Build debos recipe #41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build debos recipe | |
| on: | |
| # run on pull requests to the main branch | |
| pull_request: | |
| branches: [main] | |
| # run on pushes to the main branch | |
| push: | |
| branches: [main] | |
| # run daily at 8:30am | |
| schedule: | |
| - cron: '30 8 * * *' | |
| # allow manual runs | |
| workflow_dispatch: | |
| # only need permission to read repository; implicitely set all other | |
| # permissions to none | |
| permissions: | |
| contents: read | |
| defaults: | |
| # run all commands from the debos-recipes directory | |
| run: | |
| working-directory: debos-recipes | |
| env: | |
| INCUS_IMAGE: images:debian/trixie/arm64 | |
| INCUS_NAME: debos | |
| FILESERVER_DIR: /srv/gh-runners/quic-yocto/builds | |
| FILESERVER_URL: https://quic-yocto-fileserver-1029608027416.us-central1.run.app | |
| # cancel in progress builds for this workflow triggered by the same ref | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-debos: | |
| runs-on: [self-hosted, arm64, debbuilder] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| # make sure we have latest packages first, to get latest fixes and to | |
| # avoid an automated update while we're building | |
| - name: Update OS packages | |
| run: | | |
| set -x | |
| sudo apt update | |
| sudo apt -y upgrade | |
| sudo apt -y full-upgrade | |
| # this is the default in our self-hosted runners | |
| - name: Make sure Incus is setup | |
| run: | | |
| set -x | |
| sudo apt -y install incus | |
| sudo incus admin init --auto | |
| # create a fresh container build environment to decouple the build | |
| # operating system from the github runner one; install debos | |
| - name: Setup build environment | |
| run: | | |
| set -x | |
| # privileged container as debos will use mounts | |
| sudo incus init "${INCUS_IMAGE}" "${INCUS_NAME}" \ | |
| -c security.privileged=true -c security.nesting=true | |
| sudo incus start "${INCUS_NAME}" | |
| # wait for network to be up (prior to running apt) | |
| sudo incus exec "${INCUS_NAME}" \ | |
| /usr/lib/systemd/systemd-networkd-wait-online | |
| ( | |
| # these commands are run inside the container | |
| cat <<EOF | |
| apt update | |
| apt -y upgrade | |
| apt -y full-upgrade | |
| apt -y install debos | |
| EOF | |
| ) | sudo incus exec "${INCUS_NAME}" -- sh | |
| - name: Build debos recipe | |
| run: | | |
| set -x | |
| # mount current directory under /build | |
| sudo incus config device add "${INCUS_NAME}" build-dir \ | |
| disk "source=${PWD}" path=/build shift=true | |
| ( | |
| # these commands are run inside the container | |
| cat <<EOF | |
| cd /build | |
| # debos tries KVM and UML as backends, and falls back to building | |
| # directly on the host, but that requires loop devices; use | |
| # qemu backend explicitly even if it's slower | |
| # qemu backend also requires to set scratchsize, otherwise | |
| # the whole build is done from memory and the out of memory | |
| # killer gets triggered | |
| debos -b qemu --scratchsize 4GiB qualcomm-linux-debian.yaml | |
| EOF | |
| ) | sudo incus exec "${INCUS_NAME}" -- sh | |
| - name: Upload artifacts to fileserver | |
| run: | | |
| set -x | |
| # curl will be used to talk to fileserver; should be installed by | |
| # default | |
| sudo apt -y install curl | |
| # github runs are only unique per repository and may also be re-run; | |
| # create an unique id with repository, run id, and run attempt | |
| id="${GITHUB_REPOSITORY}-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}" | |
| # create a directory for the current run | |
| dir="${FILESERVER_DIR}/${id}" | |
| mkdir -vp "${dir}" | |
| # copy output files | |
| cp -v disk.img "${dir}" | |
| # instruct fileserver to publish this directory | |
| url="${FILESERVER_URL}/${id}/" | |
| curl -X POST -H 'Accept: text/event-stream' "${url}" | |