diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..65e9631 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,99 @@ +name: Generate Release + +on: + push: + tags: + - "v*" + +permissions: + contents: write + +jobs: + tests: + uses: ./.github/workflows/build_test.yml + + static: + uses: ./.github/workflows/format_static.yml + + rpmbuild: + runs-on: ubuntu-latest + needs: ["tests", "static"] + strategy: + fail-fast: false + matrix: + arch: ["x86_64", "ppc64le"] + image: + - "almalinux:8" + - "almalinux:9" + - "fedora:37" + - "fedora:38" + - "fedora:rawhide" + - "opensuse/leap:15" + - "opensuse/tumbleweed:latest" + steps: + - uses: actions/checkout@v3 + with: + submodules: 'recursive' + + - name: prepare qemu + uses: docker/setup-qemu-action@v2 + with: + platforms: "${{ matrix.arch }}" + + - run: echo IMAGE_NAME=$(echo ${{ matrix.image }} | sed "s/:/_/g")-${{ matrix.arch }} >> $GITHUB_ENV + + - name: build docker image + run: docker build -t ${IMAGE_NAME} --platform linux/${{ matrix.arch }} --build-arg="BUILD_IMAGE=${{ matrix.image }}" -f ci/Dockerfile . + + - name: run docker build + run: docker run -t --platform linux/${{ matrix.arch }} -v $(pwd):/build ${IMAGE_NAME} bash -c "cd build && ci/build-rpm.sh" + + - name: upload rpms + uses: actions/upload-artifact@v3 + with: + name: ${{ matrix.arch }} + path: rpms/* + + staticbuild: + runs-on: ubuntu-latest + needs: ["tests", "static"] + strategy: + fail-fast: true + matrix: + arch: ["x86_64", "ppc64le"] + + steps: + - uses: actions/checkout@v3 + with: + submodules: 'recursive' + + - uses: docker/setup-qemu-action@v2 + with: + platforms: "${{ matrix.arch }}" + + - name: build docker image + run: docker build -t alpine-${{ matrix.arch }} --platform linux/${{ matrix.arch }} -f ci/Dockerfile.alpine . + + - name: run docker build + run: docker run -t --platform linux/${{ matrix.arch }} -v $(pwd):/build -e ARCH=${{ matrix.arch }} alpine-${{ matrix.arch }} bash -c "cd build && ci/build-static.sh" + + - name: upload rpms + uses: actions/upload-artifact@v3 + with: + name: static + path: secvarctl.${{ matrix.arch }} + + release: + runs-on: ubuntu-latest + needs: ["rpmbuild", "staticbuild"] + steps: + - name: download rpms + uses: actions/download-artifact@v3 + + - name: generate release + uses: softprops/action-gh-release@v1 + with: + prerelease: ${{ contains(github.ref_name, '-') }} + files: | + */*.rpm + static/* \ No newline at end of file diff --git a/ci/Dockerfile b/ci/Dockerfile new file mode 100644 index 0000000..c61c9af --- /dev/null +++ b/ci/Dockerfile @@ -0,0 +1,12 @@ +ARG BUILD_IMAGE +FROM ${BUILD_IMAGE} +ARG BUILD_IMAGE +ARG RPMS="cmake openssl openssl-devel gcc rpm-build" + +# Ensure BUILD_IMAGE is set, fail the container build otherwise +RUN if [[ -z "${BUILD_IMAGE}" ]]; then exit 1; fi + +# Install the dependencies for the given image +RUN if [[ "${BUILD_IMAGE}" == *"fedora"* ]]; then dnf install -y ${RPMS}; fi +RUN if [[ "${BUILD_IMAGE}" == *"almalinux"* ]]; then yum install -y ${RPMS}; fi +RUN if [[ "${BUILD_IMAGE}" == *"opensuse"* ]]; then zypper install -y ${RPMS}; fi diff --git a/ci/Dockerfile.alpine b/ci/Dockerfile.alpine new file mode 100644 index 0000000..bc50958 --- /dev/null +++ b/ci/Dockerfile.alpine @@ -0,0 +1,2 @@ +FROM alpine:latest +RUN apk add gcc make libc-dev openssl-dev openssl-libs-static argp-standalone bash diff --git a/ci/build-rpm.sh b/ci/build-rpm.sh new file mode 100755 index 0000000..0d25144 --- /dev/null +++ b/ci/build-rpm.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +RPMBUILD_ROOT=$(rpmbuild -E %_topdir) + +# Get version for rpmbuild tarball generation +# Ignore the extra version string, it's not needed for tarball generation +source VERSION +SECVARCTL_VERSION=${SECVARCTL_VERSION%${SECVARCTL_VERSION_EXTRA}} + +set -e + +# Generate source tarball +ln -s . secvarctl-${SECVARCTL_VERSION} +tar czf secvarctl-${SECVARCTL_VERSION}.tar.gz secvarctl-${SECVARCTL_VERSION}/* +mkdir -p ${RPMBUILD_ROOT}/SOURCES +cp secvarctl-${SECVARCTL_VERSION}.tar.gz ${RPMBUILD_ROOT}/SOURCES + +# Run Build +if [[ "x86_64" == $(uname -m) ]]; then + # Only one srpm is needed, so just arbitrarily pick the faster x86_64 build to do it + rpmbuild -ba secvarctl.spec +else + rpmbuild -bb secvarctl.spec +fi + +# Move generated RPMs out of container +mkdir -p rpms +cp ${RPMBUILD_ROOT}/RPMS/*/*.rpm rpms/ +if [[ "x86_64" == $(uname -m) ]]; then + # Only the x86_64 build generates the srpm, same for all arches + cp ${RPMBUILD_ROOT}/SRPMS/*.rpm rpms/ +fi + +# SUSE rpms don't appear to insert a distro tag, so invent one +source /etc/os-release + +function rename_rpm { + cd rpms/ + for rpm in *.rpm; do + # This feels kind of fragile, if this ever breaks it should be updated + NEW="$(echo $rpm | cut -d . -f -2).$1.$(echo $rpm | cut -d . -f 3-)" + mv $rpm $NEW + done + cd - +} + +case $ID in + opensuse-tumbleweed) + rename_rpm stw + ;; + + opensuse-leap) + rename_rpm "s$(echo $VERSION | cut -d . -f 1)" + ;; + +esac \ No newline at end of file diff --git a/ci/build-static.sh b/ci/build-static.sh new file mode 100755 index 0000000..6c10e78 --- /dev/null +++ b/ci/build-static.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +if [[ -z "${ARCH}" ]]; then + echo "ARCH is not set to a valid architecture" + exit 1 +fi + +make STATIC=1 LDFLAGS=-largp +cp bin/secvarctl secvarctl.${ARCH} \ No newline at end of file