on:
workflow_call:
+ secrets:
+ coverity_api_token:
inputs:
+ container_name:
+ type: string
+ default: tools
target:
required: true
type: string
+ subtarget:
+ required: true
+ type: string
testing:
type: boolean
build_toolchain:
type: boolean
build_all_boards:
type: boolean
+ use_openwrt_container:
+ type: boolean
+ default: true
+ coverity_project_name:
+ type: string
+ default: OpenWrt
+ coverity_check_packages:
+ type: string
+ coverity_compiler_template_list:
+ type: string
+ default: >-
+ arm-openwrt-linux-gcc
+ coverity_force_compile_packages:
+ type: string
+ default: >-
+ curl
+ libnl
+ mbedtls
+ wolfssl
+ openssl
+ build_external_toolchain:
+ type: boolean
+ upload_external_toolchain:
+ type: boolean
permissions:
contents: read
jobs:
setup_build:
- name: Setup build ${{ inputs.target }}
+ name: Setup build ${{ inputs.target }}/${{ inputs.subtarget }}
runs-on: ubuntu-latest
outputs:
owner_lc: ${{ steps.lower_owner.outputs.owner_lc }}
- ccache_hash: ${{ steps.ccache_hash.outputs.ccache_hash }}
container_tag: ${{ steps.determine_tools_container.outputs.container_tag }}
+ container_name: ${{ steps.determine_tools_container.outputs.container_name }}
steps:
- name: Checkout
run: |
OWNER_LC=$(echo "${{ github.repository_owner }}" \
| tr '[:upper:]' '[:lower:]')
- echo "owner_lc=$OWNER_LC" >> $GITHUB_OUTPUT
- - name: Generate ccache hash
- id: ccache_hash
- run: |
- CCACHE_HASH=$(md5sum include/kernel-* | awk '{ print $1 }' \
- | md5sum | awk '{ print $1 }')
- echo "ccache_hash=$CCACHE_HASH" >> $GITHUB_OUTPUT
+ if [ ${{ inputs.use_openwrt_container }} == "true" ]; then
+ OWNER_LC=openwrt
+ fi
+
+ echo "owner_lc=$OWNER_LC" >> $GITHUB_OUTPUT
# Per branch tools container tag
# By default stick to latest
- name: Determine tools container tag
id: determine_tools_container
run: |
+ CONTAINER_NAME=${{ inputs.container_name }}
CONTAINER_TAG=latest
if [ -n "${{ github.base_ref }}" ]; then
if echo "${{ github.base_ref }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]$'; then
CONTAINER_TAG=openwrt-"$(echo ${{ github.ref_name }} | sed 's/^v\([0-9][0-9]\.[0-9][0-9]\)\..\+/\1/')"
fi
fi
- echo "Tools container to use tools:$CONTAINER_TAG"
+
+ if [ "$CONTAINER_NAME" = "toolchain" ]; then
+ GHCR_TOKEN=$(echo ${{ secrets.GITHUB_TOKEN }} | base64)
+ GHCR_HEADER="Authorization: Bearer ${GHCR_TOKEN}"
+ GHCR_MANIFEST_LINK=https://ghcr.io/v2/${{ steps.lower_owner.outputs.owner_lc }}/${{ inputs.container_name }}/manifests/${{ inputs.target }}-${{ inputs.subtarget }}-"$CONTAINER_TAG"
+ # Check if container exist
+ if [ $(curl -s -o /dev/null -w "%{http_code}" -H "$GHCR_HEADER" -I "$GHCR_MANIFEST_LINK") = 200 ]; then
+ CONTAINER_TAG=${{ inputs.target }}-${{ inputs.subtarget }}-"$CONTAINER_TAG"
+ else
+ CONTAINER_NAME=tools
+ fi
+ fi
+
+ echo "Tools container to use $CONTAINER_NAME:$CONTAINER_TAG"
echo "container_tag=$CONTAINER_TAG" >> $GITHUB_OUTPUT
+ echo "container_name=$CONTAINER_NAME" >> $GITHUB_OUTPUT
build:
- name: Build ${{ inputs.target }}
+ name: Build ${{ inputs.target }}/${{ inputs.subtarget }}
needs: setup_build
runs-on: ubuntu-latest
- container: ghcr.io/${{ needs.setup_build.outputs.owner_lc }}/tools:${{ needs.setup_build.outputs.container_tag }}
+ container: ghcr.io/${{ needs.setup_build.outputs.owner_lc }}/${{ needs.setup_build.outputs.container_name }}:${{ needs.setup_build.outputs.container_tag }}
permissions:
contents: read
repository: openwrt/telephony
path: openwrt/feeds/telephony
- - name: Fix permission
- run: |
