| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement a GitHub Actions workflow for automated project releases.
The workflow triggers on Git tags, ensuring that a GitHub release is
created whenever a new tag is pushed.
That new release is going to be created in draft and pre-release mode
and needs to be manually promoted to the proper release, once its
decided, that its good enough and prepared.
This is a start of a streamlined and consistent release process for
GitHub, reducing manual intervention.
Acked-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 280d9dd75874ef4c4e2407366eda987cda8efd25)
|
|
|
|
|
|
|
|
| |
Provide new required secret for S3 endpoint and bucket name to permit an
easier migration to new services.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 881235c713fae8692190178561af4eb2dee4ead1)
|
|
|
|
|
|
|
| |
Generilize S3 secret keys and rename to make them not platform specific.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f98dc5aa43e9d84b8ceef9414fd4f92e05c418d7)
|
|
|
|
|
|
|
|
| |
Drop unused reusable workflow and dockerfiles now that we moved them to
a dedicated repository.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 14293dd901e5fdb0fd242945b5916ccbb33ab328)
|
|
|
|
|
|
|
|
|
| |
Migrate each workflow to use reusable workflow from dedicated repo to
skip pushing CI related commits to openwrt and better track versioning
of CI workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 38cc09165fd11caa9599d960280bd91dbaba7a62)
|
|
|
|
|
|
|
|
| |
Now that we build also core packages, we need more host tools. Compile
all of them to reduce compile time on other actions.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit de9955a62f6aab6eafb2cfdffc4829ee97e69c04)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support to label-kernel for compiling testing kernel version and
check patches. To trigger this special build appent :testing to the
normal label.
Example:
- ci:kernel:ipq806x:generic:testing
Test will fail if the requested target doesn't have a defined kernel
testing version.
Also add support for testing all target and subtarget. To trigger this
some special pattern are added:
- ci:kernel:all:all
Trigger test for all target and subtarget
- ci:kernel:all:first
Trigger test for all target and the first subtarget in alphabetical
order for the target.
With these special case :testing can also be used and every target and
subtarget that supports kernel testing version will be selected:
- ci:kernel:all:all:testing
Trigger test for all target and subtarget that have a kernel testing
version defined.
- ci:kernel:all:first:testing
Trigger test for all target and the first subtarget in alphabetical
order for the target that, if they have a kernel testing version
defined.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 218deba503f38e2f44f5012baf96af91b3e00c6a)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CDNs are known to ship outdated or corrupted files, if it unpacks
correctly, it necessarily doesn't mean, that we're using the desired
content. So lets fix it by checking the tarball as well.
I'm adding GPG checking explicitly, its not needed, but just double
checking, that everything is working as expected on build
infrastructure.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 95dde523297c652072ee96ac32d22912a43ef761)
|
|
|
|
|
|
|
|
|
| |
Its being used by buildbot workers, adds g++-multilib to fix node
cross-compilation from a 64-bit build machine to 32-bit host.
References: https://github.com/openwrt/buildbot/pull/7
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 567784127e92ba6f9291adb1a546f567e50d9850)
|
|
|
|
|
|
|
|
| |
Test each subtarget on push events to improve testing and to refresh
ccache of each subtarget.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5bafc4352fb543c03389b6237f0e2fe327f328fa)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for getting ccache cache from S3.
ccache is archieved in a tar and downloaded from S3 Cloud Storage.
For push events, ccache is then uplodaed back to S3 to refresh and have
a ccache cache always fresh.
An additional workflow is added to upload files to an S3 Cloud Storage
from artifacts uplodaed to github. The minio tool is used to upload
files to S3.
If the ccache can't be downloaded from s3, we fallback to github cache
system.
Also limit s3 upload to the openwrt repository since external fork won't
have (obviously) the required secrtes to upload data to the S3 Cloud
Storage.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ebbc806d30502ff003ae7a19098c6afaaf1295a5)
|
|
|
|
|
|
|
|
|
|
| |
Limit ccache cache save/delete only on push events. Saving ccache
cache for pull request will result in bloat and refreshing ccache is not
possible due to security measure on enforcing read permission on
pull_request events.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ff66a7c1c0f012324c0d2d90f047e6976c4fba11)
|
|
|
|
|
|
|
|
| |
Disable ccache usage for coverity workflow as it may cause side effect
in the produced bins.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 2129ee1879f564a9992a6761d4c9e77077c48e95)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CCache cache is currently broken due to a funny bug in ccache compiler
type detection. It seems ccache compiler type detection is very fragile
and with the use of external toolchain doesn't correctly detect the
type.
The type detected is set to other instead of gcc resulting in ccache
complaining for unsupported compiler options.
