From 2c1fe345ff43833dc3f92236c03390cf0c1b23ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Wed, 30 Mar 2022 13:01:02 +0200 Subject: [PATCH 1/8] .github/workflows/main.yml: Dasharo CI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For building packages only. Signed-off-by: Michał Kopeć --- .github/workflows/main.yml | 71 ++++++++------------------------------ contrib/ci/debian.sh | 13 +++---- 2 files changed, 22 insertions(+), 62 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f1d22dff09c9..0636ec71dfa3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,45 +1,18 @@ name: Continuous Integration on: push: - branches: [ main ] + branches: [ dasharo-release ] pull_request: - branches: [ main ] + branches: + - dasharo-develop + - dasharo-release jobs: - pre-commit: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Refresh dependencies - run: sudo apt update - - name: Install dependencies - run: sudo apt install shellcheck clang-format -y - - name: Run pre-commit hooks - run: | - ./contrib/setup - source venv/bin/activate - sed -i "/no-commit-to-branch/,+1d" .pre-commit-config.yaml - pre-commit run --hook-stage commit --all-files - abi: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Refresh dependencies - run: sudo apt update - - name: Install dependencies - run: sudo ./contrib/ci/fwupd_setup_helpers.py install-dependencies -o ubuntu --yes - - name: Check ABI - run: ./contrib/ci/check-abi $(git describe --abbrev=0 --tags) $(git rev-parse HEAD) - build: - runs-on: ubuntu-latest + runs-on: [self-hosted, builder] strategy: matrix: - os: [fedora, debian-x86_64, arch, debian-i386, void] + os: [debian-x86_64] steps: - uses: actions/checkout@v2 - name: Docker login @@ -52,28 +25,14 @@ jobs: CI: true run: | echo $GITHUB_WORKSPACE - docker run --privileged -e CI=true -t -v $GITHUB_WORKSPACE:/github/workspace docker.pkg.github.com/fwupd/fwupd/fwupd-${{matrix.os}}:latest + mkdir tss + docker run --user "$(id -u):$(id -g)" -e CI=false -t -v tss:/usr/include/tss -v $GITHUB_WORKSPACE:/home/ubuntu/fwupd library/ubuntu:20.04 /home/ubuntu/fwupd/contrib/ci/debian.sh - fuzzing: - runs-on: ubuntu-latest - timeout-minutes: 20 - steps: - - name: Build Fuzzers - id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master - with: - oss-fuzz-project-name: 'fwupd' - dry-run: false - - name: Run Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master - with: - oss-fuzz-project-name: 'fwupd' - fuzz-seconds: 300 - dry-run: false - - name: Upload Crash - uses: actions/upload-artifact@v1 - if: failure() && steps.build.outcome == 'success' - with: - name: artifacts - path: ./out/artifacts + - name: Save build artifacts + uses: actions/upload-artifact@v2 + with: + name: dasharo-fwupd + path: | + dist/ + retention-days: 7 diff --git a/contrib/ci/debian.sh b/contrib/ci/debian.sh index 257ffe30e0e4..bccc7b0f4e48 100755 --- a/contrib/ci/debian.sh +++ b/contrib/ci/debian.sh @@ -69,14 +69,19 @@ lintian ../*changes \ --suppress-tags arch-dependent-file-not-in-arch-specific-directory \ --allow-root +PACKAGES=$(find .. -type f -name "*.deb" | grep -v 'fwupd-tests\|dbgsym') + +#place built packages in dist outside docker +mkdir -p ../dist +cp $PACKAGES ../dist + #if invoked