beenull/linux-surface
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Remove outdated workflow

Browse source
This commit is contained in:
Maximilian Luz 2020-02-24 00:20:45 +01:00
parent 6136c4626c
commit 19738c592b
No known key found for this signature in database
GPG key ID: 70EC0937F6C26F02
1 changed files with 0 additions and 324 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

324
.github/workflows/release.yml.disabled vendored
View file

@ -1,324 +0,0 @@
on:
push:
branches:
- feature/pkg
- feature/pkg-deb
# tags:
# - 'test'
# - 'v*+'
name: Create kernel release and upload binaries
env:
GPG_KEY_ID: 56C464BAAC421453
jobs:
build-arch:
name: Build Arch Linux Kernel
runs-on: ubuntu-latest
container: archlinux
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install build dependencies
run: |
# Install makepkg deps
pacman -Sy sudo binutils fakeroot grep base-devel git sbsigntools --noconfirm
- name: Setup secureboot certificate
env:
SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
run: |
cd pkg
# Install the surface secureboot certificate
echo "$SB_KEY" | base64 -d > arch/kernel/MOK.key
cp keys/surface.crt arch/kernel/MOK.crt
- name: Build
run: |
cd pkg/arch/kernel
# Fix permissions (can't makepkg as root)
echo "nobody ALL=(ALL) NOPASSWD: /usr/bin/pacman" >> /etc/sudoers
chown -R nobody .
# Package compression settings (Matches latest Arch)
export PKGEXT='.pkg.tar.zst'
export COMPRESSZST=(zstd -c -T0 --ultra -20 -)
export MAKEFLAGS="-j2"
# Build
su nobody --pty -p -s /bin/bash -c 'makepkg -f --syncdeps --skippgpcheck --noconfirm'
- name: Prepare release
run: |
mkdir release
mv pkg/arch/kernel/*.pkg.tar.zst release
- name: Sign packages
env:
GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
run: |
cd release
# import GPG key
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
export GPG_TTY=$(tty)
# sign packages
ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty -u $GPG_KEY_ID
- name: Upload artifacts
uses: actions/upload-artifact@v1
with:
name: arch-latest
path: release
build-debian:
name: Build Debian Kernel
runs-on: ubuntu-latest
container: debian:sid
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install build dependencies
run: |
sed 's/^deb /deb-src /' /etc/apt/sources.list >> /etc/apt/sources.list
apt-get -y update
apt-get -y install build-essential fakeroot rsync git wget python3-debian dpkg-sig lz4 sbsigntool
apt-get -y build-dep linux
- name: Prepare kernel source
env:
KERNEL_VERSION: 5.4.13
run: |
cd pkg/debian
# get ubuntu build patches (for config)
SOURCE_URL="https://kernel.ubuntu.com/~kernel-ppa/mainline/v$KERNEL_VERSION"
SOURCE_LIST="$SOURCE_URL/SOURCES"
mkdir -p "ubuntu"
wget "$SOURCE_LIST" -O "ubuntu/SOURCES"
SOURCE_FILES="$(tail -n +2 "ubuntu/SOURCES")"
for f in $SOURCE_FILES; do
wget "$SOURCE_URL/$f" -O "ubuntu/$f"
done
# download kernel sources
wget https://cdn.kernel.org/pub/linux/kernel/v${KERNEL_VERSION%%.*}.x/linux-$KERNEL_VERSION.tar.xz
tar xf linux-$KERNEL_VERSION.tar.xz
mv linux-$KERNEL_VERSION linux && cd linux
# apply ubuntu build patches
for PATCH in ../ubuntu/*.patch; do patch -p1 < ${PATCH}; done
# apply surface build patches
for PATCH in ../*.patch; do patch -p1 < ${PATCH}; done
# apply surface patches
for PATCH in ../../../patches/${KERNEL_VERSION%.*}/*.patch; do patch -p1 < ${PATCH}; done
- name: Configure
run: |
cd pkg/debian/linux
# merge configs
./scripts/kconfig/merge_config.sh \
debian.master/config/config.common.ubuntu \
debian.master/config/amd64/config.common.amd64 \
debian.master/config/amd64/config.flavour.generic \
../ubuntu.config \
../surface.config
- name: Setup secureboot certificate
env:
SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
run: |
cd pkg
mkdir -p debian/linux/keys
