[4.2] forgejo-ci: add test build workflow #16
5 changed files with 227 additions and 112 deletions
184
.forgejo/patches/linux-template-builder_use-fuse.patch
Normal file
184
.forgejo/patches/linux-template-builder_use-fuse.patch
Normal file
|
@ -0,0 +1,184 @@
|
||||||
|
diff --git a/cleanup_image b/cleanup_image
|
||||||
|
index 224c04a..911b238 100755
|
||||||
|
--- a/cleanup_image
|
||||||
|
+++ b/cleanup_image
|
||||||
|
@@ -1,6 +1,7 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
export INSTALLDIR=$1
|
||||||
|
+export TEMPLATE_USE_FUSE=1
|
||||||
|
|
||||||
|
. ./builder_setup
|
||||||
|
|
||||||
|
@@ -20,5 +21,8 @@ fi
|
||||||
|
echo "--> Cleaning up image file..."
|
||||||
|
$SCRIPTSDIR/09_cleanup.sh
|
||||||
|
|
||||||
|
-echo "--> Compacting image file..."
|
||||||
|
-/sbin/fstrim -v "$INSTALLDIR"
|
||||||
|
+# fstrim not supported in userspace
|
||||||
|
+if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
|
||||||
|
+ echo "--> Compacting image file..."
|
||||||
|
+ /sbin/fstrim -v "$INSTALLDIR"
|
||||||
|
+fi
|
||||||
|
diff --git a/prepare_image b/prepare_image
|
||||||
|
index 6334879..de1a2af 100755
|
||||||
|
--- a/prepare_image
|
||||||
|
+++ b/prepare_image
|
||||||
|
@@ -19,6 +19,8 @@ RETCODE=0
|
||||||
|
. ./builder_setup >/dev/null
|
||||||
|
. ./umount_kill.sh >/dev/null
|
||||||
|
|
||||||
|
+export TEMPLATE_USE_FUSE=1
|
||||||
|
+
|
||||||
|
if ! [ $# -eq 1 ]; then
|
||||||
|
echo "usage ${0} <img_file_name>"
|
||||||
|
exit
|
||||||
|
@@ -55,11 +57,20 @@ echo "-> Preparing instalation of ${DIST} template..."
|
||||||
|
if [ -f "${IMG}" ]; then
|
||||||
|
echo "-> Image file already exists, assuming *update*..."
|
||||||
|
if [ "0$TEMPLATE_ROOT_WITH_PARTITIONS" -eq 1 ]; then
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
|
||||||
|
+ exit
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ fi
|
||||||
|
else
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ IMG_DEV=$IMG
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}
|
||||||
|
+ fi
|
||||||
|
fi
|
||||||
|
udevadm settle --exit-if-exists="$IMG_DEV"
|
||||||
|
else
|
||||||
|
@@ -78,11 +89,20 @@ size=2MiB, type=21686148-6449-6E6F-744E-656564454649, uuid=1e6c9db4-1e91-46c4-84
|
||||||
|
type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=693244e6-3e07-47bf-ad79-acade4293fe7, name="Root filesystem"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
|
||||||
|
+ exit
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ fi
|
||||||
|
else
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ IMG_DEV=$IMG
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}
|
||||||
|
+ fi
|
||||||
|
fi
|
||||||
|
udevadm settle --exit-if-exists="$IMG_DEV"
|
||||||
|
|
||||||
|
@@ -90,7 +110,9 @@ EOF
|
||||||
|
/sbin/mkfs.ext4 -q -F "${IMG_DEV}" || exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
-mount "${IMG_DEV}" "${INSTALLDIR}" || exit 1
|
||||||
|
+if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ fuse2fs "${IMG_DEV}" "${INSTALLDIR}" || exit 1
|
||||||
|
+fi
|
||||||
|
trap "umount_kill $(readlink -m ${INSTALLDIR})" EXIT
|
||||||
|
"${SCRIPTSDIR}/01_install_core.sh"
|
||||||
|
|
||||||
|
@@ -107,6 +129,8 @@ trap - EXIT
|
||||||
|
|
||||||
|
echo "-> Unmounting prepared_image..."
