zCustom #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ATTRIBUTION-AI: Some code here may have been generated by Github Copilot Chat, ChatGPT, or other LLM, etc. Usually, there will be a comment acknowledging this in files this file was derived from, or in previous versions of this file. Moreover, it is reasonable simply to state AI may have partially written some code in this file, and that any AI generated code is minimal, obvious, could not have been written any other way, deals solely with GitHub APIs, etc... | |
# Comments, unused code, etc, have unusually been kept minimal in this file, to distract less from understaning the flow of jobs, which is already somewhat more difficult to see plainly in YML scripting. | |
# ATTENTION: All qemu/KVM functionality is normally not used, and may be untested. Any 'bootOnce' feature should instead ALWAYS be integrated in upstream 'ubdist/OS'. | |
# ONLY possible use case for a derivative OS 'bootOnce' is to reconfigure FW for VERY unusual and limited Internet purposes related to re/establishing supply chain integrity (eg. to set write-once SECRETS signing keys for GitHub Actions, etc). | |
# Usually it is far more important to frequently build an updated 'live' dist/OS with the latest Linux kernel, etc, both to use immediately, and to save older versions as untampered backup copies. The fragility of an additional 'bootOnce' would be very inconsistnt with that purpose. | |
# WARNING: May be untested . | |
# WARNING: As much as ~100GB temporary storage may be required. | |
# https://docs.github.com/en/actions/using-github-hosted-runners/using-larger-runners/about-larger-runners | |
# ubuntu-latest-m 4vCPU 16GB_RAM 150GB_disk | |
# ubuntu-latest-l 8vCPU 32GB_RAM 300GB_disk | |
# ubuntu-latest-h 32vCPU 128GB_RAM 1200GB_disk | |
name: zCustom | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions | |
permissions: | |
actions: write | |
checks: read | |
contents: write | |
deployments: read | |
issues: none | |
packages: read | |
pull-requests: read | |
repository-projects: read | |
security-events: none | |
statuses: read | |
on: | |
#push: | |
workflow_dispatch: | |
inputs: | |
releaseOrigin: | |
required: false | |
default: DEFAULT | |
type: choice | |
options: | |
- DEFAULT | |
- soaringDistributions/ubDistBuild | |
- soaringDistributions/ubdist_dummy | |
releaseLabel: | |
required: false | |
#default: base | |
default: internal | |
type: choice | |
options: | |
- latest | |
- internal | |
- base | |
customTimeout: | |
required: false | |
default: '45' | |
type: choice | |
options: | |
- '45' | |
- '300' | |
DISABLE_ROOTFS: | |
type: boolean | |
default: true | |
#devfast: | |
#type: boolean | |
#default: true | |
skimfast: | |
type: boolean | |
default: true | |
qemuNoKVM: | |
type: boolean | |
default: true | |
DISABLE_BOOT: | |
type: boolean | |
default: true | |
runnerName: | |
required: false | |
default: ubuntu-latest-l | |
type: choice | |
options: | |
- ubuntu-latest-l | |
- ubuntu-latest-m | |
- ubuntu-latest | |
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule | |
#schedule: | |
#- cron: '' | |
# https://docs.github.com/en/actions/using-jobs/using-concurrency | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build_release: | |
runs-on: ubuntu-latest | |
steps: | |
- name: report! API Rate Limit | |
shell: bash | |
run: | | |
curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ""${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit | |
#curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq -r ".rate" | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 1 | |
submodules: 'recursive' | |
- name: release! create | |
shell: bash | |
run: | | |
gh release create build-${{ github.run_id }}-${{ github.run_attempt }} --title build --notes "" | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: report! API Rate Limit | |
shell: bash | |
run: | | |
curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ""${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit | |
#curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq -r ".rate" | |
build_before_noBoot: | |
needs: [build_release] | |
#runs-on: ${{ github.event.inputs.runnerName == '' && 'ubuntu-latest-m' || github.event.inputs.runnerName }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: RAND_SEED | |
shell: bash | |
run: | | |
echo "$RAND_SEED" | tee /dev/urandom > /dev/null | |
echo "$RAND_SEED" | tee /dev/random > /dev/null | |
echo "$RAND_SEED" | sudo -n tee /dev/urandom > /dev/null | |
echo "$RAND_SEED" | sudo -n tee /dev/random > /dev/null | |
env: | |
RAND_SEED: ${{ secrets.RAND_SEED }} | |
