Skip to content

feat(action): add coreboot blobs into GetSources #2118

feat(action): add coreboot blobs into GetSources

feat(action): add coreboot blobs into GetSources #2118

Workflow file for this run

---
# Example of using firmware-action
name: example
on:
pull_request:
pull_request_review:
types: ['submitted']
merge_group:
push:
branches: ['main']
tags: ['v*']
env:
APPLY_FIXES: none
APPLY_FIXES_EVENT: pull_request
APPLY_FIXES_MODE: commit
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }}
cancel-in-progress: true
permissions:
contents: read
jobs:
# Status check for all jobs below
# This is to allow SKIPPED be considered as SUCCESS
status-check-example:
runs-on: ubuntu-latest
if: always()
needs:
- build-coreboot
- build-linux
- build-edk2
- build-stitching
- build-uroot
- test-operating-systems
steps:
- name: Check status
uses: re-actors/alls-green@release/v1
with:
allowed-skips: ${{ toJSON(needs) }}
jobs: ${{ toJSON(needs) }}
# Check we jobs should be ran or skipped
skip-check:
runs-on: ubuntu-latest
# Required permissions
permissions:
pull-requests: read
outputs:
changes: ${{ steps.filter.outputs.changes }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
changes:
- '.github/workflows/example.yml'
- 'docker/**'
- 'tests/**'
- 'action.yml'
- 'action/**'
# Change detection in action golang code
changes:
runs-on: ubuntu-latest
needs: skip-check
# Required permissions
permissions:
pull-requests: read
outputs:
compile: ${{ steps.compile.outputs.compile }}
if: ${{ needs.skip-check.outputs.changes == 'true' }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get latest release
id: semver
uses: ietf-tools/semver-action@v1
with:
token: ${{ github.token }}
branch: ${{ github.ref }}
noVersionBumpBehavior: patch
- name: Filter
uses: dorny/paths-filter@v3
id: filter
with:
filters: |
action:
- 'action/**'
- name: Compile
id: compile
# Require compilation if changes in action golang code or if any breaking changes since last release
run: |
if [ "${{ steps.semver.outputs.bump }}" == "major" ] || [ "${{ steps.filter.outputs.action }}" == "true" ]; then
echo "compile=true" >> "${GITHUB_OUTPUT}"
else
echo "compile=false" >> "${GITHUB_OUTPUT}"
fi
# Example of building coreboot
# ANCHOR: example_build_coreboot
build-coreboot:
needs:
- changes
- skip-check
strategy:
fail-fast: false
matrix:
coreboot-version: ['4.19', '4.20.1', '4.21', '24.02']
arch: ['amd64', 'arm64']
runs-on: ${{ matrix.arch == 'arm64' && 'ARM64' || 'ubuntu-latest' }}
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }}
# Skip if pull_request_review on PR not made by a bot
steps:
- name: Cleanup
run: |
rm -rf ./* || true
rm -rf ./.??* || true
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Restore cached coreboot repo
uses: actions/cache/restore@v4
id: cache-repo
with:
path: ./my_super_dooper_awesome_coreboot
key: coreboot-${{ matrix.coreboot-version }}
- name: Clone coreboot repo
if: steps.cache-repo.outputs.cache-hit != 'true'
run: |
git clone --branch "${{ matrix.coreboot-version }}" --depth 1 https://review.coreboot.org/coreboot my_super_dooper_awesome_coreboot
- name: Store coreboot repo in cache
uses: actions/cache/save@v4
if: steps.cache-repo.outputs.cache-hit != 'true'
with:
path: ./my_super_dooper_awesome_coreboot
key: coreboot-${{ matrix.coreboot-version }}
- name: Move my defconfig into place (filename must not contain '.defconfig')
run: |
mv "tests/coreboot_${{ matrix.coreboot-version }}/seabios.defconfig" "seabios_defconfig"
- name: firmware-action
uses: ./
# uses: 9elements/firmware-action
with:
config: 'tests/example_config__coreboot.json'
target: 'coreboot-example'
recursive: 'false'
compile: ${{ needs.changes.outputs.compile }}
env:
COREBOOT_VERSION: ${{ matrix.coreboot-version }}
- name: Get artifacts
uses: actions/upload-artifact@v4
with:
name: coreboot-${{ matrix.coreboot-version }}-${{ matrix.arch }}
path: output-coreboot
retention-days: 14
# ANCHOR_END: example_build_coreboot
# Example of building Linux kernel
# ANCHOR: example_build_linux_kernel
build-linux:
needs:
- changes
- skip-check
strategy:
fail-fast: false
matrix:
linux-version: ['6.1.45', '6.1.111', '6.6.52', '6.9.9', '6.11']
arch: ['amd64', 'arm64']