- chown -R buildbot:buildbot openwrt
-
- - name: Initialization environment
- run: |
- TARGET=$(echo ${{ inputs.target }} | cut -d "/" -f 1)
- SUBTARGET=$(echo ${{ inputs.target }} | cut -d "/" -f 2)
- echo "TARGET=$TARGET" >> "$GITHUB_ENV"
- echo "SUBTARGET=$SUBTARGET" >> "$GITHUB_ENV"
-
- - name: Update & Install feeds
- if: inputs.include_feeds == true
- shell: su buildbot -c "sh -e {0}"
- working-directory: openwrt
- run: |
- ./scripts/feeds update -a
- ./scripts/feeds install -a
-
- name: Parse toolchain file
if: inputs.build_toolchain == false
id: parse-toolchain
working-directory: openwrt
run: |
+ if [ -d /external-toolchain/ ]; then
+ echo "toolchain-type=external_container" >> $GITHUB_OUTPUT
+ exit 0
+ fi
+
TOOLCHAIN_PATH=snapshots
if [ -n "${{ github.base_ref }}" ]; then
fi
if [ -n "$major_ver" ]; then
- git fetch --tags
+ git fetch --tags -f
latest_tag="$(git tag --sort=-creatordate -l $major_ver* | head -n1)"
if [ -n "$latest_tag" ]; then
TOOLCHAIN_PATH=releases/$(echo $latest_tag | sed 's/^v//')
fi
fi
- SUMS_FILE="https://downloads.cdn.openwrt.org/$TOOLCHAIN_PATH/targets/${{ env.TARGET }}/${{ env.SUBTARGET }}/sha256sums"
+ SUMS_FILE="https://downloads.cdn.openwrt.org/$TOOLCHAIN_PATH/targets/${{ inputs.target }}/${{ inputs.subtarget }}/sha256sums"
if curl $SUMS_FILE | grep -q ".*openwrt-toolchain.*tar.xz"; then
TOOLCHAIN_STRING="$( curl $SUMS_FILE | grep ".*openwrt-toolchain.*tar.xz")"
TOOLCHAIN_FILE=$(echo "$TOOLCHAIN_STRING" | sed -n -e 's/.*\(openwrt-toolchain.*\).tar.xz/\1/p')
- TOOLCHAIN_SHA256=$(echo "$TOOLCHAIN_STRING" | cut -d ' ' -f 1)
echo "toolchain-type=external_toolchain" >> $GITHUB_OUTPUT
elif curl $SUMS_FILE | grep -q ".*openwrt-sdk.*tar.xz"; then
TOOLCHAIN_STRING="$( curl $SUMS_FILE | grep ".*openwrt-sdk.*tar.xz")"
TOOLCHAIN_FILE=$(echo "$TOOLCHAIN_STRING" | sed -n -e 's/.*\(openwrt-sdk.*\).tar.xz/\1/p')
- TOOLCHAIN_SHA256=$(echo "$TOOLCHAIN_STRING" | cut -d ' ' -f 1)
echo "toolchain-type=external_sdk" >> $GITHUB_OUTPUT
+ else
+ echo "toolchain-type=internal" >> $GITHUB_OUTPUT
fi
echo "TOOLCHAIN_FILE=$TOOLCHAIN_FILE" >> "$GITHUB_ENV"
- echo "TOOLCHAIN_SHA256=$TOOLCHAIN_SHA256" >> "$GITHUB_ENV"
echo "TOOLCHAIN_PATH=$TOOLCHAIN_PATH" >> "$GITHUB_ENV"
- - name: Cache external toolchain/sdk
- if: inputs.build_toolchain == false
- id: cache-external-toolchain
- uses: actions/cache@v3
- with:
- path: openwrt/${{ env.TOOLCHAIN_FILE }}
- key: ${{ env.TOOLCHAIN_FILE }}-${{ steps.parse-toolchain.outputs.toolchain-type }}-${{ env.TOOLCHAIN_SHA256 }}
+ - name: Fix permission
+ run: |
+ chown -R buildbot:buildbot openwrt
+
+ - name: Prepare prebuilt tools
+ shell: su buildbot -c "sh -e {0}"
+ working-directory: openwrt
+ run: |
+ mkdir -p staging_dir build_dir
+ ln -s /prebuilt_tools/staging_dir/host staging_dir/host
+ ln -s /prebuilt_tools/build_dir/host build_dir/host
+
+ ./scripts/ext-tools.sh --refresh
+
+ - name: Update & Install feeds
+ if: inputs.include_feeds == true
+ shell: su buildbot -c "sh -e {0}"
+ working-directory: openwrt
+ run: |
+ ./scripts/feeds update -a
+ ./scripts/feeds install -a
- - name: Cache ccache
- uses: actions/cache@v3
+ - name: Restore ccache cache
+ id: restore-ccache-cache
+ uses: actions/cache/restore@v3
with:
path: openwrt/.ccache
- key: ccache-kernel-${{ env.TARGET }}/${{ env.SUBTARGET }}-${{ needs.setup_build.outputs.ccache_hash }}
+ key: ccache-kernel-${{ inputs.target }}/${{ inputs.subtarget }}-${{ hashFiles('openwrt/include/kernel-**') }}
restore-keys: |