- name: users | |
shell: bash | |
run: | | |
sudo -u ubuntu -n bash -c 'sudo -n useradd runner --non-unique -u $UID -g $UID' || true | |
sudo -u ubuntu -n bash -c 'sudo -n groupadd runner --non-unique -g $UID' || true | |
sudo -u runner -n bash -c 'sudo -n echo $USER $UID' || true | |
true | |
# https://github.com/easimon/maximize-build-space | |
- name: Maximize build space | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' && github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
uses: easimon/maximize-build-space@master | |
with: | |
root-reserve-mb: 1625 | |
temp-reserve-mb: 50 | |
swap-size-mb: 2 | |
#remove-dotnet: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-dotnet: 'true' | |
#remove-android: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-android: 'true' | |
#remove-haskell: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-haskell: 'true' | |
#remove-codeql: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-codeql: 'true' | |
#remove-docker-images: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-docker-images: 'true' | |
- name: Maximize build space ! remove ONLY | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' && ( github.event.inputs.runnerName == 'ubuntu-latest-m' || github.event.inputs.runnerName == 'ubuntu-latest-l' || github.event.inputs.runnerName == 'ubuntu-latest-h' ) }} | |
uses: AdityaGarg8/remove-unwanted-software@v4.1 | |
with: | |
remove-dotnet: 'true' | |
remove-android: 'true' | |
remove-haskell: 'true' | |
remove-codeql: 'true' | |
remove-docker-images: 'true' | |
remove-large-packages: 'true' | |
remove-cached-tools: 'true' | |
remove-swapfile: 'true' | |
verbose: 'false' | |
- name: df | |
shell: bash | |
run: | | |
df -h | |
df -h / | |
# https://github.com/orgs/community/discussions/8305 | |
# https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/ | |
# https://github.com/actions/runner-images/discussions/7191 | |
- name: Enable KVM group perms | |
if: ${{ github.event.inputs.runnerName == 'ubuntu-latest-m' || github.event.inputs.runnerName == 'ubuntu-latest-l' || github.event.inputs.runnerName == 'ubuntu-latest-h' }} | |
shell: bash | |
run: | | |
#echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo -n tee /etc/udev/rules.d/99-kvm4all.rules | |
echo 'KERNEL=="kvm", GROUP="docker", MODE="0664", OPTIONS+="static_node=kvm"' | sudo -n tee /etc/udev/rules.d/99-kvm4all.rules | |
sudo -n udevadm control --reload-rules | |
sudo -n udevadm trigger --name-match=kvm | |
sudo -n apt-get update | |
sudo -n apt-get install -y libvirt-clients libvirt-daemon-system libvirt-daemon virtinst bridge-utils qemu qemu-system-x86 | |
sudo -n usermod -a -G kvm $USER | |
sudo -n usermod -a -G libvirt $USER | |
sudo -n usermod -a -G docker $USER | |
sudo -n adduser $USER kvm | |
#sudo -n chown -R $USER:kvm /dev/kvm | |
sudo -n chown -R $USER:docker /dev/kvm | |
ls -l /dev/kvm | |
ls -l /dev/kvm* | |
echo $USER | |
groups | |
sudo -n lsmod | grep kvm | |
sudo -n modprobe -r kvm_intel | |
sudo -n modprobe -r kvm_amd | |
sudo -n modprobe -r kvm | |
( grep --color vmx /proc/cpuinfo && sudo -n modprobe kvm_intel ) || ( grep --color svm /proc/cpuinfo && sudo -n modprobe kvm_amd ) | |
sudo -n modprobe kvm | |
sudo -n lsmod | grep kvm | |
#sudo -n chown -R $USER:kvm /dev/kvm | |
sudo -n chown -R $USER:docker /dev/kvm | |
ls -l /dev/kvm | |
ls -l /dev/kvm* | |
- name: Check KVM group perms | |
if: ${{ github.event.inputs.runnerName == 'ubuntu-latest-m' || github.event.inputs.runnerName == 'ubuntu-latest-l' || github.event.inputs.runnerName == 'ubuntu-latest-h' }} | |
shell: bash | |
run: | | |
grep --color svm /proc/cpuinfo || true | |
grep --color vmx /proc/cpuinfo || true | |
sudo -n lsmod | grep kvm | |
ls -l /dev/kvm | |
ls -l /dev/kvm* | |
echo $USER | |
groups | |
- name: _getCore_ub | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
timeout-minutes: 90 | |
run: | | |
mkdir -p ~/core/infrastructure | |
cd ~/core/infrastructure | |
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git | |
cd ubiquitous_bash | |
./_setupUbiquitous.bat | |
- uses: actions/checkout@v3 | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
with: | |
submodules: recursive | |
- name: _getMinimal_cloud | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
! ./ubiquitous_bash.sh _getMinimal_cloud && exit 1 | |
true | |
#! sudo -n apt-get -y clean && exit 1 | |
df -h | |
df -h / | |
timeout-minutes: 355 | |
- name: _getMost-xvfb | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
#! ./ubiquitous_bash.sh _getMost && exit 1 | |
#true | |
#! sudo -n apt-get -y clean && exit 1 | |
