From 5c69f62ee94295bcb5ed3149d734f8e2013a2cf3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Minier?= <loic.minier@oss.qualcomm.com>
Date: Mon, 24 Mar 2025 18:29:24 +0100
Subject: [PATCH] ci: Build debos recipe
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Loïc Minier <loic.minier@oss.qualcomm.com>
---
 .github/workflows/debos.yml | 90 +++++++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 .github/workflows/debos.yml

diff --git a/.github/workflows/debos.yml b/.github/workflows/debos.yml
new file mode 100644
index 00000000..acac028e
--- /dev/null
+++ b/.github/workflows/debos.yml
@@ -0,0 +1,90 @@
+name: Build debos recipe
+
+on:
+  # run on pull requests to the main branch
+  pull_request:
+    branches: [main]
+  # run on pushes to the main branch
+  push:
+    branches: [main]
+  # run daily at 8:30am
+  schedule:
+    - cron: '30 8 * * *'
+  # allow manual runs
+  workflow_dispatch:
+
+# only need permission to read repository; implicitely set all other
+# permissions to none
+permissions:
+  contents: read
+
+defaults:
+  # run all commands from the debos-recipes directory
+  run:
+    working-directory: debos-recipes
+
+env:
+  INCUS_IMAGE: images:debian/trixie/arm64
+  INCUS_NAME: debos
+
+# cancel in progress builds for this workflow triggered by the same ref
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-debos:
+    runs-on: [self-hosted, arm64, debbuilder]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # this is the default in our self-hosted runners
+      - name: Make sure Incus is setup
+        run: |
+          set -x
+          sudo apt -y install incus
+          sudo incus admin init --auto
+
+      # create a fresh container build environment to decouple the build
+      # operating system from the github runner one; install debos
+      - name: Setup build environment
+        run: |
+           set -x
+           # privileged container as debos will use mounts
+           sudo incus init "${INCUS_IMAGE}" "${INCUS_NAME}" \
+               -c security.privileged=true -c security.nesting=true
+           sudo incus start "${INCUS_NAME}"
+           # wait for network to be up (prior to running apt)
+           sudo incus exec "${INCUS_NAME}" \
+              /usr/lib/systemd/systemd-networkd-wait-online
+           (
+               # these commands are run inside the container
+               cat <<EOF
+               apt update
+               apt upgrade -y
+               apt install -y debos
+           EOF
+           ) | sudo incus exec "${INCUS_NAME}" -- sh
+
+      - name: Build debos recipe
+        run: |
+          set -x
+          # mount current directory under /build
+          sudo incus config device add "${INCUS_NAME}" build-dir \
+              disk "source=${PWD}" path=/build shift=true
+          (
+              # these commands are run inside the container
+              cat <<EOF
+              cd /build
+              # debos tries KVM and UML as backends, and falls back to building
+              # directly on the host, but that requires loop devices; use
+              # qemu backend explicitly even if it's slower
+              # qemu backend also requires to set scratchsize, otherwise
+              # the whole build is done from memory and the out of memory
+              # killer gets triggered
+              debos -b qemu --scratchsize 4GiB qualcomm-linux-debian.yaml
+          EOF
+          ) | sudo incus exec "${INCUS_NAME}" -- sh
+