Skip to content

zCustom

zCustom #18

Workflow file for this run

# ATTRIBUTION-AI: Some code here may have been generated by Github Copilot Chat, ChatGPT, or other LLM, etc. Usually, there will be a comment acknowledging this in files this file was derived from, or in previous versions of this file. Moreover, it is reasonable simply to state AI may have partially written some code in this file, and that any AI generated code is minimal, obvious, could not have been written any other way, deals solely with GitHub APIs, etc...
# Comments, unused code, etc, have unusually been kept minimal in this file, to distract less from understaning the flow of jobs, which is already somewhat more difficult to see plainly in YML scripting.
# ATTENTION: All qemu/KVM functionality is normally not used, and may be untested. Any 'bootOnce' feature should instead ALWAYS be integrated in upstream 'ubdist/OS'.
# ONLY possible use case for a derivative OS 'bootOnce' is to reconfigure FW for VERY unusual and limited Internet purposes related to re/establishing supply chain integrity (eg. to set write-once SECRETS signing keys for GitHub Actions, etc).
# Usually it is far more important to frequently build an updated 'live' dist/OS with the latest Linux kernel, etc, both to use immediately, and to save older versions as untampered backup copies. The fragility of an additional 'bootOnce' would be very inconsistnt with that purpose.
# WARNING: May be untested .
# WARNING: As much as ~100GB temporary storage may be required.
# https://docs.github.com/en/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners
# ubuntu-latest-m 4vCPU 16GB_RAM 150GB_disk
# ubuntu-latest-l 8vCPU 32GB_RAM 300GB_disk
# ubuntu-latest-h 32vCPU 128GB_RAM 1200GB_disk
name: zCustom
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
permissions:
actions: write
checks: read
contents: write
deployments: read
issues: none
packages: read
pull-requests: read
repository-projects: read
security-events: none
statuses: read
on:
#push:
workflow_dispatch:
inputs:
releaseOrigin:
required: false
default: DEFAULT
type: choice
options:
- DEFAULT
- soaringDistributions/ubDistBuild
- soaringDistributions/ubdist_dummy
releaseLabel:
required: false
#default: base
default: internal
type: choice
options:
- latest
- internal
- base
#devfast:
#type: boolean
#default: true
skimfast:
type: boolean
default: true
qemuNoKVM:
type: boolean
default: true
DISABLE_BOOT:
type: boolean
default: true
runnerName:
required: false
default: ubuntu-latest-m
type: choice
options:
- ubuntu-latest-m
- ubuntu-latest-l
- ubuntu-latest
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
#schedule:
#- cron: ''
# https://docs.github.com/en/actions/using-jobs/using-concurrency
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build_release:
runs-on: ubuntu-latest
steps:
- name: report! API Rate Limit
shell: bash
run: |
curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ""${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit
#curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq -r ".rate"
- uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: 'recursive'
- name: release! create
shell: bash
run: |
gh release create build-${{ github.run_id }}-${{ github.run_attempt }} --title build --notes ""
env:
GH_TOKEN: ${{ github.token }}
- name: report! API Rate Limit
shell: bash
run: |
curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ""${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit
#curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq -r ".rate"
build_before_noBoot:
needs: [build_release]
#runs-on: ${{ github.event.inputs.runnerName == '' && 'ubuntu-latest-m' || github.event.inputs.runnerName }}
runs-on: ubuntu-latest
steps:
- name: RAND_SEED
shell: bash
run: |
echo "$RAND_SEED" | tee /dev/urandom > /dev/null
echo "$RAND_SEED" | tee /dev/random > /dev/null
echo "$RAND_SEED" | sudo -n tee /dev/urandom > /dev/null
echo "$RAND_SEED" | sudo -n tee /dev/random > /dev/null
env:
RAND_SEED: ${{ secrets.RAND_SEED }}
- name: users
shell: bash
run: |
sudo -u ubuntu -n bash -c 'sudo -n useradd runner --non-unique -u $UID -g $UID' || true
sudo -u ubuntu -n bash -c 'sudo -n groupadd runner --non-unique -g $UID' || true
sudo -u runner -n bash -c 'sudo -n echo $USER $UID' || true
true
# https://github.com/easimon/maximize-build-space
- name: Maximize build space
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' && github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
uses: easimon/maximize-build-space@master
with:
root-reserve-mb: 1625
temp-reserve-mb: 50
swap-size-mb: 2
#remove-dotnet: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-dotnet: 'true'
#remove-android: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-android: 'true'
#remove-haskell: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-haskell: 'true'
#remove-codeql: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-codeql: 'true'
#remove-docker-images: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-docker-images: 'true'
- name: df
shell: bash
run: |
df -h
df -h /