#! ./ubiquitous_bash.sh _getMost_debian11_aptSources && exit 1 | |
#sudo -n apt-get update | |
#! sudo -n apt-get -d install -y virtualbox-7.0 && exit 1 | |
#! sudo -n ./ubiquitous_bash.sh _getMost_ubuntu22-VBoxManage && exit 1 | |
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y xvfb | |
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y x11-apps | |
df -h | |
df -h / | |
timeout-minutes: 355 | |
- name: _test_hash_legacy | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
if [[ -e "/etc/ssl/openssl_legacy.cnf" ]] | |
then | |
echo -n | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 | |
exit ${PIPESTATUS[0]} | |
else | |
echo -n | openssl dgst -whirlpool -binary | xxd -p -c 256 | |
exit ${PIPESTATUS[0]} | |
fi | |
- name: mkdir _local | |
shell: bash | |
run: | | |
mkdir -p ./_local | |
- name: _true | |
if: ${{ github.event.inputs.skimfast != 'true' }} | |
shell: bash | |
run: | | |
./_true | sudo -n tee ./_local/_true.log && exit ${PIPESTATUS[0]} | |
- name: _false | |
if: ${{ github.event.inputs.skimfast != 'true' }} | |
shell: bash | |
run: | | |
( ! ./_false ) | sudo -n tee ./_local/_false.log && exit ${PIPESTATUS[0]} | |
- name: lscpu | |
#if: ${{ github.event.inputs.skimfast != 'true' }} | |
shell: bash | |
run: | | |
lscpu | |
- name: cpuinfo | |
if: ${{ github.event.inputs.skimfast != 'true' }} | |
shell: bash | |
run: | | |
cat /proc/cpuinfo | |
- name: sev/AMD | |
shell: bash | |
run: | | |
cat /proc/cpuinfo | grep 'model name' | |
echo | |
echo 'cat /sys/module/kvm_amd/parameters/sev' | |
cat /sys/module/kvm_amd/parameters/sev || true | |
echo 'dmesg | grep -i sev' | |
sudo -n dmesg | grep -i sev || true | |
true | |
- name: sgx/Intel | |
shell: bash | |
run: | | |
cat /proc/cpuinfo | grep 'model name' | |
echo | |
echo 'grep sgx /proc/cpuinfo' | |
grep sgx /proc/cpuinfo || true | |
echo 'dmesg | grep sgx' | |
sudo -n dmesg | grep -i sgx || true | |
# Apparently normal: ' sgx: [Firmware Bug]: Unable to map EPC section to online node. Fallback to the NUMA node 0. ' | |
true | |
- name: _get_vmImg_ubDistBuild | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
current_releaseOrigin="${{ inputs.releaseOrigin }}" | |
( [[ "$current_releaseOrigin" == "" ]] || [[ "$current_releaseOrigin" == "DEFAULT" ]] ) && current_releaseOrigin=$(head -n1 ./.github/workflows/DEFAULT_releaseOrigin.txt) | |
[[ "$current_releaseOrigin" == "" ]] && current_releaseOrigin="soaringDistributions/ubDistBuild" | |
current_releaseLabel="${{ inputs.releaseLabel }}" | |
#[[ "$current_releaseLabel" == "" ]] && current_releaseLabel="base" | |
[[ "$current_releaseLabel" == "" ]] && current_releaseLabel="latest" | |
[[ "$current_releaseLabel" == "latest" ]] && current_releaseLabel="" | |
#export FORCE_AXEL=8 | |
#./ubiquitous_bash.sh _get_vmImg_ubDistBuild "latest" | |
# DANGER: Github Actions (strictly internal) ONLY! | |
export FORCE_AXEL=8 | |
export MANDATORY_HASH="true" | |
cd ./_local | |
rm -f hash-download.txt | |
../ubiquitous_bash.sh _wget_githubRelease_join-stdout "$current_releaseOrigin" "$current_releaseLabel" "package_image.tar.flx" 2> /dev/null | tee >(../ubiquitous_bash.sh _get_extract_ubDistBuild-tar --extract ./vm.img --to-stdout | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 > hash-download.txt) | ../ubiquitous_bash.sh _get_extract_ubDistBuild | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: fallocate --dig-holes | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
fallocate --dig-holes ./_local/vm.img | |
- name: _hash_img | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
export skimfast=${{ github.event.inputs.skimfast }} | |
echo $skimfast | |
#./ubiquitous_bash.sh _hash_img | |
cat _local/hash-download.txt | |
- name: zSpecial_report-delete | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
! ./ubiquitous_bash.sh _openChRoot && exit 1 | |
./ubiquitous_bash.sh _chroot rm -f /dpkg | |
./ubiquitous_bash.sh _chroot rm -f /lsmodReport | |
./ubiquitous_bash.sh _chroot rm -f /binReport | |
./ubiquitous_bash.sh _chroot rm -f /coreReport | |
./ubiquitous_bash.sh _chroot rm -f /cfgFW.log | |
./ubiquitous_bash.sh _chroot rm -f /FW-done | |
! ./ubiquitous_bash.sh _closeChRoot && exit 1 | |
true | |
- name: Force KVM group perms | |
if: ${{ github.event.inputs.runnerName == 'ubuntu-latest-m' || github.event.inputs.runnerName == 'ubuntu-latest-l' || github.event.inputs.runnerName == 'ubuntu-latest-h' }} | |
shell: bash | |
run: | | |
sudo -n ls -l /dev/kvm | |
sudo -n ls -l /dev/kvm* | |
sudo -n chown -R $USER:docker /dev/kvm | |
sudo -n chmod 664 /dev/kvm | |
echo | |
#grep --color svm /proc/cpuinfo || true | |
