From 133e0b0f9f3cd885a3422f8c9a639975a183ec8c Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Thu, 2 Oct 2025 01:19:36 +0200 Subject: [PATCH 1/5] test/9m: bump to latest version Signed-off-by: Joachim Wiberg --- test/9pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/9pm b/test/9pm index ae54b4085..5e4e46731 160000 --- a/test/9pm +++ b/test/9pm @@ -1 +1 @@ -Subproject commit ae54b40853afe29b3975b911380bd2f5bf9d3fce +Subproject commit 5e4e4673196b5404e681ce720fa3255ac84359ff From 7a7505d97b4f17daddd046140c9123caf3eb7c22 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Thu, 2 Oct 2025 01:21:41 +0200 Subject: [PATCH 2/5] .github: re-enable massive parallel build Fixes #1152 Signed-off-by: Joachim Wiberg --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 81079e598..06d43795f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -35,7 +35,7 @@ on: parallel: required: false type: boolean - default: false + default: true env: NAME: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.name || inputs.name }} From 23b29f4d38adce0bb67616ba57dafd4a36adb25c Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Thu, 2 Oct 2025 01:46:43 +0200 Subject: [PATCH 3/5] .github: alternative fix to issue #1154 Here we use a check-trigger job that all the others depend on, which should prevent duplicate workflows starting a bit more elegantly than killing one of them with the concurrency checker. Signed-off-by: Joachim Wiberg --- .github/workflows/trigger.yml | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/.github/workflows/trigger.yml b/.github/workflows/trigger.yml index ed1f274da..2bed13436 100644 --- a/.github/workflows/trigger.yml +++ b/.github/workflows/trigger.yml @@ -14,22 +14,41 @@ concurrency: cancel-in-progress: true jobs: + # Gate all builds through this check to prevent wasted runs. Only run on + # 'labeled' events when the label is actually 'ci:main'. Concurrency control + # above handles canceling the 'opened' event when 'labeled' arrives quickly + # after (e.g., when creating a PR with ci:main already attached). See #1154. + check-trigger: + if: | + startsWith(github.repository, 'kernelkit/') && + (github.event_name != 'pull_request' || + github.event.action != 'labeled' || + github.event.label.name == 'ci:main') + runs-on: ubuntu-latest + steps: + - run: | + echo "Triggering build ——————————————————————————————————————————————" + echo "Event : ${{ github.event_name }}" + echo "Action : ${{ github.event.action }}" + echo "Ref : ${{ github.ref }}" + echo "PR : ${{ github.event.pull_request.number }}" + echo "Label : ${{ github.event.label.name }}" + build-x86_64: - if: startsWith(github.repository, 'kernelkit/') + needs: check-trigger uses: ./.github/workflows/build.yml with: name: "infix" target: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'ci:main') && 'x86_64_minimal' || 'x86_64' }} build-aarch64: - if: startsWith(github.repository, 'kernelkit/') + needs: check-trigger uses: ./.github/workflows/build.yml with: name: "infix" target: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'ci:main') && 'aarch64_minimal' || 'aarch64' }} test-run-x86_64: - if: startsWith(github.repository, 'kernelkit/') needs: build-x86_64 uses: ./.github/workflows/test.yml with: @@ -37,6 +56,5 @@ jobs: name: "infix" test-publish-x86_64: - if: startsWith(github.repository, 'kernelkit/') needs: test-run-x86_64 uses: ./.github/workflows/publish.yml From dc62138d690b4e929ae4575e7d8398ade3b4ebad Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Thu, 2 Oct 2025 01:51:50 +0200 Subject: [PATCH 4/5] .github: simplify a bit now that we have a check-trigger With all jobs now depending on check-trigger we can do the evaluations there and set some variables that can be reused later. Signed-off-by: Joachim Wiberg --- .github/workflows/trigger.yml | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/.github/workflows/trigger.yml b/.github/workflows/trigger.yml index 2bed13436..a6929663e 100644 --- a/.github/workflows/trigger.yml +++ b/.github/workflows/trigger.yml @@ -25,6 +25,9 @@ jobs: github.event.action != 'labeled' || github.event.label.name == 'ci:main') runs-on: ubuntu-latest + outputs: + x86_64_target: ${{ steps.set-targets.outputs.x86_64_target }} + aarch64_target: ${{ steps.set-targets.outputs.aarch64_target }} steps: - run: | echo "Triggering build ——————————————————————————————————————————————" @@ -33,26 +36,37 @@ jobs: echo "Ref : ${{ github.ref }}" echo "PR : ${{ github.event.pull_request.number }}" echo "Label : ${{ github.event.label.name }}" + - id: set-targets + run: | + if [[ "${{ github.event_name }}" == "pull_request" ]] && \ + ! echo '${{ toJSON(github.event.pull_request.labels.