linux-kernel-oci/.github/workflows/matrix.yml at 6bb70c23a0037691ca9d65f877e53c1402ca4ba1 · edera-dev/linux-kernel-oci · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
name: Build Kernel Matrix
on:
  workflow_call:
    inputs:
      spec:
        description: 'Build Specification'
        type: string
        default: "new"
        required: true
      publish:
        description: 'Publish Builds'
        type: boolean
        default: true
        required: true
concurrency:
  group: "kernel-builder"
jobs:
  matrix:
    name: matrix
    runs-on: ubuntu-latest
    steps:
    - name: Harden the runner (Audit all outbound calls)
      uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
      with:
        egress-policy: audit

    - name: checkout repository
      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
      with:
        submodules: recursive
    - name: install dependencies
      run: ./hack/build/install-matrix-deps.sh
    - name: generate matrix
      run: 'PATH="${HOME}/go/bin:${PATH}" ./hack/build/generate-matrix.sh "${{ inputs.spec }}"'
    - name: upload matrix
      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
      with:
        name: matrix
        path: "matrix.json"
        compression-level: 0
    - name: capture matrix
      id: capture-matrix
      run: >
        echo "matrix=$(cat matrix.json)" >> "${GITHUB_OUTPUT}"
    outputs:
      matrix: "${{ steps.capture-matrix.outputs.matrix }}"
  build:
    name: "build ${{ matrix.builds.version }} ${{ matrix.builds.flavor }}"
    needs: matrix
    strategy:
      fail-fast: false
      matrix: ${{ fromJSON(needs.matrix.outputs.matrix) }}
    runs-on: "${{ matrix.builds.runner }}"
    env:
      KERNEL_PUBLISH: "${{ inputs.publish }}"
      KERNEL_VERSION: "${{ matrix.builds.version }}"
      KERNEL_SRC_URL: "${{ matrix.builds.source }}"
      FIRMWARE_URL: "${{ matrix.builds.firmware_url }}"
      FIRMWARE_SIG_URL: "${{ matrix.builds.firmware_sig_url }}"
      KERNEL_FLAVOR: "${{ matrix.builds.flavor }}"
      KERNEL_TAGS: "${{ join(matrix.builds.tags, ',') }}"
      KERNEL_ARCHITECTURES: "${{ join(matrix.builds.architectures, ',') }}"
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
        with:
          egress-policy: audit

      - name: checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
        with:
          submodules: recursive
      - name: install cosign
        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
      - name: docker setup linux-kernel-oci
        run: sudo python3 ./hack/build/docker-setup.py
      - name: docker setup buildx
        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
      - name: docker login ghcr.io
        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
        with:
          registry: ghcr.io
          username: "${{github.actor}}"
          password: "${{secrets.GITHUB_TOKEN}}"
      - name: generate docker script
        run: "./hack/build/generate-docker-script.sh"
      - name: upload docker script
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: "build-${{ matrix.builds.version }}-${{ matrix.builds.flavor }}.sh"
          path: "docker.sh"
          compression-level: 0
      - name: run docker script
        run: sh -x docker.sh