#grep --color vmx /proc/cpuinfo || true | |
sudo -n lsmod | grep kvm | |
ls -l /dev/kvm | |
ls -l /dev/kvm* | |
echo $USER | |
groups | |
echo | |
- name: _create_ubDistBuild-bootOnce | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
continue-on-error: true | |
run: | | |
export skimfast=${{ github.event.inputs.skimfast }} | |
echo skimfast $skimfast | |
[[ "$skimfast" == "" ]] && export skimfast=true | |
echo skimfast $skimfast | |
export qemuNoKVM=${{ github.event.inputs.qemuNoKVM }} | |
#[[ "$qemuNoKVM" == "" ]] && export qemuNoKVM=true | |
echo qemuNoKVM $qemuNoKVM | |
echo | |
export qemuXvfb="true" | |
echo qemuXvfb "$qemuXvfb" | |
mkdir -p ./_local/analysis/screenshots | |
#./ubiquitous_bash.sh _create_ubDistBuild-bootOnce | sudo -n tee ./_local/_create_ubDistBuild-bootOnce.log && exit ${PIPESTATUS[0]} | |
./ubiquitous_bash.sh _create_ubDistBuild-bootOnce-before_noBoot | sudo -n tee ./_local/_create_ubDistBuild-bootOnce.log && exit ${PIPESTATUS[0]} | |
#- name: _zSpecial_report | |
#shell: bash | |
#continue-on-error: true | |
#run: | | |
#./ubiquitous_bash.sh _zSpecial_report | |
#ls -l ./_local/grub.cfg | |
#ls -l ./_local/grubenv | |
#ls -l ./_local/dpkg | |
#ls -l ./_local/lsmodReport | |
#ls -l ./_local/binReport | |
#ls -l ./_local/coreReport | |
#ls -l ./_local/cfgFW.log | |
- name: artifacts | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: convert-live-exhaustive---analysis-screenshots-10-fromImg | |
path: | | |
./_local/analysis/screenshots/* | |
#- name: artifacts | |
#uses: actions/upload-artifact@v4 | |
#with: | |
#name: convert-live-exhaustive---analysis-log-10-fromImg | |
#path: | | |
#./_local/grub.cfg | |
#./_local/grubenv | |
#./_local/dpkg | |
#./_local/lsmodReport | |
#./_local/binReport | |
#./_local/coreReport | |
#./_local/cfgFW.log | |
- name: check! FAIL_bootOnce | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
! [[ -e ./_local/FAIL_bootOnce ]] | |
- name: _hash_img | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
export skimfast=${{ github.event.inputs.skimfast }} | |
echo $skimfast | |
./ubiquitous_bash.sh _hash_img | |
- name: release! hash! before_noBoot | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
mv -f ./_local/_hash-ubdist.txt ./_local/_hash-ubdist_before_noBoot.txt | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/_hash-ubdist_before_noBoot.txt | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: report! cfgFW | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
! ./ubiquitous_bash.sh _openChRoot && exit 1 | |
sudo -n cp -f "./_local/v/fs"/cfgFW.log "./_local"/cfgFW.log | |
sudo -n chown "$USER":"$USER" "./_local"/cfgFW.log | |
cat ./_local/cfgFW.log | |
rm -f ./_local/cfgFW.log | |
! ./ubiquitous_bash.sh _closeChRoot && exit 1 | |
true | |
- name: fallocate --dig-holes | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
fallocate --dig-holes ./_local/vm.img | |
- name: _package_ubDistBuild_image | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
export skimfast=${{ github.event.inputs.skimfast }} | |
echo $skimfast | |
./ubiquitous_bash.sh _package_ubDistBuild_image | sudo -n tee ./_local/_package_ubDistBuild_image.log && exit ${PIPESTATUS[0]} | |
- name: _ubDistBuild_split_before_noBoot | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
./ubiquitous_bash.sh _ubDistBuild_split_before_noBoot | sudo -n tee ./_lib/_ubDistBuild_split_before_noBoot.log && exit ${PIPESTATUS[0]} | |
timeout-minutes: 355 | |
- name: df | |
shell: bash | |
run: | | |
df -h | |
df -h / | |
- name: release! package_image_before_noBoot | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
#gh release create build-${{ github.run_id }}-${{ github.run_attempt }} --title build --notes "" | |
bash -c ' | |
for currentFile in ./_local/package_image_before_noBoot.tar.flx.part* | |
do | |
./ubiquitous_bash.sh _stopwatch gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} "$currentFile" & | |
while [[ $(jobs | wc -l) -ge 12 ]] | |
do | |
sleep 2 | |
done | |
done | |
wait | |
' | |
env: | |
GH_TOKEN: ${{ github.token }} | |
build: | |
needs: [build_before_noBoot, build_release] | |
runs-on: ${{ github.event.inputs.runnerName == '' && 'ubuntu-latest-m' || github.event.inputs.runnerName }} | |
steps: | |
- name: RAND_SEED | |
shell: bash | |
run: | | |
echo "$RAND_SEED" | tee /dev/urandom > /dev/null | |
echo "$RAND_SEED" | tee /dev/random > /dev/null | |
echo "$RAND_SEED" | sudo -n tee /dev/urandom > /dev/null | |
echo "$RAND_SEED" | sudo -n tee /dev/random > /dev/null | |
env: | |
RAND_SEED: ${{ secrets.RAND_SEED }} | |
- name: users | |