# https://github.com/orgs/community/discussions/8305
# https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/
# https://github.com/actions/runner-images/discussions/7191
- name: Enable KVM group perms
if: ${{ github.event.inputs.runnerName == 'ubuntu-latest-m' || github.event.inputs.runnerName == 'ubuntu-latest-l' || github.event.inputs.runnerName == 'ubuntu-latest-h' }}
shell: bash
run: |
#echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo -n tee /etc/udev/rules.d/99-kvm4all.rules
echo 'KERNEL=="kvm", GROUP="docker", MODE="0664", OPTIONS+="static_node=kvm"' | sudo -n tee /etc/udev/rules.d/99-kvm4all.rules
sudo -n udevadm control --reload-rules
sudo -n udevadm trigger --name-match=kvm
sudo -n apt-get update
sudo -n apt-get install -y libvirt-clients libvirt-daemon-system libvirt-daemon virtinst bridge-utils qemu qemu-system-x86
sudo -n usermod -a -G kvm $USER
sudo -n usermod -a -G libvirt $USER
sudo -n usermod -a -G docker $USER
sudo -n adduser $USER kvm
#sudo -n chown -R $USER:kvm /dev/kvm
sudo -n chown -R $USER:docker /dev/kvm
ls -l /dev/kvm
ls -l /dev/kvm*
echo $USER
groups
sudo -n lsmod | grep kvm
sudo -n modprobe -r kvm_intel
sudo -n modprobe -r kvm_amd
sudo -n modprobe -r kvm
( grep --color vmx /proc/cpuinfo && sudo -n modprobe kvm_intel ) || ( grep --color svm /proc/cpuinfo && sudo -n modprobe kvm_amd )
sudo -n modprobe kvm
sudo -n lsmod | grep kvm
#sudo -n chown -R $USER:kvm /dev/kvm
sudo -n chown -R $USER:docker /dev/kvm
ls -l /dev/kvm
ls -l /dev/kvm*
- name: Check KVM group perms
if: ${{ github.event.inputs.runnerName == 'ubuntu-latest-m' || github.event.inputs.runnerName == 'ubuntu-latest-l' || github.event.inputs.runnerName == 'ubuntu-latest-h' }}
shell: bash
run: |
grep --color svm /proc/cpuinfo || true
grep --color vmx /proc/cpuinfo || true
sudo -n lsmod | grep kvm
ls -l /dev/kvm
ls -l /dev/kvm*
echo $USER
groups
- name: _getCore_ub
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
timeout-minutes: 90
run: |
mkdir -p ~/core/infrastructure
cd ~/core/infrastructure
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git
cd ubiquitous_bash
./_setupUbiquitous.bat
- uses: actions/checkout@v3
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
with:
submodules: recursive
- name: _getMinimal_cloud
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
! ./ubiquitous_bash.sh _getMinimal_cloud && exit 1
true
#! sudo -n apt-get -y clean && exit 1
df -h
df -h /
timeout-minutes: 355
- name: _getMost-xvfb
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
#! ./ubiquitous_bash.sh _getMost && exit 1
#true
#! sudo -n apt-get -y clean && exit 1
#! ./ubiquitous_bash.sh _getMost_debian11_aptSources && exit 1
#sudo -n apt-get update
#! sudo -n apt-get -d install -y virtualbox-7.0 && exit 1
#! sudo -n ./ubiquitous_bash.sh _getMost_ubuntu22-VBoxManage && exit 1
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y xvfb
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y x11-apps
df -h
df -h /
timeout-minutes: 355
- name: _test_hash_legacy
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
if [[ -e "/etc/ssl/openssl_legacy.cnf" ]]
then
echo -n | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256
exit ${PIPESTATUS[0]}
else
echo -n | openssl dgst -whirlpool -binary | xxd -p -c 256
exit ${PIPESTATUS[0]}
fi
- name: mkdir _local
shell: bash
run: |
mkdir -p ./_local
- name: _true
if: ${{ github.event.inputs.skimfast != 'true' }}
shell: bash
run: |
./_true | sudo -n tee ./_local/_true.log && exit ${PIPESTATUS[0]}
- name: _false
if: ${{ github.event.inputs.skimfast != 'true' }}
shell: bash
run: |
( ! ./_false ) | sudo -n tee ./_local/_false.log && exit ${PIPESTATUS[0]}
- name: lscpu
#if: ${{ github.event.inputs.skimfast != 'true' }}
shell: bash
run: |
lscpu
- name: cpuinfo
if: ${{ github.event.inputs.skimfast != 'true' }}
shell: bash
run: |
cat /proc/cpuinfo
- name: sev/AMD
shell: bash
run: |
cat /proc/cpuinfo | grep 'model name'
echo
echo 'cat /sys/module/kvm_amd/parameters/sev'
cat /sys/module/kvm_amd/parameters/sev || true
echo 'dmesg | grep -i sev'
sudo -n dmesg | grep -i sev || true
true
- name: sgx/Intel
shell: bash
run: |
cat /proc/cpuinfo | grep 'model name'
echo
echo 'grep sgx /proc/cpuinfo'
grep sgx /proc/cpuinfo || true
echo 'dmesg | grep sgx'
sudo -n dmesg | grep -i sgx || true
# Apparently normal: ' sgx: [Firmware Bug]: Unable to map EPC section to online node. Fallback to the NUMA node 0. '
true
- name: _get_vmImg_ubDistBuild
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
current_releaseOrigin="${{ inputs.releaseOrigin }}"
( [[ "$current_releaseOrigin" == "" ]] || [[ "$current_releaseOrigin" == "DEFAULT" ]] ) && current_releaseOrigin=$(head -n1 ./.github/workflows/DEFAULT_releaseOrigin.txt)
[[ "$current_releaseOrigin" == "" ]] && current_releaseOrigin="soaringDistributions/ubDistBuild"
current_releaseLabel="${{ inputs.releaseLabel }}"
#[[ "$current_releaseLabel" == "" ]] && current_releaseLabel="base"
[[ "$current_releaseLabel" == "" ]] && current_releaseLabel="latest"
[[ "$current_releaseLabel" == "latest" ]] && current_releaseLabel=""
#export FORCE_AXEL=8
#./ubiquitous_bash.sh _get_vmImg_ubDistBuild "latest"
