From e65c7a9f808a5513245fe1d4ef2ece645a9d3714 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Pe=C4=8Dovnik?= Date: Mon, 14 Jun 2021 18:59:04 +0200 Subject: [PATCH] Add image making action (#2897) * Add image making action * Security fix * Add more info to the commit message --- .github/workflows/build-single.yml | 222 +++++++++++++++++++++++++++++ .github/workflows/build.yml | 2 +- .github/workflows/testpr.yml | 2 +- 3 files changed, 224 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/build-single.yml diff --git a/.github/workflows/build-single.yml b/.github/workflows/build-single.yml new file mode 100644 index 0000000000..c6c4b2568c --- /dev/null +++ b/.github/workflows/build-single.yml @@ -0,0 +1,222 @@ +name: Build selected + +on: + + workflow_dispatch: + + inputs: + + boards: + description: 'Comma delimited list' + required: true + default: 'bananapi' + + repository: + description: 'Packages from repository' + required: true + default: 'yes' + +jobs: + + prepare: + + name: Build image(s) for download section + runs-on: [self-hosted, Linux, X64, cache] + if: ${{ github.repository_owner == 'Armbian' }} + steps: + + - name: Fix permissions + run: | + + # make sure no temporally dirs are mounted from previous runs + while : + do + sudo pkill compile.sh || true + sudo pkill arm-binfmt-P || true + sudo pkill aarch64-binfmt-P || true + sudo pkill pixz || true + [[ "$(df | grep "/.tmp" | wc -l)" -eq 0 ]] && sudo rm -rf build/.tmp && break + echo "Mounted temp directories. Trying to unmount." + df | grep ".tmp" | awk '{print $6}' | xargs sudo umount 2>/dev/null || true + sleep 10 + done + + sudo chown -R $USER:$USER . + + - name: Checkout Armbian build script + + uses: actions/checkout@v2 + with: + fetch-depth: 0 + repository: armbian/build + path: build + ref: master + clean: false + + - name: Checkout Armbian support scripts + + uses: actions/checkout@v2 + with: + fetch-depth: 0 + repository: armbian/scripts + token: ${{ secrets.SCRIPTS_ACCESS_TOKEN }} + path: scripts + clean: true + + - name: Import GPG key + + uses: crazy-max/ghaction-import-gpg@v3 + with: + gpg-private-key: ${{ secrets.GPG_KEY1 }} + passphrase: ${{ secrets.GPG_PASSPHRASE1 }} + workdir: scripts + git-user-signingkey: true + git-commit-gpgsign: true + + + - name: Build beta images + env: + + GPG_PASS: ${{ secrets.GPG_PASSPHRASE1 }} + REBUILD_IMAGES: ${{ github.event.inputs.boards }} + REPOSITORY: ${{ github.event.inputs.repository }} + + run: | + + cd build + + [[ "${REPOSITORY}" == "yes" ]] && REPOSITORY_INSTALL="u-boot,kernel,armbian-config,armbian-zsh,armbian-firmware" + [[ ! -f .ignore_changes ]] && sudo touch .ignore_changes + ./compile.sh KERNEL_ONLY="yes" BOARD="bananapi" BRANCH="current" KERNEL_CONFIGURE="no" USE_TORRENT="yes" REPOSITORY_INSTALL="kernel" 'prepare_host' + PARALLEL_BUILDS=$(awk '{printf("%d",$1/8000)}' <<<$(($(LC_ALL=C free -w 2>/dev/null | grep "^Mem" | awk '{print $2}' || LC_ALL=C free | grep "^Mem"| awk '{print $2}')/1024))) + + # use prepared configs + sudo cp ../scripts/configs/* userpatches/ + + # use version from scripts + sudo cp ../scripts/VERSION . + + # cleaning leftovers if any + rm -rf output/images/* output/debs/* + rm -f userpatches/targets.conf + + [[ "${REPOSITORY}" != "yes" ]] && ./compile.sh single IGNORE_HASH="yes" REPOSITORY_INSTALL="${REPOSITORY_INSTALL}" REBUILD_IMAGES="${REBUILD_IMAGES}" KERNEL_ONLY="yes" BETA="no" BUILD_ALL="yes" BSP_BUILD="yes" MAKE_ALL_BETA="yes" + ./compile.sh single MULTITHREAD="${PARALLEL_BUILDS}" REPOSITORY_INSTALL="${REPOSITORY_INSTALL}" IGNORE_HASH="yes" IGNORE_UPDATES="yes" REBUILD_IMAGES="${REBUILD_IMAGES}" KERNEL_ONLY="no" BETA="no" BUILD_ALL="yes" GPG_PASS="${GPG_PASS}" + + - name: Make BSP packages if we build from sources + + if: ${{ success() && github.event.inputs.repository != 'yes' }} + + run: | + + cd build + sudo rm -f .tmp/bump + if [[ $(cat .tmp/n 2> /dev/null) -ne 0 ]]; then + ./compile.sh all-new-stable-bsp + sudo touch .tmp/bump + fi + + - name: Bump stable version if we build from sources + + if: ${{ success() && github.event.inputs.repository != 'yes' }} + + run: | + + cd scripts + sudo git clean -ffdx && git reset --hard HEAD + git config pull.rebase false + VERSION=$(cat VERSION | cut -d. -f1,2) + PATCH=$(cat VERSION | cut -d. -f3,3) + echo $VERSION"."$(($PATCH + 1)) | tee VERSION + git config --global user.email "info@armbian.com" + git config --global user.name "Armbianworker" + git pull + git add VERSION + git commit -m "Bump stable version" -m "" -m "Adding following kernels:" -m "$(find output/debs-beta/ -type f -name "linux-image*.deb" -printf "%f\n" | sort)" + git push + + - name: Install SSH key for storage + uses: shimataro/ssh-key-action@v2 + with: + + key: ${{ secrets.KEY_FOR_TORRENT }} + known_hosts: ${{ secrets.KNOWN_HOSTS_TORRENT }} + if_key_exists: replace + + - name: Deploy images to server + if: ${{ success() }} + run: | + + sudo apt-get -y -qq install lftp + sudo chown -R $USER:$USER $(pwd)/build/output/images/ + lftp -u upload, -e "set net:timeout 4;set net:max-retries 6;mirror --Remove-source-files -R --no-empty-dirs --parallel=8 --no-perms $(pwd)/build/output/images/ images/ ;bye" sftp://users.armbian.com + + - name: Deploy packages to server + if: ${{ success() && github.event.inputs.repository != 'yes' }} + + run: | + + lftp -u upload, -e "set net:timeout 4;set net:max-retries 6;mirror --Remove-source-files -R --no-empty-dirs --parallel=8 --no-perms $(pwd)/build/output/debs/ debs/ ;bye" sftp://users.armbian.com + + repository: + + # + # Rebuilds package repository + # + + name: Update package repository + needs: [prepare] + if: ${{ github.event.inputs.repository != 'yes' && github.repository_owner == 'Armbian' }} + runs-on: [self-hosted, Linux, local] + steps: + + - name: Install SSH key for repository + + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.KEY_REPOSITORY }} + name: id_repository # optional + known_hosts: ${{ secrets.KNOWN_HOSTS_REPOSITORY }} + if_key_exists: replace + + - name: Update repository + + run: ssh -T -i ~/.ssh/id_repository ${{ secrets.USER_REPOSITORY }}@${{ secrets.HOST_REPOSITORY }} + + + torrents: + + # + # Rebuilt torrent files for rootfs cache + # + + name: Update download infrastructure + needs: [prepare] + runs-on: [self-hosted, Linux, local] + if: ${{ github.repository_owner == 'Armbian' }} + steps: + + - name: Install SSH key for torrent + + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.KEY_TORRENTS }} + name: id_torrent # optional + known_hosts: ${{ secrets.KNOWN_HOSTS_TORRENTS }} + if_key_exists: replace + + - name: Create torrents + + run: ssh -T -i ~/.ssh/id_torrent ${{ secrets.USER_TORRENTS }}@${{ secrets.HOST_TORRENTS }} + + + finish: + + name: Cleaning + needs: [torrents, repository] + runs-on: [self-hosted, Linux] + steps: + - name: Run script + shell: bash {0} + run: | + echo "Stop" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e65b5fa8b2..3542aafbd7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: Build +name: Build beta & edge on: schedule: diff --git a/.github/workflows/testpr.yml b/.github/workflows/testpr.yml index 183e24f62e..b2ccd3953f 100644 --- a/.github/workflows/testpr.yml +++ b/.github/workflows/testpr.yml @@ -1,4 +1,4 @@ -name: test pull request +name: Test pull request # This workflow is triggered on pushes to the repository. on: [pull_request]