shell: bash | |
run: | | |
sudo -u ubuntu -n bash -c 'sudo -n useradd runner --non-unique -u $UID -g $UID' || true | |
sudo -u ubuntu -n bash -c 'sudo -n groupadd runner --non-unique -g $UID' || true | |
sudo -u runner -n bash -c 'sudo -n echo $USER $UID' || true | |
true | |
# https://github.com/easimon/maximize-build-space | |
- name: Maximize build space | |
if: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
uses: easimon/maximize-build-space@master | |
with: | |
root-reserve-mb: 1625 | |
temp-reserve-mb: 50 | |
swap-size-mb: 2 | |
#remove-dotnet: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-dotnet: 'true' | |
#remove-android: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-android: 'true' | |
#remove-haskell: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-haskell: 'true' | |
#remove-codeql: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-codeql: 'true' | |
#remove-docker-images: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-docker-images: 'true' | |
- name: Maximize build space ! remove ONLY | |
if: ${{ github.event.inputs.runnerName == 'ubuntu-latest-m' || github.event.inputs.runnerName == 'ubuntu-latest-l' || github.event.inputs.runnerName == 'ubuntu-latest-h' }} | |
uses: AdityaGarg8/remove-unwanted-software@v4.1 | |
with: | |
remove-dotnet: 'true' | |
remove-android: 'true' | |
remove-haskell: 'true' | |
remove-codeql: 'true' | |
remove-docker-images: 'true' | |
remove-large-packages: 'true' | |
remove-cached-tools: 'true' | |
remove-swapfile: 'true' | |
verbose: 'false' | |
- name: df | |
shell: bash | |
run: | | |
df -h | |
df -h / | |
- name: _getCore_ub | |
shell: bash | |
timeout-minutes: 90 | |
run: | | |
mkdir -p ~/core/infrastructure | |
cd ~/core/infrastructure | |
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git | |
cd ubiquitous_bash | |
./_setupUbiquitous.bat | |
- name: _getMinimal_cloud | |
shell: bash | |
run: | | |
! ~/core/infrastructure/ubiquitous_bash/ubiquitous_bash.sh _getMinimal_cloud && exit 1 | |
true | |
#! sudo -n apt-get -y clean && exit 1 | |
df -h | |
df -h / | |
timeout-minutes: 90 | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: _getMinimal_cloud | |
shell: bash | |
run: | | |
! ./ubiquitous_bash.sh _getMinimal_cloud && exit 1 | |
true | |
#! sudo -n apt-get -y clean && exit 1 | |
df -h | |
df -h / | |
timeout-minutes: 355 | |
- name: _test_hash_legacy | |
shell: bash | |
run: | | |
if [[ -e "/etc/ssl/openssl_legacy.cnf" ]] | |
then | |
echo -n | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 | |
exit ${PIPESTATUS[0]} | |
else | |
echo -n | openssl dgst -whirlpool -binary | xxd -p -c 256 | |
exit ${PIPESTATUS[0]} | |
fi | |
- name: _get_vmImg_ubDistBuild_before_noBoot | |
if: ${{ github.event.inputs.DISABLE_BOOT != 'true' }} | |
shell: bash | |
run: | | |
#export FORCE_AXEL=8 | |
#./ubiquitous_bash.sh _get_vmImg_ubDistBuild "latest" | |
# DANGER: Github Actions (strictly internal) ONLY! | |
#export FORCE_AXEL=8 | |
#export MANDATORY_HASH="true" | |
cd ./_local | |
rm -f hash-download.txt | |
../ubiquitous_bash.sh _wget_githubRelease_join-stdout "${{ github.repository }}" "" "package_image_before_noBoot.tar.flx" 2> /dev/null | tee >(../ubiquitous_bash.sh _get_extract_ubDistBuild-tar --extract ./vm.img --to-stdout | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 > hash-download.txt) | ../ubiquitous_bash.sh _get_extract_ubDistBuild | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: _get_vmImg_ubDistBuild | |
if: ${{ github.event.inputs.DISABLE_BOOT == 'true' }} | |
shell: bash | |
run: | | |
current_releaseOrigin="${{ inputs.releaseOrigin }}" | |
( [[ "$current_releaseOrigin" == "" ]] || [[ "$current_releaseOrigin" == "DEFAULT" ]] ) && current_releaseOrigin=$(head -n1 ./.github/workflows/DEFAULT_releaseOrigin.txt) | |
[[ "$current_releaseOrigin" == "" ]] && current_releaseOrigin="soaringDistributions/ubDistBuild" | |
current_releaseLabel="${{ inputs.releaseLabel }}" | |
#[[ "$current_releaseLabel" == "" ]] && current_releaseLabel="base" | |
[[ "$current_releaseLabel" == "" ]] && current_releaseLabel="latest" | |
[[ "$current_releaseLabel" == "latest" ]] && current_releaseLabel="" | |
#export FORCE_AXEL=8 | |
#./ubiquitous_bash.sh _get_vmImg_ubDistBuild "latest" | |
# DANGER: Github Actions (strictly internal) ONLY! | |
export FORCE_AXEL=8 | |
export MANDATORY_HASH="true" | |
cd ./_local | |
rm -f hash-download.txt | |
../ubiquitous_bash.sh _wget_githubRelease_join-stdout "$current_releaseOrigin" "$current_releaseLabel" "package_image.tar.flx" 2> /dev/null | tee >(../ubiquitous_bash.sh _get_extract_ubDistBuild-tar --extract ./vm.img --to-stdout | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 > hash-download.txt) | ../ubiquitous_bash.sh _get_extract_ubDistBuild | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: _hash_img | |