*.name) }}' \ + | grep -q "ci:main"; then + echo "x86_64_target=x86_64_minimal" >> $GITHUB_OUTPUT + echo "aarch64_target=aarch64_minimal" >> $GITHUB_OUTPUT + else + echo "x86_64_target=x86_64" >> $GITHUB_OUTPUT + echo "aarch64_target=aarch64" >> $GITHUB_OUTPUT + fi build-x86_64: needs: check-trigger uses: ./.github/workflows/build.yml with: name: "infix" - target: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'ci:main') && 'x86_64_minimal' || 'x86_64' }} + target: ${{ needs.check-trigger.outputs.x86_64_target }} build-aarch64: needs: check-trigger uses: ./.github/workflows/build.yml with: name: "infix" - target: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'ci:main') && 'aarch64_minimal' || 'aarch64' }} + target: ${{ needs.check-trigger.outputs.aarch64_target }} test-run-x86_64: - needs: build-x86_64 + needs: [check-trigger, build-x86_64] uses: ./.github/workflows/test.yml with: - target: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'ci:main') && 'x86_64_minimal' || 'x86_64' }} + target: ${{ needs.check-trigger.outputs.x86_64_target }} name: "infix" test-publish-x86_64: From c510c9112ce6b2e398eede61b8801149f94aa37a Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Thu, 2 Oct 2025 02:00:39 +0200 Subject: [PATCH 5/5] .github: new weekly workflow to verify release workflow Fixes #1003 Signed-off-by: Joachim Wiberg --- .github/workflows/build-release.yml | 92 +++++++++++++++++++++++++++++ .github/workflows/release.yml | 84 ++++---------------------- .github/workflows/weekly.yml | 75 +++++++++++++++++++++++ 3 files changed, 179 insertions(+), 72 deletions(-) create mode 100644 .github/workflows/build-release.yml create mode 100644 .github/workflows/weekly.yml diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml new file mode 100644 index 000000000..3c4f31171 --- /dev/null +++ b/.github/workflows/build-release.yml @@ -0,0 +1,92 @@ +name: Build Release + +on: + workflow_call: + inputs: + version: + required: true + type: string + use_cache: + required: false + type: boolean + default: true + +jobs: + build: + name: Build Infix ${{ inputs.version }} [${{ matrix.target }}] + runs-on: [ self-hosted, release ] + strategy: + matrix: + target: [aarch64, x86_64] + fail-fast: false + steps: + - uses: actions/checkout@v4 + with: + clean: true + submodules: recursive + + - name: Set Release Variables + id: vars + run: | + ver=${{ inputs.version }} + echo "ver=${ver}" >> $GITHUB_OUTPUT + fver=${ver#v} + target=${{ matrix.target }}-${fver} + echo "dir=infix-$target" >> $GITHUB_OUTPUT + echo "tgz=infix-$target.tar.gz" >> $GITHUB_OUTPUT + + - name: Restore Cache of dl/ + if: ${{ inputs.use_cache }} + uses: actions/cache@v4 + with: + path: dl/ + key: dl-${{ hashFiles('.git/modules/buildroot/HEAD', 'configs/*', 'package/*/*.hash') }} + restore-keys: | + dl- + + - name: Restore Cache of .ccache/ + if: ${{ inputs.use_cache }} + uses: actions/cache@v4 + with: + path: .ccache/ + key: ccache-${{ matrix.target }}-${{ hashFiles('.git/modules/buildroot/HEAD', 'package/*/*.hash') }} + restore-keys: | + ccache-${{ matrix.target }}- + ccache- + + - name: Configure & Build + env: + INFIX_RELEASE: ${{ steps.vars.outputs.ver }} + run: | + target=${{ matrix.target }}_defconfig + echo "Building $target ..." + make $target + make + + - name: Generate SBOM from Build + run: | + make legal-info + + - name: Build test specification + run: | + make test-spec + + - name: Prepare Artifacts + run: | + cd output/ + mv images ${{ steps.vars.outputs.dir }} + ln -s ${{ steps.vars.outputs.dir }} images + tar cfz ${{ steps.vars.outputs.tgz }} ${{ steps.vars.outputs.dir }} + + mv legal-info legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }} + tar cfz legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }}.tar.gz legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }} + + - uses: actions/upload-artifact@v4 + with: + name: artifact-${{ matrix.target }} + path: output/*.tar.gz + + - uses: actions/upload-artifact@v4 + with: + name: artifact-disk-image-${{ matrix.target }} + path: