ci: add workflow to build debos recipe #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build debos recipe | |
| on: | |
| # run on pull requests to the main branch if debos recipes are changed | |
| pull_request: | |
| branches: [main] | |
| paths: ['.github/workflows/debos.yml', 'debos-recipes/*'] | |
| # run on pushes if debos recipes are changed | |
| push: | |
| branches: [main] | |
| paths: ['.github/workflows/debos.yml', 'debos-recipes/*'] | |
| # run daily at 8:30am | |
| schedule: | |
| - cron: '30 8 * * *' | |
| # allow manual runs | |
| workflow_dispatch: | |
| # only need permission to read repository; implicitely set all other | |
| # permissions to none | |
| permissions: | |
| contents: read | |
| defaults: | |
| # run all commands from the debos-recipes directory | |
| run: | |
| working-directory: debos-recipes | |
| env: | |
| INCUS_IMAGE: images:debian/trixie/arm64 | |
| INCUS_NAME: debos | |
| # cancel in progress builds for this workflow triggered by the same ref | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-debos: | |
| runs-on: [self-hosted, arm64, debbuilder] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| # this is the default in our self-hosted runners | |
| - name: Make sure Incus is setup | |
| run: | | |
| set -x | |
| sudo apt -y install incus | |
| sudo incus admin init --auto | |
| # create a fresh container build environment to decouple the build | |
| # operating system from the github runner one; install debos | |
| - name: Setup build environment | |
| run: | | |
| set -x | |
| # privileged container as debos will use mounts | |
| sudo incus init "${INCUS_IMAGE}" "${INCUS_NAME}" \ | |
| -c security.privileged=true -c security.nesting=true | |
| sudo incus start "${INCUS_NAME}" | |
| # wait for network to be up (prior to running apt) | |
| sudo incus exec "${INCUS_NAME}" \ | |
| /usr/lib/systemd/systemd-networkd-wait-online | |
| ( | |
| # these commands are run inside the container | |
| cat <<EOF | |
| apt update | |
| apt upgrade -y | |
| apt install -y debos | |
| EOF | |
| ) | sudo incus exec "${INCUS_NAME}" -- sh | |
| - name: Build debos recipe | |
| run: | | |
| set -x | |
| # mount current directory under /build | |
| sudo incus config device add "${INCUS_NAME}" build-dir \ | |
| disk "source=${PWD}" path=/build shift=true | |
| ( | |
| # these commands are run inside the container | |
| cat <<EOF | |
| cd /build | |
| # debos tries KVM and UML as backends, and falls back to building | |
| # directly on the host, but that requires loop devices; use | |
| # qemu backend explicitly even if it's slower | |
| debos -b qemu qualcomm-linux-debian.yaml | |
| EOF | |
| ) | sudo incus exec "${INCUS_NAME}" -- sh | |