Github Actions cache doesn't permit to overwrite cache if it does
already exist. As a trick to refresh and have fresh ccache pool,
delete the ccache cache if it does exist with the help of Github REST
API. An additional permission is needed to access this API. Add this
permittion to each user of the build workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Split caching ccache in separate restore and save jobs to always refresh
the ccache across different runs. Currently if a key is restored, cache
is not saved resulting in a less useful ccache that benefits from
multiple runs.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Drop redundant generare ccache hash job as that can be done by
integrated github expressions to generate an hash.
The only change is that the integrated way generate a sha256 hash
instead of an md5 sum.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Use toolchain container for label workflow to skip downloading external
toolchain from openwrt servers.
Fixes: 0fe5776f4a ("CI: build: Add support to use container included external toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Don't add "" in target and subtarget for label workflow from label
detection as it does cause problem in build workflow on container
target/subtarget matching.
Fixes: bf8187d5dc ("CI: use split target and subtarget in label workflow")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Commit 1cb8cdb ("ci: use new buildbot worker images with Debian 11")
introduced new Git version with strict rules for owner of the git
directory.
To handle this and not cause major change, just move the parsing before
the change of ownership of the openwrt directory permitting the correct
run of git fetch command with the same user that did the repository
checkout.
Fixes: 1cb8cdb ("ci: use new buildbot worker images with Debian 11")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Commit bf8187d5dc ("CI: use split target and subtarget in label
workflow") didn't correctly output subtarget resulting in calling with
an empty subtarget. Fix this and correctly output generated subtarget.
Fixes: bf8187d5dc ("CI: use split target and subtarget in label workflow")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
With eecc6e4811 ("CI: rework build workflow to have split target and
subtarget directly") target and subtarget are split in 2 different
variables. Label workflow were not aligned to this change and are
currently broken.
Fix them and correctly pass split target and subtarget.
Fixes: eecc6e4811 ("CI: rework build workflow to have split target and subtarget directly")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Due to problem with migrating from master to main as the default branch
and downstream project still requiring the master branch to be present,
we currently have for push events double CI runs, one for main and one
for master. To solve this ignore any push event to the master branch for
every workflow that react on push events.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add support to use container included external toolchain and skip
redownloading external sdk for each test.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add checks to test if toolchain container can be used.
This is to handle case of new target or migration of any sort.
If the toolchain container can't be found, the tools container is used
instead.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add option to configure container to use for build test.
By default the tools container is used if no option is provided.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently all 23.05 related CI jobs are failing as the containers are
not available, so lets fix it by pushing those containers when the
version.mk changes.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Instead of referring to a redundant job and ENV variables, rework build
workflow to accept and require split target and subtarget and use them
directly from inputs.
Rework each user and pass a JSON of tuple to matrix include with each
target/subtarget combination to test. Special notice this doesn't use
the github actions matrix combination feature but reference each
specific tuple of target and subtarget to test.
Just a cleanup no behaviour change intended.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Use buildbot user on git diff check instead of using git config
safe directory.
This should accomplish the same result but should be a better approach
following safe practice enforced by git.
Fixes: a7747e8670 ("ci: fix check kernel patches job")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently the check fails due to the following error:
warning: Not a git repository. Use --no-index to compare two paths outside a working tree
usage: git diff --no-index [<options>] <path> <path>
Thats likely caused by commit 1cb8cdbf07 ("ci: use new buildbot worker
images with Debian 11") which contains a patched Git version with CVE
security fixes introduced in DLA-3239-2:
Multiple issues were found in Git, a distributed revision control
system. An attacker may cause other local users into executing arbitrary
commands, leak information from the local filesystem, and bypass
restricted shell.
Note: Due to new security checks, access to repositories owned and
accessed by different local users may now be rejected by Git; in case
changing ownership is not practical, git displays a way to bypass these
checks using the new "safe.directory" configuration entry.
So lets opt-out of this new behavior by setting `safe.directory=*` and
thus force Git to consider all Git repositories as safe regardless of
their owner, since we need to trust those sources anyway and it should
be likely more robust solution, then fiddling with filesystem
permissions.
