Skip to content

ci: add autonomous CI/CD pipeline with Buildroot build and QEMU tests#5

Merged
gustavosbarreto merged 3 commits intomasterfrom
chore/ci-pipeline
Mar 10, 2026
Merged

ci: add autonomous CI/CD pipeline with Buildroot build and QEMU tests#5
gustavosbarreto merged 3 commits intomasterfrom
chore/ci-pipeline

Conversation

@gustavosbarreto
Copy link
Copy Markdown
Member

@gustavosbarreto gustavosbarreto commented Mar 10, 2026
edited
Loading

Summary

  • Replace standalone update-hash.yml with a unified ci.yml pipeline
  • Build Buildroot image with ShellHub agent and test it in QEMU automatically
  • Auto-approve and squash-merge Renovate PRs after all checks pass

Pipeline

Renovate PR → update-hash → build-and-test → auto-merge
Manual PR   →               build-and-test

Jobs

  1. update-hash (Renovate only): downloads tarball, recalculates MD5, commits if changed. Early-exits when hash is already correct to prevent double-runs from the push event.
  2. build-and-test: clones Buildroot 2024.11, configures qemu_x86_64_defconfig + ShellHub + ccache, builds with make -j$(nproc), then boots in QEMU and validates:
    • /usr/bin/shellhub-agent exists and is executable
    • shellhub-agent --version runs successfully
    • /etc/init.d/S42shellhub init script is installed
  3. auto-merge (Renovate only): auto-approves and squash-merges after tests pass.

Caching

Cache Key strategy
dl/ (source tarballs) buildroot-dl-{hash(shellhub.mk)}
ccache buildroot-ccache-{run_id} (rolling)

Test plan

  • This PR triggers build-and-test (no hash update or auto-merge since it's not from Renovate)
  • Verify caches are created after first run
  • Next Renovate PR should run the full pipeline including auto-merge

@gustavosbarreto
ci: add autonomous CI/CD pipeline with Buildroot build and QEMU tests
a6ecade 
Replace the standalone update-hash workflow with a unified CI pipeline
that builds the Buildroot image and validates the ShellHub agent
installation using QEMU, enabling fully autonomous Renovate PRs.

The pipeline runs three jobs:
- update-hash: recalculates tarball MD5 for Renovate PRs (with
  early-exit to prevent double-runs)
- build-and-test: cross-compiles via Buildroot and boots the image in
  QEMU to verify the agent binary and init script
- auto-merge: approves and squash-merges Renovate PRs after tests pass
@gustavosbarreto
ci: use prebuilt Bootlin toolchain to speed up builds
74bc190 
Use BR2_TOOLCHAIN_EXTERNAL with the Bootlin x86-64-core-i7 glibc
toolchain instead of building gcc/glibc from source, saving ~20-30
minutes per build.
@gustavosbarreto
ci: bump Buildroot to 2026.02 for Go 1.25 support
fed4da7 
ShellHub 0.21.5 requires Go >= 1.24.9 but Buildroot 2024.11 only
ships Go 1.23.2. Bump to Buildroot 2026.02 which includes Go 1.25.7.
@gustavosbarreto gustavosbarreto merged commit 4db8653 into master Mar 10, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gustavosbarreto