2020-01-08 14:00:25 +00:00
|
|
|
on:
|
|
|
|
push:
|
2020-01-12 10:58:32 +00:00
|
|
|
branches:
|
|
|
|
- feature/pkg
|
|
|
|
# tags:
|
|
|
|
# - 'test'
|
2020-01-12 04:45:43 +00:00
|
|
|
# - 'v*+'
|
2020-01-08 14:00:25 +00:00
|
|
|
|
2020-01-12 09:28:31 +00:00
|
|
|
name: Create kernel release and upload binaries
|
2020-01-08 14:00:25 +00:00
|
|
|
|
2020-01-12 10:53:47 +00:00
|
|
|
env:
|
|
|
|
KEY_ID: C1F105E07DA59F2C
|
|
|
|
KEY_NAME: surface-linux
|
|
|
|
|
2020-01-08 14:00:25 +00:00
|
|
|
jobs:
|
|
|
|
build-arch:
|
2020-01-12 09:28:31 +00:00
|
|
|
name: Build Arch Linux Kernel
|
2020-01-08 14:00:25 +00:00
|
|
|
runs-on: ubuntu-latest
|
|
|
|
container: archlinux
|
|
|
|
steps:
|
|
|
|
- name: Checkout code
|
|
|
|
uses: actions/checkout@v2
|
|
|
|
|
2020-01-13 10:02:12 +00:00
|
|
|
- name: Install build dependencies
|
|
|
|
run: |
|
|
|
|
# Install makepkg deps
|
|
|
|
pacman -Sy sudo binutils fakeroot grep base-devel git --noconfirm
|
|
|
|
|
2020-01-08 14:00:25 +00:00
|
|
|
- name: Build
|
|
|
|
run: |
|
2020-01-12 04:45:43 +00:00
|
|
|
cd pkg/arch/kernel
|
2020-01-10 01:25:28 +00:00
|
|
|
|
2020-01-13 10:02:12 +00:00
|
|
|
# Fix permissions (can't makepkg as root)
|
|
|
|
echo "nobody ALL=(ALL) NOPASSWD: /usr/bin/pacman" >> /etc/sudoers
|
|
|
|
chown -R nobody .
|
2020-01-09 00:42:47 +00:00
|
|
|
|
2020-01-12 04:45:43 +00:00
|
|
|
# Package compression settings (Matches latest Arch)
|
|
|
|
export PKGEXT='.pkg.tar.zst'
|
|
|
|
export COMPRESSZST=(zstd -c -T0 --ultra -20 -)
|
|
|
|
export MAKEFLAGS="-j2"
|
|
|
|
|
2020-01-09 00:42:47 +00:00
|
|
|
# Build
|
2020-01-13 10:02:12 +00:00
|
|
|
su nobody --pty -p -s /bin/bash -c 'makepkg -f --syncdeps --skippgpcheck --noconfirm'
|
2020-01-10 01:25:28 +00:00
|
|
|
|
2020-01-12 10:53:47 +00:00
|
|
|
- name: Prepare release
|
2020-01-10 01:25:28 +00:00
|
|
|
run: |
|
2020-01-08 14:00:25 +00:00
|
|
|
mkdir release
|
2020-01-12 04:45:43 +00:00
|
|
|
mv pkg/arch/kernel/*.pkg.tar.zst release
|
2020-01-10 01:25:28 +00:00
|
|
|
|
2020-01-12 10:53:47 +00:00
|
|
|
- name: Sign packages
|
2020-01-10 01:25:28 +00:00
|
|
|
env:
|
|
|
|
GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }}
|
|
|
|
run: |
|
|
|
|
cd release
|
|
|
|
|
|
|
|
# import GPG key
|
|
|
|
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
|
|
|
export GPG_TTY=$(tty)
|
|
|
|
|
|
|
|
# sign packages
|
2020-01-12 10:53:47 +00:00
|
|
|
ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty -u $KEY_ID
|
2020-01-09 00:42:47 +00:00
|
|
|
|
2020-01-08 14:00:25 +00:00
|
|
|
- name: Upload artifacts
|
|
|
|
uses: actions/upload-artifact@v1
|
|
|
|
with:
|
|
|
|
name: arch-latest
|
|
|
|
path: release
|
2020-01-12 09:28:31 +00:00
|
|
|
|
2020-01-13 02:48:04 +00:00
|
|
|
build-debian:
|
|
|
|
name: Build Debian Kernel
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
container: debian:sid
|
|
|
|
steps:
|
|
|
|
- name: Checkout code
|
|
|
|
uses: actions/checkout@v2
|
|
|
|
|
|
|
|
- name: Install build dependencies
|
|
|
|
run: |
|
|
|
|
sed 's/^deb /deb-src /' /etc/apt/sources.list >> /etc/apt/sources.list
|
|
|
|
apt-get -y update
|
2020-01-13 10:02:12 +00:00
|
|
|
