CI: Improve check for new kernel

Improve the script to be able to run in workflow and fix
the worflow and run each night.

Signed-off-by: Mattias Walström <[email protected]>

Author: mattiaswal

.github/workflows/check-kernel-release.yml

@@ -1,7 +1,9 @@
 name: Check Kernel 6.12 Release
 
 on:
-  workflow_dispatch: # Allow manual triggering
+  schedule:
+    - cron: '0 3 * * *'
+  workflow_dispatch:
 
 jobs:
   check-kernel:
@@ -14,14 +16,6 @@ jobs:
           fetch-depth: 0
           token: ${{ secrets.KERNEL_UPDATE_TOKEN }}
 
-      - name: Check out linux repository
-        uses: actions/checkout@v4
-        with:
-          repository: kernelkit/linux
-          path: linux
-          fetch-depth: 0
-          token: ${{ secrets.KERNEL_UPDATE_TOKEN }}
-
       - name: Fetch kernel.org and check for 6.12 release
         id: check
         run: |
@@ -37,29 +31,61 @@ jobs:
           echo "current_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
           echo "Current 6.12 kernel version: $CURRENT_VERSION"
 
-          # Get the latest tag from our linux tree
-          cd linux
-          git fetch origin
-          LATEST_TAG=$(git tag -l "v6.12.*" | sort -V | tail -n1 | sed 's/^v//')
-          cd ..
+          # Get the version from infix defconfig
+          INFIX_VERSION=$(grep 'BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE=' configs/aarch64_defconfig | cut -d'"' -f2)
+
+          echo "infix_version=$INFIX_VERSION" >> $GITHUB_OUTPUT
+          echo "Infix kernel version: $INFIX_VERSION"
 
-          echo "latest_tag=$LATEST_TAG" >> $GITHUB_OUTPUT
-          echo "Latest tag in our tree: $LATEST_TAG"
+          if [ "$CURRENT_VERSION" != "$INFIX_VERSION" ]; then
+            # Check if there's already an open PR for this version
+            PR_EXISTS=$(gh pr list --state open --search "Upgrade to kernel $CURRENT_VERSION in:title" --json number --jq 'length')
 
-          if [ "$CURRENT_VERSION" != "$LATEST_TAG" ]; then
-            echo "new_release=true" >> $GITHUB_OUTPUT
-            echo "🎉 New 6.12 kernel released: $CURRENT_VERSION (our version: $LATEST_TAG)"
+            if [ "$PR_EXISTS" -gt 0 ]; then
+              echo "new_release=false" >> $GITHUB_OUTPUT
+              echo "PR already exists for kernel $CURRENT_VERSION, skipping"
+            else
+              echo "new_release=true" >> $GITHUB_OUTPUT
+              echo "🎉 New 6.12 kernel released: $CURRENT_VERSION (infix version: $INFIX_VERSION)"
+            fi
           else
             echo "new_release=false" >> $GITHUB_OUTPUT
             echo "No change - still at $CURRENT_VERSION"
           fi
+        env:
+          GH_TOKEN: ${{ secrets.KERNEL_UPDATE_TOKEN }}
+
+      - name: Generate branch name
+        if: steps.check.outputs.new_release == 'true'
+        id: branch
+        run: |
+          BRANCH_NAME="kernel-upgrade-$(uuidgen | tr '[:upper:]' '[:lower:]')"
+          echo "name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+          echo "Branch name: $BRANCH_NAME"
+
+      - name: Import GPG key
+        if: steps.check.outputs.new_release == 'true'
+        run: |
+          # Import the GPG key
+          echo "${{ secrets.AEL_BOT_GPG_PRIVATE_KEY }}" | gpg --batch --import
+
+          # Get the key ID
+          GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format=long | grep '^sec' | head -1 | awk '{print $2}' | cut -d'/' -f2)
+          echo "GPG_KEY_ID=$GPG_KEY_ID" >> $GITHUB_ENV
+
+          # Configure GPG agent for non-interactive use
+          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          gpg-connect-agent reloadagent /bye || true
 
       - name: Set up git credentials
         if: steps.check.outputs.new_release == 'true'
         run: |
           set -e -o pipefail
           git config --global user.email "[email protected]"
           git config --global user.name "ael-bot"
+          git config --global commit.gpgsign true
+          git config --global user.signingkey ${{ env.GPG_KEY_ID }}
 