shell: bash | |
run: | | |
export skimfast=${{ inputs.skimfast }} | |
echo $skimfast | |
#./ubiquitous_bash.sh _hash_img | |
cat _local/hash-download.txt | |
- name: fallocate --dig-holes | |
shell: bash | |
run: | | |
fallocate --dig-holes ./_local/vm.img | |
- name: _create_ubDistBuild-install-ubDistBuild | |
shell: bash | |
run: | | |
./ubiquitous_bash.sh _create_ubDistBuild-install-ubDistBuild | sudo -n tee ./_create_ubDistBuild-install-ubDistBuild.log && exit ${PIPESTATUS[0]} | |
- name: scribe! info! github! custom | |
shell: bash | |
run: | | |
! ./ubiquitous_bash.sh _openChRoot && exit 1 | |
! echo ${{ github.repository }} | ./ubiquitous_bash.sh _chroot tee /info-github-custom && exit 1 | |
! echo build-${{ github.run_id }}-${{ github.run_attempt }} | ./ubiquitous_bash.sh _chroot tee -a /info-github-custom && exit 1 | |
! date +"%Y-%m-%d" | ./ubiquitous_bash.sh _chroot tee -a /info-github-custom && exit 1 | |
! ./ubiquitous_bash.sh _closeChRoot && exit 1 | |
true | |
- name: _custom-expand | |
shell: bash | |
run: | | |
./ubiquitous_bash.sh _custom-expand | |
- name: _custom-repo | |
shell: bash | |
run: | | |
./ubiquitous_bash.sh _custom-repo || true | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: _custom | |
shell: bash | |
run: | | |
./ubiquitous_bash.sh _custom || true | |
timeout-minutes: ${{ github.event.inputs.customTimeout == '300' && 300 || 45 }} | |
- name: _custom-bundle | |
shell: bash | |
run: | | |
./ubiquitous_bash.sh _custom-bundle || true | |
env: | |
GH_TOKEN: ${{ github.token }} | |
# Discouraged. Usually more useful and more standard to do this within '_custom' function. | |
# ONLY enable if a replacement '_lib/custom/package_kde.tar.xz' is available and desired. This WILL fail if the file is not present, and this is NOT necessary unless a different customization is needed: it is better to rely on the upstream 'ubDistBuild' repository KDE configuration package installed for 'ubdist/OS' . | |
#- name: _rotten_install-kde | |
#shell: bash | |
#run: | | |
#./ubiquitous_bash.sh _create_ubDistBuild-rotten_install-kde | |
- name: report! root df | |
shell: bash | |
run: | | |
! ./ubiquitous_bash.sh _openChRoot && exit 1 | |
./ubiquitous_bash.sh _chroot df -h / | tee ./_local/root_df.log | |
! ./ubiquitous_bash.sh _closeChRoot && exit 1 | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/root_df.log | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: _zSpecial_report-FORCE | |
shell: bash | |
continue-on-error: true | |
run: | | |
./ubiquitous_bash.sh _zSpecial_report-FORCE | |
ls -l ./_local/grub.cfg | |
ls -l ./_local/grubenv | |
ls -l ./_local/dpkg | |
ls -l ./_local/lsmodReport | |
ls -l ./_local/binReport | |
ls -l ./_local/coreReport | |
ls -l ./_local/cfgFW.log | |
- name: artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: convert-live-exhaustive---analysis-log-10-fromImg | |
path: | | |
./_local/grub.cfg | |
./_local/grubenv | |
./_local/dpkg | |
./_local/lsmodReport | |
./_local/binReport | |
./_local/coreReport | |
./_local/cfgFW.log | |
- name: report! cfgFW | |
shell: bash | |
run: | | |
cat ./_local/cfgFW.log | |
- name: release! report! internal | |
shell: bash | |
run: | | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/grub.cfg | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/grubenv | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/dpkg | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/lsmodReport | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/binReport | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/coreReport | |
cat /proc/cpuinfo > ./_local/cpuinfo | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/cpuinfo | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: _hash_img | |
shell: bash | |
run: | | |
export skimfast=${{ inputs.skimfast }} | |
echo $skimfast | |
./ubiquitous_bash.sh _hash_img | |
- name: fallocate --dig-holes | |
shell: bash | |
run: | | |
fallocate --dig-holes ./_local/vm.img | |
- name: _package_ubDistBuild_image | |
shell: bash | |
run: | | |
export skimfast=${{ inputs.skimfast }} | |
echo $skimfast | |
./ubiquitous_bash.sh _package_ubDistBuild_image | sudo -n tee ./_local/_package_ubDistBuild_image.log && exit ${PIPESTATUS[0]} | |
- name: _ubDistBuild_split | |
shell: bash | |
run: | | |
./ubiquitous_bash.sh _ubDistBuild_split | sudo -n tee ./_lib/_ubDistBuild_split.log && exit ${PIPESTATUS[0]} | |
