Skip to content

Better apt repo behaviour #25

Better apt repo behaviour

Better apt repo behaviour #25

Workflow file for this run

name: kernel-build-publish
run-name: kernel build and publish ${{ inputs.kernel_version }}
on:
workflow_call:
inputs:
kernel_version:
required: true
type: string
workflow_dispatch:
inputs:
kernel_version:
description: 'Kernel version to build (e.g. 6.1.167)'
required: true
type: string
permissions:
contents: write
pages: write
concurrency:
group: build-kernel
cancel-in-progress: false
env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
jobs:
build:
runs-on: ubuntu-latest
container: debian:trixie
env:
KERNEL_VERSION: ${{ inputs.kernel_version }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install build dependencies
run: |
dpkg --add-architecture i386
apt-get update
apt-get install -y \
curl git gnupg gh gcc-i686-linux-gnu bc libssl-dev libssl-dev:i386 libelf-dev flex bison \
debhelper dpkg-dev rsync libncurses-dev apt-utils kmod cpio lsb-release libdw-dev python3
- name: Cache kernel tarball
uses: actions/cache@v4
with:
path: linux-${{ inputs.kernel_version }}.tar.xz
key: kernel-tarball-${{ inputs.kernel_version }}
- name: Download kernel source
run: |
if [ ! -f "linux-${KERNEL_VERSION}.tar.xz" ]; then
MAJOR=$(echo "${KERNEL_VERSION}" | cut -d. -f1)
curl -fO --retry 3 --retry-delay 5 \
"https://cdn.kernel.org/pub/linux/kernel/v${MAJOR}.x/linux-${KERNEL_VERSION}.tar.xz"
fi
if [ ! -d "linux-${KERNEL_VERSION}" ]; then
tar xf "linux-${KERNEL_VERSION}.tar.xz"
fi
- name: Apply patches
run: |
KBRANCH=$(echo "${KERNEL_VERSION}" | cut -d. -f1-2)
for patch in "patches/${KBRANCH}/"*.patch; do
echo "Applying ${patch}..."
patch --fuzz=3 -p1 -d "linux-${KERNEL_VERSION}" < "${patch}"
done
- name: Configure kernel
run: |
KBRANCH=$(echo "${KERNEL_VERSION}" | cut -d. -f1-2)
cp "configs/${KBRANCH}-openframe.config" "linux-${KERNEL_VERSION}/.config"
make -C "linux-${KERNEL_VERSION}" \
ARCH=i386 \
CROSS_COMPILE=i686-linux-gnu- \
LOCALVERSION=-openframe \
olddefconfig
- name: Build kernel packages
run: |
make -C "linux-${KERNEL_VERSION}" \
ARCH=i386 \
CROSS_COMPILE=i686-linux-gnu- \
LOCALVERSION=-openframe \
-j$(nproc) \
bindeb-pkg
- name: Collect packages
run: |
mkdir -p packages
mv *.deb packages/
ls -lh packages/
- name: Build metapackage
run: |
KBRANCH=$(echo "${KERNEL_VERSION}" | cut -d. -f1-2)
METAPKG="linux-image-openframe-${KBRANCH}"
METADIR="metapkg/${METAPKG}"
mkdir -p "${METADIR}/DEBIAN"
cat > "${METADIR}/DEBIAN/control" << EOF
Package: ${METAPKG}
Version: ${KERNEL_VERSION}
Architecture: i386
Maintainer: OpenFrame Project <noreply@openbeak.net>
Description: OpenFrame kernel metapackage (${KBRANCH} series)
Tracks the latest OpenFrame Linux ${KBRANCH} kernel.
Install this package to receive kernel updates via apt upgrade.
Depends: linux-image-${KERNEL_VERSION}-openframe
EOF

Check failure on line 112 in .github/workflows/build.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/build.yml