           # Configure git to use the token for HTTPS operations
           git config --global url."https://ael-bot:${{ secrets.KERNEL_UPDATE_TOKEN }}@github.com/".insteadOf "[email protected]:"
@@ -69,17 +95,17 @@ jobs:
         if: steps.check.outputs.new_release == 'true'
         env:
           GIT_TERMINAL_PROMPT: 0
+          BRANCH_NAME: ${{ steps.branch.outputs.name }}
         run: |
           set -e -o pipefail
-          ./utils/kernel-upgrade.sh linux
+          ./utils/kernel-upgrade.sh linux "$BRANCH_NAME"
 
       - name: Create pull request
         if: steps.check.outputs.new_release == 'true'
         uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.KERNEL_UPDATE_TOKEN }}
           script: |
-            // Check if PR already exists
             const { data: pulls } = await github.rest.pulls.list({
               owner: context.repo.owner,
               repo: context.repo.repo,
@@ -92,20 +118,18 @@ jobs:
                 owner: context.repo.owner,
                 repo: context.repo.repo,
                 title: `Upgrade to kernel ${{ steps.check.outputs.current_version }}`,
-                head: 'kernel-upgrade',
+                head: '${{ steps.branch.outputs.name }}',
                 base: 'main',
-                body: `Automated kernel upgrade to version ${{ steps.check.outputs.current_version }}.\n\n**Previous version:** ${{ steps.check.outputs.latest_tag }}\n**New version:** ${{ steps.check.outputs.current_version }}\n**Source:** https://www.kernel.org/\n\nThis PR was automatically created by the kernel release monitoring workflow.`
+                body: `Automated kernel upgrade to version ${{ steps.check.outputs.current_version }}.\n\n**Previous version:** ${{ steps.check.outputs.infix_version }}\n**New version:** ${{ steps.check.outputs.current_version }}\n**Source:** https://www.kernel.org/\n\nThis PR was automatically created by the kernel release monitoring workflow.`
               });
 
-              // Add label
               await github.rest.issues.addLabels({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
                 issue_number: pr.number,
                 labels: ['ci:main']
               });
 
-              // Request reviews
               await github.rest.pulls.requestReviewers({
                 owner: context.repo.owner,
                 repo: context.repo.repo,

utils/kernel-upgrade.sh

@@ -9,21 +9,28 @@
 set -e -o pipefail
 
 # Parse arguments
-if [ $# -ne 1 ]; then
-    echo "Usage: $0 <path-to-linux-dir>"
+if [ $# -lt 1 ] || [ $# -gt 2 ]; then
+    echo "Usage: $0 <path-to-linux-dir> [branch-name]"
     exit 1
 fi
 
 LINUX_DIR="$1"
+INFIX_BRANCH="${2:-kernel-upgrade}"
 
 # Configuration
 INFIX_DIR="$(dirname "$(dirname "$(readlink -f "$0")")")"
-INFIX_BRANCH="kernel-upgrade"
 LINUX_BRANCH="kkit-linux-6.12.y"
 UPSTREAM_REMOTE="upstream"
 UPSTREAM_URL="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
 KKIT_REMOTE="origin"
-KKIT_URL="[email protected]:kernelkit/linux.git"
+
+# Detect if running in CI (GitHub Actions sets CI=true)
+if [ "${CI:-false}" = "true" ]; then
+    KKIT_URL="https://github.com/kernelkit/linux.git"
+else
+    KKIT_URL="[email protected]:kernelkit/linux.git"
+fi
+
 KERNEL_VERSION_PATTERN="6.12"
 
 # Colors for output
@@ -50,8 +57,18 @@ check_directories() {
 
     if [ ! -d "$LINUX_DIR" ]; then
         log_info "Linux directory '$LINUX_DIR' not found, cloning..."
-        if git clone "$KKIT_URL" "$LINUX_DIR"; then
+        # Clone to parent directory if LINUX_DIR is a relative path without slashes
+        if [[ "$LINUX_DIR" != */* ]]; then
+            CLONE_TARGET="../$LINUX_DIR"
+            log_info "Cloning to $CLONE_TARGET (parent directory)"
+        else
+            CLONE_TARGET="$LINUX_DIR"
+        fi
+
+        if git clone "$KKIT_URL" "$CLONE_TARGET"; then
             log_info "Successfully cloned linux repository"
+            # Update LINUX_DIR to the actual path
+            LINUX_DIR="$CLONE_TARGET"
         else
             log_error "Failed to clone linux repository"
             exit 1
@@ -204,24 +221,8 @@ update_infix() {
         exit 1
     fi
 
