From 19b5bc7f4e5267702f5ce8f6bb8f875ea3f0c5a1 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 15:37:15 +0200 Subject: [PATCH 01/30] added build flavor without test steps --- .github/workflows/build.yml | 145 +++++++++++++++++++++++++++++++++ .github/workflows/dev.yml | 2 +- .github/workflows/nightly.yaml | 2 +- 3 files changed, 147 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..790c9362 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,145 @@ +name: build +on: + workflow_call: + inputs: + version: + description: "Garden Linux version" + type: string + default: today + target: + type: string + default: dev + flavors_parse_params_test: + description: "Run bin/parse_flavors.py with these parameters" + default: '--exclude "bare-*" --no-arch --json-by-arch --build --test' + type: string + flavors_matrix: + description: "Already generated GitHub workflow flavors matrix" + type: string + platform_test_tag: + description: 'Tag to run platform-test containers. "latest" or GL version. Tag must be available in `ghcr.io/gardenlinux/gardenlinux/platform-test-*`' + type: string + default: latest + platform_test_build: + description: "Run platform-test image build." + type: boolean + default: true + flavors_parse_params_test_bare: + description: "Run bin/parse_flavors.py with these parameters for bare flavors" + default: '--include-only "bare-*" --no-arch --json-by-arch --build --test' + type: string + fail_fast: + description: "Cancel workflow run on first error" + type: boolean + default: false + secrets: + aws_region: + required: false + aws_kms_role: + required: false + aws_oidc_session: + required: false + secureboot_db_kms_arn: + required: false + outputs: + flavors_matrix: + value: ${{ jobs.flavors_matrix.outputs.matrix }} + version: + value: ${{ jobs.requirements.outputs.version }} + bare_flavors_matrix: + value: ${{ jobs.bare_flavors_matrix.outputs.matrix }} +jobs: + requirements: + name: Prepare build requirements + uses: gardenlinux/gardenlinux/.github/workflows/build_requirements.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068 + with: + version: ${{ inputs.version == '' && 'now' || inputs.version }} + target: ${{ inputs.target }} + permissions: + actions: write # TODO: 3215 elevated permissions for included workflow + + bootstrap: + needs: requirements + name: Bootstrap build + uses: gardenlinux/gardenlinux/.github/workflows/build_bootstrap.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068 + with: + commit_id: ${{ needs.requirements.outputs.commit_id }} + version: ${{ needs.requirements.outputs.version }} + permissions: + actions: write + + flavors_matrix: + name: Generate flavors matrix to build + uses: gardenlinux/gardenlinux/.github/workflows/build_flavors_matrix.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068 + with: + flags: ${{ inputs.flavors_parse_params_test }} + flavors_matrix: ${{ inputs.flavors_matrix }} + + flavors: + needs: [bootstrap, flavors_matrix, requirements] + name: Build flavors + uses: gardenlinux/gardenlinux/.github/workflows/build_flavor.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068 + strategy: + matrix: ${{ fromJson(needs.flavors_matrix.outputs.matrix ) }} + fail-fast: ${{ inputs.fail_fast }} + with: + arch: ${{ matrix.arch }} + flavor: ${{ matrix.flavor }} + commit_id: ${{ needs.requirements.outputs.commit_id }} + version: ${{ needs.requirements.outputs.version }} + signing_env: ${{ needs.requirements.outputs.signing_env }} + secrets: inherit + permissions: + id-token: write + actions: write + + kmodbuild_container: + needs: [flavors, requirements] + name: Build kernel module build dev container + uses: gardenlinux/gardenlinux/.github/workflows/build_kmodbuild_container.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068 + with: + version: ${{ needs.requirements.outputs.version }} + permissions: + actions: write + + bare_flavors_matrix: + name: Generate bare flavors matrix to build + uses: gardenlinux/gardenlinux/.github/workflows/build_flavors_matrix.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068 + with: + flags: ${{ inputs.flavors_parse_params_test_bare }} + + bare_flavors: + needs: [bootstrap, bare_flavors_matrix, requirements] + name: Build bare flavors + uses: gardenlinux/gardenlinux/.github/workflows/build_bare_flavor.