# DANGER: Github Actions (strictly internal) ONLY!
export FORCE_AXEL=8
export MANDATORY_HASH="true"
cd ./_local
rm -f hash-download.txt
../ubiquitous_bash.sh _wget_githubRelease_join-stdout "$current_releaseOrigin" "$current_releaseLabel" "package_image.tar.flx" 2> /dev/null | tee >(../ubiquitous_bash.sh _get_extract_ubDistBuild-tar --extract ./vm.img --to-stdout | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 > hash-download.txt) | ../ubiquitous_bash.sh _get_extract_ubDistBuild
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: fallocate --dig-holes
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
fallocate --dig-holes ./_local/vm.img
- name: _hash_img
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
export skimfast=${{ github.event.inputs.skimfast }}
echo $skimfast
#./ubiquitous_bash.sh _hash_img
cat _local/hash-download.txt
- name: zSpecial_report-delete
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
! ./ubiquitous_bash.sh _openChRoot && exit 1
./ubiquitous_bash.sh _chroot rm -f /dpkg
./ubiquitous_bash.sh _chroot rm -f /lsmodReport
./ubiquitous_bash.sh _chroot rm -f /binReport
./ubiquitous_bash.sh _chroot rm -f /coreReport
./ubiquitous_bash.sh _chroot rm -f /cfgFW.log
./ubiquitous_bash.sh _chroot rm -f /FW-done
! ./ubiquitous_bash.sh _closeChRoot && exit 1
true
- name: Force KVM group perms
if: ${{ github.event.inputs.runnerName == 'ubuntu-latest-m' || github.event.inputs.runnerName == 'ubuntu-latest-l' || github.event.inputs.runnerName == 'ubuntu-latest-h' }}
shell: bash
run: |
sudo -n ls -l /dev/kvm
sudo -n ls -l /dev/kvm*
sudo -n chown -R $USER:docker /dev/kvm
sudo -n chmod 664 /dev/kvm
echo
#grep --color svm /proc/cpuinfo || true
#grep --color vmx /proc/cpuinfo || true
sudo -n lsmod | grep kvm
ls -l /dev/kvm
ls -l /dev/kvm*
echo $USER
groups
echo
- name: _create_ubDistBuild-bootOnce
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
continue-on-error: true
run: |
export skimfast=${{ github.event.inputs.skimfast }}
echo skimfast $skimfast
[[ "$skimfast" == "" ]] && export skimfast=true
echo skimfast $skimfast
export qemuNoKVM=${{ github.event.inputs.qemuNoKVM }}
#[[ "$qemuNoKVM" == "" ]] && export qemuNoKVM=true
echo qemuNoKVM $qemuNoKVM
echo
export qemuXvfb="true"
echo qemuXvfb "$qemuXvfb"
mkdir -p ./_local/analysis/screenshots
#./ubiquitous_bash.sh _create_ubDistBuild-bootOnce | sudo -n tee ./_local/_create_ubDistBuild-bootOnce.log && exit ${PIPESTATUS[0]}
./ubiquitous_bash.sh _create_ubDistBuild-bootOnce-before_noBoot | sudo -n tee ./_local/_create_ubDistBuild-bootOnce.log && exit ${PIPESTATUS[0]}
#- name: _zSpecial_report
#shell: bash
#continue-on-error: true
#run: |
#./ubiquitous_bash.sh _zSpecial_report
#ls -l ./_local/grub.cfg
#ls -l ./_local/grubenv
#ls -l ./_local/dpkg
#ls -l ./_local/lsmodReport
#ls -l ./_local/binReport
#ls -l ./_local/coreReport
#ls -l ./_local/cfgFW.log
- name: artifacts
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
uses: actions/upload-artifact@v4
with:
name: convert-live-exhaustive---analysis-screenshots-10-fromImg
path: |
./_local/analysis/screenshots/*
#- name: artifacts
#uses: actions/upload-artifact@v4
#with:
#name: convert-live-exhaustive---analysis-log-10-fromImg
#path: |
#./_local/grub.cfg
#./_local/grubenv
#./_local/dpkg
#./_local/lsmodReport
#./_local/binReport
#./_local/coreReport
#./_local/cfgFW.log
- name: check! FAIL_bootOnce
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
! [[ -e ./_local/FAIL_bootOnce ]]
- name: _hash_img
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
export skimfast=${{ github.event.inputs.skimfast }}
echo $skimfast
./ubiquitous_bash.sh _hash_img
- name: release! hash! before_noBoot
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
mv -f ./_local/_hash-ubdist.txt ./_local/_hash-ubdist_before_noBoot.txt
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/_hash-ubdist_before_noBoot.txt
env:
GH_TOKEN: ${{ github.token }}
- name: report! cfgFW
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
! ./ubiquitous_bash.sh _openChRoot && exit 1
sudo -n cp -f "./_local/v/fs"/cfgFW.log "./_local"/cfgFW.log
sudo -n chown "$USER":"$USER" "./_local"/cfgFW.log
cat ./_local/cfgFW.log
rm -f ./_local/cfgFW.log
! ./ubiquitous_bash.sh _closeChRoot && exit 1
true
- name: fallocate --dig-holes
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
fallocate --dig-holes ./_local/vm.img
- name: _package_ubDistBuild_image
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
export skimfast=${{ github.event.inputs.skimfast }}
echo $skimfast
./ubiquitous_bash.sh _package_ubDistBuild_image | sudo -n tee ./_local/_package_ubDistBuild_image.log && exit ${PIPESTATUS[0]}
- name: _ubDistBuild_split_before_noBoot
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
./ubiquitous_bash.sh _ubDistBuild_split_before_noBoot | sudo -n tee ./_lib/_ubDistBuild_split_before_noBoot.log && exit ${PIPESTATUS[0]}
timeout-minutes: 355
- name: df
shell: bash
run: |
df -h
df -h /
- name: release! package_image_before_noBoot
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
#gh release create build-${{ github.run_id }}-${{ github.run_attempt }} --title build --notes ""
bash -c '
for currentFile in ./_local/package_image_before_noBoot.tar.flx.part*
do
./ubiquitous_bash.sh _stopwatch gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} "$currentFile" &
while [[ $(jobs | wc -l) -ge 12 ]]
do
sleep 2
done
done
wait
'
env:
GH_TOKEN: ${{ github.token }}
build:
needs: [build_before_noBoot, build_release]
runs-on: ${{ github.event.inputs.runnerName == '' && 'ubuntu-latest-m' || github.event.inputs.runnerName }}
steps:
- name: RAND_SEED
shell: bash
run: |
echo "$RAND_SEED" | tee /dev/urandom > /dev/null
echo "$RAND_SEED" | tee /dev/random > /dev/null
echo "$RAND_SEED" | sudo -n tee /dev/urandom > /dev/null
echo "$RAND_SEED" | sudo -n tee /dev/random > /dev/null
env:
RAND_SEED: ${{ secrets.RAND_SEED }}
- name: users
shell: bash
run: |
sudo -u ubuntu -n bash -c 'sudo -n useradd runner --non-unique -u $UID -g $UID' || true
sudo -u ubuntu -n bash -c 'sudo -n groupadd runner --non-unique -g $UID' || true
sudo -u runner -n bash -c 'sudo -n echo $USER $UID' || true
true
# https://github.com/easimon/maximize-build-space
- name: Maximize build space
if: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
uses: easimon/maximize-build-space@master
with:
root-reserve-mb: 1625
temp-reserve-mb: 50
swap-size-mb: 2
#remove-dotnet: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-dotnet: 'true'
#remove-android: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-android: 'true'
#remove-haskell: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-haskell: 'true'
#remove-codeql: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-codeql: 'true'
#remove-docker-images: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-docker-images: 'true'
- name: df
shell: bash
run: |
df -h
df -h /
- name: _getCore_ub
shell: bash
timeout-minutes: 90
run: |
mkdir -p ~/core/infrastructure
cd ~/core/infrastructure
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git
cd ubiquitous_bash
./_setupUbiquitous.bat
- name: _getMinimal_cloud
shell: bash
run: |
! ~/core/infrastructure/ubiquitous_bash/ubiquitous_bash.sh _getMinimal_cloud && exit 1
true
#! sudo -n apt-get -y clean && exit 1
df -h
df -h /
timeout-minutes: 90
- uses: actions/checkout@v3
with:
submodules: recursive
- name: _getMinimal_cloud
shell: bash
run: |
! ./ubiquitous_bash.sh _getMinimal_cloud && exit 1
true
#! sudo -n apt-get -y clean && exit 1
df -h
df -h /
timeout-minutes: 355
- name: _test_hash_legacy
shell: bash
run: |
if [[ -e "/etc/ssl/openssl_legacy.cnf" ]]
then
echo -n | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256
exit ${PIPESTATUS[0]}
else
echo -n | openssl dgst -whirlpool -binary | xxd -p -c 256
exit ${PIPESTATUS[0]}
fi
- name: _get_vmImg_ubDistBuild_before_noBoot
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }}
shell: bash
run: |
#export FORCE_AXEL=8
#./ubiquitous_bash.sh _get_vmImg_ubDistBuild "latest"