|
||||||
|
umount_kill "$(readlink -m ${INSTALLDIR})" || true
|
||||||
|
-/sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
|
||||||
|
+ /sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+fi
|
||||||
|
|
||||||
|
exit ${RETCODE}
|
||||||
|
diff --git a/qubeize_image b/qubeize_image
|
||||||
|
index 19c37cb..9e5179d 100755
|
||||||
|
--- a/qubeize_image
|
||||||
|
+++ b/qubeize_image
|
||||||
|
@@ -13,6 +13,8 @@ export CLEANIMG="$1"
|
||||||
|
export NAME="$2"
|
||||||
|
export LC_ALL=POSIX
|
||||||
|
|
||||||
|
+export TEMPLATE_USE_FUSE=1
|
||||||
|
+
|
||||||
|
. ./builder_setup >/dev/null
|
||||||
|
. ./umount_kill.sh >/dev/null
|
||||||
|
|
||||||
|
@@ -50,7 +52,9 @@ function cleanup() {
|
||||||
|
trap - ERR
|
||||||
|
trap
|
||||||
|
umount_kill "$PWD/mnt" || true
|
||||||
|
- /sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
|
||||||
|
+ /sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+ fi
|
||||||
|
exit $errval
|
||||||
|
}
|
||||||
|
trap cleanup ERR
|
||||||
|
@@ -72,14 +76,27 @@ fi
|
||||||
|
echo "--> Mounting $IMG"
|
||||||
|
mkdir -p mnt
|
||||||
|
if [ "0$TEMPLATE_ROOT_WITH_PARTITIONS" -eq 1 ]; then
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ echo "Fuse mode not implemented when TEMPLATE_ROOT_WITH_PARTITIONS is true"
|
||||||
|
+ exit
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -P -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}p3
|
||||||
|
+ fi
|
||||||
|
else
|
||||||
|
- IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
- IMG_DEV=${IMG_LOOP}
|
||||||
|
+ if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ IMG_DEV=$IMG
|
||||||
|
+ else
|
||||||
|
+ IMG_LOOP=$(/sbin/losetup -f --show "$IMG")
|
||||||
|
+ IMG_DEV=${IMG_LOOP}
|
||||||
|
+ fi
|
||||||
|
fi
|
||||||
|
udevadm settle --exit-if-exists="$IMG_DEV"
|
||||||
|
-mount "$IMG_DEV" mnt || exit 1
|
||||||
|
+if [ "$TEMPLATE_USE_FUSE" -eq 1 ]; then
|
||||||
|
+ fuse2fs "$IMG_DEV" mnt
|
||||||
|
+else
|
||||||
|
+ mount "$IMG_DEV" mnt || exit 1
|
||||||
|
+fi
|
||||||
|
export INSTALLDIR=mnt
|
||||||
|
|
||||||
|
# prepare for template.conf, so the qubeize script may generate it dynamically
|
||||||
|
@@ -159,7 +176,9 @@ ls -als $IMG
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
echo "--> Unmounting $IMG"
|
||||||
|
umount_kill "$PWD/mnt" || true
|
||||||
|
-/sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+if [ "$TEMPLATE_USE_FUSE" -ne 1 ]; then
|
||||||
|
+ /sbin/losetup -d ${IMG_LOOP}
|
||||||
|
+fi
|
||||||
|
|
||||||
|
echo "Qubeized image stored at: $IMG"
|
||||||
|
|
||||||
|
diff --git a/templates.spec b/templates.spec
|
||||||
|
index e1a82e9..210ef57 100644
|
||||||
|
--- a/templates.spec
|
||||||
|
+++ b/templates.spec
|
||||||
|
@@ -193,3 +193,4 @@ rm -rf $RPM_BUILD_ROOT
|
||||||
|
%attr (664,root,qubes) %{dest_dir}/vm-whitelisted-appmenus.list