- ccache-kernel-${{ env.TARGET }}/${{ env.SUBTARGET }}-
+ ccache-kernel-${{ inputs.target }}/${{ inputs.subtarget }}-
- name: Download external toolchain/sdk
- if: inputs.build_toolchain == false && steps.cache-external-toolchain.outputs.cache-hit != 'true'
+ if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type != 'internal' && steps.parse-toolchain.outputs.toolchain-type != 'external_container'
shell: su buildbot -c "sh -e {0}"
working-directory: openwrt
run: |
- wget -O - https://downloads.cdn.openwrt.org/${{ env.TOOLCHAIN_PATH }}/targets/${{ env.TARGET }}/${{ env.SUBTARGET }}/${{ env.TOOLCHAIN_FILE }}.tar.xz \
+ wget -O - https://downloads.cdn.openwrt.org/${{ env.TOOLCHAIN_PATH }}/targets/${{ inputs.target }}/${{ inputs.subtarget }}/${{ env.TOOLCHAIN_FILE }}.tar.xz \
| tar --xz -xf -
- - name: Extract prebuilt tools
- shell: su buildbot -c "sh -e {0}"
- working-directory: openwrt
- run: ./scripts/ext-tools.sh --tools /tools.tar
-
- name: Configure testing kernel
if: inputs.testing == true
shell: su buildbot -c "sh -e {0}"
echo CONFIG_TARGET_PER_DEVICE_ROOTFS=y >> .config
echo CONFIG_TARGET_ALL_PROFILES=y >> .config
+ - name: Configure external toolchain in container
+ if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type == 'external_container'
+ shell: su buildbot -c "sh -e {0}"
+ working-directory: openwrt
+ run: |
+ echo CONFIG_DEVEL=y >> .config
+ echo CONFIG_AUTOREMOVE=y >> .config
+ echo CONFIG_CCACHE=y >> .config
+
+ ./scripts/ext-toolchain.sh \
+ --toolchain /external-toolchain/$(ls /external-toolchain/ | grep openwrt-toolchain)/toolchain-* \
+ --overwrite-config \
+ --config ${{ inputs.target }}/${{ inputs.subtarget }}
+
- name: Configure external toolchain
if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type == 'external_toolchain'
shell: su buildbot -c "sh -e {0}"
./scripts/ext-toolchain.sh \
--toolchain ${{ env.TOOLCHAIN_FILE }}/toolchain-* \
--overwrite-config \
- --config ${{ env.TARGET }}/${{ env.SUBTARGET }}
+ --config ${{ inputs.target }}/${{ inputs.subtarget }}
- name: Adapt external sdk to external toolchain format
- if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type == 'external_sdk' && steps.cache-external-toolchain.outputs.cache-hit != 'true'
+ if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type == 'external_sdk'
shell: su buildbot -c "sh -e {0}"
working-directory: openwrt
run: |
./scripts/ext-toolchain.sh \
--toolchain ${{ env.TOOLCHAIN_FILE }}/staging_dir/toolchain-* \
--overwrite-config \
- --config ${{ env.TARGET }}/${{ env.SUBTARGET }}
+ --config ${{ inputs.target }}/${{ inputs.subtarget }}
- name: Configure internal toolchain
- if: inputs.build_toolchain == true
+ if: inputs.build_toolchain == true || steps.parse-toolchain.outputs.toolchain-type == 'internal'
shell: su buildbot -c "sh -e {0}"
working-directory: openwrt
run: |
echo CONFIG_AUTOREMOVE=y >> .config
echo CONFIG_CCACHE=y >> .config
- echo "CONFIG_TARGET_${{ env.TARGET }}=y" >> .config
- echo "CONFIG_TARGET_${{ env.TARGET }}_${{ env.SUBTARGET }}=y" >> .config
+ echo "CONFIG_TARGET_${{ inputs.target }}=y" >> .config
+ echo "CONFIG_TARGET_${{ inputs.target }}_${{ inputs.subtarget }}=y" >> .config
make defconfig
working-directory: openwrt
run: make -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh
+ - name: Build external toolchain
+ if: inputs.build_external_toolchain == true
+ shell: su buildbot -c "sh -e {0}"
+ working-directory: openwrt
+ run: make target/toolchain/compile -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh
+
+ - name: Coverity prepare toolchain
+ if: inputs.coverity_check_packages != ''
+ shell: su buildbot -c "sh -e {0}"
+ working-directory: openwrt
+ run: |
+ wget -q https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.coverity_api_token }}&project=${{ inputs.coverity_project_name }}" -O coverity.tar.gz
+ wget -q https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.coverity_api_token }}&project=${{ inputs.coverity_project_name }}&md5=1" -O coverity.tar.gz.md5
+ echo ' coverity.tar.gz' >> coverity.tar.gz.md5
+ md5sum -c coverity.tar.gz.md5
+
+ mkdir cov-analysis-linux64
+ tar xzf coverity.tar.gz --strip 1 -C cov-analysis-linux64
+ export PATH=$(pwd)/cov-analysis-linux64/bin:$PATH
+
+ for template in ${{ inputs.coverity_compiler_template_list }}; do
+ cov-configure --template --comptype gcc --compiler "$template"
+ done
+
+ - name: Clean and recompile packages with Coverity toolchain
+ if: inputs.coverity_check_packages != ''
+ shell: su buildbot -c "bash {0}"
+ working-directory: openwrt
+ run: |
+ set -o pipefail -o errexit
+
+ coverity_check_packages=(${{ inputs.coverity_check_packages }})
+ printf -v clean_packages "package/%s/clean " "${coverity_check_packages[@]}"
+ make -j$(nproc) BUILD_LOG=1 $clean_packages || ret=$? .github/workflows/scripts/show_build_failures.sh
+
+ coverity_force_compile_packages=(${{ inputs.coverity_force_compile_packages }})
+ printf -v force_compile_packages "package/%s/compile " "${coverity_force_compile_packages[@]}"
+ make -j$(nproc) BUILD_LOG=1 $force_compile_packages || ret=$? .github/workflows/scripts/show_build_failures.sh
+
+ printf -v compile_packages "package/%s/compile " "${coverity_check_packages[@]}"
+ export PATH=$(pwd)/cov-analysis-linux64/bin:$PATH
+ cov-build --dir cov-int make -j $(nproc) BUILD_LOG=1 $compile_packages || ret=$? .github/workflows/scripts/show_build_failures.sh
+
+ - name: Upload build to Coverity for analysis
+ if: inputs.coverity_check_packages != ''
+ shell: su buildbot -c "sh -e {0}"
+ working-directory: openwrt
+ run: |
+ tar czf cov-int.tar.gz ./cov-int
+ curl \
+ --form token="${{ secrets.coverity_api_token }}" \
+ --form email="contact@openwrt.org" \
+ --form file=@cov-int.tar.gz \
+ --form version="${{ github.ref_name }}-${{ github.sha }}" \
+ --form description="OpenWrt ${{ github.ref_name }}-${{ github.sha }}" \
+ "https://scan.coverity.com/builds?project=${{ inputs.coverity_project_name }}"
+
- name: Upload logs
if: failure()
uses: actions/upload-artifact@v3
with:
- name: ${{ env.TARGET }}-${{ env.SUBTARGET }}-logs
+ name: ${{ inputs.target }}-${{ inputs.subtarget }}-logs
path: "openwrt/logs"
+
+ - name: Save ccache cache
+ uses: actions/cache/save@v3
+ with:
+ path: openwrt/.ccache
+ key: ${{ steps.restore-ccache-cache.outputs.cache-primary-key }}
+
+ - name: Find external toolchain name
+ id: get-toolchain-name
+ if: inputs.upload_external_toolchain == true
+ working-directory: openwrt
+ run: |
+ TOOLCHAIN_NAME=$(ls bin/targets/${{inputs.target }}/${{ inputs.subtarget }} | grep toolchain)
+ echo "toolchain-name=$TOOLCHAIN_NAME" >> $GITHUB_OUTPUT
+
+ - name: Upload prebuilt toolchain
+ if: inputs.upload_external_toolchain == true
+ uses: actions/upload-artifact@v3
+ with:
+ name: ${{ inputs.target }}-${{ inputs.subtarget }}-external-toolchain
+ path: openwrt/bin/targets/${{ inputs.target }}/${{ inputs.subtarget }}/${{ steps.get-toolchain-name.outputs.toolchain-name }}
+ retention-days: 1