output/images/*.qcow2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ea785456e..c7409601f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,87 +18,27 @@ on: type: string jobs: - build: + set-version: if: github.repository == 'kernelkit/infix' && startsWith(github.ref, 'refs/tags/') - name: Build Infix ${{ github.ref_name }} [${{ matrix.target }}] - runs-on: [ self-hosted, release ] - strategy: - matrix: - target: [aarch64, x86_64] - fail-fast: false + runs-on: ubuntu-latest + outputs: + version: ${{ steps.set-ver.outputs.version }} steps: - - uses: actions/checkout@v4 - with: - clean: true - submodules: recursive - - - name: Set Release Variables - id: vars + - id: set-ver run: | if [ -n "${{ inputs.version }}" ]; then ver=${{ inputs.version }} else ver=${GITHUB_REF#refs/tags/} fi - echo "ver=${ver}" >> $GITHUB_OUTPUT - fver=${ver#v} - target=${{ matrix.target }}-${fver} - echo "dir=infix-$target" >> $GITHUB_OUTPUT - echo "tgz=infix-$target.tar.gz" >> $GITHUB_OUTPUT - - - name: Restore Cache of dl/ - uses: actions/cache@v4 - with: - path: dl/ - key: dl-${{ hashFiles('.git/modules/buildroot/HEAD', 'configs/*', 'package/*/*.hash') }} - restore-keys: | - dl- - - - name: Restore Cache of .ccache/ - uses: actions/cache@v4 - with: - path: .ccache/ - key: ccache-${{ matrix.target }}-${{ hashFiles('.git/modules/buildroot/HEAD', 'package/*/*.hash') }} - restore-keys: | - ccache-${{ matrix.target }}- - ccache- - - - name: Configure & Build - env: - INFIX_RELEASE: ${{ steps.vars.outputs.ver }} - run: | - target=${{ matrix.target }}_defconfig - echo "Building $target ..." - make $target - make + echo "version=${ver}" >> $GITHUB_OUTPUT - - name: Generate SBOM from Build - run: | - make legal-info - - - name: Build test specification - run: | - make test-spec - - - name: Prepare Artifacts - run: | - cd output/ - mv images ${{ steps.vars.outputs.dir }} - ln -s ${{ steps.vars.outputs.dir }} images - tar cfz ${{ steps.vars.outputs.tgz }} ${{ steps.vars.outputs.dir }} - - mv legal-info legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }} - tar cfz legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }}.tar.gz legal-info-${{ matrix.target }}-${{ steps.vars.outputs.ver }} - - - uses: actions/upload-artifact@v4 - with: - name: artifact-${{ matrix.target }} - path: output/*.tar.gz - - - uses: actions/upload-artifact@v4 - with: - name: artifact-disk-image-${{ matrix.target }} - path: output/images/*.qcow2 + build: + needs: set-version + uses: ./.github/workflows/build-release.yml + with: + version: ${{ needs.set-version.outputs.version }} + use_cache: true release: name: Release Infix ${{ github.ref_name }} diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml new file mode 100644 index 000000000..c11a1e5a9 --- /dev/null +++ b/.github/workflows/weekly.yml @@ -0,0 +1,75 @@ +# Weekly release build to catch flaky tests and verify clean builds. +# Runs without caches (ccache) to ensure reproducibility. See issue #1003. +name: Weekly Build + +on: + schedule: + - cron: '5 0 * * 6' # Saturday at 00:05 UTC, same as Coverity + workflow_dispatch: + +jobs: + build: + if: github.repository == 'kernelkit/infix' + uses: ./.github/workflows/build-release.yml + with: + version: "latest" + use_cache: false + + publish: + name: Publish Weekly Build + needs: build + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/download-artifact@v4 + with: + pattern: "artifact-*" + merge-multiple: true + + - name: Create checksums + run: | + for file in *.tar.gz; do + sha256sum $file > $file.sha256 + done + if ls *.qcow2 &>/dev/null; then + for file in *.qcow2; do + sha256sum "$file" > "$file.sha256" + done + fi + + - name: Update latest tag + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git tag -f latest + git push -f origin latest + + - uses: ncipollo/release-action@v1 + with: + tag: latest + name: "Latest Weekly Build" + prerelease: true + makeLatest: false + allowUpdates: true + removeArtifacts: true + body: | + Automated weekly build from `${{ github.sha }}`. + + This build runs without caches to catch potential flaky tests and build issues. + Not intended for production use - use official releases instead. + + **Commit:** ${{ github.sha }} + **Built:** ${{ github.run_id }} + artifacts: "*.tar.gz*,*.qcow2*" + + - name: Summary + run: | + cat <> $GITHUB_STEP_SUMMARY + # Weekly Build Published! :package: + + Latest artifacts uploaded to: + + + Built from commit: \`${{ github.sha }}\` + EOF