drop ci and remnants
This commit is contained in:
parent
8f7edd05f4
commit
2e85d42e92
28
debian/certs/ci-test-sign/ci-test-sign-key.pem
vendored
28
debian/certs/ci-test-sign/ci-test-sign-key.pem
vendored
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQCo/R6tgfzFlvtA
|
|
||||||
bGb9QiwyCur1JB1eRE2UmU8t39jr0VRcr6p55v71fZE+ny4rLZl3ZibsKt1YeEhq
|
|
||||||
xAg7a7UfvjzT0PWaRV7M/XcwnRfKt032lUyNtcsEiMTp299Iak/Q/jm9M0yiTYxe
|
|
||||||
W1EsXfu1QrNSe0Zo8EZr9Q6eyFnjilJNgHpOlCyxH/7ujO73tzP84cEDZejFHYlo
|
|
||||||
ypKsjO2IWLcQssnM+llOlMYZ4mx6a6TxchSMKyYl6PRLviltkK4HF6AD4D4Lgoa0
|
|
||||||
38pHPL2kJPEW9eb1cRsnFkzK4edYxGN6si728HUY/rQFSzehSaGXjPYR6kq2OCwQ
|
|
||||||
am4LcCm/AgMBAAECggEBAJso/df1+C88N6mpXs6+yXGRULaQ2F5LfKgqM+c9FyE+
|
|
||||||
7KTFrlOLYyHoj0neQjfnAHf+1VIW8XFfz64oHB7jAEULGTKrNDbX5vl06NE8DDJX
|
|
||||||
KEB2SPn8p1GceqD2/wawhmSwaDduOLj1VyLz2Y5RJOIDQj9DbRzBMQfC1A+6ib4/
|
|
||||||
LscWb1e1gQvZ0FIgSv2ZlOLqdSXVizsg7Am5iCizD5O9Pbw31QfZDyd7IJqpRi63
|
|
||||||
Wo234CZS3Hhkr2267QttVeuY9AWgtYU1f6KMRrakEpLPf1mNqVIpY3M8Ee8KoMCr
|
|
||||||
a3pl39+N9+0DI4GCF5yctmzPn4YqWg25vFVirXJFluECgYEA1bRcPQ2EzTLDjm1U
|
|
||||||
tVrh3yd6ZPdY1Tch1UhzGf7lGIMY924tZZveDpWs7VGJMGO8hHTdo8Ku32AolJKA
|
|
||||||
yMW+P05+EcXo0GR8xcJ4Ol3yeJrblWhO4UNiQrTxhE6yy/g25zgVKcKUfbdkq7Cu
|
|
||||||
VOZpmNlh3bM4Iwno8ZGxvUI+GBcCgYEAym8r9G2MWFCmH6w6cOkt2EpOlzCEKLZ5
|
|
||||||
q1nlZXTQBG+UB3EUPxZBviPTAjzZgfY1YS6SFZCb+fFEsVzGUAcz00xH6H2tHgmK
|
|
||||||
NoCX1bzqA7qDWjs2Dr2x33803jhRClQr/hg3rCwfoAkkImX2tPEf/URF6b5MuxgB
|
|
||||||
JPAT98lg3JkCgYEAzMG/8vtl99ogxvF4TT9j1ZWUzvKzma72as29AvZX+XF61XAq
|
|
||||||
bQW38I92nfgWk1esg9kZl9NsDDitCRWJ8VSOIUgKwOq4VBtD9ZOL8JidPvNZW0ES
|
|
||||||
+wC+QB3wno1tAMO1jzsMA/QcpIu4GEzz7ALMwJfgDjSun9vZ5sNq4mR67EcCgYEA
|
|
||||||
ibqbsEC8ZPXyIMiANoQfofHkiK8Eq+KC41dVYPLZ+Lqlf26rNMUC08fx76rQ3cBS
|
|
||||||
zxztXWi3BpXlg7q4XoiX9SIIJqEjILWi6LQTGePfX8wNRF3WyK69j28v3CV61ckw
|
|
||||||
6T822Zhnp+2wPQsckD0h46II4yCLehu545TIMSU9FrkCgYEAin/3RTg2V0v/36AR
|
|
||||||
YSMfZvfd+DCQ2Vm1WJQWfPJhdzb/L8DzFei0DDAbPFIiz5CFt9yyCIaag5XE0NqP
|
|
||||||
gHq3xaNmYqV2LLDX8lswmpeqUN0YpEKUwrT/CGuRLWMJYc2WwbGGgQIOc53nx+Ku
|
|
||||||
6DKedX7qLoifu/3fq69hNrMXsFs=
|
|
||||||
-----END PRIVATE KEY-----
|
|
19
debian/certs/ci-test-sign/ci-test-sign.pem
vendored
19
debian/certs/ci-test-sign/ci-test-sign.pem
vendored
@ -1,19 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDEzCCAfugAwIBAgIUM0ot4Y+xMV7+tm0g9Yp70GPmizQwDQYJKoZIhvcNAQEL
|
|
||||||
BQAwGTEXMBUGA1UEAwwOVGVzdCBTaWduZXIgQ0EwHhcNMjIwMjA1MTgyOTIzWhcN
|
|
||||||
MjIwMzA3MTgyOTIzWjAZMRcwFQYDVQQDDA5UZXN0IFNpZ25lciBDQTCCASIwDQYJ
|
|
||||||
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj9Hq2B/MWW+0BsZv1CLDIK6vUkHV5E
