From 6f0edaa0d2e5d9e54fd27f5180a4c248b33eb5b9 Mon Sep 17 00:00:00 2001 From: "lvfei.lv" Date: Mon, 8 Jul 2024 11:12:34 +0800 Subject: [PATCH] [Misc] Reduce runner permissions Summary: reduce arm runner permissions and update actions config Testing: CI pipline Reviewers: lei.yul, sendaoYan Issue: https://github.com/dragonwell-project/dragonwell11/issues/840 --- .github/workflows/build-cross-compile.yml | 67 ++++++++++++++--------- .github/workflows/build-linux.yml | 2 +- .github/workflows/build-riscv.yml | 2 +- .github/workflows/check_pr.yml | 14 ++--- .github/workflows/main.yml | 20 ++++--- 5 files changed, 62 insertions(+), 43 deletions(-) diff --git a/.github/workflows/build-cross-compile.yml b/.github/workflows/build-cross-compile.yml index 88251fded11..5b5e9312f25 100644 --- a/.github/workflows/build-cross-compile.yml +++ b/.github/workflows/build-cross-compile.yml @@ -50,32 +50,43 @@ jobs: fail-fast: false matrix: target-cpu: - - aarch64 - - arm - - s390x - - ppc64le + #- aarch64 + #- arm + #- s390x + #- ppc64le + - riscv64 include: - - target-cpu: aarch64 - gnu-arch: aarch64 - debian-arch: arm64 + #- target-cpu: aarch64 + # gnu-arch: aarch64 + # debian-arch: arm64 + # debian-repository: https://httpredir.debian.org/debian/ + # debian-version: bullseye + # tolerate-sysroot-errors: false + #- target-cpu: arm + # gnu-arch: arm + # debian-arch: armhf + # debian-repository: https://httpredir.debian.org/debian/ + # debian-version: bullseye + # gnu-abi: eabihf + # tolerate-sysroot-errors: false + #- target-cpu: s390x + # gnu-arch: s390x + # debian-arch: s390x + # debian-repository: https://httpredir.debian.org/debian/ + # debian-version: bullseye + # tolerate-sysroot-errors: false + #- target-cpu: ppc64le + # gnu-arch: powerpc64le + # debian-arch: ppc64el + # debian-repository: https://httpredir.debian.org/debian/ + # debian-version: bullseye + # tolerate-sysroot-errors: false + - target-cpu: riscv64 + gnu-arch: riscv64 + debian-arch: riscv64 debian-repository: https://httpredir.debian.org/debian/ - debian-version: bullseye - - target-cpu: arm - gnu-arch: arm - debian-arch: armhf - debian-repository: https://httpredir.debian.org/debian/ - debian-version: bullseye - gnu-abi: eabihf - - target-cpu: s390x - gnu-arch: s390x - debian-arch: s390x - debian-repository: https://httpredir.debian.org/debian/ - debian-version: bullseye - - target-cpu: ppc64le - gnu-arch: powerpc64le - debian-arch: ppc64el - debian-repository: https://httpredir.debian.org/debian/ - debian-version: bullseye + debian-version: sid + tolerate-sysroot-errors: true steps: - name: 'Checkout the JDK source' @@ -130,6 +141,7 @@ jobs: ${{ matrix.debian-version }} sysroot ${{ matrix.debian-repository }} + continue-on-error: ${{ matrix.tolerate-sysroot-errors }} if: steps.get-cached-sysroot.outputs.cache-hit != 'true' - name: 'Prepare sysroot' @@ -141,7 +153,12 @@ jobs: rm -rf sysroot/usr/{sbin,bin,share} rm -rf sysroot/usr/lib/{apt,gcc,udev,systemd} rm -rf sysroot/usr/libexec/gcc - if: steps.get-cached-sysroot.outputs.cache-hit != 'true' + if: steps.create-sysroot.outcome == 'success' && steps.get-cached-sysroot.outputs.cache-hit != 'true' + + - name: 'Remove broken sysroot' + run: | + sudo rm -rf sysroot/ + if: steps.create-sysroot.outcome != 'success' && steps.get-cached-sysroot.outputs.cache-hit != 'true' - name: 'Configure' run: > diff --git a/.github/workflows/build-linux.yml b/.github/workflows/build-linux.yml index 567b79dfaf1..d063eacef29 