runs-on: ${{ matrix.arch == 'arm64' && 'ARM64' || 'ubuntu-latest' }}
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }}
# Skip if pull_request_review on PR not made by a bot
steps:
- name: Cleanup
run: |
rm -rf ./* || true
rm -rf ./.??* || true
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Restore cached linux source
id: cache-repo
uses: actions/cache/restore@v4
with:
path: ./linux-${{ matrix.linux-version }}.tar.xz
key: linux-${{ matrix.linux-version }}
- name: Prepare linux kernel
run: |
# Download source files
wget --quiet --continue "https://cdn.kernel.org/pub/linux/kernel/v${LINUX_MAJOR_VERSION}.x/linux-${{ matrix.linux-version }}.tar.xz"
wget --quiet "https://cdn.kernel.org/pub/linux/kernel/v${LINUX_MAJOR_VERSION}.x/linux-${{ matrix.linux-version }}.tar.sign"
unxz --keep "linux-${{ matrix.linux-version }}.tar.xz" >/dev/null
# Verify GPG signature
gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org
gpg2 --verify "linux-${{ matrix.linux-version }}.tar.sign"
# Extract
tar -xvf "linux-${{ matrix.linux-version }}.tar"
env:
LINUX_MAJOR_VERSION: 6
- name: Store linux source in cache
uses: actions/cache/save@v4
if: steps.cache-repo.outputs.cache-hit != 'true'
with:
path: ./linux-${{ matrix.linux-version }}.tar.xz
key: linux-${{ matrix.linux-version }}
- name: Move my defconfig into place (filename must not contain '.defconfig')
run: |
mv "tests/linux_${{ matrix.linux-version }}/linux.defconfig" "ci_defconfig"
- name: firmware-action
uses: ./
# uses: 9elements/firmware-action
with:
config: 'tests/example_config__linux.json'
target: 'linux-example'
recursive: 'false'
compile: ${{ needs.changes.outputs.compile }}
env:
LINUX_VERSION: ${{ matrix.linux-version }}
SYSTEM_ARCH: ${{ matrix.arch }}
- name: Get artifacts
uses: actions/upload-artifact@v4
with:
name: linux-${{ matrix.linux-version }}-${{ matrix.arch }}
path: output-linux
retention-days: 14
# ANCHOR_END: example_build_linux_kernel
# Example of building EDK2
# ANCHOR: example_build_edk2
build-edk2:
runs-on: ubuntu-latest
needs:
- changes
- skip-check
strategy:
fail-fast: false
matrix:
edk2-version: ['edk2-stable202208', 'edk2-stable202211']
# TODO
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }}
# Skip if pull_request_review on PR not made by a bot
steps:
- name: Cleanup
run: |
rm -rf ./* || true
rm -rf ./.??* || true
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Restore cached edk2 repo
uses: actions/cache/restore@v4
id: cache-repo
with:
path: ./Edk2
key: edk2-${{ matrix.edk2-version }}
- name: Clone edk2 repo
if: steps.cache-repo.outputs.cache-hit != 'true'
run: |
git clone --recurse-submodules --branch "${{ matrix.edk2-version }}" --depth 1 https://github.com/tianocore/edk2.git Edk2
- name: Prepare file with build arguments
run: |
echo "-D BOOTLOADER=COREBOOT -D TPM_ENABLE=TRUE -D NETWORK_IPXE=TRUE" > "edk2_config.cfg"
- name: Store edk2 repo in cache
uses: actions/cache/save@v4
if: steps.cache-repo.outputs.cache-hit != 'true'
with:
path: ./Edk2
key: edk2-${{ matrix.edk2-version }}
- name: Get versions of edk2
id: edk2_versions
run: |
echo "ver_current=$( echo ${{ matrix.edk2-version }} | tr -cd '0-9' )" >> "${GITHUB_OUTPUT}"
echo "ver_breaking=$( echo 'edk2-stable202305' | tr -cd '0-9' )" >> "${GITHUB_OUTPUT}"
- name: Use GCC5 for old edk2
id: gcc_toolchain
# GCC5 is deprecated since edk2-stable202305
# For more information see https://github.com/9elements/firmware-action/issues/340
run: |
if [[ ! ${{ steps.edk2_versions.outputs.ver_current }} < ${{ steps.edk2_versions.outputs.ver_breaking }} ]]; then
echo "gcc_toolchain_version=GCC" >> "${GITHUB_OUTPUT}"
else
echo "gcc_toolchain_version=GCC5" >> "${GITHUB_OUTPUT}"
fi
- name: firmware-action
uses: ./
# uses: 9elements/firmware-action
with:
config: 'tests/example_config__edk2.json'
target: 'edk2-example'
recursive: 'false'
compile: ${{ needs.changes.outputs.compile }}
env:
EDK2_VERSION: ${{ matrix.edk2-version }}
GCC_TOOLCHAIN_VERSION: ${{ steps.gcc_toolchain.outputs.gcc_toolchain_version }}
- name: Get artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.edk2-version }}
path: output-edk2
retention-days: 14
# ANCHOR_END: example_build_edk2
# Example of building Firmware Stitching
# ANCHOR: example_build_stitch
build-stitching:
needs:
- changes
- skip-check
strategy:
fail-fast: false
matrix:
coreboot-version: ['4.19']
arch: ['amd64', 'arm64']
runs-on: ${{ matrix.arch == 'arm64' && 'ARM64' || 'ubuntu-latest' }}
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }}
# Skip if pull_request_review on PR not made by a bot
steps:
- name: Cleanup
run: |
rm -rf ./* || true
rm -rf ./.??* || true
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Restore cached coreboot-blobs repo
uses: actions/cache/restore@v4
id: cache-repo
with:
path: ./stitch
key: coreboot-blobs-${{ matrix.coreboot-version }}
- name: Clone blobs repo
if: steps.cache-repo.outputs.cache-hit != 'true'
run: |
git clone --depth 1 https://review.coreboot.org/blobs stitch
- name: Store coreboot-blobs repo in cache
uses: actions/cache/save@v4
if: steps.cache-repo.outputs.cache-hit != 'true'
with:
path: ./stitch
key: coreboot-blobs-${{ matrix.coreboot-version }}
- name: firmware-action
uses: ./
# uses: 9elements/firmware-action
with:
config: 'tests/example_config__firmware_stitching.json'
target: 'stitching-example'
recursive: 'false'
compile: ${{ needs.changes.outputs.compile }}
env:
COREBOOT_VERSION: ${{ matrix.coreboot-version }}
- name: Get artifacts
uses: actions/upload-artifact@v4
with:
name: stitch-${{ matrix.coreboot-version }}-${{ matrix.arch }}
path: output-stitch
retention-days: 14
# ANCHOR_END: example_build_stitch
# Example of building u-root
# ANCHOR: example_build_uroot
build-uroot:
needs:
- changes
- skip-check
strategy:
fail-fast: false
matrix:
uroot-version: ['0.14.0']
arch: ['amd64', 'arm64']
runs-on: ${{ matrix.arch == 'arm64' && 'ARM64' || 'ubuntu-latest' }}
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }}
# Skip if pull_request_review on PR not made by a bot
steps:
- name: Cleanup
run: |
rm -rf ./* || true
rm -rf ./.??* || true
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Restore cached u-root repo
uses: actions/cache/restore@v4
id: cache-repo
with:
path: ./u-root
key: u-root-${{ matrix.uroot-version }}
- name: Clone u-root repo
if: steps.cache-repo.outputs.cache-hit != 'true'
run: |
git clone --depth 1 --branch v${{ matrix.uroot-version }} https://github.com/u-root/u-root.git || true
- name: Store u-root repo in cache
uses: actions/cache/save@v4
if: steps.cache-repo.outputs.cache-hit != 'true'
with:
path: ./u-root
key: u-root-${{ matrix.uroot-version }}
- name: firmware-action
uses: ./
# uses: 9elements/firmware-action
with:
config: 'tests/example_config__uroot.json'
target: 'u-root-example'
recursive: 'false'
compile: ${{ needs.changes.outputs.compile }}
env:
UROOT_VERSION: ${{ matrix.uroot-version }}
- name: Get artifacts
uses: actions/upload-artifact@v4
with:
name: uroot-${{ matrix.uroot-version }}-${{ matrix.arch }}
path: output-uroot
retention-days: 14
# ANCHOR_END: example_build_uroot
# Example of running on non-Linux systems
test-operating-systems:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
uroot-version: ['0.14.0']
runs-on: ${{ matrix.os }}
needs:
- changes
- skip-check
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }}
# Skip if pull_request_review on PR not made by a bot
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Restore cached u-root repo
uses: actions/cache/restore@v4
id: cache-repo
with:
path: ./u-root
key: u-root-${{ matrix.uroot-version }}
- name: Clone u-root repo
if: steps.cache-repo.outputs.cache-hit != 'true'
run: |
git clone --depth 1 --branch v${{ matrix.uroot-version }} https://github.com/u-root/u-root.git
- name: Store u-root repo in cache
uses: actions/cache/save@v4
if: steps.cache-repo.outputs.cache-hit != 'true'
with:
path: ./u-root
key: u-root-${{ matrix.uroot-version }}
- name: Install docker
if: ${{ runner.os == 'macOS' }}
run: |
brew install docker
brew install colima
brew services start colima
- name: firmware-action
continue-on-error: true
# This one fails on Windows and MacOS
# Since we do not have any real use-case right now, I will not fix it
uses: ./
with:
config: 'tests/example_config.json'
target: 'u-root-example'
recursive: 'false'
compile: ${{ needs.changes.outputs.compile }}
env:
UROOT_VERSION: ${{ matrix.uroot-version }}