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068 + strategy: + matrix: ${{ fromJson(needs.bare_flavors_matrix.outputs.matrix) }} + fail-fast: ${{ inputs.fail_fast }} + with: + arch: ${{ matrix.arch }} + bare_flavor: ${{ matrix.flavor }} + commit_id: ${{ needs.requirements.outputs.commit_id }} + version: ${{ needs.requirements.outputs.version }} + secrets: inherit + permissions: + actions: write + + upload_flavor_version_data: + needs: [requirements, flavors] + name: Store flavor version data + runs-on: ubuntu-24.04 + permissions: + actions: write + steps: + - name: Store data in JSON file + run: | + jq -r -n '{ + "commit_id": "${{ needs.requirements.outputs.commit_id }}", + "version": "${{ needs.requirements.outputs.version }}", + "target": "${{ needs.requirements.outputs.target }}" + }' '.' > flavor_version_data.json + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # pin@v4.6.2 + with: + name: flavor-version-data + path: flavor_version_data.json + if-no-files-found: error diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 1f67f55c..266b61b8 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -26,7 +26,7 @@ jobs: run: echo "VERSION=$(cat VERSION)" >> $GITHUB_OUTPUT build: needs: [set_version] - uses: gardenlinux/gardenlinux/.github/workflows/build.yml@c1a1f112762be72b7f154ec931dfe4c57b4d2d44 + uses: ./.github/workflows/build.yml with: version: ${{ needs.set_version.outputs.VERSION }} # to set target to "release" or "nightly" we need proper KMS secrets diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml index e43b0f38..1cb47332 100644 --- a/.github/workflows/nightly.yaml +++ b/.github/workflows/nightly.yaml @@ -19,7 +19,7 @@ jobs: submodules: recursive build: needs: [checkout] - uses: gardenlinux/gardenlinux/.github/workflows/build.yml@c1a1f112762be72b7f154ec931dfe4c57b4d2d44 + uses: ./.github/workflows/build.yml with: version: ${{ inputs.version || 'now' }} # to set target to "release" or "nightly" we need proper KMS secrets From a6ff1ec83fc85686d44b34b7692fd9cc321cd9e5 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 16:39:00 +0200 Subject: [PATCH 02/30] experimenting with workflow base dir --- .github/workflows/build.yml | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 790c9362..327d1ecc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,6 +48,7 @@ on: value: ${{ jobs.requirements.outputs.version }} bare_flavors_matrix: value: ${{ jobs.bare_flavors_matrix.outputs.matrix }} + jobs: requirements: name: Prepare build requirements @@ -77,21 +78,28 @@ jobs: flavors: needs: [bootstrap, flavors_matrix, requirements] + runs-on: ubuntu-latest + # runs-on: ${{ inputs.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} name: Build flavors - uses: gardenlinux/gardenlinux/.github/workflows/build_flavor.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068 strategy: matrix: ${{ fromJson(needs.flavors_matrix.outputs.matrix ) }} fail-fast: ${{ inputs.fail_fast }} - with: - arch: ${{ matrix.arch }} - flavor: ${{ matrix.flavor }} - commit_id: ${{ needs.requirements.outputs.commit_id }} - version: ${{ needs.requirements.outputs.version }} - signing_env: ${{ needs.requirements.outputs.signing_env }} - secrets: inherit permissions: id-token: write actions: write + # secrets: inherit + defaults: + run: + working-directory: ./gardenlinux + steps: + - name: Build flavors + uses: gardenlinux/gardenlinux/.github/workflows/build_flavor.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068 + with: + arch: ${{ matrix.arch }} + flavor: ${{ matrix.flavor }} + commit_id: ${{ needs.requirements.outputs.commit_id }} + version: ${{ needs.requirements.outputs.version }} + signing_env: ${{ needs.requirements.outputs.signing_env }} kmodbuild_container: needs: [flavors, requirements] From de7e67cf8afe81c048014e0595d0dc7218209bd3 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 16:50:36 +0200 Subject: [PATCH 03/30] inlined flavors workflow with changed workdir --- .github/workflows/build.yml | 87 ++++++++++++++++++++++++++++++++----- 1 file changed, 77 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 327d1ecc..b0a03e22 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -78,28 +78,95 @@ jobs: flavors: needs: [bootstrap, flavors_matrix, requirements] - runs-on: ubuntu-latest - # runs-on: ${{ inputs.