|
||||||
|
%attr (664,root,qubes) %{dest_dir}/netvm-whitelisted-appmenus.list
|
||||||
|
%attr (664,root,qubes) %{dest_dir}/template.conf
|
||||||
|
+%define _arch x86_64
|
36
.forgejo/workflows/test-build.yaml
Normal file
36
.forgejo/workflows/test-build.yaml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
types: [ assigned, opened, synchronize, reopened ]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build-test:
|
||||||
|
runs-on: x86_64
|
||||||
|
container:
|
||||||
|
image: alpine:3.20
|
||||||
|
steps:
|
||||||
|
- name: Environment setup
|
||||||
|
run: |
|
||||||
|
apk add rpm wget coreutils eudev e2fsprogs xen doas sudo curl nodejs git alpine-sdk fuse2fs patch findutils grep
|
||||||
|
cd /etc/apk/keys
|
||||||
|
curl -JO https://ayakael.net/api/packages/forge/alpine/key
|
||||||
|
- name: Repo pull
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 500
|
||||||
|
- name: RPM build
|
||||||
|
run: |
|
||||||
|
git clone https://github.com/QubesOS/qubes-builder
|
||||||
|
mkdir qubes-builder/qubes-src
|
||||||
|
ln -s $GITHUB_WORKSPACE qubes-builder/qubes-src/builder-alpine
|
||||||
|
cp builder.conf qubes-builder/.
|
||||||
|
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
|
||||||
|
patch -d qubes-builder/qubes-src/linux-template-builder -p1 -i $GITHUB_WORKSPACE/.forgejo/patches/linux-template-builder_use-fuse.patch
|
||||||
|
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
|
||||||
|
cd qubes-builder
|
||||||
|
make linux-template-builder
|
||||||
|
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $GITHUB_WORKSPACE/.
|
||||||
|
- name: Package upload
|
||||||
|
uses: forgejo/upload-artifact@v3
|
||||||
|
with:
|
||||||
|
name: package
|
||||||
|
path: qubes-template-*.rpm
|
107
.gitlab-ci.yml
107
.gitlab-ci.yml
|
@ -1,107 +0,0 @@
|
||||||
stages:
|
|
||||||
- build
|
|
||||||
- release
|
|
||||||
|
|
||||||
variables:
|
|
||||||
GIT_STRATEGY: clone
|
|
||||||
GIT_DEPTH: "500"
|
|
||||||
|
|
||||||
.verify:
|
|
||||||
stage: build
|
|
||||||
rules:
|
|
||||||
- if: $CI_MERGE_REQUEST_ID
|
|
||||||
interruptible: true
|
|
||||||
script:
|
|
||||||
- |
|
|
||||||
sudo apk add rpm wget losetup coreutils eudev e2fsprogs xen
|
|
||||||
doas addgroup $USER abuild
|
|
||||||
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
|
|
||||||
git clone https://github.com/QubesOS/qubes-builder
|
|
||||||
mkdir qubes-builder/qubes-src
|
|
||||||
ln -s $CI_PROJECT_DIR qubes-builder/qubes-src/builder-alpine
|
|
||||||
cp builder.conf qubes-builder/.
|
|
||||||
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
|
|
||||||
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
|
|
||||||
cd qubes-builder
|
|
||||||
make linux-template-builder
|
|
||||||
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $CI_PROJECT_DIR/.
