aboutsummaryrefslogtreecommitdiff
path: root/.github/workflows
Commit message (Collapse)AuthorAge
* CI: build: drop redundant generate ccache hash jobChristian Marangi2023-05-31
| | | | | | | | | Drop redundant generare ccache hash job as that can be done by integrated github expressions to generate an hash. The only change is that the integrated way generate a sha256 hash instead of an md5 sum. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: use toolchain container for label workflowChristian Marangi2023-05-28
| | | | | | | | Use toolchain container for label workflow to skip downloading external toolchain from openwrt servers. Fixes: 0fe5776f4a79 ("CI: build: Add support to use container included external toolchain") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: don't add "" in target and subtarget for label workflowChristian Marangi2023-05-27
| | | | | | | | | Don't add "" in target and subtarget for label workflow from label detection as it does cause problem in build workflow on container target/subtarget matching. Fixes: bf8187d5dc4d ("CI: use split target and subtarget in label workflow") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: fix parse toolchain step failing for git strict rulesChristian Marangi2023-05-25
| | | | | | | | | | | | | | Commit 1cb8cdb ("ci: use new buildbot worker images with Debian 11") introduced new Git version with strict rules for owner of the git directory. To handle this and not cause major change, just move the parsing before the change of ownership of the openwrt directory permitting the correct run of git fetch command with the same user that did the repository checkout. Fixes: 1cb8cdb ("ci: use new buildbot worker images with Debian 11") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: correctly output subtarget in label workflowChristian Marangi2023-05-25
| | | | | | | | | Commit bf8187d5dc4d ("CI: use split target and subtarget in label workflow") didn't correctly output subtarget resulting in calling with an empty subtarget. Fix this and correctly output generated subtarget. Fixes: bf8187d5dc4d ("CI: use split target and subtarget in label workflow") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: use split target and subtarget in label workflowChristian Marangi2023-05-25
| | | | | | | | | | | | With eecc6e48117b ("CI: rework build workflow to have split target and subtarget directly") target and subtarget are split in 2 different variables. Label workflow were not aligned to this change and are currently broken. Fix them and correctly pass split target and subtarget. Fixes: eecc6e48117b ("CI: rework build workflow to have split target and subtarget directly") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: ignore master branch for push eventsChristian Marangi2023-05-25
| | | | | | | | | | Due to problem with migrating from master to main as the default branch and downstream project still requiring the master branch to be present, we currently have for push events double CI runs, one for main and one for master. To solve this ignore any push event to the master branch for every workflow that react on push events. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: Add support to use container included external toolchainChristian Marangi2023-05-23
| | | | | | | Add support to use container included external toolchain and skip redownloading external sdk for each test. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: push-containers: build and push container with external toolchainChristian Marangi2023-05-23
| | | | | | | Build and push container with external toolchain embedded in the container image. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: add checks to test if toolchain container can be usedChristian Marangi2023-05-23
| | | | | | | | | | Add checks to test if toolchain container can be used. This is to handle case of new target or migration of any sort. If the toolchain container can't be found, the tools container is used instead. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: add option to configure container to useChristian Marangi2023-05-23
| | | | | | | Add option to configure container to use for build test. By default the tools container is used if no option is provided. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: package external toolchain after buildChristian Marangi2023-05-23
| | | | | | Package external toolchain after correct build. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* ci: push-containers: trigger job on release branchingPetr Štetiar2023-05-23
| | | | | | | | Currently all 23.05 related CI jobs are failing as the containers are not available, so lets fix it by pushing those containers when the version.mk changes. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ci: tools: run the job on changes in include directory as wellPetr Štetiar2023-05-23
| | | | | | In order to prevent regressions like with #12617. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* CI: rework build workflow to have split target and subtarget directlyChristian Marangi2023-05-22
| | | | | | | | | | | | | | | Instead of referring to a redundant job and ENV variables, rework build workflow to accept and require split target and subtarget and use them directly from inputs. Rework each user and pass a JSON of tuple to matrix include with each target/subtarget combination to test. Special notice this doesn't use the github actions matrix combination feature but reference each specific tuple of target and subtarget to test. Just a cleanup no behaviour change intended. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: check-kernel-patches: use buildbot user on git diff checkChristian Marangi2023-05-22
| | | | | | | | | | | Use buildbot user on git diff check instead of using git config safe directory. This should accomplish the same result but should be a better approach following safe practice enforced by git. Fixes: a7747e8670cb ("ci: fix check kernel patches job") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* ci: fix check kernel patches jobPetr Štetiar2023-05-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the check fails due to the following error: warning: Not a git repository. Use --no-index to compare two paths outside a working tree usage: git diff --no-index [<options>] <path> <path> Thats likely caused by commit 1cb8cdbf0723 ("ci: use new buildbot worker images with Debian 11") which contains a patched Git version with CVE security fixes introduced in DLA-3239-2: Multiple issues were found in Git, a distributed revision control system. An attacker may cause other local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell. Note: Due to new security checks, access to repositories owned and accessed by different local users may now be rejected by Git; in case changing ownership is not practical, git displays a way to bypass these checks using the new "safe.directory" configuration entry. So lets opt-out of this new behavior by setting `safe.directory=*` and thus force Git to consider all Git repositories as safe regardless of their owner, since we need to trust those sources anyway and it should be likely more robust solution, then fiddling with filesystem permissions. Fixes: 1cb8cdbf0723 ("ci: use new buildbot worker images with Debian 11") References: https://www.debian.org/lts/security/2022/dla-3239-2 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ci: use new buildbot worker images with Debian 11Petr Štetiar2023-05-15