# DANGER: Github Actions (strictly internal) ONLY!
#export FORCE_AXEL=8
#export MANDATORY_HASH="true"
cd ./_local
rm -f hash-download.txt
../ubiquitous_bash.sh _wget_githubRelease_join-stdout "${{ github.repository }}" "" "package_image_before_noBoot.tar.flx" 2> /dev/null | tee >(../ubiquitous_bash.sh _get_extract_ubDistBuild-tar --extract ./vm.img --to-stdout | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 > hash-download.txt) | ../ubiquitous_bash.sh _get_extract_ubDistBuild
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: _get_vmImg_ubDistBuild
if: ${{ github.event.inputs.DISABLE_BOOT == 'true' }}
shell: bash
run: |
current_releaseOrigin="${{ inputs.releaseOrigin }}"
( [[ "$current_releaseOrigin" == "" ]] || [[ "$current_releaseOrigin" == "DEFAULT" ]] ) && current_releaseOrigin=$(head -n1 ./.github/workflows/DEFAULT_releaseOrigin.txt)
[[ "$current_releaseOrigin" == "" ]] && current_releaseOrigin="soaringDistributions/ubDistBuild"
current_releaseLabel="${{ inputs.releaseLabel }}"
#[[ "$current_releaseLabel" == "" ]] && current_releaseLabel="base"
[[ "$current_releaseLabel" == "" ]] && current_releaseLabel="latest"
[[ "$current_releaseLabel" == "latest" ]] && current_releaseLabel=""
#export FORCE_AXEL=8
#./ubiquitous_bash.sh _get_vmImg_ubDistBuild "latest"
# DANGER: Github Actions (strictly internal) ONLY!
export FORCE_AXEL=8
export MANDATORY_HASH="true"
cd ./_local
rm -f hash-download.txt
../ubiquitous_bash.sh _wget_githubRelease_join-stdout "$current_releaseOrigin" "$current_releaseLabel" "package_image.tar.flx" 2> /dev/null | tee >(../ubiquitous_bash.sh _get_extract_ubDistBuild-tar --extract ./vm.img --to-stdout | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 > hash-download.txt) | ../ubiquitous_bash.sh _get_extract_ubDistBuild
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: _hash_img
shell: bash
run: |
export skimfast=${{ inputs.skimfast }}
echo $skimfast
#./ubiquitous_bash.sh _hash_img
cat _local/hash-download.txt
- name: fallocate --dig-holes
shell: bash
run: |
fallocate --dig-holes ./_local/vm.img
- name: _create_ubDistBuild-install-ubDistBuild
shell: bash
run: |
./ubiquitous_bash.sh _create_ubDistBuild-install-ubDistBuild | sudo -n tee ./_create_ubDistBuild-install-ubDistBuild.log && exit ${PIPESTATUS[0]}
- name: scribe! info! github! custom
shell: bash
run: |
! ./ubiquitous_bash.sh _openChRoot && exit 1
! echo ${{ github.repository }} | ./ubiquitous_bash.sh _chroot tee /info-github-custom && exit 1
! echo build-${{ github.run_id }}-${{ github.run_attempt }} | ./ubiquitous_bash.sh _chroot tee -a /info-github-custom && exit 1
! date +"%Y-%m-%d" | ./ubiquitous_bash.sh _chroot tee -a /info-github-custom && exit 1
! ./ubiquitous_bash.sh _closeChRoot && exit 1
true
- name: _custom-expand
shell: bash
run: |
./ubiquitous_bash.sh _custom-expand
- name: _custom-repo
shell: bash
run: |
./ubiquitous_bash.sh _custom-repo || true
env:
GH_TOKEN: ${{ github.token }}
- name: _custom
shell: bash
run: |
./ubiquitous_bash.sh _custom || true
- name: _custom-bundle
shell: bash
run: |
./ubiquitous_bash.sh _custom-bundle || true
env:
GH_TOKEN: ${{ github.token }}
# ONLY enable if a replacement '_lib/custom/package_kde.tar.xz' is available and desired. This WILL fail if the file is not present, and this is NOT necessary unless a different customization is needed: it is better to rely on the upstream 'ubDistBuild' repository KDE configuration package installed for 'ubdist/OS' .
