-
Notifications
You must be signed in to change notification settings - Fork 8
183 lines (176 loc) · 6.52 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
on:
push:
pull_request:
name: build
jobs:
build:
name: build
runs-on: self-hosted
steps:
- name: Set up environment
run: |
mkdir ~/bin
echo "PATH=$HOME/bin:$PATH" >> $GITHUB_ENV
- name: Check out git
uses: actions/checkout@v3
- name: Set up golang
uses: actions/setup-go@v3
with:
go-version: 1.21
- name: install dependencies
run: |
echo "options kvm tdp_mmu=N" | sudo tee /etc/modprobe.d/kvm-disable-tdp-mmu.conf
echo "options kvm_intel dump_invalid_vmcs=Y" | sudo tee /etc/modprobe.d/kvm-enable-dump_invalid_vmcs.conf
sudo apt-get update
sudo add-apt-repository -y ppa:puzzleos/dev
sudo apt-get -y install \
bats cryptsetup-bin expect libacl1-dev libarchive-tools \
libcryptsetup-dev libgpgme-dev libcap-dev \
libdevmapper-dev liblxc-dev libpam0g-dev \
libseccomp-dev libsquashfs-dev lxc lxc-dev make mtools\
openssl pip pkgconf skopeo socat squashfuse swtpm jq \
uidmap umoci qemu-utils qemu-system-x86 xorriso \
ubuntu-dev-tools make gcc squashfs-tools sbsigntool \
python3-yaml
sudo modprobe kvm
sudo adduser $(whoami) kvm
sudo chmod o+rw /dev/kvm
sudo systemctl restart user@$(id -u runner)
sudo systemctl start dbus
sudo pip install virt-firmware
echo "XXX some debug"
cat /proc/self/status
ls -l /run/user
ls -l /dev/kvm
id -u
id -u runner
ps -ef
- name: setup lxc
run: |
chmod ugo+x $HOME
cat /etc/subuid /etc/subgid
u=$(id -un) && g=$(id -gn)
echo "u=$u g=$g"
uidmap=$(awk -F: '$1 == u { print $2, $3 }' "u=$u" /etc/subuid)
gidmap=$(awk -F: '$1 == g { print $2, $3 }' "g=$g" /etc/subgid)
if [ "$u" = "runner" ] && [ -z "$gidmap" ]; then
# 'id -gn' shows docker, but 'runner' is in subgid
g="runner"
gidmap=$(awk -F: '$1 == g { print $2, $3 }' "g=$g" /etc/subgid)
fi
echo "uidmap=$uidmap."
echo "gidmap=$gidmap."
[ -n "$uidmap" ] && [ -n "$gidmap" ] ||
{ echo "did not get uidmap or gidmap for u=$u g=$g"; exit 1; }
mkdir -p ~/.config/lxc/
echo "writing .config/lxc/default.conf"
tee ~/.config/lxc/default.conf <<EOF
lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 $uidmap
lxc.idmap = g 0 $gidmap
EOF
set -x
cat ~/.config/lxc/default.conf
cat /etc/subuid
echo "writing /etc/lxc/lxc-usernet"
echo "$u veth lxcbr0 100" | sudo tee -a /etc/lxc/lxc-usernet
- name: install stacker
run: |
wget -O ~/bin/stacker --progress=dot:mega https://github.com/project-stacker/stacker/releases/download/v1.0.0-rc5/stacker
chmod 755 ~/bin/stacker
- name: install skopeo
run: |
wget -O ~/bin/skopeo --progress=dot:mega https://github.com/project-machine/tools/releases/download/v0.0.1/skopeo
chmod 755 ~/bin/skopeo
sudo cp -f ~/bin/skopeo /usr/bin/skopeo
- name: lint
run: |
make gofmt
- name: make
run: |
go get -v ./...
make
- name: test preparation
run: |
wget -O ~/bin/machine --progress=dot:mega https://github.com/project-machine/machine/releases/download/v0.1.2/machine-linux-amd64
wget -O ~/bin/machined --progress=dot:mega https://github.com/project-machine/machine/releases/download/v0.1.2/machined-linux-amd64
chmod 755 ~/bin/machine ~/bin/machined
mkdir -p ~/.config/systemd/user/
export PATH=~/bin:$PATH
- name: test
run: |
id
mkdir -p /run/user/$(id -u)/containers
chmod go+rx /run/user/$(id -u)
chmod go+rx /run/user/$(id -u)/containers
nohup ~/bin/machined > /tmp/machined.out 2>&1 &
timeout 60m make test
timeout 20m bats tests/livecd1.bats
timeout 20m bats tests/livecd2.bats
- name: show journal output
if: always()
run: |
set -x
cat /tmp/machined.out
sudo dmesg
sudo df -h
- name: Release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
files: |
mosctl
mosb
trust-linux-amd64
- name: publish provision and install layer
if: startsWith(github.ref, 'refs/tags/')
uses: project-stacker/stacker-build-push-action@main
with:
file: 'layers/stacker.yaml'
build-args: |
ZOT_VERSION=2.0.0-rc5
ROOTFS_VERSION=v0.0.17.231018
url: docker://zothub.io/machine/bootstrap
tags: ${{ github.event.release.tag_name }}
username: ${{ secrets.ZOTHUB_USERNAME }}
password: ${{ secrets.ZOTHUB_PASSWORD }}
build_arm64:
runs-on: ubuntu-latest
name: Build on ubuntu-latest arm64
steps:
- uses: actions/checkout@v3
- uses: uraimo/run-on-arch-action@v2
with:
arch: aarch64
distro: ubuntu22.04
githubToken: ${{ github.token }}
install: |
apt-get -y update;
apt-get install -q -y git golang-go;
apt-get install -y bats curl golang make openssl swtpm tpm2-tools \
libcryptsetup-dev libgpgme-dev libcap-dev qemu-kvm \
libdevmapper-dev libacl1-dev libarchive-tools pip python3-yaml \
sbsigntool squashfs-tools wget
pip install virt-firmware
mv /usr/lib/go /usr/lib/go.no || true
cd /tmp/
wget https://go.dev/dl/go1.21.0.linux-arm64.tar.gz
tar -C /usr/lib -zvxf go1.21.0.linux-arm64.tar.gz
rm /usr/bin/go /usr/bin/gofmt
ln -s /usr/lib/go/bin/go /usr/bin/go
ln -s /usr/lib/go/bin/gofmt /usr/bin/gofmt
run: |
git config --global --add safe.directory /home/runner/work/mos/mos
pwd
git describe --always --dirty
go version
make
make test-trust
- name: Rename Binary
run: |
mv trust trust-linux-arm64
- name: release
uses: softprops/action-gh-release@v1
if: startsWith(github.ref, 'refs/tags/')
with:
files: trust-linux-arm64