| | | | | | | | | Debian 10 LTS support ends on 6/2024, so it makes no sense to use it as a base for 23.05 release, so lets switch to Debian 11 which should've LTS support till 6/2026. References: https://github.com/openwrt/buildbot/commit/f2744543fa8027117b254ba2f4fa4366149d5bfb Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ci: add Coverity Scan scheduled workflowPetr Štetiar2023-04-26
| | | | | | | | Coverity Scan is a static code analysis service focused on open source software quality and security, so lets scan various OpenWrt components every Friday for the start. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* CI: check-kernel-patches: upload proposed refreshed patchesChristian Marangi2023-04-22
| | | | | | | | | | | Upload proposed refreshed patches if the check fails. This should help devs refresh the patches if they don't have access to a buildroot. Devs should ALWAYS refresh the patches before submitting and merging commits. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: disable cache of external toolchain/sdkChristian Marangi2023-03-22
| | | | | | | | | | | Our buildbot build a different external toolchain/sdk for each build. This cause the idea of using the tar hash to cache it broken and wrong. This makes the github cache bloated and remove space for ccache cache. Drop cache for external toolchain/sdk as the feature is broken and cause problems to ccache cache. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: kernel: skip subtarget test on non-specific target testChristian Marangi2023-03-22
| | | | | | | Reduce testing time by skipping subtarget test on non-specific target test. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: use openwrt official tools container by defaultChristian Marangi2023-01-31
| | | | | | | | | | | | | Use openwrt official tools container by default. Fork will use openwrt tools container by default. This can be disabled by setting the option use_openwrt_container to false for the build.yml and check-kernel-patches.yml. The push-containers workflow is disabled on forks. The workflow can be reenabled by commenting the condition in push-containers.yml. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* ci: allow custom kernel and target jobs based on labelsPetr Štetiar2023-01-27
| | | | | | | | | | | | | | Current job triggers based on matching of changed paths is quite limited, so lets make it possible to additionally trigger manual CI jobs by adding CI specific pull request build labels: * `ci:target:x86:64` label is going to trigger CI target check jobs for x86/64 (sub)target. * `ci:kernel:x86:64` label is going to trigger CI kernel check jobs for x86/64 (sub)target. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* CI: push-containers: limit to one concurrent runChristian Marangi2023-01-24
| | | | | | | | | | | We may find in a situation where due the queue an old run finish after the last run, resulting in the containers getting overwritten with an old version. Limit the push-containers workflow to one concurrent run and cancel any run in progress. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: tools: directly copy prebuilt tools in containerChristian Marangi2023-01-23
| | | | | | | | | Directly copy prebuilt tools in container instead of creating an archieve and extracting it later in other workflows. Update build workflow to support this new implementation. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: tools: skip including dl dir in prebuilt tools tarChristian Marangi2023-01-23
| | | | | | | We can now drop the dl dir in the prebuilt tools tar as package archieve is not a requirement anymore and won't trigger a package recompile. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: tools: add gnu-getopt to macOS CIRosen Penev2023-01-23
| | | | | | This used to be implicit. No longer for some reason. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* CI: kernel: enable target testing also for pull request eventChristian Marangi2023-01-20
| | | | | | | | | Testing target changes was only set for push events. Enable this also for pull request events to enable testing pr making specific target changes. Fixes: 57a02cbbff5b ("CI: kernel: test each target with additional changes than target/linux") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: remove pcre from macOSRosen Penev2023-01-11
| | | | | | | ff02e1561f2073b39814f2d73205a5209471b115 added a host version of pcre for packages that need it. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* CI: remove already installed packagesRosen Penev2023-01-11
| | | | | | The GitHub image already includes these. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* CI: remove various tools from macOSRosen Penev2023-01-11
| | | | | | | | | zstd, openssl, and quilt are already built in tools/. No need to install them. The rest are unused. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* CI: kernel: test each target with additional changes than target/linuxChristian Marangi2023-01-11
| | | | | | | | | | | | Test each target if there are additional changes than target/linux. This is needed to do wide test with changes to kmods, include/kernel and changes to the workflow files. While at it also cleanup and rework the code to drop duplication. Also drop since_last_remote_commit to better track changes. Fixes: 04ada8bc4118 ("CI: kernel: build only changed targets") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: add concurrency limits for pr testChristian Marangi2023-01-11
| | | | | | | | | | | Add concurrency limits for pull request test so that on pull request refresh old jobs are cancelled. The group is created based on the github ref + workflow name and the workflow is cancelled only it it comes from a pull_request event. Push events are not affected by this limit. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: kernel: build only changed targetsChristian Marangi2023-01-11