Fixes: 1cb8cdbf07 ("ci: use new buildbot worker images with Debian 11")
References: https://www.debian.org/lts/security/2022/dla-3239-2
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Debian 10 LTS support ends on 6/2024, so it makes no sense to use it as
a base for 23.05 release, so lets switch to Debian 11 which should've
LTS support till 6/2026.
References: f2744543fa
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Coverity Scan is a static code analysis service focused on open source
software quality and security, so lets scan various OpenWrt components
every Friday for the start.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Upload proposed refreshed patches if the check fails.
This should help devs refresh the patches if they don't have access to a
buildroot.
Devs should ALWAYS refresh the patches before submitting and merging
commits.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Our buildbot build a different external toolchain/sdk for each build.
This cause the idea of using the tar hash to cache it broken and wrong.
This makes the github cache bloated and remove space for ccache cache.
Drop cache for external toolchain/sdk as the feature is broken and cause
problems to ccache cache.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Use openwrt official tools container by default.
Fork will use openwrt tools container by default.
This can be disabled by setting the option use_openwrt_container to
false for the build.yml and check-kernel-patches.yml.
The push-containers workflow is disabled on forks. The workflow can be
reenabled by commenting the condition in push-containers.yml.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Current job triggers based on matching of changed paths is quite
limited, so lets make it possible to additionally trigger manual CI jobs
by adding CI specific pull request build labels:
* `ci:target:x86:64` label is going to trigger CI target check jobs for
x86/64 (sub)target.
* `ci:kernel:x86:64` label is going to trigger CI kernel check jobs for
x86/64 (sub)target.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
We may find in a situation where due the queue an old run finish after
the last run, resulting in the containers getting overwritten with an
old version.
Limit the push-containers workflow to one concurrent run and cancel any
run in progress.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Directly copy prebuilt tools in container instead of creating an
archieve and extracting it later in other workflows.
Update build workflow to support this new implementation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
We can now drop the dl dir in the prebuilt tools tar as package archieve
is not a requirement anymore and won't trigger a package recompile.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Testing target changes was only set for push events. Enable this also
for pull request events to enable testing pr making specific target
changes.
Fixes: 57a02cbbff ("CI: kernel: test each target with additional changes than target/linux")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Test each target if there are additional changes than target/linux.
This is needed to do wide test with changes to kmods, include/kernel and
changes to the workflow files.
While at it also cleanup and rework the code to drop duplication.
Also drop since_last_remote_commit to better track changes.
Fixes: 04ada8bc41 ("CI: kernel: build only changed targets")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add concurrency limits for pull request test so that on pull request
refresh old jobs are cancelled.
The group is created based on the github ref + workflow name and the
workflow is cancelled only it it comes from a pull_request event.
Push events are not affected by this limit.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Detect changes in commit and build only changed targets.
If a change is related to the generic target, build test each target.
The matrix json is split. For target check patch only the first
subtarget is selected, for build test each target subtarget is built.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
If for whatever reason external toolchain can't be found or downloaded,
fallback to internal toolchain build.
This can be useful when new target are introduced and external toolchain
are not present in openwrt fileserver.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
We're currently missing log output in cases where `configure` fails
which returns 77 as its error code:
make[3]: *** [Makefile:118: elfutils-0.188/.configured_889556d2f423f99e091beece9c8d870a] Error 77
So lets adjust the regexps so they can handle multiple digits.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
When a new tag for a release is created, the just checkout repo from
github actions will already have such tag locally created.
This will result in git fetch --tags failing with error rejecting the
remote tag with (would clobber existing tag).
Add -f option to overwrite any local tags and always fetch them from
remote.
Fixes: e24a1e6f6d ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This adds the target label also to changes in packages which are target
specific like the boot loader of a target or some drivers which are only
use on one target.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Generilize tools workflow for future usage in shared workflow for tools
build.
Split tools workflow to tools and push-containers:
- tools just execute build test
- push-containers build and push prebuilt containers
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This should have been amended in the previous commit.
Fixes: 65e72f8e38 ("github: add issue template")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Add an issue template with required fields, instructions how to easily
get some of that required data from the device. Aside from that, also
add some links to the OpenWrt contact page, and for feature requests,
link to the forum.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
We don't need to checkout feed and install feeds for kernel tests. This
saves up to 2 minutes for each target kernel build test.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
