diff options
Diffstat (limited to '.github')
18 files changed, 588 insertions, 0 deletions
diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..f3e3d70 --- /dev/null +++ b/.github/CODE_OF_CONDUCT.md @@ -0,0 +1,7 @@ +## Code of Conduct + +This project has adopted the [Contributor +Covenant](https://www.contributor-covenant.org/). For details, see the full +text [here](https://www.contributor-covenant.org/version/2/1/code_of_conduct/). +For more information, additional questions or comments contact the project's +maintainers. diff --git a/.github/actions/docker-build/action.yml b/.github/actions/docker-build/action.yml new file mode 100644 index 0000000..b91668e --- /dev/null +++ b/.github/actions/docker-build/action.yml @@ -0,0 +1,47 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +name: "Build a docker image" + +inputs: + docker_image: + required: true + description: "The name of the docker image" + id: + required: true + description: "Namespace for the image" + +runs: + using: "composite" + steps: + - name: Build the ${{ inputs.docker_image }} docker image + shell: bash + # We run this unconditionally even if the change doesn't touch the + # relevant docker files because there is a chance that another PR (or + # something else) rebuilt the local image. For example if the first + # version of the PR included change for the relevant docker image but a + # subsequent push to the PR branch dropped them. In this way we rebuild + # the image to avoid using the changes from the previous push. + run: | + cd .github/workflows/docker-images/ + # We build a temporary image namespaced by the PR number so we can + # handle multiple runners on the same host using the same docker + # storage. + tries=3 + n=1 + until [ "$n" -gt "$tries" ]; do + echo "Building the docker image ${{ inputs.docker_image }}-${{ inputs.id }}... try $n..." + if docker build . -f "${{ inputs.docker_image }}/Dockerfile" -t "${{ inputs.docker_image }}-${{ inputs.id }}"; then + # This can fail if a dangling images cleaning job runs in + # parallel. So we try this a couple of times to minimize + # conflict. This is because while building, docker creates a + # untagged image first (dangling) before tagging it at the end. + # If between these two operations a dangling cleanup happens, + # build fails. + break + fi + n=$((n+1)) + done + [ "$n" -lt "$tries" ] + echo "Temporary image built in ${{ inputs.docker_image }}." diff --git a/.github/actions/docker-clean-dangling/action.yml b/.github/actions/docker-clean-dangling/action.yml new file mode 100644 index 0000000..90595c8 --- /dev/null +++ b/.github/actions/docker-clean-dangling/action.yml @@ -0,0 +1,18 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +name: "Cleanup dangling docker images" + +runs: + using: "composite" + steps: + - name: Cleanup dangling images + shell: bash + run: | + echo -n "Cleanup dangling images... " + if ! docker rmi $(docker images --filter "dangling=true" -q --no-trunc) > /dev/null 2>&1; then + echo "no dangling images found." + else + echo "done." + fi diff --git a/.github/actions/docker-clean-image/action.yml b/.github/actions/docker-clean-image/action.yml new file mode 100644 index 0000000..dfc18d9 --- /dev/null +++ b/.github/actions/docker-clean-image/action.yml @@ -0,0 +1,19 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +name: "Cleanup docker storage" + +inputs: + docker_image: + required: true + description: "The name of the docker image" + +runs: + using: "composite" + steps: + - name: Cleanup temporary image + shell: bash + run: | + echo "Cleanup ${{ inputs.docker_image }} image..." + docker rmi "${{ inputs.docker_image }}" || true diff --git a/.github/workflows/cancel-redundant-workflows.yml b/.github/workflows/cancel-redundant-workflows.yml new file mode 100644 