|
|
||||||
TZSZTy3f2OvRVFyvqnnm/vV9kT6fListmXdmJuwq3Vh4SGrECDtrtR++PNPQ9ZpF
|
|
||||||
Xsz9dzCdF8q3TfaVTI21ywSIxOnb30hqT9D+Ob0zTKJNjF5bUSxd+7VCs1J7Rmjw
|
|
||||||
Rmv1Dp7IWeOKUk2Aek6ULLEf/u6M7ve3M/zhwQNl6MUdiWjKkqyM7YhYtxCyycz6
|
|
||||||
WU6UxhnibHprpPFyFIwrJiXo9Eu+KW2QrgcXoAPgPguChrTfykc8vaQk8Rb15vVx
|
|
||||||
GycWTMrh51jEY3qyLvbwdRj+tAVLN6FJoZeM9hHqSrY4LBBqbgtwKb8CAwEAAaNT
|
|
||||||
MFEwHQYDVR0OBBYEFJ2vFS8iN46NNzlnI73JPOXy+8ydMB8GA1UdIwQYMBaAFJ2v
|
|
||||||
FS8iN46NNzlnI73JPOXy+8ydMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
|
|
||||||
BQADggEBAFRNfEbkBd0dKw7Ch4b9GMi4yDHFBN9d9KBe6Il92hojluBlQXTBvyKM
|
|
||||||
OPN12k7CTTHDN1RCLfHaPQl9lrZILgMLI3y5KdLYPhaaGuGwihIUObcNVetU+TGa
|
|
||||||
iMgdIsRSnF1LaYb5z56mJnnHSYA+5eq+Lnpy+jT7JhXrs0jL2JB7n36lYarpDE0Q
|
|
||||||
yby09tTHw8fJFONQ2UfUUJu52wcT8hrSygZR0msDz27/l0KmKgKtmM039hZW3Ssa
|
|
||||||
PZlVfQe3j7lZ0kPi/W9RhA+3LPDdHmjJYhTS2gtCLfeAaaXGj9sFEpMfGbF8Hgl4
|
|
||||||
OjiEuTKPVoApKbpa6islqK3O6GR86WE=
|
|
||||||
-----END CERTIFICATE-----
|
|
23
debian/rules
vendored
23
debian/rules
vendored
@ -35,29 +35,6 @@ build: build-arch build-indep
|
|||||||
|
|
||||||
build-arch: debian/control
|
build-arch: debian/control
|
||||||
dh_testdir
|
dh_testdir
|
||||||
|
|
||||||
# The perf-read-vdso* programs are built for different architectures,
|
|
||||||
# without standard flags, but are not exposed to untrusted input.
|
|
||||||
@printf '%s\n' 'blhc: ignore-line-regexp: .* -o *[^ ]*/perf-read-vdso.*'
|
|
||||||
|
|
||||||
# Kernel code needs different hardening options that blhc doesn't know
|
|
||||||
# about.
|
|
||||||
@printf '%s\n' 'blhc: ignore-line-regexp: .* -D__KERNEL__ .*'
|
|
||||||
|
|
||||||
# The tools/perf/tests/workloads/.* programs are deliberately compiled
|
|
||||||
# without -O2, so instruct blhc to ignore those
|
|
||||||
@printf '%s\n' 'blhc: ignore-line-regexp: .* -o .*tools/perf/tests/workloads/.*'
|
|
||||||
|
|
||||||
# fixdep is not always built with the right flags but is also not packaged
|
|
||||||
@printf '%s\n' 'blhc: ignore-line-regexp: .* -o .*/tools/.*/fixdep.*'
|
|
||||||
|
|
||||||
