diff options
author | Paul Spooren <mail@aparcar.org> | 2019-07-07 22:14:13 +0200 |
---|---|---|
committer | Paul Spooren <mail@aparcar.org> | 2019-07-08 18:55:33 +0200 |
commit | da35bfcf54246550bd00b1004f5ec2ca3764457b (patch) | |
tree | 421c8be08e666aa5621d6682720bf45f92ea4d3c | |
parent | 006f7c7932a29cf0473f0b3c256eb3504001dd01 (diff) |
build: add circleci
This automatically performs formal checks and also checks and compiles
the packages. The resulting packages are then stored as artifacts and
easily testable on running machines.
Signed-off-by: Paul Spooren <mail@aparcar.org>
-rw-r--r-- | .circleci/Dockerfile | 42 | ||||
-rw-r--r-- | .circleci/README | 6 | ||||
-rw-r--r-- | .circleci/config.yml | 144 |
3 files changed, 192 insertions, 0 deletions
diff --git a/.circleci/Dockerfile b/.circleci/Dockerfile new file mode 100644 index 000000000..b3575b206 --- /dev/null +++ b/.circleci/Dockerfile @@ -0,0 +1,42 @@ +FROM debian:9 + + +# Configuration version history +# v1.0 - Initial version by Etienne Champetier +# v1.0.1 - Run as non-root, add unzip, xz-utils +# v1.0.2 - Add bzr + +RUN apt update && apt install -y \ +build-essential \ +curl \ +jq \ +gawk \ +gettext \ +git \ +libncurses5-dev \ +libssl-dev \ +python \ +subversion \ +bzr \ +time \ +wget \ +zlib1g-dev \ +unzip \ +xz-utils \ +&& rm -rf /var/lib/apt/lists/* + +RUN useradd -c "OpenWrt Builder" -m -d /home/build -s /bin/bash build +USER build +ENV HOME /home/build + +# LEDE Build System (LEDE GnuPG key for unattended build jobs) +RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/626471F1.asc' | gpg --import \ + && echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust + +# LEDE Release Builder (17.01 "Reboot" Signing Key) +RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/D52BBB6B.asc' | gpg --import \ + && echo 'B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:6:' | gpg --import-ownertrust + +# OpenWrt Release Builder (18.06 Signing Key) +RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/17E1CE16.asc' | gpg --import \ + && echo '6768C55E79B032D77A28DA5F0F20257417E1CE16:6:' | gpg --import-ownertrust diff --git a/.circleci/README b/.circleci/README new file mode 100644 index 000000000..8b26582ef --- /dev/null +++ b/.circleci/README @@ -0,0 +1,6 @@ +# Build/update the docker image + +docker pull debian:9 +docker build --rm -t docker.io/openwrtorg/packages-cci:latest . +docker tag <IMAGE ID> docker.io/openwrtorg/packages-cci:<VERSION-TAG> +docker push docker.io/openwrtorg/packages-cci diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 000000000..4702c4e27 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,144 @@ +version: 2.0 +jobs: + build: + docker: + - image: docker.io/openwrtorg/packages-cci:v1.0.2 + environment: + - SDK_HOST: "downloads.openwrt.org" + - SDK_PATH: "snapshots/targets/ath79/generic" + - SDK_FILE: "openwrt-sdk-ath79-generic_*.Linux-x86_64.tar.xz" + - BRANCH: "master" + steps: + - checkout: + path: ~/openwrt_luci + + - run: + name: Check changes / verify commits + working_directory: ~/openwrt_luci + command: | + cat >> $BASH_ENV <<EOF + echo_red() { printf "\033[1;31m\$*\033[m\n"; } + echo_green() { printf "\033[1;32m\$*\033[m\n"; } + echo_blue() { printf "\033[1;34m\$*\033[m\n"; } + EOF + source $BASH_ENV + + RET=0 + for