build: add CircleCI

The big advantages are:
- everyone can download the build logs and the ipks
- we use our own docker image
- people with commit access can ssh into the build env

The disadvantages:
- need to push new commits to restart the build

I haven't reimplemented the commit message checks as this should be replaced
with a separate script doing only that so we can require it
(https://help.github.com/articles/enabling-required-status-checks/)

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

.circleci/Dockerfile

@@ -0,0 +1,25 @@
+FROM debian:9
+
+RUN apt update && apt install -y \
+build-essential \
+jq \
+gawk \
+gettext \
+git \
+libncurses5-dev \
+libssl-dev \
+subversion \
+zlib1g-dev \
+&& rm -rf /var/lib/apt/lists/*
+
+# LEDE Build System (LEDE GnuPG key for unattended build jobs)
+RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/626471F1.asc' | gpg --import \
+ && echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust
+
+# LEDE Release Builder (17.01 "Reboot" Signing Key)
+RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/D52BBB6B.asc' | gpg --import \
+ && echo 'B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:6:' | gpg --import-ownertrust
+
+# OpenWrt Release Builder (18.06 Signing Key)
+RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/17E1CE16.asc' | gpg --import \
+ && echo '6768C55E79B032D77A28DA5F0F20257417E1CE16:6:' | gpg --import-ownertrust

.circleci/README

@@ -0,0 +1,6 @@
+# Build/update the docker image
+
+docker pull debian:9
+docker build --rm .
+docker tag <IMAGE ID> docker.io/champtar/openwrtpackagesci:latest
+docker push docker.io/champtar/openwrtpackagesci:latest

.circleci/config.yml

@@ -0,0 +1,61 @@
+version: 2.0
+jobs:
+  build:
+    docker:
+      - image: champtar/openwrtpackagesci@sha256:ba41678f7bd9dea5f1caef9594167588c306caf08bc2f90e779a91e57a9fc7bd
+    environment:
+      - SDK_BASE_URL: "https://downloads.lede-project.org/snapshots/targets/ar71xx/generic"
+      - SDK_FILE: "openwrt-sdk-ar71xx-generic_gcc-7.3.0_musl.Linux-x86_64.tar.xz"
+    branches:
+      only: /pull.*/
+    steps:
+      - run:
+          name: Download the SDK
+          working_directory: ~/sdk
+          command: |
+             curl "$SDK_BASE_URL/sha256sums" -sS -o sha256sums
+             curl "$SDK_BASE_URL/sha256sums.asc" -sS -o sha256sums.asc
+             gpg --with-fingerprint --verify sha256sums.asc sha256sums
+             curl "$SDK_BASE_URL/$SDK_FILE" -sS -o "$SDK_FILE"
+             sha256sum -c --ignore-missing sha256sums
+
+      - checkout:
+          path: ~/openwrt_packages
+
+      - run:
+          name: Prepare build_dir
+          working_directory: ~/build_dir
+          command: |
+             tar Jxf ~/sdk/$SDK_FILE --strip=1
+             cat > feeds.conf <<EOF
+             src-git base https://github.com/lede-project/source.git
+             src-link packages $HOME/openwrt_packages
+             src-git luci https://github.com/openwrt/luci.git
+             EOF
+             cat feeds.conf
+             # enable BUILD_LOG
+             sed -i '1s/^/config BUILD_LOG\n\tbool\n\tdefault y\n\n/' Config-build.in
+             ./scripts/feeds update -a > /dev/null
+             ./scripts/feeds install -a > /dev/null
+             make defconfig > /dev/null
+
+      - run:
+          name: Download & check & compile
+          working_directory: ~/build_dir
+          command: |
+             PKGS=$(cd ~/openwrt_packages; git diff --diff-filter=d --name-only "origin/master" | grep 'Makefile$' | grep -v '/files/' | awk -F/ '{ print $(NF-1) }')
+             echo "Packages: $PKGS"
+             for PKG in $PKGS ; do
+                 make "package/$PKG/download" V=s
+                 make "package/$PKG/check" V=s
+             done
+             for PKG in $PKGS ; do
+                 make "package/$PKG/compile" -j3
+             done
+
+      - store_artifacts:
+          path: ~/build_dir/logs
+
+      - store_artifacts:
+          path: ~/build_dir/bin
+