To handle this problem, force the compiler type to gcc to make ccache
correctly work and speedup compilation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ae7b05328cf471780de8559fba845c4b564e059e)
|
|
|
|
|
|
|
|
|
| |
Add new input to define custom ccache cache type. This is useful to use
a different ccache cache for some special workflow that may do more test
than simple kernel compilation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 07b52a8a25f261e3cee03f4980e4bc868e9ee5cc)
|
|
|
|
|
|
|
|
|
| |
Add option to disable use of ccache. This can be useful for some
sensible test that should not use ccache as they can cause side effects
of any sort. (example Coverity Scan)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b9a41c1e84067bcc63aac633b72e7dc808bfe6fe)
|
|
|
|
|
|
|
|
|
|
|
| |
Github Actions cache doesn't permit to overwrite cache if it does
already exist. As a trick to refresh and have fresh ccache pool,
delete the ccache cache if it does exist with the help of Github REST
API. An additional permission is needed to access this API. Add this
permittion to each user of the build workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 203cc0a7ef0bbf3b5a19db3caa96e91963ec154c)
|
|
|
|
|
|
|
|
|
|
| |
Split caching ccache in separate restore and save jobs to always refresh
the ccache across different runs. Currently if a key is restored, cache
is not saved resulting in a less useful ccache that benefits from
multiple runs.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6321361c6b13a37b0cfa279a51a0cf8239a7852c)
|
|
|
|
|
|
|
|
|
|
|
| |
Due to problem with migrating from master to main as the default branch
and downstream project still requiring the master branch to be present,
we currently have for push events double CI runs, one for main and one
for master. To solve this ignore any push event to the master branch for
every workflow that react on push events.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f5a5ce8822e9add9627ecb6ea289c8de2b8a76a9)
|
|
|
|
|
|
|
|
| |
Add support to use container included external toolchain and skip
redownloading external sdk for each test.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0fe5776f4a79a2b095912e258738e3203207e9dd)
|
|
|
|
|
|
|
|
| |
Build and push container with external toolchain embedded in the
container image.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit e1370cdd497a07612413106d707973155ad3004b)
|
|
|
|
|
|
|
|
|
|
|
| |
Add checks to test if toolchain container can be used.
This is to handle case of new target or migration of any sort.
If the toolchain container can't be found, the tools container is used
instead.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 23a5c715a9296e828be5c32eadf68eacdb326a0a)
|
|
|
|
|
|
|
|
| |
Add option to configure container to use for build test.
By default the tools container is used if no option is provided.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 803b0110485a12c1119a51044d17979795ede966)
|
|
|
|
|
|
|
| |
Package external toolchain after correct build.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ce2e7c52f8ebc7ea92a1436ee2dbeecf149132dc)
|
|
|
|
|
|
|
|
|
|
| |
Drop redundant generare ccache hash job as that can be done by
integrated github expressions to generate an hash.
The only change is that the integrated way generate a sha256 hash
instead of an md5 sum.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 457f6b0b9c07772f529a9714a974f3eb74f9b99d)
|
|
|
|
|
|
|
| |
Refresh containers also on modify of cmake options in the include file.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b40c0b54bde81243974cada51cb9a44736c773b3)
|
|
|
|
|
|
|
|
| |
Fix concurrency group for push-containers workflow to handle running on
different branches.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 4c2eab1c27defd154adcd0c4454248112815ffcc)
|
|
|
|
|
|
|
| |
Add support for 'sifiveu' target and its specific packages in labeler.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 92b8b18c2685e9e509d2b8b797de7e03424d17d1)
|
|
|
|
|
|
|
| |
The armvirt target has been renamed to armsr.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 3df01b1aa40a8e783dbbebdbe6088a49aed186f8)
|
|
|
|
|
|
|
|
|
| |
Use toolchain container for label workflow to skip downloading external
toolchain from openwrt servers.
Fixes: 0fe5776f4a79 ("CI: build: Add support to use container included external toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 66fd0aa6efac3690fdc46c94a4657faacf3070dd)
|
|
|
|
|
|
|
|
|
|
| |
Don't add "" in target and subtarget for label workflow from label
detection as it does cause problem in build workflow on container
target/subtarget matching.
Fixes: bf8187d5dc4d ("CI: use split target and subtarget in label workflow")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1fa84354a963eb71eca9e67a1fc7f99a53016a5c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 1cb8cdb ("ci: use new buildbot worker images with Debian 11")
introduced new Git version with strict rules for owner of the git
directory.
To handle this and not cause major change, just move the parsing before
the change of ownership of the openwrt directory permitting the correct
run of git fetch command with the same user that did the repository
checkout.
Fixes: 1cb8cdb ("ci: use new buildbot worker images with Debian 11")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0063e71d66766818fba286efe2a0ed8746c265e5)
|
|
|
|
|
|
|
|
|
|
| |
Commit bf8187d5dc4d ("CI: use split target and subtarget in label
workflow") didn't correctly output subtarget resulting in calling with
an empty subtarget. Fix this and correctly output generated subtarget.