#- name: _rotten_install-kde
#shell: bash
#run: |
#./ubiquitous_bash.sh _create_ubDistBuild-rotten_install-kde
- name: _zSpecial_report-FORCE
shell: bash
continue-on-error: true
run: |
./ubiquitous_bash.sh _zSpecial_report-FORCE
ls -l ./_local/grub.cfg
ls -l ./_local/grubenv
ls -l ./_local/dpkg
ls -l ./_local/lsmodReport
ls -l ./_local/binReport
ls -l ./_local/coreReport
ls -l ./_local/cfgFW.log
- name: artifacts
uses: actions/upload-artifact@v4
with:
name: convert-live-exhaustive---analysis-log-10-fromImg
path: |
./_local/grub.cfg
./_local/grubenv
./_local/dpkg
./_local/lsmodReport
./_local/binReport
./_local/coreReport
./_local/cfgFW.log
- name: report! cfgFW
shell: bash
run: |
cat ./_local/cfgFW.log
- name: release! report! internal
shell: bash
run: |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/grub.cfg
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/grubenv
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/dpkg
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/lsmodReport
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/binReport
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/coreReport
cat /proc/cpuinfo > ./_local/cpuinfo
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/cpuinfo
env:
GH_TOKEN: ${{ github.token }}
- name: _hash_img
shell: bash
run: |
export skimfast=${{ inputs.skimfast }}
echo $skimfast
./ubiquitous_bash.sh _hash_img
- name: fallocate --dig-holes
shell: bash
run: |
fallocate --dig-holes ./_local/vm.img
- name: _package_ubDistBuild_image
shell: bash
run: |
export skimfast=${{ inputs.skimfast }}
echo $skimfast
./ubiquitous_bash.sh _package_ubDistBuild_image | sudo -n tee ./_local/_package_ubDistBuild_image.log && exit ${PIPESTATUS[0]}
- name: _ubDistBuild_split
shell: bash
run: |
./ubiquitous_bash.sh _ubDistBuild_split | sudo -n tee ./_lib/_ubDistBuild_split.log && exit ${PIPESTATUS[0]}
timeout-minutes: 355
- name: df
shell: bash
run: |
df -h
df -h /
- name: release! package_image
shell: bash
run: |
#gh release create build-${{ github.run_id }}-${{ github.run_attempt }} --title build --notes ""
bash -c '
for currentFile in ./_local/package_image.tar.flx.part*
do
./ubiquitous_bash.sh _stopwatch gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} "$currentFile" &
while [[ $(jobs | wc -l) -ge 12 ]]
do
sleep 2
done
done
wait
'
env:
GH_TOKEN: ${{ github.token }}
- name: release! delete! package_image_before_noBoot
shell: bash
continue-on-error: true
run: |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part00 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part01 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part02 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part03 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part04 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part05 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part06 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part07 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part08 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part09 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part10 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part11 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part12 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part13 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part14 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part15 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part16 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part17 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part18 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part19 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part20 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part21 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part22 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part23 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part24 --yes || true
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part25 --yes || true
true
env:
GH_TOKEN: ${{ github.token }}
build-convert-rootfs:
needs: [build, build_release]
runs-on: ${{ github.event.inputs.runnerName == '' && 'ubuntu-latest-m' || github.event.inputs.runnerName }}
steps:
- name: RAND_SEED
shell: bash
run: |
echo "$RAND_SEED" | tee /dev/urandom > /dev/null
echo "$RAND_SEED" | tee /dev/random > /dev/null
echo "$RAND_SEED" | sudo -n tee /dev/urandom > /dev/null
echo "$RAND_SEED" | sudo -n tee /dev/random > /dev/null
env:
RAND_SEED: ${{ secrets.RAND_SEED }}
- name: report! API Rate Limit
shell: bash
run: |
curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ""${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit
#curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq -r ".rate"
- name: users
shell: bash
run: |
sudo -u ubuntu -n bash -c 'sudo -n useradd runner --non-unique -u $UID -g $UID' || true
sudo -u ubuntu -n bash -c 'sudo -n groupadd runner --non-unique -g $UID' || true
sudo -u runner -n bash -c 'sudo -n echo $USER $UID' || true
true
# https://github.com/easimon/maximize-build-space
- name: Maximize build space
if: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
uses: easimon/maximize-build-space@master
with:
root-reserve-mb: 1625
temp-reserve-mb: 50
swap-size-mb: 2
#remove-dotnet: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-dotnet: 'true'
#remove-android: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-android: 'true'
#remove-haskell: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-haskell: 'true'
#remove-codeql: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-codeql: 'true'
#remove-docker-images: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-docker-images: 'true'
- name: df
shell: bash
run: |
df -h
df -h /
- name: _getCore_ub
shell: bash
run: |
mkdir -p ~/core/infrastructure
cd ~/core/infrastructure
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git
cd ubiquitous_bash
./_setupUbiquitous.bat
./ubiquitous_bash.sh _custom_splice_opensslConfig
- uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: 'recursive'
- name: _getMinimal_cloud
shell: bash
run: |
! ./ubiquitous_bash.sh _getMinimal_cloud && exit 1
true
#! sudo -n apt-get -y clean && exit 1
df -h
df -h /
timeout-minutes: 355
- name: _getMost-aria2
shell: bash
run: |
sudo -n apt-get -y clean
sudo -n apt-get update
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y aria2
timeout-minutes: 355
- name: _test_hash_legacy
shell: bash
run: |
if [[ -e "/etc/ssl/openssl_legacy.cnf" ]]
then
echo -n | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256
exit ${PIPESTATUS[0]}
else
echo -n | openssl dgst -whirlpool -binary | xxd -p -c 256
exit ${PIPESTATUS[0]}
fi
# ATTENTION: Either download recently built image from release, or create a DUMMY rootfs package.
# Usually, a DUMMY rootfs package should be created, as a derivative OS is normally created to reconfigure a bootable dist/OS for a special purpose, rather than to merely add features that could be added to the upstream ubdist/OS, and thus using a derivative dist/OS for WSL/docker/etc would not make sense.
# ###
#- name: _get_vmImg_ubDistBuild
#shell: bash
#run: |
##export FORCE_AXEL=8
##./ubiquitous_bash.sh _get_vmImg_ubDistBuild "latest"