Invalid workflow file

You have an error in your yaml syntax on line 112
dpkg-deb --build --root-owner-group "${METADIR}" \
"packages/${METAPKG}_${KERNEL_VERSION}_i386.deb"
- name: Import GPG signing key
run: |
echo "${{ secrets.APT_SIGNING_KEY }}" | gpg --batch --import
- name: Checkout repo branch
uses: actions/checkout@v4
with:
ref: repo
path: apt-repo
- name: Update apt repository
run: |
KCOMPONENT=$(echo "${KERNEL_VERSION}" | cut -d. -f1-2)
POOL="apt-repo/pool/${KCOMPONENT}"
BINARY="apt-repo/dists/trixie/${KCOMPONENT}/binary-i386"
mkdir -p "${POOL}" "${BINARY}"
cp packages/*.deb "${POOL}/"
# Keep the 3 most recent versions of each package type, remove the rest
for pkg in linux-image linux-headers linux-libc-dev; do
ls -t "${POOL}/${pkg}"*.deb 2>/dev/null | tail -n +4 | xargs -r rm -v
done
# Export public signing key for users (binary dearmored for signed-by)
gpg --export > apt-repo/key.gpg
cd apt-repo
# Generate Packages index for this component
dpkg-scanpackages --arch i386 "pool/${KCOMPONENT}" \
> "dists/trixie/${KCOMPONENT}/binary-i386/Packages"
gzip -9c "dists/trixie/${KCOMPONENT}/binary-i386/Packages" \
> "dists/trixie/${KCOMPONENT}/binary-i386/Packages.gz"
# Discover all components and regenerate the Release file
COMPONENTS=$(ls -d dists/trixie/*/binary-i386 2>/dev/null | awk -F/ '{print $3}' | tr '\n' ' ' | sed 's/ $//')
# Generate Release file
apt-ftparchive \
-o APT::FTPArchive::Release::Origin="OpenFrame Kernel" \
-o APT::FTPArchive::Release::Label="OpenFrame Kernel" \
-o APT::FTPArchive::Release::Suite="trixie" \
-o APT::FTPArchive::Release::Codename="trixie" \
-o APT::FTPArchive::Release::Architectures="i386" \
-o "APT::FTPArchive::Release::Components=${COMPONENTS}" \
-o APT::FTPArchive::Release::Description="OpenFrame Kernel Packages" \
release dists/trixie > dists/trixie/Release
# Sign Release file
GPG_KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub/{print $5; exit}')
gpg --batch --yes --default-key "${GPG_KEY_ID}" \
--clearsign -o dists/trixie/InRelease dists/trixie/Release
gpg --batch --yes --default-key "${GPG_KEY_ID}" \
--detach-sign --armor -o dists/trixie/Release.gpg dists/trixie/Release
- name: Generate directory listing
run: |
cd apt-repo
{
printf '<!DOCTYPE html>\n<html>\n'
printf '<head><title>Index of /</title></head>\n'
printf '<body>\n<h1>Index of /</h1><hr><pre>'
human_size() {
local size=$1
if [ "$size" -ge 1073741824 ]; then
echo "$((size / 1073741824))G"
elif [ "$size" -ge 1048576 ]; then
echo "$((size / 1048576))M"
elif [ "$size" -ge 1024 ]; then
echo "$((size / 1024))K"
else
echo "$size"
fi
}
for f in pool/*/*.deb; do
[ -f "$f" ] || continue
fname=$(basename "$f")
fsize=$(stat -c '%s' "$f")
fdate=$(date -d "@$(stat -c '%Y' "$f")" '+%d-%b-%Y %H:%M')
hsize=$(human_size "$fsize")
href="${f}"
namelen=${#fname}
padlen=$((51 - namelen))
[ ${padlen} -lt 1 ] && padlen=1
padding=$(printf '%*s' ${padlen} '')
printf '\n<a href="%s">%s</a>%s%s %8s' \
"${href}" "${fname}" "${padding}" "${fdate}" "${hsize}"
done
printf '\n</pre><hr></body>\n</html>\n'
} > index.html
- name: Push apt repository
run: |
cd apt-repo
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add -A
git diff --cached --quiet && echo "No changes to commit" || \
git commit -m "Publish linux-${KERNEL_VERSION}-openframe"
git push origin repo
- name: Create or update GitHub release
env:
GH_TOKEN: ${{ github.token }}
run: |
TAG="v${KERNEL_VERSION}"
NOTES="Kernel ${KERNEL_VERSION} with OpenFrame patches, built for Debian Trixie (i386)."
if gh release view "${TAG}" --repo ${{ github.repository }} >/dev/null 2>&1; then
gh release upload "${TAG}" \
--repo ${{ github.repository }} \
--clobber \
packages/*.deb
else
gh release create "${TAG}" \
--repo ${{ github.repository }} \
--title "Linux ${KERNEL_VERSION}-openframe" \
--notes "${NOTES}" \
packages/*.deb
fi
- name: Dispatch image build in openframe-linux
env:
GH_TOKEN: ${{ secrets.DISPATCH_TOKEN }}
run: |
gh api repos/birdslikewires/openframe-linux/dispatches \
--method POST \
--field event_type=kernel-released \
--field client_payload[kernel_version]="${KERNEL_VERSION}"