kernel build and publish 6.18.23 #31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: kernel-build-publish | |
| run-name: kernel build and publish ${{ inputs.kernel_version }} | |
| on: | |
| workflow_call: | |
| inputs: | |
| kernel_version: | |
| required: true | |
| type: string | |
| workflow_dispatch: | |
| inputs: | |
| kernel_version: | |
| description: 'Kernel version to build (e.g. 6.1.167)' | |
| required: true | |
| type: string | |
| permissions: | |
| contents: write | |
| pages: write | |
| concurrency: | |
| group: build-kernel | |
| cancel-in-progress: false | |
| env: | |
| FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| container: debian:trixie | |
| env: | |
| KERNEL_VERSION: ${{ inputs.kernel_version }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install build dependencies | |
| run: | | |
| dpkg --add-architecture i386 | |
| apt-get update | |
| apt-get install -y \ | |
| curl git gnupg gh gcc-i686-linux-gnu bc libssl-dev libssl-dev:i386 libelf-dev flex bison \ | |
| debhelper dpkg-dev rsync libncurses-dev apt-utils kmod cpio lsb-release libdw-dev python3 | |
| - name: Checkout apt repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: repo | |
| path: apt-repo | |
| - name: Determine package revision | |
| run: | | |
| KCOMPONENT=$(echo "${KERNEL_VERSION}" | cut -d. -f1-2) | |
| POOL="apt-repo/pool/${KCOMPONENT}" | |
| LAST_REV=$(ls "${POOL}/linux-image-${KERNEL_VERSION}-openframe_${KERNEL_VERSION}-"*.deb 2>/dev/null \ | |
| | grep -oP '(?<='"${KERNEL_VERSION}"'-)\d+(?=_i386\.deb)' | sort -n | tail -1) | |
| PKG_REVISION=$(( ${LAST_REV:-0} + 1 )) | |
| echo "Package revision: ${PKG_REVISION}" | |
| echo "PKG_REVISION=${PKG_REVISION}" >> $GITHUB_ENV | |
| - name: Cache kernel tarball | |
| uses: actions/cache@v4 | |
| with: | |
| path: linux-${{ inputs.kernel_version }}.tar.xz | |
| key: kernel-tarball-${{ inputs.kernel_version }} | |
| - name: Download kernel source | |
| run: | | |
| if [ ! -f "linux-${KERNEL_VERSION}.tar.xz" ]; then | |
| MAJOR=$(echo "${KERNEL_VERSION}" | cut -d. -f1) | |
| curl -fO --retry 3 --retry-delay 5 \ | |
| "https://cdn.kernel.org/pub/linux/kernel/v${MAJOR}.x/linux-${KERNEL_VERSION}.tar.xz" | |
| fi | |
| if [ ! -d "linux-${KERNEL_VERSION}" ]; then | |
| tar xf "linux-${KERNEL_VERSION}.tar.xz" | |
| fi | |
| - name: Apply patches | |
| run: | | |
| KBRANCH=$(echo "${KERNEL_VERSION}" | cut -d. -f1-2) | |
| for patch in "patches/${KBRANCH}/"*.patch; do | |
| echo "Applying ${patch}..." | |
| patch --fuzz=3 -p1 -d "linux-${KERNEL_VERSION}" < "${patch}" | |
| done | |
| - name: Configure kernel | |
| run: | | |
| KBRANCH=$(echo "${KERNEL_VERSION}" | cut -d. -f1-2) | |
| cp "configs/${KBRANCH}-openframe.config" "linux-${KERNEL_VERSION}/.config" | |
| make -C "linux-${KERNEL_VERSION}" \ | |
| ARCH=i386 \ | |
| CROSS_COMPILE=i686-linux-gnu- \ | |
| LOCALVERSION=-openframe \ | |
| olddefconfig | |
| - name: Build kernel packages | |
| run: | | |