100644 --- a/.github/workflows/build-linux.yml +++ b/.github/workflows/build-linux.yml @@ -69,7 +69,6 @@ jobs: build-linux: name: build runs-on: ${{fromJson(inputs.runs-on)}} - #runs-on: 'ubuntu-20.04' strategy: fail-fast: false @@ -118,6 +117,7 @@ jobs: fi sudo apt-get install -y gcc-${{ inputs.gcc-major-version }}${{ inputs.gcc-package-suffix }} g++-${{ inputs.gcc-major-version }}${{ inputs.gcc-package-suffix }} libxrandr-dev${{ steps.arch.outputs.suffix }} libxtst-dev${{ steps.arch.outputs.suffix }} libcups2-dev${{ steps.arch.outputs.suffix }} libasound2-dev${{ steps.arch.outputs.suffix }} ${{ inputs.apt-extra-packages }} $extra_packages sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-${{ inputs.gcc-major-version }} 100 --slave /usr/bin/g++ g++ /usr/bin/g++-${{ inputs.gcc-major-version }} + if: inputs.platform != 'linux-aarch64' - name: 'Configure' run: > diff --git a/.github/workflows/build-riscv.yml b/.github/workflows/build-riscv.yml index 51221dd153d..f30ed97ec8b 100644 --- a/.github/workflows/build-riscv.yml +++ b/.github/workflows/build-riscv.yml @@ -61,7 +61,7 @@ on: jobs: build-linux: name: build - runs-on: [self-hosted , X64] + runs-on: ubuntu-20.04 container: image: docker.io/alibabadragonwelljdk/centos7_gcc7_build_image:latest diff --git a/.github/workflows/check_pr.yml b/.github/workflows/check_pr.yml index 7278993553b..b8a68f6feea 100644 --- a/.github/workflows/check_pr.yml +++ b/.github/workflows/check_pr.yml @@ -46,13 +46,13 @@ on: value: ${{ jobs.prerequisites.outputs.dependencies }} jobs: - check_commit: - name: 'Check Commit Message' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: dragonwell-releng/check_commit_action@master - if: github.event_name == 'pull_request' + #check_commit: + # name: 'Check Commit Message' + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@v2 + # - uses: dragonwell-releng/check_commit_action@master + # if: github.event_name == 'pull_request' prerequisites: name: 'Prerequisites' diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 846e521e561..3a4ba0e8aa3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -35,9 +35,7 @@ on: platforms: description: 'Platform(s) to execute on (comma separated, e.g. "linux-x64, macos, aarch64")' required: true - #default: 'linux-x64, linux-cross-compile, windows-x64' - #default: 'linux-x64, linux-aarch64' - default: 'linux aarch64' + default: 'linux-x64, linux-aarch64, linux-cross-compile, windows-x64' configure-arguments: description: 'Additional configure arguments' required: false @@ -109,15 +107,19 @@ jobs: build-riscv64: name: riscv64 - needs: prerequisites - uses: ./.github/workflows/build-riscv.yml + needs: + - prerequisites + - build-linux-x64 + #uses: ./.github/workflows/build-riscv.yml + uses: ./.github/workflows/build-cross-compile.yml with: - platform: riscv64 - debug-levels: '[ "release" ]' + #platform: riscv64 + #debug-levels: '[ "release" ]' configure-arguments: ${{ github.event.inputs.configure-arguments }} make-arguments: ${{ github.event.inputs.make-arguments }} - make-target: 'images' - extra-conf-options: --with-default-make-target="product-bundles test-bundles" --with-jvm-features=shenandoahgc + gcc-major-version: '10' + #make-target: 'images' + #extra-conf-options: --with-default-make-target="product-bundles test-bundles" --with-jvm-features=shenandoahgc if: needs.prerequisites.outputs.should_run != 'false' && needs.prerequisites.outputs.platform_riscv64 != 'false' ###