The patch tool tries to ask questions when a patch fails, which means automated builds will be waiting for that to time out on errors. Use 'git am' instead. This should also be smarter when applying patches.
197 lines
5.5 KiB
YAML
197 lines
5.5 KiB
YAML
on:
|
|
push:
|
|
tags:
|
|
- 'debian-*'
|
|
|
|
name: Debian
|
|
|
|
env:
|
|
GPG_KEY_ID: 56C464BAAC421453
|
|
KERNEL_VERSION: 5.13.4
|
|
KERNEL_REVISION: 1
|
|
LOCALVERSION: -surface
|
|
MAINLINE_REPO: git://git.launchpad.net/~ubuntu-kernel-test/ubuntu/+source/linux/+git/mainline-crack
|
|
MAINLINE_BRANCH: cod/mainline
|
|
TZ: UTC
|
|
|
|
jobs:
|
|
build:
|
|
name: Build Kernel
|
|
runs-on: ubuntu-latest
|
|
container: ubuntu:20.04
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Install build dependencies
|
|
run: |
|
|
sed 's/^deb /deb-src /' /etc/apt/sources.list >> /etc/apt/sources.list
|
|
ln -snf /usr/share/zoneinfo/$TZ /etc/localtime
|
|
echo $TZ > /etc/timezone
|
|
apt-get -y update
|
|
apt-get -y install build-essential fakeroot rsync git wget python3-debian dpkg-sig lz4 \
|
|
sbsigntool debhelper dpkg-dev zstd
|
|
apt-get -y build-dep linux
|
|
|
|
- name: Prepare kernel source
|
|
run: |
|
|
cd pkg/debian/kernel
|
|
|
|
# setup git
|
|
git config --global user.email "surfacebot@users.noreply.github.com"
|
|
git config --global user.name "surfacebot"
|
|
|
|
# get ubuntu mainline source
|
|
# see https://kernel.ubuntu.com/~kernel-ppa/mainline
|
|
git clone "$MAINLINE_REPO" --branch "$MAINLINE_BRANCH/v$KERNEL_VERSION" --depth 1 linux
|
|
|
|
cd linux
|
|
|
|
# apply surface build/packaging patches
|
|
for PATCH in ../*.patch; do
|
|
git am ${PATCH}
|
|
done
|
|
|
|
git add .
|
|
git commit --allow-empty -m "Apply linux-surface packaging patches"
|
|
|
|
# apply surface patches
|
|
for PATCH in ../../../../patches/${KERNEL_VERSION%.*}/*.patch; do
|
|
git am < ${PATCH}
|
|
done
|
|
|
|
git add .
|
|
git commit --allow-empty -m "Apply linux-surface patches"
|
|
|
|
- name: Configure
|
|
run: |
|
|
cd pkg/debian/kernel/linux
|
|
|
|
# merge configs
|
|
./scripts/kconfig/merge_config.sh \
|
|
debian.master/config/config.common.ubuntu \
|
|
debian.master/config/amd64/config.common.amd64 \
|
|
debian.master/config/amd64/config.flavour.generic \
|
|
../ubuntu.config \
|
|
../../../../configs/surface-${KERNEL_VERSION%.*}.config
|
|
|
|
# set revision
|
|
echo "$KERNEL_REVISION" > .version
|
|
|
|
- name: Setup secureboot certificate
|
|
env:
|
|
SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
|
|
run: |
|
|
cd pkg
|
|
|
|
mkdir -p debian/kernel/linux/keys
|
|
|
|
# unlock/copy key and certificate
|
|
echo "$SB_KEY" | base64 -d > debian/kernel/linux/keys/MOK.key
|
|
cp keys/surface.crt debian/kernel/linux/keys/MOK.crt
|
|
|
|
- name: Build kernel
|
|
run: |
|
|
cd pkg/debian/kernel/linux
|
|
make bindeb-pkg -j2
|
|
|
|
- name: Build meta-package
|
|
run: |
|
|
cd pkg/debian/meta
|
|
./mkdebian.sh $(make -C ../kernel/linux -s kernelrelease) ${KERNEL_REVISION}
|
|
dpkg-buildpackage -b
|
|
|
|
- name: Prepare release
|
|
run: |
|
|
mkdir release
|
|
rm pkg/debian/kernel/linux-libc-dev*.deb
|
|
mv pkg/debian/kernel/*.deb release
|
|
mv pkg/debian/*.deb release
|
|
|
|
- name: Sign packages
|
|
env:
|
|
GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
|
|
run: |
|
|
# import GPG key
|
|
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
|
export GPG_TTY=$(tty)
|
|
|
|
# sign package
|
|
dpkg-sig -g "--batch --no-tty" --sign builder -k $GPG_KEY_ID release/*.deb
|
|
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v1
|
|
with:
|
|
name: debian-latest
|
|
path: release
|
|
|
|
release:
|
|
name: Publish release
|
|
needs: [build]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v1
|
|
with:
|
|
name: debian-latest
|
|
|
|
- name: Upload assets
|
|
uses: svenstaro/upload-release-action@v1-release
|
|
with:
|
|
repo_token: ${{ secrets.GITHUB_BOT_TOKEN }}
|
|
file: ./*-latest/*
|
|
tag: ${{ github.ref }}
|
|
overwrite: true
|
|
file_glob: true
|
|
|
|
repo:
|
|
name: Update package repository
|
|
needs: [release]
|
|
runs-on: ubuntu-latest
|
|
container: debian:sid
|
|
steps:
|
|
- name: Install dependencies
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y git
|
|
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v1
|
|
with:
|
|
name: debian-latest
|
|
|
|
- name: Update repository
|
|
env:
|
|
SURFACEBOT_TOKEN: ${{ secrets.GITHUB_BOT_TOKEN }}
|
|
BRANCH_STAGING: u/staging
|
|
GIT_REF: ${{ github.ref }}
|
|
run: |
|
|
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"
|
|
|
|
# clone package repository
|
|
git clone -b "${BRANCH_STAGING}" "${repo}" repo
|
|
|
|
# copy packages
|
|
cp debian-latest/* repo/debian/
|
|
cd repo/debian
|
|
|
|
# parse git tag from ref
|
|
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
|
|
|
|
# convert packages into references
|
|
for pkg in $(find . -name '*.deb'); do
|
|
echo "linux-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
|
|
rm $pkg
|
|
done
|
|
|
|
# set git identity
|
|
git config --global user.email "surfacebot@users.noreply.github.com"
|
|
git config --global user.name "surfacebot"
|
|
|
|
# commit and push
|
|
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
|
|
git switch -c "${update_branch}"
|
|
git add .
|
|
git commit -m "Update Debian kernel"
|
|
git push --set-upstream origin "${update_branch}"
|