|
|
||||||
artifacts:
|
|
||||||
paths:
|
|
||||||
- qubes-template-*.rpm
|
|
||||||
expire_in: 7 days
|
|
||||||
when: always
|
|
||||||
tags:
|
|
||||||
- qubes-template
|
|
||||||
|
|
||||||
verify-alpine320:
|
|
||||||
extends: .verify
|
|
||||||
variables:
|
|
||||||
CI_ALPINE_TARGET_RELEASE: alpine320
|
|
||||||
|
|
||||||
.build:
|
|
||||||
stage: build
|
|
||||||
rules:
|
|
||||||
- if: $CI_COMMIT_TAG
|
|
||||||
interruptible: true
|
|
||||||
script:
|
|
||||||
- |
|
|
||||||
sudo apk add rpm wget losetup coreutils eudev e2fsprogs xen
|
|
||||||
doas addgroup $USER abuild
|
|
||||||
export PATH="$PATH:$CI_PROJECT_DIR/.gitlab/bin"
|
|
||||||
git clone https://github.com/QubesOS/qubes-builder
|
|
||||||
mkdir qubes-builder/qubes-src
|
|
||||||
ln -s $CI_PROJECT_DIR qubes-builder/qubes-src/builder-alpine
|
|
||||||
cp builder.conf qubes-builder/.
|
|
||||||
git clone https://github.com/QubesOS/qubes-linux-template-builder qubes-builder/qubes-src/linux-template-builder
|
|
||||||
echo "%define _arch x86_64" >> qubes-builder/qubes-src/linux-template-builder/templates.spec
|
|
||||||
cd qubes-builder
|
|
||||||
make linux-template-builder
|
|
||||||
cp qubes-src/linux-template-builder/rpm/noarch/qubes-template-*.rpm $CI_PROJECT_DIR/.
|
|
||||||
cd $CI_PROJECT_DIR
|
|
||||||
CI_ALPINE_RPM_NAME="$(find qubes-template*.rpm)"
|
|
||||||
echo "ALPINE_RPM_NAME=$CI_ALPINE_RPM_NAME" > job.env
|
|
||||||
echo "Generating sha512sum"
|
|
||||||
sha512sum $CI_ALPINE_RPM_NAME > $CI_ALPINE_RPM_NAME.sha512sum
|
|
||||||
after_script:
|
|
||||||
- echo "JOB_ID=$CI_JOB_ID" >> job.env
|
|
||||||
artifacts:
|
|
||||||
paths:
|
|
||||||
- qubes-template*.rpm
|
|
||||||
- qubes-template*.sha512sum
|
|
||||||
expire_in: never
|
|
||||||
when: always
|
|
||||||
reports:
|
|
||||||
dotenv: job.env
|
|
||||||
tags:
|
|
||||||
- qubes-template
|
|
||||||
|
|
||||||
build-alpine320:
|
|
||||||
extends: .build
|
|
||||||
variables:
|
|
||||||
CI_ALPINE_TARGET_RELEASE: alpine320
|
|
||||||
|
|
||||||
release:
|
|
||||||
stage: release
|
|
||||||
allow_failure: false
|
|
||||||
tags:
|
|
||||||
- qubes-template
|
|
||||||
rules:
|
|
||||||
- if: $CI_COMMIT_TAG
|
|
||||||
when: on_success
|
|
||||||
script:
|
|
||||||
- echo "Create Release $GI_COMMIT_TAG"
|
|
||||||
- echo $JOB_ID
|
|
||||||
- echo $ALPINE_RPM_NAME
|
|
||||||
release:
|
|
||||||
name: 'Release $CI_COMMIT_TAG'
|
|
||||||
description: 'Release $CI_COMMIT_TAG'
|
|
||||||
tag_name: '$CI_COMMIT_TAG'
|
|
||||||
ref: '$CI_COMMIT_SHA'
|
|
||||||
assets:
|
|
||||||
links:
|
|
||||||
- name: "$ALPINE_RPM_NAME"
|
|
||||||
filepath: "/template/qubes-template-$CI_COMMIT_TAG.rpm"
|
|
||||||
url: "https://lab.ilot.io/ayakael/qubes-builder-alpine/-/jobs/$JOB_ID/artifacts/raw/$ALPINE_RPM_NAME"
|
|
||||||
- name: "$ALPINE_RPM_NAME.sha512sum"
|
|
||||||
filepath: "/template/qubes-template-$CI_COMMIT_TAG.rpm.sha512sum"
|
|
||||||