# We need to use terse builds in CI due to the log size limit. This
|
|
||||||
# mostly affects the output for builds of kernel code, which need
|
|
||||||
# different options for hardening anyway.
|
|
||||||
ifneq ($(filter terse,$(DEB_BUILD_OPTIONS)),)
|
|
||||||
@printf '%s\n' 'blhc: ignore-line-regexp: \s*(CC(LD)?|LD|LINK)\b.*'
|
|
||||||
endif
|
|
||||||
|
|
||||||
$(MAKE) -f debian/rules.gen build-arch_$(DEB_HOST_ARCH)
|
$(MAKE) -f debian/rules.gen build-arch_$(DEB_HOST_ARCH)
|
||||||
|
|
||||||
build-indep: debian/control
|
build-indep: debian/control
|
||||||
|
2
debian/rules.real
vendored
2
debian/rules.real
vendored
@ -41,7 +41,7 @@ setup_env := env -u ABINAME -u ARCH -u FEATURESET -u FLAVOUR -u VERSION -u LOCAL
|
|||||||
# XXX: All the tools leak flags between host and build all the time, just don't care. See #1050991.
|
# XXX: All the tools leak flags between host and build all the time, just don't care. See #1050991.
|
||||||
setup_env += -u KBUILD_HOSTCFLAGS -u HOSTCFLAGS -u KBUILD_HOSTLDFLAGS
|
setup_env += -u KBUILD_HOSTCFLAGS -u HOSTCFLAGS -u KBUILD_HOSTLDFLAGS
|
||||||
setup_env += DISTRIBUTION_OFFICIAL_BUILD=1 DISTRIBUTOR="$(DEB_VENDOR)" DISTRIBUTION_VERSION="$(SOURCEVERSION)" KBUILD_BUILD_TIMESTAMP="@$(SOURCE_DATE_EPOCH)" KBUILD_BUILD_VERSION_TIMESTAMP="$(DEB_VENDOR) $(SOURCEVERSION) ($(SOURCE_DATE_UTC_ISO))" KBUILD_BUILD_USER="$(word 1,$(subst @, ,$(MAINTAINER)))" KBUILD_BUILD_HOST="$(word 2,$(subst @, ,$(MAINTAINER)))"
|
setup_env += DISTRIBUTION_OFFICIAL_BUILD=1 DISTRIBUTOR="$(DEB_VENDOR)" DISTRIBUTION_VERSION="$(SOURCEVERSION)" KBUILD_BUILD_TIMESTAMP="@$(SOURCE_DATE_EPOCH)" KBUILD_BUILD_VERSION_TIMESTAMP="$(DEB_VENDOR) $(SOURCEVERSION) ($(SOURCE_DATE_UTC_ISO))" KBUILD_BUILD_USER="$(word 1,$(subst @, ,$(MAINTAINER)))" KBUILD_BUILD_HOST="$(word 2,$(subst @, ,$(MAINTAINER)))"
|
||||||
setup_env += KBUILD_VERBOSE=$(if $(filter terse,$(DEB_BUILD_OPTIONS)),0,1)
|
setup_env += KBUILD_VERBOSE=1
|
||||||
|
|
||||||
MAKE_CLEAN = $(setup_env) $(MAKE) KCFLAGS=-fdebug-prefix-map=$(CURDIR)/= KAFLAGS=-fdebug-prefix-map=$(CURDIR)/=
|
