The Ubuntu PPA/mainline repository does not yet have v5.6.8, thus builds targetting it will fail. Revert back to v5.6.7, which is available, and increment pkgrel.
187 lines
5.1 KiB
YAML
187 lines
5.1 KiB
YAML
on:
|
|
push:
|
|
tags:
|
|
- 'debian-*'
|
|
|
|
name: Debian
|
|
|
|
env:
|
|
GPG_KEY_ID: 56C464BAAC421453
|
|
KERNEL_VERSION: 5.6.7
|
|
KDEB_PKGVERSION: 5.6.7-2
|
|
LOCALVERSION: -surface
|
|
|
|
jobs:
|
|
build:
|
|
name: Build Kernel
|
|
runs-on: ubuntu-latest
|
|
container: debian:sid
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Install build dependencies
|
|
run: |
|
|
sed 's/^deb /deb-src /' /etc/apt/sources.list >> /etc/apt/sources.list
|
|
apt-get -y update
|
|
apt-get -y install build-essential fakeroot rsync git wget python3-debian dpkg-sig lz4 sbsigntool
|
|
apt-get -y build-dep linux
|
|
|
|
- name: Prepare kernel source
|
|
run: |
|
|
cd pkg/debian/kernel
|
|
|
|
# get ubuntu build patches (for config)
|
|
SOURCE_URL="https://kernel.ubuntu.com/~kernel-ppa/mainline/v$KERNEL_VERSION"
|
|
SOURCE_LIST="$SOURCE_URL/SOURCES"
|
|
|
|
mkdir -p "ubuntu"
|
|
wget "$SOURCE_LIST" -O "ubuntu/SOURCES"
|
|
SOURCE_FILES="$(tail -n +2 "ubuntu/SOURCES")"
|
|
|
|
for f in $SOURCE_FILES; do
|
|
wget "$SOURCE_URL/$f" -O "ubuntu/$f"
|
|
done
|
|
|
|
# download kernel sources
|
|
wget https://cdn.kernel.org/pub/linux/kernel/v${KERNEL_VERSION%%.*}.x/linux-$KERNEL_VERSION.tar.xz
|
|
tar xf linux-$KERNEL_VERSION.tar.xz
|
|
|
|
mv linux-$KERNEL_VERSION linux && cd linux
|
|
|
|
# apply ubuntu build patches
|
|
for PATCH in ../ubuntu/*.patch; do
|
|
patch -p1 < ${PATCH}
|
|
done
|
|
|
|
# apply surface build patches
|
|
for PATCH in ../*.patch; do
|
|
patch -p1 < ${PATCH}
|
|
done
|
|
|
|
# apply surface patches
|
|
for PATCH in ../../../../patches/${KERNEL_VERSION%.*}/*.patch; do
|
|
patch -p1 < ${PATCH}
|
|
done
|
|
|
|
- name: Configure
|
|
run: |
|
|
cd pkg/debian/kernel/linux
|
|
|
|
# merge configs
|
|
./scripts/kconfig/merge_config.sh \
|
|
debian.master/config/config.common.ubuntu \
|
|
debian.master/config/amd64/config.common.amd64 \
|
|
debian.master/config/amd64/config.flavour.generic \
|
|
../ubuntu.config \
|
|
../../../../configs/surface-${KERNEL_VERSION%.*}.config
|
|
|
|
- name: Setup secureboot certificate
|
|
env:
|
|
SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
|
|
run: |
|
|
cd pkg
|
|
|
|
mkdir -p debian/kernel/linux/keys
|
|
|
|
# unlock/copy key and certificate
|
|
echo "$SB_KEY" | base64 -d > debian/kernel/linux/keys/MOK.key
|
|
cp keys/surface.crt debian/kernel/linux/keys/MOK.crt
|
|
|
|
- name: Build
|
|
run: |
|
|
cd pkg/debian/kernel/linux
|
|
make bindeb-pkg -j2
|
|
|
|
- name: Prepare release
|
|
run: |
|
|
mkdir release
|
|
mv pkg/debian/kernel/*.deb release
|
|
|
|
- name: Sign packages
|
|
env:
|
|
GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
|
|
run: |
|
|
# import GPG key
|
|
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
|
export GPG_TTY=$(tty)
|
|
|
|
# sign package
|
|
dpkg-sig -g "--batch --no-tty" --sign builder -k $GPG_KEY_ID release/*.deb
|
|
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v1
|
|
with:
|
|
name: debian-latest
|
|
path: release
|
|
|
|
release:
|
|
name: Publish release
|
|
needs: [build]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v1
|
|
with:
|
|
name: debian-latest
|
|
|
|
- name: Upload assets
|
|
uses: svenstaro/upload-release-action@v1-release
|
|
with:
|
|
repo_token: ${{ secrets.GITHUB_BOT_TOKEN }}
|
|
file: ./*-latest/*
|
|
tag: ${{ github.ref }}
|
|
overwrite: true
|
|
file_glob: true
|
|
|
|
repo:
|
|
name: Update package repository
|
|
needs: [release]
|
|
runs-on: ubuntu-latest
|
|
container: debian:sid
|
|
steps:
|
|
- name: Install dependencies
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y git
|
|
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v1
|
|
with:
|
|
name: debian-latest
|
|
|
|
- name: Update repository
|
|
env:
|
|
SURFACEBOT_TOKEN: ${{ secrets.GITHUB_BOT_TOKEN }}
|
|
BRANCH_STAGING: u/staging
|
|
GIT_REF: ${{ github.ref }}
|
|
run: |
|
|
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"
|
|
|
|
# clone package repository
|
|
git clone -b "${BRANCH_STAGING}" "${repo}" repo
|
|
|
|
# copy packages
|
|
cp debian-latest/* repo/debian/
|
|
cd repo/debian
|
|
|
|
# parse git tag from ref
|
|
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
|
|
|
|
# convert packages into references
|
|
for pkg in $(find . -name '*.deb'); do
|
|
echo "linux-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
|
|
rm $pkg
|
|
done
|
|
|
|
# set git identity
|
|
git config --global user.email "surfacebot@users.noreply.github.com"
|
|
git config --global user.name "surfacebot"
|
|
|
|
# commit and push
|
|
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
|
|
git switch -c "${update_branch}"
|
|
git add .
|
|
git commit -m "Update Debian kernel"
|
|
git push --set-upstream origin "${update_branch}"
|