diff options
Diffstat (limited to '.github/workflows/docker-images')
9 files changed, 259 insertions, 0 deletions
diff --git a/.github/workflows/docker-images/README.md b/.github/workflows/docker-images/README.md new file mode 100644 index 0000000..86cfddc --- /dev/null +++ b/.github/workflows/docker-images/README.md @@ -0,0 +1,21 @@ +<!-- +SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> + +SPDX-License-Identifier: MIT +--> + +# Docker images for CI + +Each directory contains the files for a docker image. + +## Building an image + +When building a docker image, the build context is expected to be where this +`README.md` file resides. This means that building the images will require +passing the appropriate `-f` argument. + +Here is an example for building the `dco-check` image: + +``` +docker build . -f dco-check/Dockerfile -t dco-check +``` diff --git a/.github/workflows/docker-images/dco-check/Dockerfile b/.github/workflows/docker-images/dco-check/Dockerfile new file mode 100644 index 0000000..89901ae --- /dev/null +++ b/.github/workflows/docker-images/dco-check/Dockerfile @@ -0,0 +1,13 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +FROM christophebedard/dco-check:latest + +# Run under normal user called 'ci' +RUN useradd --create-home --uid 1000 --shell /usr/bin/bash ci +USER ci + +COPY ./dco-check/entrypoint.sh / +COPY ./utils.sh / +ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/workflows/docker-images/dco-check/README.md b/.github/workflows/docker-images/dco-check/README.md new file mode 100644 index 0000000..bf53241 --- /dev/null +++ b/.github/workflows/docker-images/dco-check/README.md @@ -0,0 +1,16 @@ +<!-- +SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> + +SPDX-License-Identifier: MIT +--> + +# Docker image for DCO checks + +This image provides the environment and the logic of running a DCO check +against a repository. + +## Configuration + +The `entrypoint.sh` script assumes at runtime that the repository to be checked +is available under `/work`. This path is to be populated via bind mounts when +running the container. diff --git a/.github/workflows/docker-images/dco-check/entrypoint.sh b/.github/workflows/docker-images/dco-check/entrypoint.sh new file mode 100755 index 0000000..af2c507 --- /dev/null +++ b/.github/workflows/docker-images/dco-check/entrypoint.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +set -e + +# shellcheck disable=SC1091 +. /utils.sh + +GIT_REPO_PATH="/work" + +[ -n "$BASE_REF" ] || + error "DCO checks needs to know the target branch. Make sure that is set in BASE_REF." +[ -d "$GIT_REPO_PATH/.git" ] || + error "Can't find a git checkout under $GIT_REPO_PATH ." +cd "$GIT_REPO_PATH" + +# The GitHub runner user and the container user might differ making git error +# out with: +# error: fatal: detected dubious ownership in repository at '/work' +# Avoid this as the security risk is minimum here while guarding the git hooks +# via PRs. +git config --global --add safe.directory /work + +dco-check \ + --verbose \ + --default-branch "origin/$BASE_REF" diff --git a/.github/workflows/docker-images/utils.sh b/.github/workflows/docker-images/utils.sh new file mode 100644 index 0000000..66bdb09 --- /dev/null +++ b/.github/workflows/docker-images/utils.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +_log() { + _level="$1" + _msg="$2" + echo "[$_level] $_msg" +} + +error() { + _msg="$1" + _log "ERR" "$1" + exit 1 +} + +warn() { + _msg="$1" + _log "WRN" "$1" + exit 1 +} + +log() { + _msg="$1" + _log "LOG" "$1" +} diff --git a/.github/workflows/docker-images/yocto-builder/Dockerfile b/.github/workflows/docker-images/yocto-builder/Dockerfile new file mode 100644 index 0000000..87221b9 --- /dev/null +++ b/.github/workflows/docker-images/yocto-builder/Dockerfile @@ -0,0 +1,39 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +FROM ubuntu:20.04 + +ARG DEBIAN_FRONTEND="noninteractive" +RUN apt-get update -qq +RUN apt-get install -y eatmydata + +# Yocto/OE build host dependencies +# Keep this in sync with +# https://git.yoctoproject.org/poky/tree/documentation/poky.yaml +RUN eatmydata apt-get install -qq -y \ + gawk wget git diffstat unzip texinfo gcc build-essential chrpath \ + socat cpio python3 python3-pip python3-pexpect xz-utils debianutils \ + iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev \ + pylint3 xterm python3-subunit mesa-common-dev zstd liblz4-tool + +# en_US.UTF-8 is required by the build system +RUN eatmydata apt-get install -qq -y locales \ + && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen \ + && locale-gen +ENV LANG en_US.utf8 + +RUN eatmydata apt-get clean && rm -rf /var/lib/apt/lists/* + +# Have bash as shell +RUN echo "dash dash/sh boolean false" | debconf-set-selections \ + && dpkg-reconfigure dash + +# Run under normal user called 'ci' +RUN useradd --create-home --uid 1000 --shell /usr/bin/bash ci +USER ci +WORKDIR /home/ci + +COPY ./yocto-builder/entrypoint-yocto-check-layer.sh / +COPY ./yocto-builder/entrypoint-build.sh / +COPY ./utils.sh / diff --git a/.github/workflows/docker-images/yocto-builder/README.md b/.github/workflows/docker-images/yocto-builder/README.md new file mode 100644 index 0000000..6336fb8 --- /dev/null +++ b/.github/workflows/docker-images/yocto-builder/README.md @@ -0,0 +1,16 @@ +<!-- +SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> + +SPDX-License-Identifier: MIT +--> + +# Docker image for builds + +This defines the docker image for running Yocto/OE based operations/builds. It +privides multiple scripts for driving different operations. + +## Configuration + +The `entrypoint` scripts assumes at runtime that the repository to drive the +operation against is available under `/work`. This path is to be populated via +bind mounts when running the container. diff --git a/.github/workflows/docker-images/yocto-builder/entrypoint-build.sh b/.github/workflows/docker-images/yocto-builder/entrypoint-build.sh new file mode 100755 index 0000000..65999d0 --- /dev/null +++ b/.github/workflows/docker-images/yocto-builder/entrypoint-build.sh @@ -0,0 +1,64 @@ +#!/bin/sh + +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +set -ex + +# shellcheck disable=SC1091 +. /utils.sh + +META_RASPBERRYPI_PATH="/work" + +[ -n "$BASE_REF" ] || + error "Target branch is needed. Make sure that is set in BASE_REF." +[ -d "$META_RASPBERRYPI_PATH/.git" ] || + error "Can't find a git checkout under $META_RASPBERRYPI_PATH ." +[ -n "$MACHINE" ] || + error "Machine to be used for build not provided." +[ -n "$IMAGE" ] || + error "Image to build not provided." + +TEMP_DIR="$(mktemp -d)" +cd "$TEMP_DIR" + +REPOS=" \ + git://git.yoctoproject.org/poky.git \ +" +for repo in $REPOS; do + log "Cloning $repo on branch $BASE_REF..." + git clone --depth 1 --branch "$BASE_REF" "$repo" +done + +# shellcheck disable=SC1091,SC2240 +. ./poky/oe-init-build-env build + +# Build configuration +printf "\n# ------ ci ------\n" >> conf/local.conf +[ -z "$SSTATE_DIR" ] || echo SSTATE_DIR = \""$SSTATE_DIR"\" >> conf/local.conf +[ -z "$DL_DIR" ] || echo DL_DIR = \""$DL_DIR"\" >> conf/local.conf +[ -z "$DISTRO" ] || echo DISTRO = \""$DISTRO"\" >> conf/local.conf +cat <<EOCONF >>conf/local.conf +BB_NUMBER_THREADS = "6" +PARALLEL_MAKE = "-j 6" +# unmerged-usr is deprecated +# https://lore.kernel.org/all/3f2f03085301d22854e5429019fb010f27d98bc7.camel@linuxfoundation.org/t/ +DISTRO_FEATURES:append = " systemd usrmerge" +VIRTUAL-RUNTIME_init_manager = "systemd" +DISTRO_FEATURES_BACKFILL_CONSIDERED:append = " sysvinit" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" +LICENSE_FLAGS_ACCEPTED = "synaptics-killswitch" +EOCONF + +# Add the BSP layer +bitbake-layers add-layer "$META_RASPBERRYPI_PATH" + +# Log configs for debugging purposes +for f in 'conf/local.conf' 'conf/bblayers.conf'; do + printf "\n------ %s ------\n" "$f" + cat "$f" +done + +# Fire! +MACHINE="$MACHINE" bitbake "$IMAGE" diff --git a/.github/workflows/docker-images/yocto-builder/entrypoint-yocto-check-layer.sh b/.github/workflows/docker-images/yocto-builder/entrypoint-yocto-check-layer.sh new file mode 100755 index 0000000..474a24e --- /dev/null +++ b/.github/workflows/docker-images/yocto-builder/entrypoint-yocto-check-layer.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +set -ex + +# shellcheck disable=SC1091 +. /utils.sh + +GIT_REPO_PATH="/work" + +[ -n "$BASE_REF" ] || + error "Target branch is needed. Make sure that is set in BASE_REF." +[ -d "$GIT_REPO_PATH/.git" ] || + error "Can't find a git checkout under $GIT_REPO_PATH ." + +TEMP_DIR="$(mktemp -d)" +cd "$TEMP_DIR" + +REPOS=" \ + git://git.yoctoproject.org/poky.git \ +" +for repo in $REPOS; do + log "Cloning $repo on branch $BASE_REF..." + git clone --depth 1 --branch "$BASE_REF" "$repo" +done + +# shellcheck disable=SC1091,SC2240 +. ./poky/oe-init-build-env build +yocto-check-layer --with-software-layer-signature-check --debug \ + "$GIT_REPO_PATH" |