outside of CI -if [ ! -f /.dockerenv ]; then +if [ ! -f /.dockerenv || ! "$CI" - "true" ]; then echo "Not running in a container, please manually install packages" exit 0 fi #test the packages install -PACKAGES=$(find .. -type f -name "*.deb" | grep -v 'fwupd-tests\|dbgsym') dpkg -i $PACKAGES # copy in more non-generated data @@ -96,7 +101,3 @@ apt purge -y fwupd \ fwupd-doc \ libfwupd2 \ libfwupd-dev - -#place built packages in dist outside docker -mkdir -p ../dist -cp $PACKAGES ../dist From 82b7ed1f39d7fcf5e1cef284d34a5428fc5300ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Fri, 1 Apr 2022 17:04:04 +0200 Subject: [PATCH 2/8] .github/workflows/main.yml: setup before build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .github/workflows/main.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0636ec71dfa3..34c0ac0a6c73 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -26,7 +26,12 @@ jobs: run: | echo $GITHUB_WORKSPACE mkdir tss - docker run --user "$(id -u):$(id -g)" -e CI=false -t -v tss:/usr/include/tss -v $GITHUB_WORKSPACE:/home/ubuntu/fwupd library/ubuntu:20.04 /home/ubuntu/fwupd/contrib/ci/debian.sh + docker run --user "$(id -u):$(id -g)" -e CI=false \ + -t -v tss:/usr/include/tss -v $GITHUB_WORKSPACE:/home/ubuntu/fwupd \ + library/ubuntu:20.04 <<< EOF + /home/ubuntu/fwupd/contrib/setup + /home/ubuntu/fwupd/contrib/ci/debian.sh + EOF - name: Save build artifacts uses: actions/upload-artifact@v2 From 2555c7e3846077405d306d80ff510f2b07b6a14b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 4 Apr 2022 15:06:58 +0200 Subject: [PATCH 3/8] CI: Build packages for Ubuntu 20.04 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .github/workflows/create_containers.yml | 6 ++- contrib/ci/Dockerfile-ubuntu.in | 4 +- contrib/ci/dependencies.xml | 64 +++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 4 deletions(-) diff --git a/.github/workflows/create_containers.yml b/.github/workflows/create_containers.yml index 41f78e7602dd..0fe2df51c8a4 100644 --- a/.github/workflows/create_containers.yml +++ b/.github/workflows/create_containers.yml @@ -2,6 +2,8 @@ name: Create containers on: schedule: - cron: '0 0 * * *' + push: + branches: [ dasharo-ci ] jobs: push_to_registry: @@ -9,7 +11,7 @@ jobs: strategy: fail-fast: false matrix: - os: [fedora, debian-x86_64, arch, debian-i386, void] + os: [ubuntu-20.04] steps: - name: Check out the repo @@ -32,5 +34,5 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} registry: docker.pkg.github.com - repository: fwupd/fwupd/fwupd-${{matrix.os}} + repository: dasharo/fwupd/fwupd-${{matrix.os}} tags: latest diff --git a/contrib/ci/Dockerfile-ubuntu.in b/contrib/ci/Dockerfile-ubuntu.in index 84fcf6423b81..bd6db6b4d730 100644 --- a/contrib/ci/Dockerfile-ubuntu.in +++ b/contrib/ci/Dockerfile-ubuntu.in @@ -1,4 +1,4 @@ -FROM ubuntu:devel +FROM ubuntu:20.04 %%%OS%%% ENV CI_NETWORK true ENV CC clang @@ -6,4 +6,4 @@ RUN echo fubar > /etc/machine-id %%%ARCH_SPECIFIC_COMMAND%%% %%%INSTALL_DEPENDENCIES_COMMAND%%% WORKDIR /github/workspace -CMD ["./contrib/ci/ubuntu.sh"] +CMD ["./contrib/ci/debian.sh"] diff --git a/contrib/ci/dependencies.xml b/contrib/ci/dependencies.xml index a302261ef1ab..5933641cc0d1 100644 --- a/contrib/ci/dependencies.xml +++ b/contrib/ci/dependencies.xml @@ -8,6 +8,7 @@ + @@ -26,6 +27,7 @@ + @@ -39,6 +41,7 @@ + @@ -69,16 +72,19 @@ + + + @@ -90,6 +96,7 @@ + @@ -121,6 +128,7 @@ + @@ -139,6 +147,7 @@ + @@ -185,6 +194,7 @@ + @@ -205,6 +215,7 @@ + @@ -228,6 +239,7 @@ + @@ -237,6 +249,7 @@ + @@ -267,6 +280,7 @@ + @@ -286,6 +300,7 @@ + @@ -300,6 +315,7 @@ + @@ -318,6 +334,7 @@ + @@ -335,6 +352,7 @@ + @@ -374,6 +392,7 @@ + @@ -463,6 +482,7 @@ + @@ -472,6 +492,7 @@ + @@ -525,6 +546,7 @@ + @@ -537,6 +559,7 @@ + @@ -558,6 +581,7 @@ + @@ -579,6 +603,7 @@ + @@ -600,6 +625,7 @@ + @@ -653,6 +679,7 @@ + libjcat-devel @@ -671,6 +698,7 @@ + @@ -689,6 +717,7 @@ + libarchive-devel @@ -767,6 +796,7 @@ + gcab-devel @@ -782,6 +812,7 @@ + @@ -800,6 +831,7 @@ + @@ -875,6 +907,7 @@ + libsoup-devel @@ -902,6 +935,7 @@ + @@ -913,6 +947,7 @@ + @@ -927,6 +962,7 @@ + @@ -941,6 +977,7 @@ + @@ -953,6 +990,7 @@ + @@ -974,6 +1012,7 @@ + @@ -1021,6 +1060,7 @@ + @@ -1032,6 +1072,7 @@ + @@ -1084,6 +1125,7 @@ + @@ -1105,6 +1147,7 @@ + @@ -1126,6 +1169,7 @@ + @@ -1147,6 +1191,7 @@ + @@ -1181,6 +1226,7 @@ + @@ -1193,6 +1239,7 @@ + @@ -1203,6 +1250,7 @@ + @@ -1219,6 +1267,7 @@ + @@ -1227,6 +1276,7 @@ + @@ -1240,6 +1290,7 @@ + @@ -1265,6 +1316,7 @@ + @@ -1304,6 +1356,7 @@ + sqlite-devel @@ -1352,6 +1405,7 @@ + @@ -1373,6 +1427,7 @@ + @@ -1382,6 +1437,7 @@ + @@ -1394,6 +1450,7 @@ + @@ -1414,6 +1471,7 @@ + @@ -1438,6 +1496,7 @@ + @@ -1542,6 +1601,7 @@ + ShellCheck @@ -1559,6 +1619,7 @@ + protobuf-c-devel @@ -1576,6 +1637,7 @@ + @@ -1587,6 +1649,7 @@ + @@ -1596,6 +1659,7 @@ + From dd88cf4ae9fa308083e379d9f55c69b031947fcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 4 Apr 2022 15:35:46 +0200 Subject: [PATCH 4/8] .github/workflows/main.yml: use the new builder MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .github/workflows/create_containers.yml | 2 -- .github/workflows/main.yml | 10 ++-------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/create_containers.yml b/.github/workflows/create_containers.yml index 0fe2df51c8a4..cc40d6c483c6 100644 --- a/.github/workflows/create_containers.yml +++ b/.github/workflows/create_containers.yml @@ -2,8 +2,6 @@ name: Create containers on: schedule: - cron: '0 0 * * *' - push: - branches: [ dasharo-ci ] jobs: push_to_registry: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 34c0ac0a6c73..6998ba74caa1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -12,7 +12,7 @@ jobs: runs-on: [self-hosted, builder] strategy: matrix: - os: [debian-x86_64] + os: [ubuntu-20.04] steps: - uses: actions/checkout@v2 - name: Docker login @@ -25,13 +25,7 @@ jobs: CI: true run: | echo $GITHUB_WORKSPACE - mkdir tss - docker run --user "$(id -u):$(id -g)" -e CI=false \ - -t -v tss:/usr/include/tss -v $GITHUB_WORKSPACE:/home/ubuntu/fwupd \ - library/ubuntu:20.04 <<< EOF - /home/ubuntu/fwupd/contrib/setup - /home/ubuntu/fwupd/contrib/ci/debian.sh - EOF + docker run --privileged -e CI=true -t -v $GITHUB_WORKSPACE:/github/workspace docker.pkg.github.com/dasharo/fwupd/fwupd-${{matrix.os}}:latest - name: Save build artifacts uses: actions/upload-artifact@v2 From ebf48766370fee0d1a586004caa81c8d9c4a2fd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 4 Apr 2022 15:44:21 +0200 Subject: [PATCH 5/8] contrib/ci/dependencies.xml: add missing dep MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- contrib/ci/dependencies.