timeout-minutes: 355 | |
- name: df | |
shell: bash | |
run: | | |
df -h | |
df -h / | |
- name: release! package_image | |
shell: bash | |
run: | | |
#gh release create build-${{ github.run_id }}-${{ github.run_attempt }} --title build --notes "" | |
bash -c ' | |
for currentFile in ./_local/package_image.tar.flx.part* | |
do | |
./ubiquitous_bash.sh _stopwatch gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} "$currentFile" & | |
while [[ $(jobs | wc -l) -ge 12 ]] | |
do | |
sleep 2 | |
done | |
done | |
wait | |
' | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: release! delete! package_image_before_noBoot | |
shell: bash | |
continue-on-error: true | |
run: | | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part00 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part01 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part02 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part03 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part04 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part05 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part06 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part07 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part08 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part09 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part10 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part11 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part12 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part13 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part14 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part15 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part16 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part17 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part18 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part19 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part20 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part21 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part22 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part23 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part24 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part25 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part26 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part27 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part28 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part29 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part30 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part31 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part32 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part33 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part34 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part35 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part36 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part37 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part38 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part39 --yes || true | |
gh release delete-asset build-${{ github.run_id }}-${{ github.run_attempt }} package_image_before_noBoot.tar.flx.part40 --yes || true | |
true | |
env: | |
GH_TOKEN: ${{ github.token }} | |
build-convert-rootfs: | |
needs: [build, build_release] | |
runs-on: ${{ github.event.inputs.DISABLE_ROOTFS != 'false' && 'ubuntu-latest' || github.event.inputs.runnerName == '' && 'ubuntu-latest-m' || github.event.inputs.runnerName }} | |
steps: | |
- name: RAND_SEED | |
shell: bash | |
run: | | |
echo "$RAND_SEED" | tee /dev/urandom > /dev/null | |
echo "$RAND_SEED" | tee /dev/random > /dev/null | |
echo "$RAND_SEED" | sudo -n tee /dev/urandom > /dev/null | |
echo "$RAND_SEED" | sudo -n tee /dev/random > /dev/null | |
env: | |
RAND_SEED: ${{ secrets.RAND_SEED }} | |
- name: report! API Rate Limit | |
shell: bash | |
run: | | |
curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ""${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit | |
#curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq -r ".rate" | |
- name: users | |
shell: bash | |
run: | | |
sudo -u ubuntu -n bash -c 'sudo -n useradd runner --non-unique -u $UID -g $UID' || true | |
sudo -u ubuntu -n bash -c 'sudo -n groupadd runner --non-unique -g $UID' || true | |
sudo -u runner -n bash -c 'sudo -n echo $USER $UID' || true | |
true | |
# https://github.com/easimon/maximize-build-space | |
- name: Maximize build space | |
if: ${{ github.event.inputs.DISABLE_ROOTFS == 'false' && github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
