-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Upon pushing a tag with the name "v*", this workflow will now: 1. build and execute all tests for both make and cmake 2. run all static analysis and formatting checks Assuming successful execution of the above: 3. build RPMs for fedora, el, suse for both x86_64 and ppc64le 4. build a static binaries for x86_64 and ppc64le Assuming successful execution of the above: 5. generate a new release in GitHub, and attach all the build artifacts New build targets can be added to the build matrix in the release.yml workflow, though some additional work may be needed to support a new distro target (e.g. adding debian-based distros will need their own build script) Signed-off-by: Eric Richter <[email protected]>
- Loading branch information
1 parent
ffc7349
commit a180a56
Showing
5 changed files
with
178 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
name: Generate Release | ||
|
||
on: | ||
push: | ||
tags: | ||
- "v*" | ||
|
||
permissions: | ||
contents: write | ||
|
||
jobs: | ||
tests: | ||
uses: ./.github/workflows/build_test.yml | ||
|
||
static: | ||
uses: ./.github/workflows/format_static.yml | ||
|
||
rpmbuild: | ||
runs-on: ubuntu-latest | ||
needs: ["tests", "static"] | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
arch: ["x86_64", "ppc64le"] | ||
image: | ||
- "almalinux:8" | ||
- "almalinux:9" | ||
- "fedora:37" | ||
- "fedora:38" | ||
- "fedora:rawhide" | ||
- "opensuse/leap:15" | ||
- "opensuse/tumbleweed:latest" | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
submodules: 'recursive' | ||
|
||
- name: prepare qemu | ||
uses: docker/setup-qemu-action@v2 | ||
with: | ||
platforms: "${{ matrix.arch }}" | ||
|
||
- run: echo IMAGE_NAME=$(echo ${{ matrix.image }} | sed "s/:/_/g")-${{ matrix.arch }} >> $GITHUB_ENV | ||
|
||
- name: build docker image | ||
run: docker build -t ${IMAGE_NAME} --platform linux/${{ matrix.arch }} --build-arg="BUILD_IMAGE=${{ matrix.image }}" -f ci/Dockerfile . | ||
|
||
- name: run docker build | ||
run: docker run -t --platform linux/${{ matrix.arch }} -v $(pwd):/build ${IMAGE_NAME} bash -c "cd build && ci/build-rpm.sh" | ||
|
||
- name: upload rpms | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: ${{ matrix.arch }} | ||
path: rpms/* | ||
|
||
staticbuild: | ||
runs-on: ubuntu-latest | ||
needs: ["tests", "static"] | ||
strategy: | ||
fail-fast: true | ||
matrix: | ||
arch: ["x86_64", "ppc64le"] | ||
|
||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
submodules: 'recursive' | ||
|
||
- uses: docker/setup-qemu-action@v2 | ||
with: | ||
platforms: "${{ matrix.arch }}" | ||
|
||
- name: build docker image | ||
run: docker build -t alpine-${{ matrix.arch }} --platform linux/${{ matrix.arch }} -f ci/Dockerfile.alpine . | ||
|
||
- name: run docker build | ||
run: docker run -t --platform linux/${{ matrix.arch }} -v $(pwd):/build -e ARCH=${{ matrix.arch }} alpine-${{ matrix.arch }} bash -c "cd build && ci/build-static.sh" | ||
|
||
- name: upload rpms | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: static | ||
path: secvarctl.${{ matrix.arch }} | ||
|
||
release: | ||
runs-on: ubuntu-latest | ||
needs: ["rpmbuild", "staticbuild"] | ||
steps: | ||
- name: download rpms | ||
uses: actions/download-artifact@v3 | ||
|
||
- name: generate release | ||
uses: softprops/action-gh-release@v1 | ||
with: | ||
prerelease: ${{ contains(github.ref_name, '-') }} | ||
files: | | ||
*/*.rpm | ||
static/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
ARG BUILD_IMAGE | ||
FROM ${BUILD_IMAGE} | ||
ARG BUILD_IMAGE | ||
ARG RPMS="cmake openssl openssl-devel gcc rpm-build" | ||
|
||
# Ensure BUILD_IMAGE is set, fail the container build otherwise | ||
RUN if [[ -z "${BUILD_IMAGE}" ]]; then exit 1; fi | ||
|
||
# Install the dependencies for the given image | ||
RUN if [[ "${BUILD_IMAGE}" == *"fedora"* ]]; then dnf install -y ${RPMS}; fi | ||
RUN if [[ "${BUILD_IMAGE}" == *"almalinux"* ]]; then yum install -y ${RPMS}; fi | ||
RUN if [[ "${BUILD_IMAGE}" == *"opensuse"* ]]; then zypper install -y ${RPMS}; fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
FROM alpine:latest | ||
RUN apk add gcc make libc-dev openssl-dev openssl-libs-static argp-standalone bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
#!/bin/bash | ||
|
||
RPMBUILD_ROOT=$(rpmbuild -E %_topdir) | ||
|
||
# Get version for rpmbuild tarball generation | ||
# Ignore the extra version string, it's not needed for tarball generation | ||
source VERSION | ||
SECVARCTL_VERSION=${SECVARCTL_VERSION%${SECVARCTL_VERSION_EXTRA}} | ||
|
||
set -e | ||
|
||
# Generate source tarball | ||
ln -s . secvarctl-${SECVARCTL_VERSION} | ||
tar czf secvarctl-${SECVARCTL_VERSION}.tar.gz secvarctl-${SECVARCTL_VERSION}/* | ||
mkdir -p ${RPMBUILD_ROOT}/SOURCES | ||
cp secvarctl-${SECVARCTL_VERSION}.tar.gz ${RPMBUILD_ROOT}/SOURCES | ||
|
||
# Run Build | ||
if [[ "x86_64" == $(uname -m) ]]; then | ||
# Only one srpm is needed, so just arbitrarily pick the faster x86_64 build to do it | ||
rpmbuild -ba secvarctl.spec | ||
else | ||
rpmbuild -bb secvarctl.spec | ||
fi | ||
|
||
# Move generated RPMs out of container | ||
mkdir -p rpms | ||
cp ${RPMBUILD_ROOT}/RPMS/*/*.rpm rpms/ | ||
if [[ "x86_64" == $(uname -m) ]]; then | ||
# Only the x86_64 build generates the srpm, same for all arches | ||
cp ${RPMBUILD_ROOT}/SRPMS/*.rpm rpms/ | ||
fi | ||
|
||
# SUSE rpms don't appear to insert a distro tag, so invent one | ||
source /etc/os-release | ||
|
||
function rename_rpm { | ||
cd rpms/ | ||
for rpm in *.rpm; do | ||
# This feels kind of fragile, if this ever breaks it should be updated | ||
NEW="$(echo $rpm | cut -d . -f -2).$1.$(echo $rpm | cut -d . -f 3-)" | ||
mv $rpm $NEW | ||
done | ||
cd - | ||
} | ||
|
||
case $ID in | ||
opensuse-tumbleweed) | ||
rename_rpm stw | ||
;; | ||
|
||
opensuse-leap) | ||
rename_rpm "s$(echo $VERSION | cut -d . -f 1)" | ||
;; | ||
|
||
esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/sh | ||
|
||
if [[ -z "${ARCH}" ]]; then | ||
echo "ARCH is not set to a valid architecture" | ||
exit 1 | ||
fi | ||
|
||
make STATIC=1 LDFLAGS=-largp | ||
cp bin/secvarctl secvarctl.${ARCH} |