## DANGER: Github Actions (strictly internal) ONLY!
##export FORCE_AXEL=8
##export MANDATORY_HASH="true"
#cd ./_local
#rm -f hash-download.txt
#../ubiquitous_bash.sh _wget_githubRelease_join-stdout "${{ github.repository }}" "" "package_image.tar.flx" 2> /dev/null | tee >(../ubiquitous_bash.sh _get_extract_ubDistBuild-tar --extract ./vm.img --to-stdout | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 > hash-download.txt) | ../ubiquitous_bash.sh _get_extract_ubDistBuild
#env:
#GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
#- name: fallocate --dig-holes
#shell: bash
#run: |
#fallocate --dig-holes ./_local/vm.img
#- name: _hash_img
#shell: bash
#run: |
#export skimfast=${{ inputs.skimfast }}
#echo $skimfast
##./ubiquitous_bash.sh _hash_img
#cat _local/hash-download.txt
#- name: _convert-rootfs
#shell: bash
#run: |
#export current_diskConstrained="true"
#./ubiquitous_bash.sh _convert_rm
#./ubiquitous_bash.sh _convert-rootfs | sudo -n tee ./_convert-rootfs.log && exit ${PIPESTATUS[0]}
# ###
# ###
- name: DUMMY-rootfs
shell: bash
run: |
rm -f ./_local/package_rootfs.tar || true
rm -f ./_local/package_rootfs.tar.flx || true
#echo > ./_local/package_rootfs.tar
#echo > ./_local/package_rootfs.tar.flx
tar -cf - /dev/null > ./_local/package_rootfs.tar
tar -cf - /dev/null | lz4 -z --fast=1 - ./_local/package_rootfs.tar.flx
# ###
- name: _hash_rootfs
shell: bash
run: |
export skimfast=${{ inputs.skimfast }}
echo $skimfast
./ubiquitous_bash.sh _hash_rootfs
- name: _ubDistBuild_split-rootfs
shell: bash
run: |
./ubiquitous_bash.sh _ubDistBuild_split-rootfs | sudo -n tee ./_lib/_ubDistBuild_split-rootfs.log && exit ${PIPESTATUS[0]}
timeout-minutes: 355
- name: df
shell: bash
run: |
df -h
df -h /
- name: release! package_rootfs
shell: bash
run: |
#gh release create build-${{ github.run_id }}-${{ github.run_attempt }} --title build --notes ""
bash -c '
for currentFile in ./_local/package_rootfs.tar.flx.part*
do
./ubiquitous_bash.sh _stopwatch gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} "$currentFile" &
while [[ $(jobs | wc -l) -ge 3 ]]
do
sleep 2
done
done
wait
'
env:
GH_TOKEN: ${{ github.token }}
#- name: _package_rm
#shell: bash
#run: |
#./ubiquitous_bash.sh _package_rm
build-convert-live:
needs: [build, build_release]
runs-on: ${{ github.event.inputs.runnerName == '' && 'ubuntu-latest-m' || github.event.inputs.runnerName }}
steps:
- name: RAND_SEED
shell: bash
run: |
echo "$RAND_SEED" | tee /dev/urandom > /dev/null
echo "$RAND_SEED" | tee /dev/random > /dev/null
echo "$RAND_SEED" | sudo -n tee /dev/urandom > /dev/null
echo "$RAND_SEED" | sudo -n tee /dev/random > /dev/null
env:
RAND_SEED: ${{ secrets.RAND_SEED }}
- name: users
shell: bash
run: |
sudo -u ubuntu -n bash -c 'sudo -n useradd runner --non-unique -u $UID -g $UID' || true
sudo -u ubuntu -n bash -c 'sudo -n groupadd runner --non-unique -g $UID' || true
sudo -u runner -n bash -c 'sudo -n echo $USER $UID' || true
true
# https://github.com/easimon/maximize-build-space
- name: Maximize build space
if: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
uses: easimon/maximize-build-space@master
with:
root-reserve-mb: 1625
temp-reserve-mb: 50
swap-size-mb: 2
#remove-dotnet: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-dotnet: 'true'
#remove-android: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-android: 'true'
#remove-haskell: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-haskell: 'true'
#remove-codeql: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-codeql: 'true'
#remove-docker-images: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-docker-images: 'true'
- name: df
shell: bash
run: |
df -h
df -h /
# https://github.com/orgs/community/discussions/8305
# https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/
# https://github.com/actions/runner-images/discussions/7191
- name: _getCore_ub
shell: bash
timeout-minutes: 90
run: |
mkdir -p ~/core/infrastructure
cd ~/core/infrastructure
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git
cd ubiquitous_bash
./_setupUbiquitous.bat
- name: _getMinimal_cloud
shell: bash
run: |
! ~/core/infrastructure/ubiquitous_bash/ubiquitous_bash.sh _getMinimal_cloud && exit 1
true
#! sudo -n apt-get -y clean && exit 1
df -h
df -h /
timeout-minutes: 90
- uses: actions/checkout@v3
with:
submodules: recursive
- name: _getMinimal_cloud
shell: bash
run: |
! ./ubiquitous_bash.sh _getMinimal_cloud && exit 1
true
#! sudo -n apt-get -y clean && exit 1
df -h
df -h /
timeout-minutes: 355
- name: _test_hash_legacy
shell: bash
run: |
if [[ -e "/etc/ssl/openssl_legacy.cnf" ]]
then
echo -n | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256
exit ${PIPESTATUS[0]}
else
echo -n | openssl dgst -whirlpool -binary | xxd -p -c 256
exit ${PIPESTATUS[0]}
fi
- name: _get_vmImg_ubDistBuild
shell: bash
run: |
#export FORCE_AXEL=8
#./ubiquitous_bash.sh _get_vmImg_ubDistBuild "latest"
# DANGER: Github Actions (strictly internal) ONLY!
#export FORCE_AXEL=8
#export MANDATORY_HASH="true"
cd ./_local
rm -f hash-download.txt
../ubiquitous_bash.sh _wget_githubRelease_join-stdout "${{ github.repository }}" "" "package_image.tar.flx" 2> /dev/null | tee >(../ubiquitous_bash.sh _get_extract_ubDistBuild-tar --extract ./vm.img --to-stdout | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 > hash-download.txt) | ../ubiquitous_bash.sh _get_extract_ubDistBuild
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: fallocate --dig-holes
shell: bash
run: |
fallocate --dig-holes ./_local/vm.img
- name: _hash_img
shell: bash
run: |
export skimfast=${{ inputs.skimfast }}
echo $skimfast
#./ubiquitous_bash.sh _hash_img
cat _local/hash-download.txt
- name: _fetchAccessories extendedInterface
shell: bash
run: |
cd _local
git clone https://github.com/mirage335-colossus/extendedInterface.git
cd extendedInterface
mkdir -p ../extendedInterface-accessories/integrations/ubcp
curl -L -o ../extendedInterface-accessories/integrations/ubcp/package_ubcp-core.7z $(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/mirage335-colossus/ubiquitous_bash/releases" | jq -r ".[] | select(.name == \"internal\") | .assets[] | select(.name == \"package_ubcp-core.7z\") | .browser_download_url" | sort -n -r | head -n1)
./ubiquitous_bash.sh _build_extendedInterface-fetch | sudo -n tee ../../_lib/_extendedInterface.log && exit ${PIPESTATUS[0]}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: _fetchAccessories ubDistBuild
shell: bash
run: |
cd _local
git clone https://github.com/soaringDistributions/ubDistBuild.git
cd ubDistBuild
mkdir -p ../ubDistBuild-accessories/integrations/ubcp
curl -L -o ../ubDistBuild-accessories/integrations/ubcp/package_ubcp-core.7z $(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/mirage335-colossus/ubiquitous_bash/releases" | jq -r ".[] | select(.name == \"internal\") | .assets[] | select(.name == \"package_ubcp-core.7z\") | .browser_download_url" | sort -n -r | head -n1)
./ubiquitous_bash.sh _build_ubDistBuild-fetch | sudo -n tee ../../_lib/_ubDistBuild.log && exit ${PIPESTATUS[0]}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: _convert-live _create_ubDistBuild_feedAccessories
shell: bash
run: |
export current_diskConstrained="true"
./ubiquitous_bash.sh _convert_rm
./ubiquitous_bash.sh _create_ubDistBuild_feedAccessories | sudo -n tee ./_create_ubDistBuild_feedAccessories.log && exit ${PIPESTATUS[0]}