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} name: Build flavors + runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} strategy: matrix: ${{ fromJson(needs.flavors_matrix.outputs.matrix ) }} fail-fast: ${{ inputs.fail_fast }} permissions: id-token: write actions: write - # secrets: inherit defaults: run: + shell: bash working-directory: ./gardenlinux + env: + CNAME: '' + USE_KMS: ${{ needs.requirements.outputs.signing_env == '' && 'false' || 'true' }} + environment: ${{ needs.requirements.outputs.signing_env }} steps: - - name: Build flavors - uses: gardenlinux/gardenlinux/.github/workflows/build_flavor.yml@b49b2dc9853b2a91a509c6ad947bc538797a4068 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 with: - arch: ${{ matrix.arch }} - flavor: ${{ matrix.flavor }} - commit_id: ${{ needs.requirements.outputs.commit_id }} - version: ${{ needs.requirements.outputs.version }} - signing_env: ${{ needs.requirements.outputs.signing_env }} + submodules: true + + - name: Install python-gardenlinux-lib + uses: gardenlinux/python-gardenlinux-lib/.github/actions/setup@02879bd567ed39b5610332afcc6e46197073db0c # pin@0.10.0 + + - name: Set build reference + run: | + echo "${{ needs.requirements.outputs.commit_id }}" | tee COMMIT + echo "${{ needs.requirements.outputs.version }}" | tee VERSION + + - name: Load bootstrap stage cache + uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # pin@v4.3.0 + with: + path: .build + key: base-${{ matrix.arch }}-${{ github.run_id }} + fail-on-cache-miss: true + + - name: Load certs artifact + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # pin@v5.0.0 + with: + name: certs + path: cert/ + + - name: Configure aws credentials for kms signing + id: aws_auth + if: ${{ env.USE_KMS == 'true' }} + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # pin@v4 + with: + role-to-assume: ${{ secrets.aws_kms_role }} + role-session-name: ${{ secrets.aws_oidc_session }} + aws-region: ${{ secrets.aws_region }} + role-duration-seconds: 14400 + + - name: Write secureboot db arn for kms backed certificates + if: ${{ steps.aws_auth.conclusion == 'success' }} + run: echo "${{ secrets.secureboot_db_kms_arn }}" > cert/secureboot.db.arn + + - name: Update bootstrap stage build artifact timestamps + run: | + t="$(date '+%s')" + find .build -exec touch -d "@$t" {} + + + - name: Build + run: make ${{ matrix.flavor }}-${{ matrix.arch }}-build + + - name: Determine CNAME + id: cname + uses: gardenlinux/python-gardenlinux-lib/.github/actions/features_parse@02879bd567ed39b5610332afcc6e46197073db0c # pin@0.10.0 + with: + flags: --cname ${{ matrix.flavor }}-${{ matrix.arch }} cname + + - name: Set CNAME + run: | + echo "CNAME=${{ steps.cname.outputs.result }}" | tee -a "$GITHUB_ENV" + + - name: Pack build artifacts for upload + run: tar -cSzvf "$CNAME.tar.gz" -C .build -T ".build/$CNAME.artifacts" + + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # pin@v4.6.2 + with: + name: build-${{ matrix.flavor }}-${{ matrix.arch }} + path: ${{ env.CNAME }}.tar.gz + if-no-files-found: error + + - uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # pin@v4.3.0 + with: + path: | + COMMIT + VERSION + key: build-${{ matrix.flavor }}-${{ matrix.arch }}-${{ github.run_id }} kmodbuild_container: needs: [flavors, requirements] From d12c49243ec8d9b3b4aad7fd805463a936008993 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 16:55:18 +0200 Subject: [PATCH 04/30] use build directory from uplevel --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b0a03e22..191390f0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -137,7 +137,7 @@ jobs: - name: Update bootstrap stage build artifact timestamps run: | t="$(date '+%s')" - find .build -exec touch -d "@$t" {} + + find ../.build -exec touch -d "@$t" {} + - name: Build run: make ${{ matrix.flavor }}-${{ matrix.arch }}-build From 4dbbdfce2f98e7fffbbea31059d4204ebdb475bb Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 17:01:07 +0200 Subject: [PATCH 05/30] debug output --- .github/workflows/build.