MAKE_CLEAN = $(setup_env) $(MAKE) KCFLAGS=-fdebug-prefix-map=$(CURDIR)/= KAFLAGS=-fdebug-prefix-map=$(CURDIR)/=
|
||||||
MAKE_SELF := $(MAKE) -f debian/rules.real $(MAKEOVERRIDES)
|
MAKE_SELF := $(MAKE) -f debian/rules.real $(MAKEOVERRIDES)
|
||||||
|
353
debian/salsa-ci.yml
vendored
353
debian/salsa-ci.yml
vendored
@ -1,353 +0,0 @@
|
|||||||
include:
|
|
||||||
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
|
|
||||||
|
|
||||||
variables:
|
|
||||||
RELEASE: 'unstable'
|
|
||||||
# Make that build quicker
|
|
||||||
DEB_BUILD_PROFILES: pkg.linux.quick
|
|
||||||
# We have to bump the version in source preparation, not later
|
|
||||||
SALSA_CI_DISABLE_VERSION_BUMP: 'true'
|
|
||||||
# Currently broken in quick build
|
|
||||||
DEBIAN_KERNEL_DISABLE_INSTALLER: 'true'
|
|
||||||
# Output is limited to 4 MiB total, so use 'terse'.
|
|
||||||
# Current runners have 2 CPUs but have slow I/O so 'parallel=4' is
|
|
||||||
# a bit faster.
|
|
||||||
DEB_BUILD_OPTIONS: 'terse parallel=4'
|
|
||||||
DEBIAN_KERNEL_DISABLE_BUILD_PACKAGE_ARM64: 0
|
|
||||||
|
|
||||||
# Add stages for signed packages
|
|
||||||
stages:
|
|
||||||
- provisioning
|
|
||||||
- build
|
|
||||||
- publish
|
|
||||||
- sign-code
|
|
||||||
- build-signed
|
|
||||||
- test
|
|
||||||
|
|
||||||
# The common Salsa CI pipeline relies on keeping the unpacked source
|
|
||||||
# as an artifact, but in our case this is far too large for the
|
|
||||||
# current limits on Salsa (salsa-ci-team/pipeline#195). So we
|
|
||||||
# redefine the source extraction and build steps to use packed source.
|
|
||||||
|
|
||||||
# Our modified extract-source and build jobs
|
|
||||||
|
|
||||||
extract-source:
|
|
||||||
stage: provisioning
|
|
||||||
image: $SALSA_CI_IMAGES_BASE
|
|
||||||
cache:
|
|
||||||
key: "orig-${RELEASE}"
|
|
||||||
paths:
|
|
||||||
- orig
|
|
||||||
extends:
|
|
||||||
- .artifacts-default-expire
|
|
||||||
rules:
|
|
||||||
- if: $CI_COMMIT_TAG != null
|
|
||||||
when: never
|
|
||||||
- when: always
|
|
||||||
script:
|
|
||||||
# Move orig tarball cache
|
|
||||||
- |
|
|
||||||
if [ -d orig ]; then
|
|
||||||
mv orig/* ..