apt-get -y install build-essential fakeroot rsync git wget python3-debian dpkg-sig
|
2020-01-13 02:48:04 +00:00
|
|
|
apt-get -y build-dep linux
|
|
|
|
|
|
|
|
- name: Build
|
|
|
|
env:
|
|
|
|
PACKAGE_VERSION: 5.4.8-1
|
|
|
|
run: |
|
|
|
|
cd pkg/debian
|
|
|
|
|
|
|
|
export KERNEL_VERSION=${PACKAGE_VERSION%-*}
|
2020-01-14 10:07:28 +00:00
|
|
|
export FLAVOR=amd64_none_amd64
|
2020-01-13 02:48:04 +00:00
|
|
|
|
|
|
|
# download sources
|
|
|
|
wget https://cdn.kernel.org/pub/linux/kernel/v${KERNEL_VERSION%%.*}.x/linux-$KERNEL_VERSION.tar.xz
|
|
|
|
git clone -b "debian/$PACKAGE_VERSION" --depth 1 --single-branch https://salsa.debian.org/kernel-team/linux.git
|
|
|
|
|
|
|
|
cd linux
|
|
|
|
|
2020-01-14 13:19:24 +00:00
|
|
|
# disable debug-info because we don't want a 800MB image
|
|
|
|
sed --in-place 's/debug-info: true/debug-info: false/' debian/config/defines
|
|
|
|
|
2020-01-13 02:48:04 +00:00
|
|
|
# apply debian patches
|
|
|
|
debian/bin/genorig.py ../linux-$KERNEL_VERSION.tar.xz
|
|
|
|
debian/rules orig
|
|
|
|
|
2020-01-14 10:07:28 +00:00
|
|
|
# because debian knows better and intentionally raises an error, we
|
|
|
|
# have to bypass it. *sigh*
|
|
|
|
debian/rules debian/control || true
|
|
|
|
|
2020-01-13 02:48:04 +00:00
|
|
|
# apply patches
|
|
|
|
for PATCH in ../../../patches/${KERNEL_VERSION%.*}/*.patch; do patch -p1 < ${PATCH}; done
|
|
|
|
|
2020-01-14 10:07:28 +00:00
|
|
|
# run the setup to generate the base config
|
|
|
|
fakeroot make -f debian/rules.gen setup_$FLAVOR
|
|
|
|
|
2020-01-13 02:48:04 +00:00
|
|
|
# merge configs
|
2020-01-14 10:07:28 +00:00
|
|
|
./scripts/kconfig/merge_config.sh -O debian/build/build_$FLAVOR -m debian/build/build_$FLAVOR/.config ../surface.config
|
2020-01-13 02:48:04 +00:00
|
|
|
|
2020-01-14 10:07:28 +00:00
|
|
|
# build!
|
|
|
|
fakeroot make -f debian/rules.gen binary-arch_$FLAVOR -j2
|
2020-01-13 02:48:04 +00:00
|
|
|
|
|
|
|
- name: Prepare release
|
|
|
|
run: |
|
|
|
|
mkdir release
|
|
|
|
mv pkg/debian/*.deb release
|
|
|
|
|
|
|
|
- name: Sign packages
|
|
|
|
env:
|
|
|
|
GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }}
|
|
|
|
run: |
|
|
|
|
# import GPG key
|
|
|
|
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
|
|
|
export GPG_TTY=$(tty)
|
|
|
|
|
|
|
|
# sign package
|
|
|
|
dpkg-sig -g "--batch --no-tty" --sign builder -k $KEY_ID release/*.deb
|
|
|
|
|
|
|
|
- name: Upload artifacts
|
|
|
|
uses: actions/upload-artifact@v1
|
|
|
|
with:
|
|
|
|
name: debian-latest
|
|
|
|
path: release
|
|
|
|
|
2020-01-12 09:28:31 +00:00
|
|
|
build-fedora:
|
|
|
|
name: Build Fedora Kernel
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
container: fedora:31
|
|
|
|
steps:
|
2020-01-12 10:53:47 +00:00
|
|
|
- name: Checkout code
|
2020-01-12 09:28:31 +00:00
|
|
|
uses: actions/checkout@v2
|
|
|
|
|
|
|
|
- name: Install build dependencies
|
|
|
|
run: |
|
|
|
|
dnf distro-sync -y
|
2020-01-12 11:02:43 +00:00
|
|
|
dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)'
|
|
|
|
dnf builddep -y pkg/fedora/kernel-surface/kernel-surface.spec
|
2020-01-12 09:28:31 +00:00
|
|
|
|
2020-01-12 10:53:47 +00:00
|
|