index 0000000..556317d --- /dev/null +++ b/.github/workflows/cancel-redundant-workflows.yml @@ -0,0 +1,23 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +name: Cancel redundant workflows + +on: + workflow_run: + workflows: + - "Builds" + - "Compliance" + - "Yocto Compatible" + types: + - requested + +jobs: + cancel-redundant-workflows: + runs-on: ubuntu-latest + steps: + - uses: styfle/cancel-workflow-action@0.10.0 + with: + all_but_latest: true + workflow_id: ${{ github.event.workflow.id }} diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml new file mode 100644 index 0000000..ec489f0 --- /dev/null +++ b/.github/workflows/compliance.yml @@ -0,0 +1,47 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +name: Compliance + +on: + pull_request: + +jobs: + dco: + name: DCO + runs-on: ubuntu-latest + steps: + - name: Checkout the code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Build a temporary DCO image + uses: ./.github/actions/docker-build + with: + docker_image: dco-check + id: ${{ github.event.number }} + - name: Do DCO check + run: | + docker run --rm -v "$GITHUB_WORKSPACE:/work:ro" \ + --env "BASE_REF=$GITHUB_BASE_REF" \ + "dco-check-${{ github.event.number }}" + - name: Cleanup temporary docker image + uses: ./.github/actions/docker-clean-image + with: + docker_image: dco-check-${{ github.event.number }} + if: always() + - name: Cleanup dangling docker images + uses: ./.github/actions/docker-clean-dangling + if: always() + reuse: + name: reuse + runs-on: ubuntu-latest + steps: + - name: Checkout the code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Do reuse check + continue-on-error: true + uses: fsfe/reuse-action@v1 diff --git a/.github/workflows/docker-images/README.md b/.github/workflows/docker-images/README.md new file mode 100644 index 0000000..86cfddc --- /dev/null +++ b/.github/workflows/docker-images/README.md @@ -0,0 +1,21 @@ +<!-- +SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> + +SPDX-License-Identifier: MIT +--> + +# Docker images for CI + +Each directory contains the files for a docker image. + +## Building an image + +When building a docker image, the build context is expected to be where this +`README.md` file resides. This means that building the images will require +passing the appropriate `-f` argument. + +Here is an example for building the `dco-check` image: + +``` +docker build . -f dco-check/Dockerfile -t dco-check +``` diff --git a/.github/workflows/docker-images/dco-check/Dockerfile b/.github/workflows/docker-images/dco-check/Dockerfile new file mode 100644 index 0000000..89901ae --- /dev/null +++ b/.github/workflows/docker-images/dco-check/Dockerfile @@ -0,0 +1,13 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +FROM christophebedard/dco-check:latest + +# Run under normal user called 'ci' +RUN useradd --create-home --uid 1000 --shell /usr/bin/bash ci +USER ci + +COPY ./dco-check/entrypoint.sh / +COPY ./utils.sh / +ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/workflows/docker-images/dco-check/README.md b/.github/workflows/docker-images/dco-check/README.md new file mode 100644 index 0000000..bf53241 --- /dev/null +++ b/.github/workflows/docker-images/dco-check/README.md @@ -0,0 +1,16 @@ +<!-- +SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> + +SPDX-License-Identifier: MIT +--> + +# Docker image for DCO checks + +This image provides the environment and the logic of running a DCO check +against a repository. + +## Configuration + +The `entrypoint.sh` script assumes at runtime that the repository to be checked +is available under `/work`. This path is to be populated via bind mounts when +running the container. diff --git a/.github/workflows/docker-images/dco-check/entrypoint.sh b/.github/workflows/docker-images/dco-check/entrypoint.sh new file mode 100755 index 0000000..af2c507 --- /dev/null +++ b/.github/workflows/docker-images/dco-check/entrypoint.