feat(action): add coreboot blobs into GetSources #2118
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Example of using firmware-action | |
name: example | |
on: | |
pull_request: | |
pull_request_review: | |
types: ['submitted'] | |
merge_group: | |
push: | |
branches: ['main'] | |
tags: ['v*'] | |
env: | |
APPLY_FIXES: none | |
APPLY_FIXES_EVENT: pull_request | |
APPLY_FIXES_MODE: commit | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.event_name }} | |
cancel-in-progress: true | |
permissions: | |
contents: read | |
jobs: | |
# Status check for all jobs below | |
# This is to allow SKIPPED be considered as SUCCESS | |
status-check-example: | |
runs-on: ubuntu-latest | |
if: always() | |
needs: | |
- build-coreboot | |
- build-linux | |
- build-edk2 | |
- build-stitching | |
- build-uroot | |
- test-operating-systems | |
steps: | |
- name: Check status | |
uses: re-actors/alls-green@release/v1 | |
with: | |
allowed-skips: ${{ toJSON(needs) }} | |
jobs: ${{ toJSON(needs) }} | |
# Check we jobs should be ran or skipped | |
skip-check: | |
runs-on: ubuntu-latest | |
# Required permissions | |
permissions: | |
pull-requests: read | |
outputs: | |
changes: ${{ steps.filter.outputs.changes }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
changes: | |
- '.github/workflows/example.yml' | |
- 'docker/**' | |
- 'tests/**' | |
- 'action.yml' | |
- 'action/**' | |
# Change detection in action golang code | |
changes: | |
runs-on: ubuntu-latest | |
needs: skip-check | |
# Required permissions | |
permissions: | |
pull-requests: read | |
outputs: | |
compile: ${{ steps.compile.outputs.compile }} | |
if: ${{ needs.skip-check.outputs.changes == 'true' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get latest release | |
id: semver | |
uses: ietf-tools/semver-action@v1 | |
with: | |
token: ${{ github.token }} | |
branch: ${{ github.ref }} | |
noVersionBumpBehavior: patch | |
- name: Filter | |
uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
action: | |
- 'action/**' | |
- name: Compile | |
id: compile | |
# Require compilation if changes in action golang code or if any breaking changes since last release | |
run: | | |
if [ "${{ steps.semver.outputs.bump }}" == "major" ] || [ "${{ steps.filter.outputs.action }}" == "true" ]; then | |
echo "compile=true" >> "${GITHUB_OUTPUT}" | |
else | |
echo "compile=false" >> "${GITHUB_OUTPUT}" | |
fi | |
# Example of building coreboot | |
# ANCHOR: example_build_coreboot | |
build-coreboot: | |
needs: | |
- changes | |
- skip-check | |
strategy: | |
fail-fast: false | |
matrix: | |
coreboot-version: ['4.19', '4.20.1', '4.21', '24.02'] | |
arch: ['amd64', 'arm64'] | |
runs-on: ${{ matrix.arch == 'arm64' && 'ARM64' || 'ubuntu-latest' }} | |
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }} | |
# Skip if pull_request_review on PR not made by a bot | |
steps: | |
- name: Cleanup | |
run: | | |
rm -rf ./* || true | |
rm -rf ./.??* || true | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Restore cached coreboot repo | |
uses: actions/cache/restore@v4 | |
id: cache-repo | |
with: | |
path: ./my_super_dooper_awesome_coreboot | |
key: coreboot-${{ matrix.coreboot-version }} | |
- name: Clone coreboot repo | |
if: steps.cache-repo.outputs.cache-hit != 'true' | |
run: | | |
git clone --branch "${{ matrix.coreboot-version }}" --depth 1 https://review.coreboot.org/coreboot my_super_dooper_awesome_coreboot | |
- name: Store coreboot repo in cache | |
uses: actions/cache/save@v4 | |
if: steps.cache-repo.outputs.cache-hit != 'true' | |