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 191390f0..759ae2d3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -140,7 +140,10 @@ jobs: find ../.build -exec touch -d "@$t" {} + - name: Build - run: make ${{ matrix.flavor }}-${{ matrix.arch }}-build + run: | + pwd + ls -l + make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME id: cname From 0ec3c97d5995135a7c1466cf55d3bec2db3f6794 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 17:09:56 +0200 Subject: [PATCH 06/30] copying flavors.yaml to a place where python lib expects it --- .github/workflows/build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 759ae2d3..11eff583 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -57,7 +57,7 @@ jobs: version: ${{ inputs.version == '' && 'now' || inputs.version }} target: ${{ inputs.target }} permissions: - actions: write # TODO: 3215 elevated permissions for included workflow + actions: write bootstrap: needs: requirements @@ -143,6 +143,8 @@ jobs: run: | pwd ls -l + ls -l .. + cp flavors.yaml .. make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME From 433de81e947e98216d8760e45fb43b617f93075e Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 17:18:25 +0200 Subject: [PATCH 07/30] copying the right flavors.yaml --- .github/workflows/build.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 11eff583..cb7608a9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -141,10 +141,7 @@ jobs: - name: Build run: | - pwd - ls -l - ls -l .. - cp flavors.yaml .. + cp -v ../flavors.yaml . make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME From d5d3181b8a9e10c8f6ced87f72926c6713ef1b2e Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 17:26:36 +0200 Subject: [PATCH 08/30] copying features as well --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cb7608a9..63a75f77 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -142,6 +142,8 @@ jobs: - name: Build run: | cp -v ../flavors.yaml . + rm -rf features + cp -rv ../features . make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME From 7f7b7f37bea446dffaf536e53a1ce22d3ea5e501 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 17:30:49 +0200 Subject: [PATCH 09/30] handling features copying better --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 63a75f77..9b45413b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -142,8 +142,7 @@ jobs: - name: Build run: | cp -v ../flavors.yaml . - rm -rf features - cp -rv ../features . + cp -rv ../features/* ./features/ make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME From 2081d485e14345b71756738b4eee9079f931e754 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 17:46:29 +0200 Subject: [PATCH 10/30] force copy features --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9b45413b..ec6cbd0f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -142,7 +142,7 @@ jobs: - name: Build run: | cp -v ../flavors.yaml . - cp -rv ../features/* ./features/ + cp -rfv ../features/* ./features/ make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME From 4ab9f963f1b5bff9eee54f6033a8c2b6f258dd27 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 17:54:27 +0200 Subject: [PATCH 11/30] fixing features copying --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ec6cbd0f..1daf6cfb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -142,7 +142,7 @@ jobs: - name: Build run: | cp -v ../flavors.yaml . - cp -rfv ../features/* ./features/ + cp -rv ../features/* ./features/ || true make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME From 35c69f9c89bf3fd335bad6bbc3877c563d46fec9 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 18:11:09 +0200 Subject: [PATCH 12/30] freeing disk space on runners --- .github/workflows/build.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1daf6cfb..d2c28cdf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -139,10 +139,18 @@ jobs: t="$(date '+%s')" find ../.build -exec touch -d "@$t" {} + + - name: Free disk space + run: | + sudo rm -rf /opt/hostedtoolcache/go || : + sudo rm -rf /opt/hostedtoolcache/node || : + sudo rm -rf /opt/hostedtoolcache/CodeQL || : + sudo rm -rf /opt/microsoft || : + sudo rm -rf /opt/az || : + - name: Build run: | cp -v ../flavors.yaml . - cp -rv ../features/* ./features/ || true + cp -rv ../features/* ./features/ || : make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME From 419a0900d69c2e4c65dda44759020427f647a398 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 18:28:25 +0200 Subject: [PATCH 13/30] copying build.config --- .github/workflows/build.