version: 2.0 jobs: build: docker: - image: docker.io/openwrtorg/packages-cci:v1.0.5 environment: - SDK_HOST: "cdn.openwrt.org" - SDK_PATH: "snapshots/targets/ath79/generic" - SDK_FILE: "openwrt-sdk-ath79-generic_*.Linux-x86_64.tar.xz" - BRANCH: "master" steps: - checkout: path: ~/openwrt_packages - run: name: Check changes / verify commits working_directory: ~/openwrt_packages command: | cat >> $BASH_ENV <: ' ($subject)" RET=1 fi body="$(git show -s --format=%b $commit)" sob="$(git show -s --format='Signed-off-by: %aN <%aE>' $commit)" if echo "$body" | grep -qF "$sob"; then echo_green "Signed-off-by match author" else echo_red "Signed-off-by is missing or doesn't match author (should be '$sob')" RET=1 fi done exit $RET - run: name: Download the SDK working_directory: ~/sdk command: | curl "https://$SDK_HOST/$SDK_PATH/sha256sums" -sS -o sha256sums curl "https://$SDK_HOST/$SDK_PATH/sha256sums.asc" -fs -o sha256sums.asc || true curl "https://$SDK_HOST/$SDK_PATH/sha256sums.sig" -fs -o sha256sums.sig || true if [ ! -f sha256sums.asc ] && [ ! -f sha256sums.sig ]; then echo_red "Missing sha256sums signature files" exit 1 fi [ ! -f sha256sums.asc ] || gpg --with-fingerprint --verify sha256sums.asc sha256sums if [ -f sha256sums.sig ]; then VERIFIED= for KEY in ~/usign/*; do echo "Trying $KEY..." if signify-openbsd -V -q -p "$KEY" -x sha256sums.sig -m sha256sums; then echo "...verified" VERIFIED=1 break fi done if [ -z "$VERIFIED" ]; then echo_red "Could not verify usign signature" exit 1 fi fi PATTERN=$(echo "$SDK_FILE\$" | sed -e 's/\./\\./g' -e 's/\*/.*/g') FILENAME=$(grep -m1 -o "$PATTERN" sha256sums) curl "https://$SDK_HOST/$SDK_PATH/$FILENAME" -sS -o "$FILENAME" sha256sum -c --ignore-missing sha256sums - run: name: Prepare build_dir working_directory: ~/build_dir command: | tar Jxf ~/sdk/$SDK_FILE --strip=1 touch .config make prepare-tmpinfo scripts/config/conf ./scripts/config/conf --defconfig=.config Config.in make prereq rm .config cat > feeds.conf < /dev/null make defconfig > /dev/null # enable BUILD_LOG sed -i 's/# CONFIG_BUILD_LOG is not set/CONFIG_BUILD_LOG=y/' .config - run: name: Install & download source, check package, compile working_directory: ~/build_dir command: | set +o pipefail PKGS=$(cd ~/openwrt_packages; git diff --diff-filter=d --name-only "origin/$BRANCH..." | grep 'Makefile$' | grep -Ev '/files/|/src/' | awk -F/ '{ print $(NF-1) }') if [ -z "$PKGS" ] ; then echo_blue "WARNING: No new or modified packages found!" exit 0 fi echo_blue "=== Found new/modified packages: $PKGS" for PKG in $PKGS ; do echo_blue "===+ Install: $PKG" ./scripts/feeds install "$PKG" echo_blue "===+ Download: $PKG" make "package/$PKG/download" V=s echo_blue "===+ Check package: $PKG" make "package/$PKG/check" V=s 2>&1 | tee logtmp RET=${PIPESTATUS[0]} if [ $RET -ne 0 ]; then echo_red "=> Package check failed: $RET)" exit $RET fi badhash_msg="HASH does not match " badhash_msg+="|HASH uses deprecated hash," badhash_msg+="|HASH is missing," if grep -qE "$badhash_msg" logtmp; then echo_red "=> Package HASH check failed" exit 1 fi echo_green "=> Package check OK" done make \ -f .config \ -f tmp/.packagedeps \ -f <(echo '$(info $(sort $(package-y) $(package-m)))'; echo -en 'a:\n\t@:') \ | tr ' ' '\n' >enabled-package-subdirs.txt for PKG in $PKGS ; do if ! grep -m1 -qE "(^|/)$PKG$" enabled-package-subdirs.txt; then echo_red "===+ Building: $PKG skipped. It cannot be enabled with $SDK_FILE" continue fi echo_blue "===+ Building: $PKG" make "package/$PKG/compile" -j3 V=s || { RET=$? echo_red "===+ Building: $PKG failed, rebuilding with -j1 for human readable error log" make "package/$PKG/compile" -j1 V=s; exit $RET } done - store_artifacts: path: ~/build_dir/logs - store_artifacts: path: ~/build_dir/bin workflows: version: 2 buildpr: jobs: - build: filters: branches: ignore: master