commit in $(git rev-list HEAD ^origin/$BRANCH); do + echo_blue "=== Checking commit '$commit'" + if git show --format='%P' -s $commit | grep -qF ' '; then + echo_red "Pull request should not include merge commits" + RET=1 + fi + + author="$(git show -s --format=%aN $commit)" + if echo $author | grep -q '\S\+\s\+\S\+'; then + echo_green "Author name ($author) seems ok" + else + echo_red "Author name ($author) need to be your real name 'firstname lastname'" + RET=1 + fi + + subject="$(git show -s --format=%s $commit)" + if echo "$subject" | grep -q -e '^[0-9A-Za-z,+/_-]\+: ' -e '^Revert '; then + echo_green "Commit subject line seems ok ($subject)" + else + echo_red "Commit subject line MUST start with '<package name>: ' ($subject)" + RET=1 + fi + + body="$(git show -s --format=%b $commit)" + sob="$(git show -s --format='Signed-off-by: %aN <%aE>' $commit)" + if echo "$body" | grep -qF "$sob"; then + echo_green "Signed-off-by match author" + else + echo_red "Signed-off-by is missing or doesn't match author (should be '$sob')" + RET=1 + fi + done + + exit $RET + + - run: + name: Download the SDK + working_directory: ~/sdk + command: | + curl "https://$SDK_HOST/$SDK_PATH/sha256sums" -sS -o sha256sums + curl "https://$SDK_HOST/$SDK_PATH/sha256sums.asc" -sS -o sha256sums.asc + gpg --with-fingerprint --verify sha256sums.asc sha256sums + rsync -av "$SDK_HOST::downloads/$SDK_PATH/$SDK_FILE" . + sha256sum -c --ignore-missing sha256sums + + - run: + name: Prepare build_dir + working_directory: ~/build_dir + command: | + tar Jxf ~/sdk/$SDK_FILE --strip=1 + cat > feeds.conf <<EOF + src-git base https://github.com/openwrt/openwrt.git;$BRANCH + src-git packages https://github.com/openwrt/packages.git;$BRANCH + src-link luci $HOME/openwrt_luci + EOF + cat feeds.conf + ./scripts/feeds update -a > /dev/null + make defconfig > /dev/null + # enable BUILD_LOG + sed -i 's/# CONFIG_BUILD_LOG is not set/CONFIG_BUILD_LOG=y/' .config + + - run: + name: Download source, check package, compile + working_directory: ~/build_dir + command: | + set +o pipefail + PKGS=$(cd ~/openwrt_luci; git diff --diff-filter=d --name-only "origin/$BRANCH..." | awk -F/ '{ print $2 }' | uniq) + if [ -z "$PKGS" ] ; then + echo_blue "WARNING: No new or modified packages found!" + exit 0 + fi + + echo_blue "=== Found new/modified packages: $PKGS" + for PKG in $PKGS ; do + echo_blue "===+ Install: $PKG" + ./scripts/feeds install $PKG + + echo_blue "===+ Download: $PKG" + make "package/$PKG/download" V=s + + echo_blue "===+ Check package: $PKG" + make "package/$PKG/check" V=s 2>&1 | tee logtmp + RET=${PIPESTATUS[0]} + + if [ $RET -ne 0 ]; then + echo_red "=> Package check failed: $RET)" + exit $RET + fi + + badhash_msg="HASH does not match " + badhash_msg+="|HASH uses deprecated hash," + badhash_msg+="|HASH is missing," + if grep -qE "$badhash_msg" logtmp; then + echo_red "=> Package HASH check failed" + exit 1 + fi + echo_green "=> Package check OK" + done + + for PKG in $PKGS ; do + echo_blue "===+ Building: $PKG" + make "package/$PKG/compile" -j$(nproc) || make "package/$PKG/compile" V=s + done + + - store_artifacts: + path: ~/build_dir/logs + + - store_artifacts: + path: ~/build_dir/bin + +workflows: + version: 2 + buildpr: + jobs: + - build: + filters: + branches: + ignore: master |