diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml new file mode 100644 index 000000000..3c4f31171 --- /dev/null +++ b/.github/workflows/build-release.yml @@ -0,0 +1,92 @@ +name: Build Release + +on: + workflow_call: + inputs: + version: + required: true + type: string + use_cache: + required: false + type: boolean + default: true + +jobs: + build: + name: Build Infix ${{ inputs.version }} [${{ matrix.target }}] + runs-on: [ self-hosted, release ] + strategy: + matrix: + target: [aarch64, x86_64] + fail-fast: false + steps: + - uses: actions/checkout@v4 + with: + clean: true + submodules: recursive + + - name: Set Release Variables + id: vars + run: | + ver=${{ inputs.version }} + echo "ver=${ver}" >> $GITHUB_OUTPUT + fver=${ver#v} + target=${{ matrix.target }}-${fver} + echo "dir=infix-$target" >> $GITHUB_OUTPUT + echo "tgz=infix-$target.tar.gz" >> $GITHUB_OUTPUT + + - name: Restore Cache of dl/ + if: ${{ inputs.use_cache }} + uses: actions/cache@v4 + with: + path: dl/ + key: dl-${{ hashFiles('.git/modules/buildroot/HEAD', 'configs/*', 'package/*/*.hash') }} + restore-keys: | + dl- + + - name: Restore Cache of .ccache/ + if: ${{ inputs.use_cache }} + uses: actions/cache@v4 + with: + path: .ccache/ + key: ccache-${{ matrix.target }}-${{ hashFiles('.git/modules/buildroot/HEAD', 'package/*/*.hash') }} + restore-keys: | + ccache-${{ matrix.target }}- + ccache- + + - name: Configure & Build + env: + INFIX_RELEASE: ${{ steps.vars.outputs.ver }} + run: | + target=${{ matrix.target }}_defconfig + echo "Building $target ..." + make $target + make + + - name: Generate SBOM from Build + run: | + make legal-info + + - name: Build test specification + run: | + make test-spec + + - name: Prepare Artifacts + run: | + cd output/ + mv images ${{ steps.vars.outputs.dir }} + ln -s ${{ steps.vars.outputs.dir }} images + tar cfz ${{ steps.vars.outputs.tgz }} ${{ steps.vars.outputs.dir }} + + mv legal-info legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }} + tar cfz legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }}.tar.gz legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }} + + - uses: actions/upload-artifact@v4 + with: + name: artifact-${{ matrix.target }} + path: output/*.tar.gz + + - uses: actions/upload-artifact@v4 + with: + name: artifact-disk-image-${{ matrix.target }} + path: output/images/*.qcow2 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 81079e598..06d43795f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -35,7 +35,7 @@ on: parallel: required: false type: boolean - default: false + default: true env: NAME: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.name || inputs.name }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ea785456e..c7409601f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,87 +18,27 @@ on: type: string jobs: - build: + set-version: if: github.repository == 'kernelkit/infix' && startsWith(github.ref, 'refs/tags/') - name: Build Infix ${{ github.ref_name }} [${{ matrix.target }}] - runs-on: [ self-hosted, release ] - strategy: - matrix: - target: [aarch64, x86_64] - fail-fast: false + runs-on: ubuntu-latest + outputs: + version: ${{ steps.set-ver.outputs.version }} steps: - - uses: actions/checkout@v4 - with: - clean: true - submodules: recursive - - - name: Set Release Variables - id: vars + - id: set-ver run: | if [ -n "${{ inputs.version }}" ]; then ver=${{ inputs.version }} else ver=${GITHUB_REF#refs/tags/} fi - echo "ver=${ver}" >> $GITHUB_OUTPUT - fver=${ver#v} - target=${{ matrix.target }}-${fver} - echo "dir=infix-$target" >> $GITHUB_OUTPUT - echo "tgz=infix-$target.tar.gz" >> $GITHUB_OUTPUT - - - name: Restore Cache of dl/ - uses: actions/cache@v4 - with: - path: dl/ - key: dl-${{ hashFiles('.git/modules/buildroot/HEAD', 'configs/*', 'package/*/*.hash') }} - restore-keys: | - dl- - - - name: Restore Cache of .ccache/ - uses: actions/cache@v4 - with: - path: .ccache/ - key: ccache-${{ matrix.target }}-${{ hashFiles('.git/modules/buildroot/HEAD', 'package/*/*.hash') }} - restore-keys: | - ccache-${{ matrix.target }}- - ccache- - - - name: Configure & Build - env: - INFIX_RELEASE: ${{ steps.vars.outputs.ver }} - run: | - target=${{ matrix.target }}_defconfig - echo "Building $target ..." - make $target - make + echo "version=${ver}" >> $GITHUB_OUTPUT - - name: Generate SBOM from Build - run: | - make legal-info - - - name: Build test specification - run: | - make test-spec - - - name: Prepare Artifacts - run: | - cd output/ - mv images ${{ steps.vars.outputs.dir }} - ln -s ${{ steps.vars.outputs.dir }} images - tar cfz ${{ steps.vars.outputs.tgz }} ${{ steps.vars.outputs.dir }} - - mv legal-info legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }} - tar cfz legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }}.tar.gz legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }} - - - uses: actions/upload-artifact@v4 - with: - name: artifact-${{ matrix.target }} - path: output/*.tar.gz - - - uses: actions/upload-artifact@v4 - with: - name: artifact-disk-image-${{ matrix.target }} - path: output/images/*.qcow2 + build: + needs: set-version + uses: ./.github/workflows/build-release.yml + with: + version: ${{ needs.set-version.outputs.version }} + use_cache: true release: name: Release Infix ${{ github.ref_name }} diff --git a/.github/workflows/trigger.yml b/.github/workflows/trigger.yml index ed1f274da..460ff02e8 100644 --- a/.github/workflows/trigger.yml +++ b/.github/workflows/trigger.yml @@ -9,34 +9,62 @@ on: - ci-work workflow_dispatch: -concurrency: - group: ci-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - jobs: + # Gate all builds through this check to prevent duplicate runs when a PR is + # created with the ci:main label already attached. Without this, both the + # 'opened' and 'labeled' events would trigger separate builds. Only run on + # 'labeled' events when the label is actually 'ci:main'. See issue #1154. + check-trigger: + if: | + startsWith(github.repository, 'kernelkit/') && + (github.event_name != 'pull_request' || + github.event.action != 'labeled' || + github.event.label.name == 'ci:main') + runs-on: ubuntu-latest + outputs: + x86_64_target: ${{ steps.set-targets.outputs.x86_64_target }} + aarch64_target: ${{ steps.set-targets.outputs.aarch64_target }} + steps: + - run: | + echo "Triggering build ——————————————————————————————————————————————" + echo "Event : ${{ github.event_name }}" + echo "Action : ${{ github.event.action }}" + echo "Ref : ${{ github.ref }}" + echo "PR : ${{ github.event.pull_request.number }}" + echo "Label : ${{ github.event.label.name }}" + - id: set-targets + run: | + if [[ "${{ github.event_name }}" == "pull_request" ]] && \ + ! echo '${{ toJSON(github.event.pull_request.labels.*.name) }}' \ + | grep -q "ci:main"; then + echo "x86_64_target=x86_64_minimal" >> $GITHUB_OUTPUT + echo "aarch64_target=aarch64_minimal" >> $GITHUB_OUTPUT + else + echo "x86_64_target=x86_64" >> $GITHUB_OUTPUT + echo "aarch64_target=aarch64" >> $GITHUB_OUTPUT + fi + build-x86_64: - if: startsWith(github.repository, 'kernelkit/') + needs: check-trigger uses: ./.github/workflows/build.yml with: name: "infix" - target: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'ci:main') && 'x86_64_minimal' || 'x86_64' }} + target: ${{ needs.check-trigger.outputs.x86_64_target }} build-aarch64: - if: startsWith(github.repository, 'kernelkit/') + needs: check-trigger uses: ./.github/workflows/build.yml with: name: "infix" - target: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'ci:main') && 'aarch64_minimal' || 'aarch64' }} + target: ${{ needs.check-trigger.outputs.aarch64_target }} test-run-x86_64: - if: startsWith(github.repository, 'kernelkit/') - needs: build-x86_64 + needs: [check-trigger, build-x86_64] uses: ./.github/workflows/test.yml with: - target: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'ci:main') && 'x86_64_minimal' || 'x86_64' }} + target: ${{ needs.check-trigger.outputs.x86_64_target }} name: "infix" test-publish-x86_64: - if: startsWith(github.repository, 'kernelkit/') needs: test-run-x86_64 uses: ./.github/workflows/publish.yml diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml new file mode 100644 index 000000000..c11a1e5a9 --- /dev/null +++ b/.github/workflows/weekly.yml @@ -0,0 +1,75 @@ +# Weekly release build to catch flaky tests and verify clean builds. +# Runs without caches (ccache) to ensure reproducibility. See issue #1003. +name: Weekly Build + +on: + schedule: + - cron: '5 0 * * 6' # Saturday at 00:05 UTC, same as Coverity + workflow_dispatch: + +jobs: + build: + if: github.repository == 'kernelkit/infix' + uses: ./.github/workflows/build-release.yml + with: + version: "latest" + use_cache: false + + publish: + name: Publish Weekly Build + needs: build + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/download-artifact@v4 + with: + pattern: "artifact-*" + merge-multiple: true + + - name: Create checksums + run: | + for file in *.tar.gz; do + sha256sum $file > $file.sha256 + done + if ls *.qcow2 &>/dev/null; then + for file in *.qcow2; do + sha256sum "$file" > "$file.sha256" + done + fi + + - name: Update latest tag + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git tag -f latest + git push -f origin latest + + - uses: ncipollo/release-action@v1 + with: + tag: latest + name: "Latest Weekly Build" + prerelease: true + makeLatest: false + allowUpdates: true + removeArtifacts: true + body: | + Automated weekly build from `${{ github.sha }}`. + + This build runs without caches to catch potential flaky tests and build issues. + Not intended for production use - use official releases instead. + + **Commit:** ${{ github.sha }} + **Built:** ${{ github.run_id }} + artifacts: "*.tar.gz*,*.qcow2*" + + - name: Summary + run: | + cat <> $GITHUB_STEP_SUMMARY + # Weekly Build Published! :package: + + Latest artifacts uploaded to: + + + Built from commit: \`${{ github.sha }}\` + EOF diff --git a/test/9pm b/test/9pm index ae54b4085..5e4e46731 160000 --- a/test/9pm +++ b/test/9pm @@ -1 +1 @@ -Subproject commit ae54b40853afe29b3975b911380bd2f5bf9d3fce +Subproject commit 5e4e4673196b5404e681ce720fa3255ac84359ff