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d2c28cdf..d8baef97 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -139,17 +139,10 @@ jobs: t="$(date '+%s')" find ../.build -exec touch -d "@$t" {} + - - name: Free disk space - run: | - sudo rm -rf /opt/hostedtoolcache/go || : - sudo rm -rf /opt/hostedtoolcache/node || : - sudo rm -rf /opt/hostedtoolcache/CodeQL || : - sudo rm -rf /opt/microsoft || : - sudo rm -rf /opt/az || : - - name: Build run: | cp -v ../flavors.yaml . + cp -v ../build.config . cp -rv ../features/* ./features/ || : make ${{ matrix.flavor }}-${{ matrix.arch }}-build From 766b9043710557d70f20f6385ae3900a616e78e0 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 18:42:35 +0200 Subject: [PATCH 14/30] debug print --- .github/workflows/build.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d8baef97..702053a3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -144,7 +144,15 @@ jobs: cp -v ../flavors.yaml . cp -v ../build.config . cp -rv ../features/* ./features/ || : + echo "*** ../.build ***" + ls -l ../.build/ + echo "*** ./.build ***" + ls -l ./.build | : make ${{ matrix.flavor }}-${{ matrix.arch }}-build + echo "*** ../.build ***" + ls -l ../.build/ + echo "*** ./.build ***" + ls -l ./.build | : - name: Determine CNAME id: cname From 18bd42a5e554e79c751a2da91cd4e55899a736ab Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 18:47:26 +0200 Subject: [PATCH 15/30] symlinking .build --- .github/workflows/build.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 702053a3..9ed19994 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -144,15 +144,8 @@ jobs: cp -v ../flavors.yaml . cp -v ../build.config . cp -rv ../features/* ./features/ || : - echo "*** ../.build ***" - ls -l ../.build/ - echo "*** ./.build ***" - ls -l ./.build | : + ln -s ../.build . make ${{ matrix.flavor }}-${{ matrix.arch }}-build - echo "*** ../.build ***" - ls -l ../.build/ - echo "*** ./.build ***" - ls -l ./.build | : - name: Determine CNAME id: cname From a5d939095fca6f2992eab22ff3906a874c3bc9f6 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 18:57:21 +0200 Subject: [PATCH 16/30] debug output --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9ed19994..384b640b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -144,7 +144,8 @@ jobs: cp -v ../flavors.yaml . cp -v ../build.config . cp -rv ../features/* ./features/ || : - ln -s ../.build . + ln -sv ../.build . + ls -l make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME From 2c7a5557dc97573643a6f19d833ce1a5b1cd71de Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 19:10:52 +0200 Subject: [PATCH 17/30] debug --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 384b640b..1f665c43 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -145,8 +145,9 @@ jobs: cp -v ../build.config . cp -rv ../features/* ./features/ || : ln -sv ../.build . - ls -l + ls -la make ${{ matrix.flavor }}-${{ matrix.arch }}-build + ls -la .build/ - name: Determine CNAME id: cname From dd0dd43b665571cb7b16e31eb94d9b16d23507d0 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Thu, 2 Oct 2025 19:26:14 +0200 Subject: [PATCH 18/30] not saving artifacts --- .github/workflows/build.yml | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1f665c43..20ca8f60 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -145,9 +145,7 @@ jobs: cp -v ../build.config . cp -rv ../features/* ./features/ || : ln -sv ../.build . - ls -la make ${{ matrix.flavor }}-${{ matrix.arch }}-build - ls -la .build/ - name: Determine CNAME id: cname @@ -159,15 +157,15 @@ jobs: run: | echo "CNAME=${{ steps.cname.outputs.result }}" | tee -a "$GITHUB_ENV" - - name: Pack build artifacts for upload - run: tar -cSzvf "$CNAME.tar.gz" -C .build -T ".build/$CNAME.artifacts" - - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # pin@v4.6.2 - with: - name: build-${{ matrix.flavor }}-${{ matrix.arch }} - path: ${{ env.CNAME }}.tar.gz - if-no-files-found: error - + # - name: Pack build artifacts for upload + # run: tar -cSzvf "$CNAME.tar.gz" -C .build -T ".build/$CNAME.artifacts" + # + # - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # pin@v4.6.2 + # with: + # name: build-${{ matrix.flavor }}-${{ matrix.arch }} + # path: ${{ env.CNAME }}.tar.gz + # if-no-files-found: error + # - uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # pin@v4.3.0 with: path: | From b50b62337649208cd5dd84b43d82de14b1566a89 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 12:11:11 +0200 Subject: [PATCH 19/30] copying just the missing features from upstream --- .github/workflows/build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 