| make -C "linux-${KERNEL_VERSION}" \ | |
| ARCH=i386 \ | |
| CROSS_COMPILE=i686-linux-gnu- \ | |
| LOCALVERSION=-openframe \ | |
| KDEB_PKGVERSION="${KERNEL_VERSION}-${PKG_REVISION}" \ | |
| -j$(nproc) \ | |
| bindeb-pkg | |
| - name: Collect packages | |
| run: | | |
| mkdir -p packages | |
| mv *.deb packages/ | |
| ls -lh packages/ | |
| - name: Build metapackage | |
| run: | | |
| KBRANCH=$(echo "${KERNEL_VERSION}" | cut -d. -f1-2) | |
| METAPKG="linux-image-openframe-${KBRANCH}" | |
| METADIR="metapkg/${METAPKG}" | |
| mkdir -p "${METADIR}/DEBIAN" | |
| printf 'Package: %s\nVersion: %s\nArchitecture: i386\nMaintainer: OpenFrame Project <noreply@openbeak.net>\nDescription: OpenFrame kernel metapackage (%s series)\n Tracks the latest OpenFrame Linux %s kernel.\n Install this package to receive kernel updates via apt upgrade.\nDepends: linux-image-%s-openframe\n' \ | |
| "${METAPKG}" "${KERNEL_VERSION}" "${KBRANCH}" "${KBRANCH}" "${KERNEL_VERSION}" \ | |
| > "${METADIR}/DEBIAN/control" | |
| printf '#!/bin/sh\nset -e\nif [ "$1" = "configure" ]; then\n for prefix in linux-image linux-headers linux-libc-dev; do\n for pkg in $(dpkg-query -W -f '"'"'${Package}\n'"'"' "${prefix}-%s.*-openframe" 2>/dev/null || true); do\n apt-mark auto "$pkg" >/dev/null 2>&1 || true\n done\n done\nfi\n' \ | |
| "${KBRANCH}" \ | |
| > "${METADIR}/DEBIAN/postinst" | |
| chmod 755 "${METADIR}/DEBIAN/postinst" | |
| dpkg-deb --build --root-owner-group "${METADIR}" \ | |
| "packages/${METAPKG}_${KERNEL_VERSION}_i386.deb" | |
| - name: Import GPG signing key | |
| run: | | |
| echo "${{ secrets.APT_SIGNING_KEY }}" | gpg --batch --import | |
| - name: Update apt repository | |
| run: | | |
| KCOMPONENT=$(echo "${KERNEL_VERSION}" | cut -d. -f1-2) | |
| POOL="apt-repo/pool/${KCOMPONENT}" | |
| BINARY="apt-repo/dists/trixie/${KCOMPONENT}/binary-i386" | |
| mkdir -p "${POOL}" "${BINARY}" | |
| cp packages/*.deb "${POOL}/" | |
| # Keep the 3 most recent versions of each package type, remove the rest | |
| for pkg in linux-image linux-headers linux-libc-dev; do | |
| ls -t "${POOL}/${pkg}"*.deb 2>/dev/null | tail -n +4 | xargs -r rm -v | |
| done | |
| # Export public signing key for users (binary dearmored for signed-by) | |
| gpg --export > apt-repo/key.gpg | |
| cd apt-repo | |
| # Generate Packages index for this component | |
| dpkg-scanpackages --arch i386 "pool/${KCOMPONENT}" \ | |
| > "dists/trixie/${KCOMPONENT}/binary-i386/Packages" | |
| gzip -9c "dists/trixie/${KCOMPONENT}/binary-i386/Packages" \ | |
| > "dists/trixie/${KCOMPONENT}/binary-i386/Packages.gz" | |
| # Discover all components and regenerate the Release file | |
| COMPONENTS=$(ls -d dists/trixie/*/binary-i386 2>/dev/null | awk -F/ '{print $3}' | tr '\n' ' ' | sed 's/ $//') | |
| # Generate Release file | |
| apt-ftparchive \ | |
| -o APT::FTPArchive::Release::Origin="OpenFrame Kernel" \ | |
| -o APT::FTPArchive::Release::Label="OpenFrame Kernel" \ | |
| -o APT::FTPArchive::Release::Suite="trixie" \ | |