url: "https://lab.ilot.io/ayakael/qubes-builder-alpine/-/jobs/$JOB_ID/artifacts/raw/$ALPINE_RPM_NAME.sha512sum"
|
|
|
@ -17,8 +17,8 @@ fi
|
||||||
|
|
||||||
APKTOOLS_CACHE_DIR="${CACHEDIR}/apk_cache"
|
APKTOOLS_CACHE_DIR="${CACHEDIR}/apk_cache"
|
||||||
ALPINELINUX_VERSION=${DIST_VER:-latest-stable}
|
ALPINELINUX_VERSION=${DIST_VER:-latest-stable}
|
||||||
QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://lab.ilot.io/ayakael/repo-apk/-/raw}"
|
QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://ayakael.net/api/packages/forge/alpine}"
|
||||||
QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-antoine.martin@protonmail.com-5b3109ad.rsa.pub}"
|
QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-https://ayakael.net/api/packages/forge/alpine/key}"
|
||||||
QUBES_REL="${QUBES_REL:-r4.2}"
|
QUBES_REL="${QUBES_REL:-r4.2}"
|
||||||
export APK_CACHE_DIR
|
export APK_CACHE_DIR
|
||||||
|
|
||||||
|
@ -28,8 +28,10 @@ if [ "$VERBOSE" -ge 2 ] || [ "$DEBUG" -gt 0 ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo " --> Adding Qubes custom repository..."
|
echo " --> Adding Qubes custom repository..."
|
||||||
su -c "echo '$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/qubes/$QUBES_REL' >> $INSTALLDIR/etc/apk/repositories"
|
su -c "echo '$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/qubes-$QUBES_REL' >> $INSTALLDIR/etc/apk/repositories"
|
||||||
wget "$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/$QUBESALPINE_KEYFILE" -P "$INSTALLDIR"/etc/apk/keys
|
pushd "$INSTALLDIR"/etc/apk/keys
|
||||||
|
curl -JO "$QUBESALPINE_KEYFILE"
|
||||||
|
popd
|
||||||
|
|
||||||
echo " --> Synchronize resolv.conf..."
|
echo " --> Synchronize resolv.conf..."
|
||||||
cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf"
|
cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf"
|
||||||
|
|
|
@ -31,7 +31,7 @@ chroot_setup() {
|
||||||
chroot_add_mount sys "$1/sys" -t sysfs -o nosuid,noexec,nodev,ro &&
|
chroot_add_mount sys "$1/sys" -t sysfs -o nosuid,noexec,nodev,ro &&
|
||||||
# alpine-chroot will never have occasion to use efivars, so don't bother
|
# alpine-chroot will never have occasion to use efivars, so don't bother
|
||||||
# mounting efivarfs here
|
# mounting efivarfs here
|
||||||
chroot_add_mount udev "$1/dev" -t devtmpfs -o mode=0755,nosuid &&
|
chroot_add_mount /dev "$1/dev" -o bind &&
|
||||||
chroot_add_mount devpts "$1/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec &&
|
chroot_add_mount devpts "$1/dev/pts" -t devpts -o mode=0620,gid=5,nosuid,noexec &&
|
||||||
chroot_add_mount shm "$1/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev &&
|
chroot_add_mount shm "$1/dev/shm" -t tmpfs -o mode=1777,nosuid,nodev &&
|
||||||
chroot_add_mount run "$1/run" -t tmpfs -o nosuid,nodev,mode=0755 &&
|
chroot_add_mount run "$1/run" -t tmpfs -o nosuid,nodev,mode=0755 &&
|
||||||
|
|
Loading…
Reference in a new issue