with: | |
path: ./my_super_dooper_awesome_coreboot | |
key: coreboot-${{ matrix.coreboot-version }} | |
- name: Move my defconfig into place (filename must not contain '.defconfig') | |
run: | | |
mv "tests/coreboot_${{ matrix.coreboot-version }}/seabios.defconfig" "seabios_defconfig" | |
- name: firmware-action | |
uses: ./ | |
# uses: 9elements/firmware-action | |
with: | |
config: 'tests/example_config__coreboot.json' | |
target: 'coreboot-example' | |
recursive: 'false' | |
compile: ${{ needs.changes.outputs.compile }} | |
env: | |
COREBOOT_VERSION: ${{ matrix.coreboot-version }} | |
- name: Get artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coreboot-${{ matrix.coreboot-version }}-${{ matrix.arch }} | |
path: output-coreboot | |
retention-days: 14 | |
# ANCHOR_END: example_build_coreboot | |
# Example of building Linux kernel | |
# ANCHOR: example_build_linux_kernel | |
build-linux: | |
needs: | |
- changes | |
- skip-check | |
strategy: | |
fail-fast: false | |
matrix: | |
linux-version: ['6.1.45', '6.1.111', '6.6.52', '6.9.9', '6.11'] | |
arch: ['amd64', 'arm64'] | |
runs-on: ${{ matrix.arch == 'arm64' && 'ARM64' || 'ubuntu-latest' }} | |
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }} | |
# Skip if pull_request_review on PR not made by a bot | |
steps: | |
- name: Cleanup | |
run: | | |
rm -rf ./* || true | |
rm -rf ./.??* || true | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Restore cached linux source | |
id: cache-repo | |
uses: actions/cache/restore@v4 | |
with: | |
path: ./linux-${{ matrix.linux-version }}.tar.xz | |
key: linux-${{ matrix.linux-version }} | |
- name: Prepare linux kernel | |
run: | | |
# Download source files | |
wget --quiet --continue "https://cdn.kernel.org/pub/linux/kernel/v${LINUX_MAJOR_VERSION}.x/linux-${{ matrix.linux-version }}.tar.xz" | |
wget --quiet "https://cdn.kernel.org/pub/linux/kernel/v${LINUX_MAJOR_VERSION}.x/linux-${{ matrix.linux-version }}.tar.sign" | |
unxz --keep "linux-${{ matrix.linux-version }}.tar.xz" >/dev/null | |
# Verify GPG signature | |
gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org | |
gpg2 --verify "linux-${{ matrix.linux-version }}.tar.sign" | |
# Extract | |
tar -xvf "linux-${{ matrix.linux-version }}.tar" | |
env: | |
LINUX_MAJOR_VERSION: 6 | |
- name: Store linux source in cache | |
uses: actions/cache/save@v4 | |
if: steps.cache-repo.outputs.cache-hit != 'true' | |
with: | |
path: ./linux-${{ matrix.linux-version }}.tar.xz | |
key: linux-${{ matrix.linux-version }} | |
- name: Move my defconfig into place (filename must not contain '.defconfig') | |
run: | | |
mv "tests/linux_${{ matrix.linux-version }}/linux.defconfig" "ci_defconfig" | |
- name: firmware-action | |
uses: ./ | |
# uses: 9elements/firmware-action | |
with: | |
config: 'tests/example_config__linux.json' | |
target: 'linux-example' | |
recursive: 'false' | |
compile: ${{ needs.changes.outputs.compile }} | |
env: | |
LINUX_VERSION: ${{ matrix.linux-version }} | |
SYSTEM_ARCH: ${{ matrix.arch }} | |
- name: Get artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: linux-${{ matrix.linux-version }}-${{ matrix.arch }} | |
path: output-linux | |
retention-days: 14 | |
# ANCHOR_END: example_build_linux_kernel | |
# Example of building EDK2 | |
# ANCHOR: example_build_edk2 | |
build-edk2: | |
runs-on: ubuntu-latest | |
needs: | |
- changes | |
- skip-check | |
strategy: | |
fail-fast: false | |
matrix: | |
edk2-version: ['edk2-stable202208', 'edk2-stable202211'] | |
# TODO | |
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }} | |