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +set -e + +# shellcheck disable=SC1091 +. /utils.sh + +GIT_REPO_PATH="/work" + +[ -n "$BASE_REF" ] || + error "DCO checks needs to know the target branch. Make sure that is set in BASE_REF." +[ -d "$GIT_REPO_PATH/.git" ] || + error "Can't find a git checkout under $GIT_REPO_PATH ." +cd "$GIT_REPO_PATH" + +# The GitHub runner user and the container user might differ making git error +# out with: +# error: fatal: detected dubious ownership in repository at '/work' +# Avoid this as the security risk is minimum here while guarding the git hooks +# via PRs. +git config --global --add safe.directory /work + +dco-check \ + --verbose \ + --default-branch "origin/$BASE_REF" diff --git a/.github/workflows/docker-images/utils.sh b/.github/workflows/docker-images/utils.sh new file mode 100644 index 0000000..66bdb09 --- /dev/null +++ b/.github/workflows/docker-images/utils.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +_log() { + _level="$1" + _msg="$2" + echo "[$_level] $_msg" +} + +error() { + _msg="$1" + _log "ERR" "$1" + exit 1 +} + +warn() { + _msg="$1" + _log "WRN" "$1" + exit 1 +} + +log() { + _msg="$1" + _log "LOG" "$1" +} diff --git a/.github/workflows/docker-images/yocto-builder/Dockerfile b/.github/workflows/docker-images/yocto-builder/Dockerfile new file mode 100644 index 0000000..87221b9 --- /dev/null +++ b/.github/workflows/docker-images/yocto-builder/Dockerfile @@ -0,0 +1,39 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +FROM ubuntu:20.04 + +ARG DEBIAN_FRONTEND="noninteractive" +RUN apt-get update -qq +RUN apt-get install -y eatmydata + +# Yocto/OE build host dependencies +# Keep this in sync with +# https://git.yoctoproject.org/poky/tree/documentation/poky.yaml +RUN eatmydata apt-get install -qq -y \ + gawk wget git diffstat unzip texinfo gcc build-essential chrpath \ + socat cpio python3 python3-pip python3-pexpect xz-utils debianutils \ + iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev \ + pylint3 xterm python3-subunit mesa-common-dev zstd liblz4-tool + +# en_US.UTF-8 is required by the build system +RUN eatmydata apt-get install -qq -y locales \ + && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen \ + && locale-gen +ENV LANG en_US.utf8 + +RUN eatmydata apt-get clean && rm -rf /var/lib/apt/lists/* + +# Have bash as shell +RUN echo "dash dash/sh boolean false" | debconf-set-selections \ + && dpkg-reconfigure dash + +# Run under normal user called 'ci' +RUN useradd --create-home --uid 1000 --shell /usr/bin/bash ci +USER ci +WORKDIR /home/ci + +COPY ./yocto-builder/entrypoint-yocto-check-layer.sh / +COPY ./yocto-builder/entrypoint-build.sh / +COPY ./utils.sh / diff --git a/.github/workflows/docker-images/yocto-builder/README.md b/.github/workflows/docker-images/yocto-builder/README.md new file mode 100644 index 0000000..6336fb8 --- /dev/null +++ b/.github/workflows/docker-images/yocto-builder/README.md @@ -0,0 +1,16 @@ +<!-- +SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> + +SPDX-License-Identifier: MIT +--> + +# Docker image for builds + +This defines the docker image for running Yocto/OE based operations/builds. It +privides multiple scripts for driving different operations. + +## Configuration + +The `entrypoint` scripts assumes at runtime that the repository to drive the +operation against is available under `/work`. This path is to be populated via +bind mounts when running the container. diff --git a/.github/workflows/docker-images/yocto-builder/entrypoint-build.sh b/.github/workflows/docker-images/yocto-builder/entrypoint-build.sh new file mode 100755 index 0000000..65999d0 --- /dev/null +++ b/.github/workflows/docker-images/yocto-builder/entrypoint-build.sh @@ -0,0 +1,64 @@ +#!