20ca8f60..7bdb3b91 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -143,7 +143,9 @@ jobs: run: | cp -v ../flavors.yaml . cp -v ../build.config . - cp -rv ../features/* ./features/ || : + for feature in ../features/*; do + [ -d ./features/$feature ] || cp -rv ../features/$feature ./features/ + done ln -sv ../.build . make ${{ matrix.flavor }}-${{ matrix.arch }}-build From 1b9c845eb7614aab08e9fe4fe66b751464dd5745 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 12:18:07 +0200 Subject: [PATCH 20/30] fixed feature copying commands --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7bdb3b91..0dce6fa9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -141,10 +141,11 @@ jobs: - name: Build run: | + set -x cp -v ../flavors.yaml . cp -v ../build.config . for feature in ../features/*; do - [ -d ./features/$feature ] || cp -rv ../features/$feature ./features/ + [ -d ./features/$feature ] || cp -rv $feature ./features/ done ln -sv ../.build . make ${{ matrix.flavor }}-${{ matrix.arch }}-build From a4ef0770a55c2703cb2e7944ecb27b199fd6c6a8 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 12:28:19 +0200 Subject: [PATCH 21/30] features copying fixes --- .github/workflows/build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0dce6fa9..de6300c3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -145,7 +145,9 @@ jobs: cp -v ../flavors.yaml . cp -v ../build.config . for feature in ../features/*; do - [ -d ./features/$feature ] || cp -rv $feature ./features/ + if [ -d $feature ] && [ ! -d ./features/`basename $feature` ]; then + cp -rv $feature ./features/ + fi done ln -sv ../.build . make ${{ matrix.flavor }}-${{ matrix.arch }}-build From 05c747ef5cd1dd630395e492cf4ccc3113f559ce Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 12:41:29 +0200 Subject: [PATCH 22/30] cleanup --- .github/workflows/build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index de6300c3..a4c21af4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -141,7 +141,6 @@ jobs: - name: Build run: | - set -x cp -v ../flavors.yaml . cp -v ../build.config . for feature in ../features/*; do From 305446d14f42cbb8f0488f9bd76f9921b9b37757 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 12:52:35 +0200 Subject: [PATCH 23/30] cleanup --- .github/workflows/build.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a4c21af4..a41e497d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -161,15 +161,6 @@ jobs: run: | echo "CNAME=${{ steps.cname.outputs.result }}" | tee -a "$GITHUB_ENV" - # - name: Pack build artifacts for upload - # run: tar -cSzvf "$CNAME.tar.gz" -C .build -T ".build/$CNAME.artifacts" - # - # - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # pin@v4.6.2 - # with: - # name: build-${{ matrix.flavor }}-${{ matrix.arch }} - # path: ${{ env.CNAME }}.tar.gz - # if-no-files-found: error - # - uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # pin@v4.3.0 with: path: | From e00fb2a2702ed3f335eff87e50abafce72215ef1 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 13:08:12 +0200 Subject: [PATCH 24/30] trying to run the wf without changing CWD --- .github/workflows/build.yml | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a41e497d..7536b5ce 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -86,10 +86,10 @@ jobs: permissions: id-token: write actions: write - defaults: - run: - shell: bash - working-directory: ./gardenlinux + # defaults: + # run: + # shell: bash + # working-directory: ./gardenlinux env: CNAME: '' USE_KMS: ${{ needs.requirements.outputs.signing_env == '' && 'false' || 'true' }} @@ -137,18 +137,19 @@ jobs: - name: Update bootstrap stage build artifact timestamps run: | t="$(date '+%s')" - find ../.build -exec touch -d "@$t" {} + + # find ../.build -exec touch -d "@$t" {} + + find ./.build -exec touch -d "@$t" {} + - name: Build run: | - cp -v ../flavors.yaml . - cp -v ../build.config . - for feature in ../features/*; do - if [ -d $feature ] && [ ! -d ./features/`basename $feature` ]; then - cp -rv $feature ./features/ - fi - done - ln -sv ../.build . + # cp -v ../flavors.yaml . + # cp -v ../build.config . + # for feature in ../features/*; do + # if [ -d $feature ] && [ ! -d ./features/`basename $feature` ]; then + # cp -rv $feature ./features/ + # fi + # done + # ln -sv ../.build . make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME From 