|
|
||||||
rmdir orig
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Install dependencies of gencontrol.py and debian/rules orig
|
|
||||||
# plus origtargz
|
|
||||||
- apt-get update
|
|
||||||
- |
|
|
||||||
eatmydata apt-get install --no-install-recommends -y \
|
|
||||||
debhelper \
|
|
||||||
devscripts \
|
|
||||||
git \
|
|
||||||
kernel-wedge \
|
|
||||||
python3 \
|
|
||||||
python3-dacite \
|
|
||||||
python3-debian \
|
|
||||||
python3-jinja2 \
|
|
||||||
quilt \
|
|
||||||
rsync
|
|
||||||
|
|
||||||
- version=$(dpkg-parsechangelog -SVersion)
|
|
||||||
- upstream_version=$(echo $version | sed 's/-[^-]*$//')
|
|
||||||
|
|
||||||
# Merge upstream source
|
|
||||||
- USCAN_VCS_EXPORT_UNCOMPRESSED=yes origtargz -dt
|
|
||||||
- debian/rules orig
|
|
||||||
|
|
||||||
# Fudge source version and distribution *before* gencontrol.py
|
|
||||||
- sed -i -e '1 s/) [^;]*/+salsaci) UNRELEASED/' debian/changelog
|
|
||||||
- version=${version}+salsaci
|
|
||||||
|
|
||||||
# Run gencontrol.py
|
|
||||||
# - create temporary log
|
|
||||||
- log="$(mktemp)"
|
|
||||||
# - invoke debian/control-real rule and log output
|
|
||||||
- |
|
|
||||||
rc=0; debian/rules debian/control-real >"$log" 2>&1 || rc=$?
|
|
||||||
- cat "$log"
|
|
||||||
# - check for success message and error code
|
|
||||||
- test $rc = 2
|
|
||||||
- grep -q 'been generated SUCCESSFULLY' "$log"
|
|
||||||
|
|
||||||
# Put packed source in artifacts
|
|
||||||
- dpkg-buildpackage -uc -us -S -sa -d
|
|
||||||
- mkdir -p ${WORKING_DIR}
|
|
||||||
- cp ../linux_${upstream_version}.orig.tar.xz ${WORKING_DIR}
|
|
||||||
- mv ../linux_${version}.dsc ../linux_${version}.debian.tar.xz ${WORKING_DIR}
|
|
||||||
|
|
||||||
# Move orig tarballs back to where GitLab wants them
|
|
||||||
- mkdir orig
|
|
||||||
- mv ../*.orig.tar.* orig
|
|
||||||
|
|
||||||
build:
|
|
||||||
stage: build
|
|
||||||
timeout: 3 hours
|
|
||||||
image: $SALSA_CI_IMAGES_BASE
|
|
||||||
cache:
|
|
||||||
key: "build-${BUILD_ARCH}_${HOST_ARCH}"
|
|
||||||
paths:
|
|
||||||
- .ccache
|
|
||||||
extends:
|
|
||||||
- .artifacts-default-expire
|
|
||||||
rules:
|
|
||||||
- if: $CI_COMMIT_TAG != null
|
|
||||||
when: never
|
|
||||||
- when: always
|
|
||||||
variables:
|
|
||||||
CCACHE_TMP_DIR: ${CI_PROJECT_DIR}/../.ccache
|
|
||||||
CCACHE_WORK_DIR: ${CI_PROJECT_DIR}/.ccache
|
|
||||||
DB_BUILD_PARAM: ${SALSA_CI_DPKG_BUILDPACKAGE_ARGS}
|
|
||||||
DB_BUILD_TYPE: full
|
|
||||||
artifacts:
|
|
||||||
exclude:
|
|
||||||
- ${WORKING_DIR}/${SOURCE_DIR}/**/*
|
|
||||||
script:
|
|
||||||
# Unpack the source
|
|
||||||
- |
|
|
||||||
apt-get update && eatmydata apt-get install --no-install-recommends -y \
|
|
||||||
dpkg-dev
|
|
||||||
- dpkg-source -x ${WORKING_DIR}/*.dsc ${WORKING_DIR}/${SOURCE_DIR}
|
|
||||||
|
|
||||||
# Do the same as the common .build-definition script
|
|
||||||
- !reference [.build-before-script]
|
|
||||||
- !reference [.build-script]
|
|
||||||
- mv ${CCACHE_TMP_DIR} ${CCACHE_WORK_DIR}
|
|
||||||
dependencies:
|
|
||||||
- extract-source
|
|
||||||
|
|
||||||
build-arm64:
|
|
||||||
extends: build
|
|
||||||
image: $SALSA_CI_IMAGES_BASE_ARM64
|
|
||||||
variables:
|
|
||||||
BUILD_ARCH: 'arm64'
|
|
||||||
tags:
|
|
||||||
- arm64
|
|
||||||
rules:
|
|
||||||
- if: $DEBIAN_KERNEL_DISABLE_BUILD_PACKAGE_ARM64 =~ /^(1|yes|true)$/
|
|
||||||
when: never
|
|
||||||
# Make it possible to override the rules below. E.g. when a project fork
|
|
||||||
# has an ARM64 runner available.
|
|
||||||
- if: $DEBIAN_KERNEL_ENABLE_BUILD_PACKAGE_ARM64 =~ /^(1|yes|true)$/
|
|
||||||
when: always
|
|
||||||
# While there isn't an ARM shared runner avilable, let's run this job
|
|
||||||
# manually in forks of the kernel-team/linux project, and in branches other
|
|
||||||
# than the default branch, and allow it to fail in that case
|
|
||||||
- if: $CI_PROJECT_NAMESPACE != "kernel-team"
|
|
||||||
allow_failure: true
|
|
||||||
when: manual
|
|
||||||
- if: $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH
|
|
||||||
allow_failure: true
|
|
||||||
when: manual
|
|
||||||
- when: always
|
|
||||||
|
|
||||||
# The folllowing jobs are the standard tests, excluding any that
|
|
||||||
# require building again
|
|
||||||
|
|
||||||
lintian:
|
|
||||||
extends: .test-lintian
|
|
||||||
script:
|
|
||||||
- lintian --suppress-tags "${SALSA_CI_LINTIAN_SUPPRESS_TAGS}" --display-info --pedantic --fail-on error --allow-root ${SALSA_CI_LINTIAN_SHOW_OVERRIDES_ARG} ${SALSA_CI_LINTIAN_ARGS} ${WORKING_DIR}/*.changes | tee lintian.output || ECODE=$?
|
|
||||||
- lintian2junit.py --lintian-file lintian.output > ${WORKING_DIR}/lintian.xml
|
|
||||||
- exit ${ECODE-0}
|
|
||||||
needs:
|
|
||||||
- job: build
|
|
||||||
artifacts: true
|
|
||||||
- job: build-signed
|
|
||||||
artifacts: true
|
|
||||||
|
|
||||||
autopkgtest:
|
|
||||||
extends: .test-autopkgtest
|
|
||||||
|
|
||||||
blhc:
|
|
||||||
extends: .test-blhc
|
|
||||||
|
|
||||||
piuparts:
|
|
||||||
extends: .test-piuparts
|
|
||||||
needs:
|
|
||||||
- job: build
|
|
||||||
artifacts: true
|
|
||||||
- job: build-signed
|
|
||||||
artifacts: true
|
|
||||||
|
|
||||||
missing-breaks:
|
|
||||||
extends: .test-missing-breaks
|
|
||||||
|
|
||||||
rc-bugs:
|
|
||||||
extends: .test-rc-bugs
|
|
||||||
|
|
||||||
# Python static checkers
|
|
||||||
|
|
||||||
python-static:
|
|
||||||
stage: test
|
|
||||||
image: $SALSA_CI_IMAGES_BASE
|
|
||||||
rules:
|
|
||||||
- if: $CI_COMMIT_TAG != null
|
|
||||||
when: never
|
|
||||||
- when: always
|
|
||||||
script:
|
|
||||||
- |
|
|
||||||
apt-get update && eatmydata apt-get install --no-install-recommends -y \
|
|
||||||
flake8 python3 python3-dacite python3-jinja2 python3-pytest
|
|
||||||
|
|
||||||
# Check Python modules under debian/lib and Python scripts under
|
|
||||||
# debian/bin or debian/rules.d.
|
|
||||||
- sources="$(mktemp)"
|
|
||||||
- find debian/lib/python -name '*.py' > "$sources"
|
|
||||||
- |
|
|
||||||
find debian/bin debian/rules.d -type f -perm /111 |
|
|
||||||
while read script; do
|
|
||||||
if awk '/^#!.*python/ { exit 0 } { exit 1 }' "$script"; then
|
|
||||||
echo "$script"
|
|
||||||
fi
|
|
||||||
done \
|
|
||||||
>> "$sources"
|
|
||||||
|
|
||||||
# Run both checkers and coalesce their results rather than exiting
|
|
||||||
# on first failure
|
|
||||||
- pass=true
|
|
||||||
- xargs flake8 --max-line-length=100 < "$sources" || pass=false
|
|
||||||
- py.test debian/lib/python || pass=false
|
|
||||||
- $pass
|
|
||||||
needs: []
|
|
||||||
|
|
||||||
# kconfig static check
|
|
||||||
|
|
||||||
kconfig-static:
|
|
||||||
stage: test
|
|
||||||
image: $SALSA_CI_IMAGES_BASE
|
|
||||||
rules:
|
|
||||||
- if: $CI_COMMIT_TAG != null
|
|
||||||
when: never
|
|
||||||
- when: always
|
|
||||||
script:
|
|
||||||
# Unpack source and apply featureset patches
|
|
||||||
- |
|
|
||||||
apt-get update && eatmydata apt-get install --no-install-recommends -y \
|
|
||||||
debhelper dpkg-dev git python3 python3-dacite quilt
|
|
||||||
- dpkg-source -x ${WORKING_DIR}/*.dsc ${WORKING_DIR}/${SOURCE_DIR}
|
|
||||||
- cd ${WORKING_DIR}/${SOURCE_DIR}
|
|
||||||
- debian/rules source
|
|
||||||
|
|
||||||
# Fetch kernel-team repository
|
|
||||||
- kernel_team_dir="$(mktemp -d)"
|
|
||||||
- |
|
|
||||||
git clone --depth=1 https://salsa.debian.org/kernel-team/kernel-team.git \
|
|
||||||
"$kernel_team_dir"
|
|
||||||
|
|
||||||
# Run process.py and treat any error output as a failure
|
|
||||||
- error_log="$(mktemp)"
|
|
||||||
- |
|
|
||||||
"$kernel_team_dir"/utils/kconfigeditor2/process.py . 2>"$error_log" \
|
|
||||||
|| true
|
|
||||||
- |
|
|
||||||
if [ -s "$error_log" ]; then cat "$error_log"; false; fi
|
|
||||||
needs:
|
|
||||||
- job: extract-source
|
|
||||||
artifacts: true
|
|
||||||
|
|
||||||
# Sign code with the test key and certificate, build and test that
|
|
||||||
|
|
||||||
sign-code:
|
|
||||||
stage: sign-code
|
|
||||||
image: $SALSA_CI_IMAGES_BASE
|
|
||||||
extends:
|
|
||||||
- .artifacts-default-expire
|
|
||||||
rules:
|
|
||||||
- if: $CI_COMMIT_TAG != null
|
|
||||||
when: never
|
|
||||||
- when: always
|
|
||||||
script:
|
|
||||||
- |
|
|
||||||
apt-get update && eatmydata apt-get install --no-install-recommends -y \
|
|
||||||
dpkg-dev git openssl python3 python3-debian sbsigntool
|
|
||||||
|
