e531cd70d8
Apply patches via `patch` instead of `git am`. The `patch` tool is more liberal in accepting patches and allows patches that need relocation of hunks, whereas git fails in such instances. Using git makes it harder to maintain these patches accross multiple kernel versions and we would need to regularly update them. Commit separately to keep the git source tree clean before building.
182 lines
5.1 KiB
YAML
182 lines
5.1 KiB
YAML
on:
|
|
push:
|
|
tags:
|
|
- 'debian_lts-*'
|
|
|
|
name: Debian LTS
|
|
|
|
env:
|
|
GPG_KEY_ID: 56C464BAAC421453
|
|
KERNEL_VERSION: 4.19.128
|
|
KDEB_PKGVERSION: 4.19.128-1
|
|
LOCALVERSION: -surface-lts
|
|
MAINLINE_REPO: git://git.launchpad.net/~ubuntu-kernel-test/ubuntu/+source/linux/+git/mainline-crack
|
|
MAINLINE_BRANCH: cod/mainline
|
|
|
|
jobs:
|
|
build:
|
|
name: Build Kernel
|
|
runs-on: ubuntu-latest
|
|
container: debian:sid
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Install build dependencies
|
|
run: |
|
|
sed 's/^deb /deb-src /' /etc/apt/sources.list >> /etc/apt/sources.list
|
|
apt-get -y update
|
|
apt-get -y install build-essential fakeroot rsync git wget python3-debian dpkg-sig lz4 sbsigntool
|
|
apt-get -y build-dep linux
|
|
|
|
- name: Prepare kernel source
|
|
run: |
|
|
cd pkg/debian/kernel-lts
|
|
|
|
# setup git
|
|
git config --global user.email "surfacebot@users.noreply.github.com"
|
|
git config --global user.name "surfacebot"
|
|
|
|
# get ubuntu mainline source
|
|
# see https://kernel.ubuntu.com/~kernel-ppa/mainline
|
|
git clone "$MAINLINE_REPO" --branch "$MAINLINE_BRANCH/v$KERNEL_VERSION" --depth 1 linux
|
|
|
|
cd linux
|
|
|
|
# apply surface build/packaging patches
|
|
for PATCH in ../*.patch; do
|
|
patch -p1 < ${PATCH}
|
|
done
|
|
|
|
git add .
|
|
git commit --allow-empty -m "Apply linux-surface packaging patches"
|
|
|
|
# apply surface patches
|
|
for PATCH in ../../../../patches/${KERNEL_VERSION%.*}/*.patch; do
|
|
patch -p1 < ${PATCH}
|
|
done
|
|
|
|
git add .
|
|
git commit --allow-empty -m "Apply linux-surface patches"
|
|
|
|
- name: Configure
|
|
run: |
|
|
cd pkg/debian/kernel-lts/linux
|
|
|
|
# merge configs
|
|
./scripts/kconfig/merge_config.sh \
|
|
debian.master/config/config.common.ubuntu \
|
|
debian.master/config/amd64/config.common.amd64 \
|
|
debian.master/config/amd64/config.flavour.generic \
|
|
../ubuntu.config \
|
|
../../../../configs/surface-${KERNEL_VERSION%.*}.config
|
|
|
|
- name: Setup secureboot certificate
|
|
env:
|
|
SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
|
|
run: |
|
|
cd pkg
|
|
|
|
mkdir -p debian/kernel-lts/linux/keys
|
|
|
|
# unlock/copy key and certificate
|
|
echo "$SB_KEY" | base64 -d > debian/kernel-lts/linux/keys/MOK.key
|
|
cp keys/surface.crt debian/kernel-lts/linux/keys/MOK.crt
|
|
|
|
- name: Build
|
|
run: |
|
|
cd pkg/debian/kernel-lts/linux
|
|
make bindeb-pkg -j2
|
|
|
|
- name: Prepare release
|
|
run: |
|
|
mkdir release
|
|
mv pkg/debian/kernel-lts/*.deb release
|
|
|
|
- name: Sign packages
|
|
env:
|
|
GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
|
|
run: |
|
|
# import GPG key
|
|
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
|
export GPG_TTY=$(tty)
|
|
|
|
# sign package
|
|
dpkg-sig -g "--batch --no-tty" --sign builder -k $GPG_KEY_ID release/*.deb
|
|
|
|
- name: Upload artifacts
|
|
uses: actions/upload-artifact@v1
|
|
with:
|
|
name: debian-latest
|
|
path: release
|
|
|
|
release:
|
|
name: Publish release
|
|
needs: [build]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v1
|
|
with:
|
|
name: debian-latest
|
|
|
|
- name: Upload assets
|
|
uses: svenstaro/upload-release-action@v1-release
|
|
with:
|
|
repo_token: ${{ secrets.GITHUB_BOT_TOKEN }}
|
|
file: ./*-latest/*
|
|
tag: ${{ github.ref }}
|
|
overwrite: true
|
|
file_glob: true
|
|
|
|
repo:
|
|
name: Update package repository
|
|
needs: [release]
|
|
runs-on: ubuntu-latest
|
|
container: debian:sid
|
|
steps:
|
|
- name: Install dependencies
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y reprepro git
|
|
|
|
- name: Download artifacts
|
|
uses: actions/download-artifact@v1
|
|
with:
|
|
name: debian-latest
|
|
|
|
- name: Update repository
|
|
env:
|
|
SURFACEBOT_TOKEN: ${{ secrets.GITHUB_BOT_TOKEN }}
|
|
BRANCH_STAGING: u/staging
|
|
GIT_REF: ${{ github.ref }}
|
|
run: |
|
|
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"
|
|
|
|
# clone package repository
|
|
git clone -b "${BRANCH_STAGING}" "${repo}" repo
|
|
|
|
# copy packages
|
|
cp debian-latest/* repo/debian/
|
|
cd repo/debian
|
|
|
|
# parse git tag from ref
|
|
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
|
|
|
|
# convert packages into references
|
|
for pkg in $(find . -name '*.deb'); do
|
|
echo "linux-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
|
|
rm $pkg
|
|
done
|
|
|
|
# set git identity
|
|
git config --global user.email "surfacebot@users.noreply.github.com"
|
|
git config --global user.name "surfacebot"
|
|
|
|
# commit and push
|
|
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
|
|
git switch -c "${update_branch}"
|
|
git add .
|
|
git commit -m "Update Debian LTS kernel"
|
|
git push --set-upstream origin "${update_branch}"
|