| | | | | | | | | | Detect changes in commit and build only changed targets. If a change is related to the generic target, build test each target. The matrix json is split. For target check patch only the first subtarget is selected, for build test each target subtarget is built. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: fallback to compile toolchain if external toolchain failChristian Marangi2023-01-11
| | | | | | | | | | If for whatever reason external toolchain can't be found or downloaded, fallback to internal toolchain build. This can be useful when new target are introduced and external toolchain are not present in openwrt fileserver. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* ci: show_build_failures: fix missing output for configure failuresPetr Štetiar2023-01-09
| | | | | | | | | | | We're currently missing log output in cases where `configure` fails which returns 77 as its error code: make[3]: *** [Makefile:118: elfutils-0.188/.configured_889556d2f423f99e091beece9c8d870a] Error 77 So lets adjust the regexps so they can handle multiple digits. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* CI: build: fix external toolchain use with release tag testsChristian Marangi2023-01-04
| | | | | | | | | | | | | | When a new tag for a release is created, the just checkout repo from github actions will already have such tag locally created. This will result in git fetch --tags failing with error rejecting the remote tag with (would clobber existing tag). Add -f option to overwrite any local tags and always fetch them from remote. Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: tools: reogranize and split workflowChristian Marangi2022-12-24
| | | | | | | | | | | Generilize tools workflow for future usage in shared workflow for tools build. Split tools workflow to tools and push-containers: - tools just execute build test - push-containers build and push prebuilt containers Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: introduce target toolchain testChristian Marangi2022-12-16
| | | | | | Add test to build test toolchain for each target. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: make kernel build configurableChristian Marangi2022-12-16
| | | | | | Make kernel build configurable to permit to introduce toolchain testing. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: improve build naming for shared workflowChristian Marangi2022-12-16
| | | | | | | Impove build naming for build shared workflow to better understand what is being test. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: kernel: don't checkout and install feedsChristian Marangi2022-12-07
| | | | | | | We don't need to checkout feed and install feeds for kernel tests. This saves up to 2 minutes for each target kernel build test. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: skip sdk adapt to external toolchain on cache hitChristian Marangi2022-12-07
| | | | | | | | | | | | On cache hit, skip sdk adapt to external toolchain. This is needed because we cache the already extracted sdk and that is already adapted to be used as external toolchain. Rerunning the adap step will result in the test to fail for missing file as the file are already got wrapped to the external toolchain format. Fixes: 42f0ab028e2e ("CI: build: fix use of sdk as toolchain") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: fix use of sdk as toolchainChristian Marangi2022-12-06
| | | | | | | | | | | | | | | | | | | | | | The toolchain included in a sdk have a different format than an external toolchain tar. Since sdk is a more integrated setup doesn't use and include wrapper bin that use the external toolchain config and use an alternative and more standard way to include all the toolchain headers. External toolchain use wrapper.sh to append the configured include header when each tool is called. Fix the sdk toolchain by reverting their own sdk wrapper scripts and to simulate an external toolchain build copying what is done in the toolchain target makefile. This handle compilation error and warning caused by not using fortify header on building packages. Fixes: 006e52545d14 ("CI: build: add support to fallback to sdk for external toolchain") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: trigger check also on build and check-kernel-patches workflow changeChristian Marangi2022-12-04
| | | | | | | | | Since kernel and packages workflow now use a shared build workflow, they also need to react on changes on these shared workflow. Fix this and add these shared workflow to the event paths to check. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: fix matching for openwrt release branch for toolchain parsingChristian Marangi2022-12-04
| | | | | | | | | | | | | The current match logic doesn't handle test for push events related to stable release (example openwrt-22.03) but only fork with the related prefix (example openwrt-22.03-fixup) Fix wrong matching and while at it also add extra checks to other matching (check if the branch name actually start with the requested prefix) Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: fix matching for openwrt release branch for container selectionChristian Marangi2022-12-04
| | | | | | | | | | | | | The current match logic doesn't handle test for push events related to stable release (example openwrt-22.03) but only fork with the related prefix (example openwrt-22.03-fixup) Fix wrong matching and while at it also add extra checks to other matching (check if the branch name actually start with the requested prefix) Fixes: abe8a4824210 ("CI: build: add support for per branch tools container") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: add support to fallback to sdk for external toolchainChristian Marangi2022-12-04
| | | | | | | Add support to use sdk as external toolchain if the packaged external toolchain tar is not found on openwrt servers for build shared workflow. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* CI: build: add support for external toolchains from stable branchChristian Marangi2022-12-04
| | | | | | | | | | | | | Add support to use external toolchains from stable branch if we are testing commit targeting stable openwrt branch in kernel and packages workflow. With pr the target branch is parsed and the right toolchain is used. To use the stable toolchain for local testing the branch needs to have the prefix openwrt-[0-9][0-9].[0-9][0-9]- (example openwrt-21.02-fixup) Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>