:
+        - name: Run script
+          shell: bash {0}
+          run: |
+            echo "Stop"

.github/workflows/build.yml

@@ -1,4 +1,4 @@
-name: Build
+name: Build beta & edge
 
 on:
   schedule:

.github/workflows/testpr.yml

@@ -1,4 +1,4 @@
-name: test pull request
+name: Test pull request
 # This workflow is triggered on pushes to the repository.
 on: [pull_request]