9c35b9cba64c04eec78dbf981fafba6c7dfdb71f Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 13:33:22 +0200 Subject: [PATCH 25/30] debug info --- .github/workflows/build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7536b5ce..4a3b1300 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -150,6 +150,8 @@ jobs: # fi # done # ln -sv ../.build . + pwd + ls -la make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME From 2476e4d5d42e27f9f9688d9acc7121917eb5829d Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 13:39:36 +0200 Subject: [PATCH 26/30] not ignoring errors from the included upstream makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 12039a6e..6b92d3a8 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ ccloud-help: help: ccloud-help --include gardenlinux/Makefile +include gardenlinux/Makefile prepare: git submodule update --init --recursive From 8b44ec342e2aaf0c8f48cbb5c7b351077e37ac7c Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 13:44:32 +0200 Subject: [PATCH 27/30] make debug output --- .github/workflows/build.yml | 4 +--- Makefile | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4a3b1300..83c69a6d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -150,9 +150,7 @@ jobs: # fi # done # ln -sv ../.build . - pwd - ls -la - make ${{ matrix.flavor }}-${{ matrix.arch }}-build + make -d ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME id: cname diff --git a/Makefile b/Makefile index 6b92d3a8..12039a6e 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ ccloud-help: help: ccloud-help -include gardenlinux/Makefile +-include gardenlinux/Makefile prepare: git submodule update --init --recursive From 8687b58c8a77866c45746ce5c71c0d2c59a8439d Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 13:50:12 +0200 Subject: [PATCH 28/30] debug printing flavors vars --- .github/workflows/build.yml | 2 +- Makefile | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 83c69a6d..7536b5ce 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -150,7 +150,7 @@ jobs: # fi # done # ln -sv ../.build . - make -d ${{ matrix.flavor }}-${{ matrix.arch }}-build + make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME id: cname diff --git a/Makefile b/Makefile index 12039a6e..1102ad94 100644 --- a/Makefile +++ b/Makefile @@ -19,6 +19,8 @@ ccloud-help: help: ccloud-help -include gardenlinux/Makefile +$(shell echo $(FLAVORS)) +$(shell echo $(FLAVORS_BARE)) prepare: git submodule update --init --recursive From ad8e81eaa8fb6da26733219c676a759648c83804 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 14:11:10 +0200 Subject: [PATCH 29/30] providing flavors.yaml to gl-flavors-parse --- .github/workflows/build.yml | 1 + Makefile | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7536b5ce..b178eb69 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -150,6 +150,7 @@ jobs: # fi # done # ln -sv ../.build . + cp ./flavors.yaml ./gardenlinux/flavors.yaml make ${{ matrix.flavor }}-${{ matrix.arch }}-build - name: Determine CNAME diff --git a/Makefile b/Makefile index 1102ad94..12039a6e 100644 --- a/Makefile +++ b/Makefile @@ -19,8 +19,6 @@ ccloud-help: help: ccloud-help -include gardenlinux/Makefile -$(shell echo $(FLAVORS)) -$(shell echo $(FLAVORS_BARE)) prepare: git submodule update --init --recursive From 5f2d454df1f14ab7548cd7ea2d4d2b8f02031a65 Mon Sep 17 00:00:00 2001 From: Vivus Ignis Date: Mon, 6 Oct 2025 14:19:02 +0200 Subject: [PATCH 30/30] cleanup --- .github/workflows/build.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b178eb69..3b98b3f3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -86,10 +86,6 @@ jobs: permissions: id-token: write actions: write - # defaults: - # run: - # shell: bash - # working-directory: ./gardenlinux env: CNAME: '' USE_KMS: ${{ needs.requirements.outputs.signing_env == '' && 'false' || 'true' }} @@ -137,19 +133,10 @@ jobs: - name: Update bootstrap stage build artifact timestamps run: | t="$(date '+%s')" - # find ../.build -exec touch -d "@$t" {} + find ./.build -exec touch -d "@$t" {} + - name: Build run: | - # cp -v ../flavors.yaml . - # cp -v ../build.config . - # for feature in ../features/*; do - # if [ -d $feature ] && [ ! -d ./features/`basename $feature` ]; then - # cp -rv $feature ./features/ - # fi - # done - # ln -sv ../.build . cp ./flavors.yaml ./gardenlinux/flavors.yaml make ${{ matrix.flavor }}-${{ matrix.arch }}-build