/bin/sh + +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +set -ex + +# shellcheck disable=SC1091 +. /utils.sh + +META_RASPBERRYPI_PATH="/work" + +[ -n "$BASE_REF" ] || + error "Target branch is needed. Make sure that is set in BASE_REF." +[ -d "$META_RASPBERRYPI_PATH/.git" ] || + error "Can't find a git checkout under $META_RASPBERRYPI_PATH ." +[ -n "$MACHINE" ] || + error "Machine to be used for build not provided." +[ -n "$IMAGE" ] || + error "Image to build not provided." + +TEMP_DIR="$(mktemp -d)" +cd "$TEMP_DIR" + +REPOS=" \ + git://git.yoctoproject.org/poky.git \ +" +for repo in $REPOS; do + log "Cloning $repo on branch $BASE_REF..." + git clone --depth 1 --branch "$BASE_REF" "$repo" +done + +# shellcheck disable=SC1091,SC2240 +. ./poky/oe-init-build-env build + +# Build configuration +printf "\n# ------ ci ------\n" >> conf/local.conf +[ -z "$SSTATE_DIR" ] || echo SSTATE_DIR = \""$SSTATE_DIR"\" >> conf/local.conf +[ -z "$DL_DIR" ] || echo DL_DIR = \""$DL_DIR"\" >> conf/local.conf +[ -z "$DISTRO" ] || echo DISTRO = \""$DISTRO"\" >> conf/local.conf +cat <<EOCONF >>conf/local.conf +BB_NUMBER_THREADS = "6" +PARALLEL_MAKE = "-j 6" +# unmerged-usr is deprecated +# https://lore.kernel.org/all/3f2f03085301d22854e5429019fb010f27d98bc7.camel@linuxfoundation.org/t/ +DISTRO_FEATURES:append = " systemd usrmerge" +VIRTUAL-RUNTIME_init_manager = "systemd" +DISTRO_FEATURES_BACKFILL_CONSIDERED:append = " sysvinit" +VIRTUAL-RUNTIME_initscripts = "systemd-compat-units" +LICENSE_FLAGS_ACCEPTED = "synaptics-killswitch" +EOCONF + +# Add the BSP layer +bitbake-layers add-layer "$META_RASPBERRYPI_PATH" + +# Log configs for debugging purposes +for f in 'conf/local.conf' 'conf/bblayers.conf'; do + printf "\n------ %s ------\n" "$f" + cat "$f" +done + +# Fire! +MACHINE="$MACHINE" bitbake "$IMAGE" diff --git a/.github/workflows/docker-images/yocto-builder/entrypoint-yocto-check-layer.sh b/.github/workflows/docker-images/yocto-builder/entrypoint-yocto-check-layer.sh new file mode 100755 index 0000000..474a24e --- /dev/null +++ b/.github/workflows/docker-images/yocto-builder/entrypoint-yocto-check-layer.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +set -ex + +# shellcheck disable=SC1091 +. /utils.sh + +GIT_REPO_PATH="/work" + +[ -n "$BASE_REF" ] || + error "Target branch is needed. Make sure that is set in BASE_REF." +[ -d "$GIT_REPO_PATH/.git" ] || + error "Can't find a git checkout under $GIT_REPO_PATH ." + +TEMP_DIR="$(mktemp -d)" +cd "$TEMP_DIR" + +REPOS=" \ + git://git.yoctoproject.org/poky.git \ +" +for repo in $REPOS; do + log "Cloning $repo on branch $BASE_REF..." + git clone --depth 1 --branch "$BASE_REF" "$repo" +done + +# shellcheck disable=SC1091,SC2240 +. ./poky/oe-init-build-env build +yocto-check-layer --with-software-layer-signature-check --debug \ + "$GIT_REPO_PATH" diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml new file mode 100644 index 0000000..d9e3cde --- /dev/null +++ b/.github/workflows/mirror.yml @@ -0,0 +1,22 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +name: Mirrors + +on: [ push, delete, create ] + +concurrency: + group: git-mirror-me + +jobs: + yocto-mirror: + name: Yocto Git Mirror + runs-on: ubuntu-latest + steps: + - uses: agherzan/git-mirror-me-action@11f54c7186724daafbe5303b5075954f1a19a63e + env: + GMM_SSH_PRIVATE_KEY: ${{ secrets.YOCTO_META_RASPBERRYPI_SSH_PRIVATE_KEY }} + GMM_SSH_KNOWN_HOSTS: ${{ secrets.YOCTO_META_RASPBERRYPI_SSH_KNOWN_HOSTS }} + GMM_DST_REPO: "ssh://git@push.yoctoproject.org/meta-raspberrypi" + GMM_DEBUG: "1" diff --git a/.github/workflows/yocto-builds.yml b/.github/workflows/yocto-builds.yml new file mode 100644 index 0000000..408d25e --- /dev/null +++ b/.github/workflows/yocto-builds.yml @@ -0,0 +1,89 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +--- + +name: Builds + +on: + pull_request: + +jobs: + build: + strategy: + fail-fast: true + matrix: + machine: + - raspberrypi + - raspberrypi0-2w-64 + - raspberrypi0-2w + - raspberrypi0 + - raspberrypi0-wifi + - raspberrypi2 + - raspberrypi3-64 + - raspberrypi3 + - raspberrypi4-64 + - raspberrypi4 + - raspberrypi5 + - raspberrypi-cm3 + - raspberrypi-cm + - raspberrypi-armv7 + - raspberrypi-armv8 + image: [rpi-test-image] + distro: [poky] + runs-on: [self-hosted, Linux] + name: ${{ matrix.machine }}/${{ matrix.image }}/poky/systemd + env: + DL_DIR: /var/lib/ci/yocto/downloads + SSTATE_DIR: /var/lib/ci/yocto/sstate + steps: + - name: Checkout the code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Define Yocto build files + id: changed-files-specific + uses: tj-actions/changed-files@v24 + with: + files: | + .github/actions/** + .github/workflows/docker-images/yocto-builder/** + .github/workflows/docker-images/*.sh + .github/workflows/yocto-builds.yml + classes/** + conf/** + dynamic-layers/** + files/** + lib/** + recipes-** + wic/** + - name: Build a temporary yocto-builder image + uses: ./.github/actions/docker-build + with: + docker_image: yocto-builder + id: ${{ github.event.number }} + if: steps.changed-files-specific.outputs.any_changed == 'true' + - name: Build the image + run: | + docker run --rm \ + -v "$GITHUB_WORKSPACE:/work:ro" \ + -v "$DL_DIR:$DL_DIR:rw" \ + -v "$SSTATE_DIR:$SSTATE_DIR:rw" \ + --env "BASE_REF=$GITHUB_BASE_REF" \ + --env "MACHINE=${{ matrix.machine }}" \ + --env "DISTRO=${{ matrix.distro }}" \ + --env "IMAGE=${{ matrix.image }}" \ + --env "DL_DIR=$DL_DIR" \ + --env "SSTATE_DIR=$SSTATE_DIR" \ + "yocto-builder-${{ github.event.number }}" \ + /entrypoint-build.sh + if: steps.changed-files-specific.outputs.any_changed == 'true' + - name: Cleanup temporary docker image + uses: ./.github/actions/docker-clean-image + with: + docker_image: yocto-builder-${{ github.event.number }} + if: always() + - name: Cleanup dangling docker images + uses: ./.github/actions/docker-clean-dangling + if: always() diff --git a/.github/workflows/yocto-layer.yml b/.github/workflows/yocto-layer.yml new file mode 100644 index 0000000..fa11815 --- /dev/null +++ b/.github/workflows/yocto-layer.yml @@ -0,0 +1,57 @@ +# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com> +# +# SPDX-License-Identifier: MIT + +--- + +name: Yocto Compatible + +on: + pull_request: + +jobs: + yocto-check-layer: + name: Validate with yocto-check-layer + runs-on: [self-hosted, Linux] + steps: + - name: Checkout the code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Define Yocto build files + id: changed-files-specific + uses: tj-actions/changed-files@v24 + with: + files: | + .github/actions/** + .github/workflows/docker-images/yocto-builder/** + .github/workflows/docker-images/*.sh + .github/workflows/yocto-builds.yml + classes/** + conf/** + dynamic-layers/** + files/** + lib/** + recipes-** + wic/** + - name: Build a temporary yocto-builder image + uses: ./.github/actions/docker-build + with: + docker_image: yocto-builder + id: ${{ github.event.number }} + if: steps.changed-files-specific.outputs.any_changed == 'true' + - name: Run yocto-check-layer + run: | + docker run --rm -v "$GITHUB_WORKSPACE:/work:ro" \ + --env "BASE_REF=$GITHUB_BASE_REF" \ + "yocto-builder-${{ github.event.number }}" \ + /entrypoint-yocto-check-layer.sh + if: steps.changed-files-specific.outputs.any_changed == 'true' + - name: Cleanup temporary docker image + uses: ./.github/actions/docker-clean-image + with: + docker_image: yocto-builder-${{ github.event.number }} + if: always() + - name: Cleanup dangling docker images + uses: ./.github/actions/docker-clean-dangling + if: always() |