./ubiquitous_bash.sh _safeRMR ./_local/livefs
true
# DANGER: GitHub Actions ONLY!
- name: _create_ubDistBuild_feedAccessories rm
shell: bash
run: |
rm -rf ../extendedInterface-accessories
[[ -e ../extendedInterface-accessories ]] && exit 1 || true
rm -rf ../ubDistBuild-accessories
[[ -e ../ubDistBuild-accessories ]] && exit 1 || true
# DANGER: GitHub Actions ONLY!
- name: _fetchAccessories rm
shell: bash
run: |
cd _local
rm -rf extendedInterface
[[ -e extendedInterface ]] && exit 1 || true
rm -rf ubDistBuild
[[ -e ubDistBuild ]] && exit 1 || true
- name: _convert-live _convert-live_ISO
shell: bash
run: |
export current_diskConstrained="true"
./ubiquitous_bash.sh _convert_rm
./ubiquitous_bash.sh _convert-live_ISO | sudo -n tee ./_convert-live_ISO.log && exit ${PIPESTATUS[0]}
./ubiquitous_bash.sh _safeRMR ./_local/livefs
true
- name: _convert-live log
shell: bash
run: |
#./_create_ubDistBuild_feedAccessories.log
cat ./_convert-live_ISO.log | sudo -n tee ./_convert-live.log && exit ${PIPESTATUS[0]}
- name: _hash_live
shell: bash
run: |
export skimfast=${{ inputs.skimfast }}
echo $skimfast
./ubiquitous_bash.sh _hash_live
- name: _ubDistBuild_split-live
shell: bash
run: |
./ubiquitous_bash.sh _ubDistBuild_split-live
- name: df
shell: bash
run: |
df -h
df -h /
- name: release! live
shell: bash
run: |
#gh release create build-${{ github.run_id }}-${{ github.run_attempt }} --title build --notes ""
bash -c '
for currentFile in ./_local/vm-live.iso.part*
do
./ubiquitous_bash.sh _stopwatch gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} "$currentFile" &
while [[ $(jobs | wc -l) -ge 3 ]]
do
sleep 2
done
done
wait
'
env:
GH_TOKEN: ${{ github.token }}
#- name: _package_rm
#shell: bash
#run: |
#./ubiquitous_bash.sh _package_rm
build-hash:
needs: [build, build-convert-rootfs, build-convert-live]
runs-on: ubuntu-latest
#runs-on: ${{ github.event.inputs.runnerName == '' && 'ubuntu-latest' || github.event.inputs.runnerName }}
steps:
- name: report! API Rate Limit
shell: bash
run: |
curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ""${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit
#curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq -r ".rate"
- name: users
shell: bash
run: |
sudo -u ubuntu -n bash -c 'sudo -n useradd runner --non-unique -u $UID -g $UID' || true
sudo -u ubuntu -n bash -c 'sudo -n groupadd runner --non-unique -g $UID' || true
sudo -u runner -n bash -c 'sudo -n echo $USER $UID' || true
true
# https://github.com/easimon/maximize-build-space
- name: Maximize build space
if: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
uses: easimon/maximize-build-space@master
with:
root-reserve-mb: 1625
temp-reserve-mb: 50
swap-size-mb: 2
#remove-dotnet: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-dotnet: 'true'
#remove-android: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-android: 'true'
#remove-haskell: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-haskell: 'true'
#remove-codeql: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-codeql: 'true'
#remove-docker-images: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }}
remove-docker-images: 'true'
- name: df
shell: bash
run: |
df -h
df -h /
- name: _getCore_ub
shell: bash
run: |
mkdir -p ~/core/infrastructure
cd ~/core/infrastructure
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git
cd ubiquitous_bash
./_setupUbiquitous.bat
./ubiquitous_bash.sh _custom_splice_opensslConfig
#- name: _getMinimal_cloud
#shell: bash
#run: |
#! ~/core/infrastructure/ubiquitous_bash/ubiquitous_bash.sh _getMinimal_cloud && exit 1
#true
##! sudo -n apt-get -y clean && exit 1
#df -h
#df -h /
- name: _getMost-aria2
shell: bash
run: |
sudo -n apt-get -y clean
sudo -n apt-get update
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y aria2
timeout-minutes: 355
- name: _getMost-aria2
shell: bash
run: |
sudo -n apt-get -y clean
sudo -n apt-get update
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y aria2
timeout-minutes: 355
- uses: actions/checkout@v3
with:
submodules: recursive
- name: _test_hash_legacy
shell: bash
run: |
if [[ -e "/etc/ssl/openssl_legacy.cnf" ]]
then
echo -n | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256
exit ${PIPESTATUS[0]}
else
echo -n | openssl dgst -whirlpool -binary | xxd -p -c 256
exit ${PIPESTATUS[0]}
fi
#- name: txt-stat/tboot
#shell: bash
#run: |
#cat /proc/cpuinfo | grep 'model name'
#echo
#sudo -n txt-stat || true
#true
- name: sev/AMD
shell: bash
run: |
cat /proc/cpuinfo | grep 'model name'
echo
echo 'cat /sys/module/kvm_amd/parameters/sev'
cat /sys/module/kvm_amd/parameters/sev || true
echo 'dmesg | grep -i sev'
sudo -n dmesg | grep -i sev || true
true
- name: sgx/Intel
shell: bash
run: |
cat /proc/cpuinfo | grep 'model name'
echo
echo 'grep sgx /proc/cpuinfo'
grep sgx /proc/cpuinfo || true
echo 'dmesg | grep sgx'
sudo -n dmesg | grep -i sgx || true
# Apparently normal: ' sgx: [Firmware Bug]: Unable to map EPC section to online node. Fallback to the NUMA node 0. '
true
# ATTENTION: _prog-ops/hash-custom.sh
- name: _hash_ubdist-fast
shell: bash
run: |
export skimfast=${{ inputs.skimfast }}