Fixes: bf8187d5dc4d ("CI: use split target and subtarget in label workflow")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 8aa5a860101cc3f8d35ca968746320495c4b469e)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With eecc6e48117b ("CI: rework build workflow to have split target and
subtarget directly") target and subtarget are split in 2 different
variables. Label workflow were not aligned to this change and are
currently broken.
Fix them and correctly pass split target and subtarget.
Fixes: eecc6e48117b ("CI: rework build workflow to have split target and subtarget directly")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit bf8187d5dc4d4bbb23770955744bca1787f32ac0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of referring to a redundant job and ENV variables, rework build
workflow to accept and require split target and subtarget and use them
directly from inputs.
Rework each user and pass a JSON of tuple to matrix include with each
target/subtarget combination to test. Special notice this doesn't use
the github actions matrix combination feature but reference each
specific tuple of target and subtarget to test.
Just a cleanup no behaviour change intended.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit eecc6e48117be26c2eefd9257cceb9d9b1e842f2)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use buildbot user on git diff check instead of using git config
safe directory.
This should accomplish the same result but should be a better approach
following safe practice enforced by git.
Fixes: a7747e8670cb ("ci: fix check kernel patches job")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c80a578a4428c81fd92e0a2abe95dacfa20c008)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
| |
Currently all 23.05 related CI jobs are failing as the containers are
not available, so lets fix it by pushing those containers when the
version.mk changes.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8fc2a0f00f7f62ded3c849e78742c3d87d52ec91)
|
|
|
|
|
|
|
| |
In order to prevent regressions like with #12617.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 71ca2a31546d5f14faac03838bf700cf22f85215)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the check fails due to the following error:
warning: Not a git repository. Use --no-index to compare two paths outside a working tree
usage: git diff --no-index [<options>] <path> <path>
Thats likely caused by commit 1cb8cdbf0723 ("ci: use new buildbot worker
images with Debian 11") which contains a patched Git version with CVE
security fixes introduced in DLA-3239-2:
Multiple issues were found in Git, a distributed revision control
system. An attacker may cause other local users into executing arbitrary
commands, leak information from the local filesystem, and bypass
restricted shell.
Note: Due to new security checks, access to repositories owned and
accessed by different local users may now be rejected by Git; in case
changing ownership is not practical, git displays a way to bypass these
checks using the new "safe.directory" configuration entry.
So lets opt-out of this new behavior by setting `safe.directory=*` and
thus force Git to consider all Git repositories as safe regardless of
their owner, since we need to trust those sources anyway and it should
be likely more robust solution, then fiddling with filesystem
permissions.
Fixes: 1cb8cdbf0723 ("ci: use new buildbot worker images with Debian 11")
References: https://www.debian.org/lts/security/2022/dla-3239-2
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
| |
Debian 10 LTS support ends on 6/2024, so it makes no sense to use it as
a base for 23.05 release, so lets switch to Debian 11 which should've
LTS support till 6/2026.
References: https://github.com/openwrt/buildbot/commit/f2744543fa8027117b254ba2f4fa4366149d5bfb
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
| |
Coverity Scan is a static code analysis service focused on open source
software quality and security, so lets scan various OpenWrt components
every Friday for the start.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
| |
Upload proposed refreshed patches if the check fails.
This should help devs refresh the patches if they don't have access to a
buildroot.
Devs should ALWAYS refresh the patches before submitting and merging
commits.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Our buildbot build a different external toolchain/sdk for each build.
This cause the idea of using the tar hash to cache it broken and wrong.
This makes the github cache bloated and remove space for ccache cache.
Drop cache for external toolchain/sdk as the feature is broken and cause
problems to ccache cache.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
|
|
|
|
|
| |
Reduce testing time by skipping subtarget test on non-specific target
test.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use openwrt official tools container by default.
Fork will use openwrt tools container by default.
This can be disabled by setting the option use_openwrt_container to
false for the build.yml and check-kernel-patches.yml.
The push-containers workflow is disabled on forks. The workflow can be
reenabled by commenting the condition in push-containers.yml.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current job triggers based on matching of changed paths is quite
limited, so lets make it possible to additionally trigger manual CI jobs
by adding CI specific pull request build labels:
* `ci:target:x86:64` label is going to trigger CI target check jobs for
x86/64 (sub)target.
* `ci:kernel:x86:64` label is going to trigger CI kernel check jobs for
x86/64 (sub)target.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
| |
We may find in a situation where due the queue an old run finish after
the last run, resulting in the containers getting overwritten with an
old version.
Limit the push-containers workflow to one concurrent run and cancel any
run in progress.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Directly copy prebuilt tools in container instead of creating an
archieve and extracting it later in other workflows.
Update build workflow to support this new implementation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
|
|
|
|
|
| |
We can now drop the dl dir in the prebuilt tools tar as package archieve
is not a requirement anymore and won't trigger a package recompile.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
|
|
|
|
|
| |
This used to be implicit. No longer for some reason.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|