|
||||||
# Fetch kernel-team repository
|
|
||||||
- kernel_team_dir="$(mktemp -d)"
|
|
||||||
- |
|
|
||||||
git clone --depth=1 https://salsa.debian.org/kernel-team/kernel-team.git \
|
|
||||||
"$kernel_team_dir"
|
|
||||||
|
|
||||||
# Sign the code and build a source package
|
|
||||||
- |
|
|
||||||
"$kernel_team_dir"/scripts/debian-test-sign \
|
|
||||||
${WORKING_DIR}/linux_*_${BUILD_ARCH}.changes \
|
|
||||||
debian/certs/ci-test-sign/ci-test-sign-key.pem \
|
|
||||||
debian/certs/ci-test-sign/ci-test-sign.pem
|
|
||||||
artifacts:
|
|
||||||
paths:
|
|
||||||
- ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_*
|
|
||||||
needs:
|
|
||||||
- job: build
|
|
||||||
artifacts: true
|
|
||||||
|
|
||||||
build-signed:
|
|
||||||
stage: build-signed
|
|
||||||
image: $SALSA_CI_IMAGES_BASE
|
|
||||||
extends:
|
|
||||||
- .artifacts-default-expire
|
|
||||||
rules:
|
|
||||||
- if: $CI_COMMIT_TAG != null
|
|
||||||
when: never
|
|
||||||
- when: always
|
|
||||||
variables:
|
|
||||||
SALSA_CI_DPKG_BUILDPACKAGE_ARGS: ''
|
|
||||||
CCACHE_TMP_DIR: ${CI_PROJECT_DIR}/../.ccache
|
|
||||||
CCACHE_WORK_DIR: ${CI_PROJECT_DIR}/.ccache
|
|
||||||
DB_BUILD_PARAM: ${SALSA_CI_DPKG_BUILDPACKAGE_ARGS}
|
|
||||||
DB_BUILD_TYPE: full
|
|
||||||
script:
|
|
||||||
# Unpack the source
|
|
||||||
- |
|
|
||||||
apt-get update && eatmydata apt-get install --no-install-recommends -y \
|
|
||||||
dpkg-dev
|
|
||||||
- |
|
|
||||||
dpkg-source -x ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_*.dsc \
|
|
||||||
${WORKING_DIR}/${SOURCE_DIR}
|
|
||||||
|
|
||||||
# Install build-dependencies produced by build job
|
|
||||||
- |
|
|
||||||
apt-get install --no-install-recommends -y \
|
|
||||||
${WORKING_DIR}/linux-image-*-unsigned_*_${BUILD_ARCH}.deb
|
|
||||||
|
|
||||||
# Do the same as the common .build-definition script
|
|
||||||
- !reference [.build-before-script]
|
|
||||||
- !reference [.build-script]
|
|
||||||
- mv ${CCACHE_TMP_DIR} ${CCACHE_WORK_DIR}
|
|
||||||
artifacts:
|
|
||||||
# This should include the linux-signed source package, its binary
|
|
||||||
# packages, and (for piuparts) the versioned dependencies produced
|
|
||||||
# by the build job
|
|
||||||
paths:
|
|
||||||
- ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_*
|
|
||||||
- ${WORKING_DIR}/linux-headers-*_${BUILD_ARCH}.deb
|
|
||||||
- ${WORKING_DIR}/linux-headers-*-common_*_all.deb
|
|
||||||
- ${WORKING_DIR}/linux-image-*_${BUILD_ARCH}.deb
|
|
||||||
- ${WORKING_DIR}/linux-kbuild-*_${BUILD_ARCH}.deb
|
|
||||||
exclude:
|
|
||||||
- ${WORKING_DIR}/linux-image-*-unsigned_*_${BUILD_ARCH}.deb
|
|
||||||
needs:
|
|
||||||
- job: build
|
|
||||||
artifacts: true
|
|
||||||
- job: sign-code
|
|
||||||
artifacts: true
|
|
Loading…
Reference in New Issue
Block a user