echo $skimfast
#export FORCE_AXEL=8
#export MANDATORY_HASH="true"
./ubiquitous_bash.sh _hash_ubdist-fast
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: hash ___________________________
shell: bash
run: |
cat ./_local/_hash-ubdist.txt
- name: artifacts
uses: actions/upload-artifact@v3
with:
name: _hash-ubdist.txt
path: |
./_local/_hash-ubdist.txt
- name: release! hash
shell: bash
run: |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/_hash-ubdist.txt
env:
GH_TOKEN: ${{ github.token }}
build-analysis:
needs: [build, build_release]
runs-on: ubuntu-latest
steps:
- name: report! API Rate Limit
shell: bash
run: |
curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ""${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit
#curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq -r ".rate"
- name: _getCore_ub
shell: bash
run: |
mkdir -p ~/core/infrastructure
cd ~/core/infrastructure
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git
cd ubiquitous_bash
./_setupUbiquitous.bat
./ubiquitous_bash.sh _custom_splice_opensslConfig
- uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: 'recursive'
- name: _getMinimal_cloud
shell: bash
run: |
! ./ubiquitous_bash.sh _getMinimal_cloud && exit 1
true
#! sudo -n apt-get -y clean && exit 1
df -h
df -h /
timeout-minutes: 355
- name: _getMost-aria2
shell: bash
run: |
sudo -n apt-get -y clean
sudo -n apt-get update
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y aria2
timeout-minutes: 355
- name: analysis! missing-binaries
shell: bash
run: |
mkdir -p ./_local/analysis
#cp ./_local/lsmodReport ./_local/analysis/lsmodReport
#cp ./_local/binReport ./_local/analysis/binReport
#cp ./_local/coreReport ./_local/analysis/coreReport
#cp ./_local/dpkg ./_local/analysis/dpkg
cd ./_local/analysis
# Get the list of releases
RELEASES=$(curl -s -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/"${{ github.repository }}"/releases)
# Download binReport file for the current release
curl -s -H "Authorization: token $GH_TOKEN" -L -o "lsmodReport-$currentReleaseTag" "https://github.com/"${{ github.repository }}"/releases/download/$currentReleaseTag/lsmodReport"
curl -s -H "Authorization: token $GH_TOKEN" -L -o "binReport-$currentReleaseTag" "https://github.com/"${{ github.repository }}"/releases/download/$currentReleaseTag/binReport"
curl -s -H "Authorization: token $GH_TOKEN" -L -o "coreReport-$currentReleaseTag" "https://github.com/"${{ github.repository }}"/releases/download/$currentReleaseTag/coreReport"
curl -s -H "Authorization: token $GH_TOKEN" -L -o "dpkg-$currentReleaseTag" "https://github.com/"${{ github.repository }}"/releases/download/$currentReleaseTag/dpkg"
# Loop through each release
for RELEASE in $(echo "$RELEASES" | jq -r '.[].tag_name' | sort --reverse); do
# Compare the list of binaries in this release to the current release
if [ "$RELEASE" != "$currentReleaseTag" ]; then
# Download the binReport file for this release
curl -s -H "Authorization: token $GH_TOKEN" -L -o "lsmodReport-$RELEASE" "https://github.com/"${{ github.repository }}"/releases/download/$RELEASE/lsmodReport"
curl -s -H "Authorization: token $GH_TOKEN" -L -o "binReport-$RELEASE" "https://github.com/"${{ github.repository }}"/releases/download/$RELEASE/binReport"
curl -s -H "Authorization: token $GH_TOKEN" -L -o "coreReport-$RELEASE" "https://github.com/"${{ github.repository }}"/releases/download/$RELEASE/coreReport"
curl -s -H "Authorization: token $GH_TOKEN" -L -o "dpkg-$RELEASE" "https://github.com/"${{ github.repository }}"/releases/download/$RELEASE/dpkg"
echo | tee -a ./missing-lsmodReport
echo "Binaries (lsmod) loaded in $RELEASE but not in currentRelease $currentReleaseTag:" | tee -a ./missing-lsmodReport
comm -23 <(sort "lsmodReport-$RELEASE") <(sort "lsmodReport-$currentReleaseTag") | tee -a ./missing-lsmodReport
echo | tee -a ./missing-binReport
echo "Binaries (filesystem) in $RELEASE but not in currentRelease $currentReleaseTag:" | tee -a ./missing-binReport
comm -23 <(sort "binReport-$RELEASE") <(sort "binReport-$currentReleaseTag") | tee -a ./missing-binReport
echo | tee -a ./missing-coreReport
echo "Binaries (core) in $RELEASE but not in currentRelease $currentReleaseTag:" | tee -a ./missing-coreReport
comm -23 <(sort "coreReport-$RELEASE") <(sort "coreReport-$currentReleaseTag") | tee -a ./missing-coreReport
echo | tee -a ./missing-dpkg
echo "Binaries (dpkg) in $RELEASE but not in currentRelease $currentReleaseTag:" | tee -a ./missing-dpkg
comm -23 <(sort "dpkg-$RELEASE") <(sort "dpkg-$currentReleaseTag") | tee -a ./missing-dpkg
fi
done
env:
currentReleaseTag: build-${{ github.run_id }}-${{ github.run_attempt }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: release! analysis! missing-binaries
shell: bash
run: |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/analysis/missing-lsmodReport
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/analysis/missing-binReport
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/analysis/missing-coreReport
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/analysis/missing-dpkg
env:
GH_TOKEN: ${{ github.token }}