| -o APT::FTPArchive::Release::Codename="trixie" \ | |
| -o APT::FTPArchive::Release::Architectures="i386" \ | |
| -o "APT::FTPArchive::Release::Components=${COMPONENTS}" \ | |
| -o APT::FTPArchive::Release::Description="OpenFrame Kernel Packages" \ | |
| release dists/trixie > dists/trixie/Release | |
| # Sign Release file | |
| GPG_KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub/{print $5; exit}') | |
| gpg --batch --yes --default-key "${GPG_KEY_ID}" \ | |
| --clearsign -o dists/trixie/InRelease dists/trixie/Release | |
| gpg --batch --yes --default-key "${GPG_KEY_ID}" \ | |
| --detach-sign --armor -o dists/trixie/Release.gpg dists/trixie/Release | |
| - name: Generate directory listing | |
| run: | | |
| cd apt-repo | |
| { | |
| printf '<!DOCTYPE html>\n<html>\n' | |
| printf '<head><title>Index of /</title></head>\n' | |
| printf '<body>\n<h1>Index of /</h1><hr><pre>' | |
| human_size() { | |
| local size=$1 | |
| if [ "$size" -ge 1073741824 ]; then | |
| echo "$((size / 1073741824))G" | |
| elif [ "$size" -ge 1048576 ]; then | |
| echo "$((size / 1048576))M" | |
| elif [ "$size" -ge 1024 ]; then | |
| echo "$((size / 1024))K" | |
| else | |
| echo "$size" | |
| fi | |
| } | |
| for f in pool/*/*.deb; do | |
| [ -f "$f" ] || continue | |
| fname=$(basename "$f") | |
| fsize=$(stat -c '%s' "$f") | |
| fdate=$(date -d "@$(stat -c '%Y' "$f")" '+%d-%b-%Y %H:%M') | |
| hsize=$(human_size "$fsize") | |
| href="${f}" | |
| namelen=${#fname} | |
| padlen=$((51 - namelen)) | |
| [ ${padlen} -lt 1 ] && padlen=1 | |
| padding=$(printf '%*s' ${padlen} '') | |
| printf '\n<a href="%s">%s</a>%s%s %8s' \ | |
| "${href}" "${fname}" "${padding}" "${fdate}" "${hsize}" | |
| done | |
| printf '\n</pre><hr></body>\n</html>\n' | |
| } > index.html | |
| - name: Push apt repository | |
| run: | | |
| cd apt-repo | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add -A | |
| git diff --cached --quiet && echo "No changes to commit" || \ | |
| git commit -m "Publish linux-${KERNEL_VERSION}-openframe" | |
| git push origin repo | |
| - name: Create or update GitHub release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| TAG="v${KERNEL_VERSION}" | |
| NOTES="Kernel ${KERNEL_VERSION} with OpenFrame patches, built for Debian Trixie (i386)." | |
| if gh release view "${TAG}" --repo ${{ github.repository }} >/dev/null 2>&1; then | |
| gh release upload "${TAG}" \ | |
| --repo ${{ github.repository }} \ | |
| --clobber \ | |
| packages/*.deb | |
| else | |
| gh release create "${TAG}" \ | |
| --repo ${{ github.repository }} \ | |
| --title "Linux ${KERNEL_VERSION}-openframe" \ | |
| --notes "${NOTES}" \ | |
| packages/*.deb | |
| fi | |
| - name: Dispatch image build in openframe-linux | |
| env: | |
| GH_TOKEN: ${{ secrets.DISPATCH_TOKEN }} | |
| run: | | |
| gh api repos/birdslikewires/openframe-linux/dispatches \ | |
| --method POST \ | |
| --field event_type=kernel-released \ | |
| --field client_payload[kernel_version]="${KERNEL_VERSION}" |