# Skip if pull_request_review on PR not made by a bot | |
steps: | |
- name: Cleanup | |
run: | | |
rm -rf ./* || true | |
rm -rf ./.??* || true | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Restore cached edk2 repo | |
uses: actions/cache/restore@v4 | |
id: cache-repo | |
with: | |
path: ./Edk2 | |
key: edk2-${{ matrix.edk2-version }} | |
- name: Clone edk2 repo | |
if: steps.cache-repo.outputs.cache-hit != 'true' | |
run: | | |
git clone --recurse-submodules --branch "${{ matrix.edk2-version }}" --depth 1 https://github.com/tianocore/edk2.git Edk2 | |
- name: Prepare file with build arguments | |
run: | | |
echo "-D BOOTLOADER=COREBOOT -D TPM_ENABLE=TRUE -D NETWORK_IPXE=TRUE" > "edk2_config.cfg" | |
- name: Store edk2 repo in cache | |
uses: actions/cache/save@v4 | |
if: steps.cache-repo.outputs.cache-hit != 'true' | |
with: | |
path: ./Edk2 | |
key: edk2-${{ matrix.edk2-version }} | |
- name: Get versions of edk2 | |
id: edk2_versions | |
run: | | |
echo "ver_current=$( echo ${{ matrix.edk2-version }} | tr -cd '0-9' )" >> "${GITHUB_OUTPUT}" | |
echo "ver_breaking=$( echo 'edk2-stable202305' | tr -cd '0-9' )" >> "${GITHUB_OUTPUT}" | |
- name: Use GCC5 for old edk2 | |
id: gcc_toolchain | |
# GCC5 is deprecated since edk2-stable202305 | |
# For more information see https://github.com/9elements/firmware-action/issues/340 | |
run: | | |
if [[ ! ${{ steps.edk2_versions.outputs.ver_current }} < ${{ steps.edk2_versions.outputs.ver_breaking }} ]]; then | |
echo "gcc_toolchain_version=GCC" >> "${GITHUB_OUTPUT}" | |
else | |
echo "gcc_toolchain_version=GCC5" >> "${GITHUB_OUTPUT}" | |
fi | |
- name: firmware-action | |
uses: ./ | |
# uses: 9elements/firmware-action | |
with: | |
config: 'tests/example_config__edk2.json' | |
target: 'edk2-example' | |
recursive: 'false' | |
compile: ${{ needs.changes.outputs.compile }} | |
env: | |
EDK2_VERSION: ${{ matrix.edk2-version }} | |
GCC_TOOLCHAIN_VERSION: ${{ steps.gcc_toolchain.outputs.gcc_toolchain_version }} | |
- name: Get artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.edk2-version }} | |
path: output-edk2 | |
retention-days: 14 | |
# ANCHOR_END: example_build_edk2 | |
# Example of building Firmware Stitching | |
# ANCHOR: example_build_stitch | |
build-stitching: | |
needs: | |
- changes | |
- skip-check | |
strategy: | |
fail-fast: false | |
matrix: | |
coreboot-version: ['4.19'] | |
arch: ['amd64', 'arm64'] | |
runs-on: ${{ matrix.arch == 'arm64' && 'ARM64' || 'ubuntu-latest' }} | |
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }} | |
# Skip if pull_request_review on PR not made by a bot | |
steps: | |
- name: Cleanup | |
run: | | |
rm -rf ./* || true | |
rm -rf ./.??* || true | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Restore cached coreboot-blobs repo | |
uses: actions/cache/restore@v4 | |
id: cache-repo | |
with: | |
path: ./stitch | |
key: coreboot-blobs-${{ matrix.coreboot-version }} | |
- name: Clone blobs repo | |
if: steps.cache-repo.outputs.cache-hit != 'true' | |
run: | | |
git clone --depth 1 https://review.coreboot.org/blobs stitch | |
- name: Store coreboot-blobs repo in cache | |
uses: actions/cache/save@v4 | |
if: steps.cache-repo.outputs.cache-hit != 'true' | |
with: | |
path: ./stitch | |
key: coreboot-blobs-${{ matrix.coreboot-version }} | |
- name: firmware-action | |
uses: ./ | |
# uses: 9elements/firmware-action | |
with: | |
config: 'tests/example_config__firmware_stitching.json' | |
target: 'stitching-example' | |
recursive: 'false' | |