|
- name: Setup certificates
|
|
|
|
env:
|
|
|
|
LS_PASSWORD: ${{ secrets.LS_PASSWORD }}
|
|
|
|
run: |
|
2020-01-12 11:02:43 +00:00
|
|
|
pkg/secrets/decrypt.sh -p "$LS_PASSWORD" -f pkg/secrets/sb/surface_sb.key.gpg
|
2020-01-12 10:53:47 +00:00
|
|
|
cp pkg/secrets/sb/surface_sb.key pkg/fedora/kernel-surface/surface.key
|
|
|
|
cp pkg/secrets/sb/surface_sb.crt pkg/fedora/kernel-surface/surface.crt
|
|
|
|
|
2020-01-12 09:28:31 +00:00
|
|
|
- name: Build packages
|
|
|
|
run: |
|
|
|
|
pushd pkg/fedora/kernel-surface
|
2020-01-12 10:53:47 +00:00
|
|
|
../makerpm
|
2020-01-12 09:28:31 +00:00
|
|
|
popd
|
|
|
|
|
2020-01-12 10:53:47 +00:00
|
|
|
- name: Sign packages
|
|
|
|
env:
|
|
|
|
GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }}
|
|
|
|
run: |
|
|
|
|
cd pkg/fedora/kernel-surface/out/x86_64
|
|
|
|
|
|
|
|
# import GPG key
|
|
|
|
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
|
|
|
|
|
|
|
# sign packages
|
2020-01-13 10:02:12 +00:00
|
|
|
rpm --resign *.rpm --define "_gpg_name $KEY_NAME"
|
2020-01-12 10:53:47 +00:00
|
|
|
|
2020-01-12 09:28:31 +00:00
|
|
|
- name: Upload artifacts
|
|
|
|
uses: actions/upload-artifact@v1
|
|
|
|
with:
|
|
|
|
name: fedora-latest
|
|
|
|
path: pkg/fedora/kernel-surface/out/x86_64
|
|
|
|
|
2020-01-08 14:00:25 +00:00
|
|
|
release:
|
2020-01-12 10:53:47 +00:00
|
|
|
name: Publish release
|
2020-01-13 02:48:04 +00:00
|
|
|
needs: [build-arch, build-debian]
|
2020-01-08 14:00:25 +00:00
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Download Arch Linux artifacts
|
|
|
|
uses: actions/download-artifact@v1
|
|
|
|
with:
|
|
|
|
name: arch-latest
|
|
|
|
|
2020-01-13 02:48:04 +00:00
|
|
|
- name: Download Debian artifacts
|
2020-01-12 09:28:31 +00:00
|
|
|
uses: actions/download-artifact@v1
|
|
|
|
with:
|
2020-01-13 02:48:04 +00:00
|
|
|
name: debian-latest
|
|
|
|
|
2020-01-13 10:02:12 +00:00
|
|
|
- name: Download Fedora artifacts
|
|
|
|
uses: actions/download-artifact@v1
|
|
|
|
with:
|
|
|
|
name: fedora-latest
|
2020-01-12 09:28:31 +00:00
|
|
|
|
2020-01-12 10:53:47 +00:00
|
|
|
- name: Create release
|
2020-01-08 14:00:25 +00:00
|
|
|
id: create_release
|
|
|
|
uses: actions/create-release@v1
|
|
|
|
env:
|
2020-01-10 14:09:31 +00:00
|
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_BOT_TOKEN }}
|
2020-01-08 14:00:25 +00:00
|
|
|
with:
|
2020-01-12 11:10:04 +00:00
|
|
|
# tag_name: ${{ github.ref }}
|
2020-01-13 10:02:12 +00:00
|
|
|
# release_name: ${{ github.ref }}
|
2020-01-12 11:10:04 +00:00
|
|
|
tag_name: test
|
2020-01-13 10:02:12 +00:00
|
|
|
release_name: test
|
2020-01-12 04:45:43 +00:00
|
|
|
draft: true
|
2020-01-08 14:00:25 +00:00
|
|
|
prerelease: false
|
|
|
|
|
2020-01-12 10:53:47 +00:00
|
|
|
- name: Upload assets to release
|
2020-01-08 14:00:25 +00:00
|
|
|
uses: svenstaro/upload-release-action@v1-release
|
|
|
|
with:
|
2020-01-10 14:09:31 +00:00
|
|
|
repo_token: ${{ secrets.GITHUB_BOT_TOKEN }}
|
2020-01-12 09:28:31 +00:00
|
|
|
file: ./*-latest/*
|
2020-01-13 10:02:12 +00:00
|
|
|
# tag: ${{ github.ref }}
|
|
|
|
tag: test
|
2020-01-08 14:00:25 +00:00
|
|
|
overwrite: true
|
|
|
|
file_glob: true
|