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/ci/dependencies.xml b/contrib/ci/dependencies.xml index 5933641cc0d1..5d0931ee06db 100644 --- a/contrib/ci/dependencies.xml +++ b/contrib/ci/dependencies.xml @@ -265,6 +265,7 @@ (>= 12) + From 27f5fc0a391863190b85d2fdaff1fcfdf9c4ad85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 4 Apr 2022 15:57:53 +0200 Subject: [PATCH 6/8] don't test packages in CI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .github/workflows/main.yml | 2 +- contrib/ci/debian.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6998ba74caa1..2151fe7bc387 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -25,7 +25,7 @@ jobs: CI: true run: | echo $GITHUB_WORKSPACE - docker run --privileged -e CI=true -t -v $GITHUB_WORKSPACE:/github/workspace docker.pkg.github.com/dasharo/fwupd/fwupd-${{matrix.os}}:latest + docker run --privileged -e CI=false -t -v $GITHUB_WORKSPACE:/github/workspace docker.pkg.github.com/dasharo/fwupd/fwupd-${{matrix.os}}:latest - name: Save build artifacts uses: actions/upload-artifact@v2 diff --git a/contrib/ci/debian.sh b/contrib/ci/debian.sh index bccc7b0f4e48..849a604d4528 100755 --- a/contrib/ci/debian.sh +++ b/contrib/ci/debian.sh @@ -76,7 +76,7 @@ mkdir -p ../dist cp $PACKAGES ../dist #if invoked outside of CI -if [ ! -f /.dockerenv || ! "$CI" - "true" ]; then +if [ ! -f /.dockerenv || ! "$CI" = "true" ]; then echo "Not running in a container, please manually install packages" exit 0 fi From 718544791490fa0faa0125e682eb1efad230e9ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 4 Apr 2022 16:00:31 +0200 Subject: [PATCH 7/8] Don't run as root MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .github/workflows/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2151fe7bc387..c0c5ae199ae4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -25,7 +25,8 @@ jobs: CI: true run: | echo $GITHUB_WORKSPACE - docker run --privileged -e CI=false -t -v $GITHUB_WORKSPACE:/github/workspace docker.pkg.github.com/dasharo/fwupd/fwupd-${{matrix.os}}:latest + mkdir tss + docker run -e CI=false -t -v tss:/usr/include/tss -v $GITHUB_WORKSPACE:/github/workspace docker.pkg.github.com/dasharo/fwupd/fwupd-${{matrix.os}}:latest - name: Save build artifacts uses: actions/upload-artifact@v2 From d199abcca45a2add51a3def7331e5783ad042223 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 4 Apr 2022 16:21:41 +0200 Subject: [PATCH 8/8] CI: cleanup permissions after build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Kopeć --- .github/workflows/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c0c5ae199ae4..66d6bda0a68f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -36,3 +36,14 @@ jobs: dist/ retention-days: 7 + - name: Get Actions user id + id: get_uid + run: | + actions_user_id=`id -u $USER` + echo $actions_user_id + echo ::set-output name=uid::$actions_user_id + + - name: Correct Ownership in GITHUB_WORKSPACE directory + uses: peter-murray/reset-workspace-ownership-action@v1 + with: + user_id: ${{ steps.get_uid.outputs.uid }}