-    # Update ChangeLog.md with new kernel version
-    log_info "Updating ChangeLog.md..."
-    if [ -f "doc/ChangeLog.md" ]; then
-        # Check if there's already a kernel upgrade entry in the latest release
-        if grep -q "^- Upgrade Linux kernel to" doc/ChangeLog.md | head -20; then
-            # Find and update the existing kernel upgrade line
-            sed -i "0,/^- Upgrade Linux kernel to.*/{s/^- Upgrade Linux kernel to.*/- Upgrade Linux kernel to $NEW_VERSION (LTS)/}" doc/ChangeLog.md
-            log_info "Updated existing kernel version entry to $NEW_VERSION"
-        else
-            # Add new kernel upgrade entry after the first "### Changes" section
-            sed -i "0,/^### Changes/a\\
-\\
-- Upgrade Linux kernel to $NEW_VERSION (LTS)" doc/ChangeLog.md
-            log_info "Added new kernel version entry: $NEW_VERSION"
-        fi
-    else
-        log_warn "doc/ChangeLog.md not found, skipping changelog update"
-    fi
+    # Update changelog
+    update_changelog "$NEW_VERSION"
 
     # Commit all changes
     log_info "Committing changes to infix..."
@@ -234,6 +235,50 @@ update_infix() {
     fi
 }
 
+# Update ChangeLog.md with new kernel version
+update_changelog() {
+    local NEW_VERSION="$1"
+
+    log_info "Updating ChangeLog.md..."
+    if [ ! -f "doc/ChangeLog.md" ]; then
+        log_warn "doc/ChangeLog.md not found, skipping changelog update"
+        return 0
+    fi
+
+    # Check if the latest release is UNRELEASED (first release header in file)
+    FIRST_RELEASE=$(grep -m1 "^\[v" doc/ChangeLog.md)
+    if ! echo "$FIRST_RELEASE" | grep -q "\[UNRELEASED\]"; then
+        log_error "First release section in ChangeLog.md is not UNRELEASED"
+        log_error "Please create an UNRELEASED section first before running this script"
+        exit 1
+    fi
+
+    # Extract just the UNRELEASED section (from start until next version header)
+    UNRELEASED_SECTION=$(sed -n '1,/^\[v[0-9]/p' doc/ChangeLog.md | head -n -1)
+
+    # Check if there's already a kernel upgrade entry in the UNRELEASED section
+    if echo "$UNRELEASED_SECTION" | grep -q "^- Upgrade Linux kernel to"; then
+        # Update existing kernel upgrade line (only first occurrence)
+        sed -i "0,/^- Upgrade Linux kernel to.*/{s|^- Upgrade Linux kernel to.*|- Upgrade Linux kernel to $NEW_VERSION (LTS)|}" doc/ChangeLog.md
+        log_info "Updated existing kernel version entry to $NEW_VERSION"
+    else
+        # Add new kernel upgrade entry after first "### Changes"
+        # Use awk to insert at the right place
+        awk -v new_line="- Upgrade Linux kernel to $NEW_VERSION (LTS)" '
+            /^### Changes/ && !done {
+                print
+                getline
+                if (NF == 0) print
+                print new_line
+                done=1
+                next
+            }
+            {print}
+        ' doc/ChangeLog.md > doc/ChangeLog.md.tmp && mv doc/ChangeLog.md.tmp doc/ChangeLog.md
+        log_info "Added new kernel version entry: $NEW_VERSION"
+    fi
+}
+
 # Check for uncommitted changes
 check_clean_working_tree() {
     log_info "Checking for uncommitted changes..."
@@ -255,20 +300,18 @@ check_clean_working_tree() {
     log_info "Working tree is clean"
 }
 
-# Push changes to remotes
+# Push changes to both repositories
 push_changes() {
-    log_info "Pushing changes to remotes..."
-
-    # Push rebased linux branch to kkit remote
-    log_info "Pushing rebased linux branch to $KKIT_REMOTE..."
+    # Push rebased linux branch
+    log_info "Pushing linux branch to $KKIT_REMOTE..."
     if git -C "$LINUX_DIR" push "$KKIT_REMOTE" "$LINUX_BRANCH" --force-with-lease; then
         log_info "Successfully pushed linux branch to $KKIT_REMOTE"
     else
         log_error "Push to linux remote failed"
         exit 1
     fi
 
-    # Push infix branch to origin
+    # Push infix changes
     log_info "Pushing infix branch to origin..."
     if git -C "$INFIX_DIR" push origin "$INFIX_BRANCH"; then
         log_info "Successfully pushed infix branch to origin"