compile: ${{ needs.changes.outputs.compile }} | |
env: | |
COREBOOT_VERSION: ${{ matrix.coreboot-version }} | |
- name: Get artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: stitch-${{ matrix.coreboot-version }}-${{ matrix.arch }} | |
path: output-stitch | |
retention-days: 14 | |
# ANCHOR_END: example_build_stitch | |
# Example of building u-root | |
# ANCHOR: example_build_uroot | |
build-uroot: | |
needs: | |
- changes | |
- skip-check | |
strategy: | |
fail-fast: false | |
matrix: | |
uroot-version: ['0.14.0'] | |
arch: ['amd64', 'arm64'] | |
runs-on: ${{ matrix.arch == 'arm64' && 'ARM64' || 'ubuntu-latest' }} | |
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }} | |
# Skip if pull_request_review on PR not made by a bot | |
steps: | |
- name: Cleanup | |
run: | | |
rm -rf ./* || true | |
rm -rf ./.??* || true | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Restore cached u-root repo | |
uses: actions/cache/restore@v4 | |
id: cache-repo | |
with: | |
path: ./u-root | |
key: u-root-${{ matrix.uroot-version }} | |
- name: Clone u-root repo | |
if: steps.cache-repo.outputs.cache-hit != 'true' | |
run: | | |
git clone --depth 1 --branch v${{ matrix.uroot-version }} https://github.com/u-root/u-root.git || true | |
- name: Store u-root repo in cache | |
uses: actions/cache/save@v4 | |
if: steps.cache-repo.outputs.cache-hit != 'true' | |
with: | |
path: ./u-root | |
key: u-root-${{ matrix.uroot-version }} | |
- name: firmware-action | |
uses: ./ | |
# uses: 9elements/firmware-action | |
with: | |
config: 'tests/example_config__uroot.json' | |
target: 'u-root-example' | |
recursive: 'false' | |
compile: ${{ needs.changes.outputs.compile }} | |
env: | |
UROOT_VERSION: ${{ matrix.uroot-version }} | |
- name: Get artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: uroot-${{ matrix.uroot-version }}-${{ matrix.arch }} | |
path: output-uroot | |
retention-days: 14 | |
# ANCHOR_END: example_build_uroot | |
# Example of running on non-Linux systems | |
test-operating-systems: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, windows-latest, macos-latest] | |
uroot-version: ['0.14.0'] | |
runs-on: ${{ matrix.os }} | |
needs: | |
- changes | |
- skip-check | |
if: ${{ ! (github.event_name == 'pull_request_review' && github.actor != 'github-actions[bot]') && needs.skip-check.outputs.changes == 'true' }} | |
# Skip if pull_request_review on PR not made by a bot | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Restore cached u-root repo | |
uses: actions/cache/restore@v4 | |
id: cache-repo | |
with: | |
path: ./u-root | |
key: u-root-${{ matrix.uroot-version }} | |
- name: Clone u-root repo | |
if: steps.cache-repo.outputs.cache-hit != 'true' | |
run: | | |
git clone --depth 1 --branch v${{ matrix.uroot-version }} https://github.com/u-root/u-root.git | |
- name: Store u-root repo in cache | |
uses: actions/cache/save@v4 | |
if: steps.cache-repo.outputs.cache-hit != 'true' | |
with: | |
path: ./u-root | |
key: u-root-${{ matrix.uroot-version }} | |
- name: Install docker | |
if: ${{ runner.os == 'macOS' }} | |
run: | | |
brew install docker | |
brew install colima | |
brew services start colima | |
- name: firmware-action | |
continue-on-error: true | |
# This one fails on Windows and MacOS | |
# Since we do not have any real use-case right now, I will not fix it | |
uses: ./ | |
with: | |
config: 'tests/example_config.json' | |
target: 'u-root-example' | |
recursive: 'false' | |
compile: ${{ needs.changes.outputs.compile }} | |
env: | |
UROOT_VERSION: ${{ matrix.uroot-version }} |