Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI fixes #487

Merged
merged 2 commits into from
Dec 21, 2024
Merged

CI fixes #487

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
302bd4c
Update versions of CI actions
fosslinux Dec 21, 2024
9237fa6
Work around Ubuntu 24.04 bubblewrap bug
fosslinux Dec 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .github/workflows/bwrap.apparmor
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# SPDX-FileCopyrightText: 2024 Russell Coker <[email protected]>
# SPDX-License-Identifier: CC-BY-NC-SA-3.0
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming this is even copyrightable, it might be worth contacting the author about a better license for this file, as NC licenses could be problematic for things like GPL compatibility. (Even though this is only used in the CI.)

Copy link
Collaborator

@stikonas stikonas Dec 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same thing here but with a different binary (firefox):

https://support.mozilla.org/en-US/kb/install-firefox-linux

and this is under CC-BY-SA. Presumably the bit of code is just too small to be even copyrightable

# source: https://etbe.coker.com.au/2024/04/24/ubuntu-24-04-bubblewrap/

abi <abi/4.0>,
include <tunables/global>

profile bwrap /usr/bin/bwrap flags=(unconfined) {
userns,

# Site-specific additions and overrides. See local/README for details.
include if exists <local/bwrap>
}
38 changes: 22 additions & 16 deletions .github/workflows/bwrap.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,17 @@ jobs:
- name: Install bubblewrap
run: sudo apt install bubblewrap
- name: Checkout repo
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
submodules: recursive
# There is a strange bug(?) in nongnu, when you clone a git repository
# against a commit != HEAD with depth=1, it errors out.
fetch-depth: 0
- name: Work around Ubuntu 24.04 bubblewrap bug
run: sudo cp .github/workflows/bwrap.apparmor /etc/apparmor.d/bwrap && sudo systemctl reload apparmor
- name: Query cache for sources
id: cache
uses: actions/cache/restore@v3
uses: actions/cache/restore@v4
with:
path: |
distfiles
Expand All @@ -37,7 +39,7 @@ jobs:
run: ./download-distfiles.sh
- name: Cache sources
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/cache/save@v3
uses: actions/cache/save@v4
with:
path: |
distfiles
Expand All @@ -46,14 +48,14 @@ jobs:
run: ./rootfs.py --bwrap --external-sources --build-kernels --cores 2 --internal-ci pass1
- name: Archive created packages
if: failure() # archive failed builds progress
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: packages
path: target/external/repo/**
- name: Tar pass1 image
run: tar -cf pass1_image.tar target
- name: Archive pass1_image
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: internal_pass1_image
path: pass1_image.tar
Expand All @@ -66,21 +68,23 @@ jobs:
- name: Install bubblewrap
run: sudo apt install bubblewrap
- name: Checkout repo
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
submodules: recursive
# There is a strange bug(?) in nongnu, when you clone a git repository
# against a commit != HEAD with depth=1, it errors out.
fetch-depth: 0
- name: Work around Ubuntu 24.04 bubblewrap bug
run: sudo cp .github/workflows/bwrap.apparmor /etc/apparmor.d/bwrap && sudo systemctl reload apparmor
- name: Get pass1_image
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: internal_pass1_image
- name: Extract pass1_image
run: tar -xf pass1_image.tar
- name: Query cache for sources
id: cache
uses: actions/cache/restore@v3
uses: actions/cache/restore@v4
with:
path: |
distfiles
Expand All @@ -90,7 +94,7 @@ jobs:
run: ./download-distfiles.sh
- name: Cache sources
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/cache/save@v3
uses: actions/cache/save@v4
with:
path: |
distfiles
Expand All @@ -99,14 +103,14 @@ jobs:
run: ./rootfs.py --bwrap --external-sources --build-kernels --cores 2 --internal-ci pass2
- name: Archive created packages
if: failure() # archive failed builds progress
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: internal_packages_pass2
path: target/external/repo/**
- name: Tar pass2 image
run: tar -cf pass2_image.tar target
- name: Archive pass2_image
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: internal_pass2_image
path: pass2_image.tar
Expand All @@ -119,21 +123,23 @@ jobs:
- name: Install bubblewrap
run: sudo apt install bubblewrap
- name: Checkout repo
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
submodules: recursive
# There is a strange bug(?) in nongnu, when you clone a git repository
# against a commit != HEAD with depth=1, it errors out.
fetch-depth: 0
- name: Work around Ubuntu 24.04 bubblewrap bug
run: sudo cp .github/workflows/bwrap.apparmor /etc/apparmor.d/bwrap && sudo systemctl reload apparmor
- name: Get pass2_image
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: internal_pass2_image
- name: Extract pass2_image
run: tar -xf pass2_image.tar
- name: Query cache for sources
id: cache
uses: actions/cache/restore@v3
uses: actions/cache/restore@v4
with:
path: |
distfiles
Expand All @@ -143,7 +149,7 @@ jobs:
run: ./download-distfiles.sh
- name: Cache sources
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/cache/save@v3
uses: actions/cache/save@v4
with:
path: |
distfiles
Expand All @@ -152,7 +158,7 @@ jobs:
run: ./rootfs.py --bwrap --external-sources --build-kernels --cores 2 --internal-ci pass3
- name: Archive created packages
if: always() # archive both failed and successful builds
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: packages
path: target/external/repo/**
Loading
Loading