# unlock/copy key and certificate
echo "$SB_KEY" | base64 -d > debian/linux/keys/MOK.key
cp keys/surface.crt debian/linux/keys/MOK.crt
- name: Build
run: |
cd pkg/debian/linux
export LOCALVERSION="-surface"
make bindeb-pkg -j2
- name: Prepare release
run: |
mkdir release
mv pkg/debian/*.deb release
- name: Sign packages
env:
GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
run: |
# import GPG key
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
export GPG_TTY=$(tty)
# sign package
dpkg-sig -g "--batch --no-tty" --sign builder -k $GPG_KEY_ID release/*.deb
- name: Upload artifacts
uses: actions/upload-artifact@v1
with:
name: debian-latest
path: release
build-fedora-31:
name: Build Fedora 31 Kernel
runs-on: ubuntu-latest
container: fedora:31
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install build dependencies
run: |
dnf distro-sync -y
dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)'
dnf builddep -y pkg/fedora/kernel-surface/kernel-surface.spec
- name: Setup secureboot certificate
env:
SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
run: |
cd pkg
# Install the surface secureboot certificate
echo "$SB_KEY" | base64 -d > fedora/kernel-surface/surface.key
cp keys/surface.crt fedora/kernel-surface/surface.crt
- name: Build packages
run: |
cd pkg/fedora/kernel-surface
# Build the .rpm packages
../makerpm
- name: Sign packages
env:
GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
run: |
cd pkg/fedora/kernel-surface/out/x86_64
# import GPG key
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
# sign packages
rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"
- name: Upload artifacts
uses: actions/upload-artifact@v1
with:
name: fedora-31-latest
path: pkg/fedora/kernel-surface/out/x86_64
build-fedora-30:
name: Build Fedora 30 Kernel
runs-on: ubuntu-latest
container: fedora:30
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install build dependencies
run: |
dnf distro-sync -y
dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)'
dnf builddep -y pkg/fedora/kernel-surface/kernel-surface.spec
- name: Setup secureboot certificate
env:
SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
run: |
cd pkg
# Install the surface secureboot certificate
echo "$SB_KEY" | base64 -d > fedora/kernel-surface/surface.key
cp keys/surface.crt fedora/kernel-surface/surface.crt
- name: Build packages
run: |
cd pkg/fedora/kernel-surface
# Build the .rpm packages
../makerpm
- name: Sign packages
env:
GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
run: |
cd pkg/fedora/kernel-surface/out/x86_64
# import GPG key
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
# sign packages
rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"
- name: Upload artifacts
uses: actions/upload-artifact@v1
with:
name: fedora-30-latest
path: pkg/fedora/kernel-surface/out/x86_64
release:
name: Publish release
needs: [build-arch, build-debian, build-fedora-31, build-fedora-30]
runs-on: ubuntu-latest
steps:
- name: Download Arch Linux artifacts
uses: actions/download-artifact@v1
with:
name: arch-latest
- name: Download Debian artifacts
uses: actions/download-artifact@v1
with:
name: debian-latest
- name: Download Fedora 31 artifacts
uses: actions/download-artifact@v1
with:
name: fedora-31-latest
- name: Download Fedora 30 artifacts
uses: actions/download-artifact@v1
with:
name: fedora-30-latest
- name: Create release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_BOT_TOKEN }}
with:
# tag_name: ${{ github.ref }}
# release_name: ${{ github.ref }}
tag_name: test
release_name: test
draft: true
prerelease: false
- name: Upload assets to release
uses: svenstaro/upload-release-action@v1-release
with:
repo_token: ${{ secrets.GITHUB_BOT_TOKEN }}
file: ./*-latest/*
# tag: ${{ github.ref }}
tag: test
overwrite: true
file_glob: true