uses: easimon/maximize-build-space@master | |
with: | |
root-reserve-mb: 1625 | |
temp-reserve-mb: 50 | |
swap-size-mb: 2 | |
#remove-dotnet: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-dotnet: 'true' | |
#remove-android: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-android: 'true' | |
#remove-haskell: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-haskell: 'true' | |
#remove-codeql: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-codeql: 'true' | |
#remove-docker-images: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-docker-images: 'true' | |
- name: Maximize build space ! remove ONLY | |
if: ${{ github.event.inputs.DISABLE_ROOTFS == 'false' && ( github.event.inputs.runnerName == 'ubuntu-latest-m' || github.event.inputs.runnerName == 'ubuntu-latest-l' || github.event.inputs.runnerName == 'ubuntu-latest-h' ) }} | |
uses: AdityaGarg8/remove-unwanted-software@v4.1 | |
with: | |
remove-dotnet: 'true' | |
remove-android: 'true' | |
remove-haskell: 'true' | |
remove-codeql: 'true' | |
remove-docker-images: 'true' | |
remove-large-packages: 'true' | |
remove-cached-tools: 'true' | |
remove-swapfile: 'true' | |
verbose: 'false' | |
- name: df | |
shell: bash | |
run: | | |
df -h | |
df -h / | |
- name: _getCore_ub | |
shell: bash | |
run: | | |
mkdir -p ~/core/infrastructure | |
cd ~/core/infrastructure | |
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git | |
cd ubiquitous_bash | |
./_setupUbiquitous.bat | |
./ubiquitous_bash.sh _custom_splice_opensslConfig | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 1 | |
submodules: 'recursive' | |
- name: _getMinimal_cloud | |
shell: bash | |
run: | | |
! ./ubiquitous_bash.sh _getMinimal_cloud && exit 1 | |
true | |
#! sudo -n apt-get -y clean && exit 1 | |
df -h | |
df -h / | |
timeout-minutes: 355 | |
- name: _getMost-aria2 | |
shell: bash | |
run: | | |
sudo -n apt-get -y clean | |
sudo -n apt-get update | |
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y aria2 | |
timeout-minutes: 355 | |
- name: _test_hash_legacy | |
shell: bash | |
run: | | |
if [[ -e "/etc/ssl/openssl_legacy.cnf" ]] | |
then | |
echo -n | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 | |
exit ${PIPESTATUS[0]} | |
else | |
echo -n | openssl dgst -whirlpool -binary | xxd -p -c 256 | |
exit ${PIPESTATUS[0]} | |
fi | |
# ATTENTION: Either download recently built image from release, or create a DUMMY rootfs package. | |
# Usually, a DUMMY rootfs package should be created, as a derivative OS is normally created to reconfigure a bootable dist/OS for a special purpose, rather than to merely add features that could be added to the upstream ubdist/OS, and thus using a derivative dist/OS for WSL/docker/etc would not make sense. | |
# ### | |
- name: _get_vmImg_ubDistBuild | |
if: ${{ github.event.inputs.DISABLE_ROOTFS == 'false' }} | |
shell: bash | |
run: | | |
#export FORCE_AXEL=8 | |
#./ubiquitous_bash.sh _get_vmImg_ubDistBuild "latest" | |
# DANGER: Github Actions (strictly internal) ONLY! | |
#export FORCE_AXEL=8 | |
#export MANDATORY_HASH="true" | |
cd ./_local | |
rm -f hash-download.txt | |
../ubiquitous_bash.sh _wget_githubRelease_join-stdout "${{ github.repository }}" "" "package_image.tar.flx" 2> /dev/null | tee >(../ubiquitous_bash.sh _get_extract_ubDistBuild-tar --extract ./vm.img --to-stdout | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 > hash-download.txt) | ../ubiquitous_bash.sh _get_extract_ubDistBuild | |
#env: | |
#GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: fallocate --dig-holes | |
if: ${{ github.event.inputs.DISABLE_ROOTFS == 'false' }} | |
shell: bash | |
run: | | |
fallocate --dig-holes ./_local/vm.img | |
- name: _hash_img | |
if: ${{ github.event.inputs.DISABLE_ROOTFS == 'false' }} | |
shell: bash | |
run: | | |
export skimfast=${{ inputs.skimfast }} | |
echo $skimfast | |
#./ubiquitous_bash.sh _hash_img | |
cat _local/hash-download.txt | |
- name: _convert-rootfs | |
if: ${{ github.event.inputs.DISABLE_ROOTFS == 'false' }} | |
shell: bash | |
run: | | |
export current_diskConstrained="true" | |
./ubiquitous_bash.sh _convert_rm | |
./ubiquitous_bash.sh _convert-rootfs | sudo -n tee ./_convert-rootfs.log && exit ${PIPESTATUS[0]} | |
# ### | |
# ### | |
- name: DUMMY-rootfs | |
if: ${{ github.event.inputs.DISABLE_ROOTFS != 'false' }} | |
shell: bash | |
run: | | |
rm -f ./_local/package_rootfs.tar || true | |
rm -f ./_local/package_rootfs.tar.flx || true | |
#echo > ./_local/package_rootfs.tar | |
#echo > ./_local/package_rootfs.tar.flx | |
tar -cf - /dev/null > ./_local/package_rootfs.tar | |
tar -cf - /dev/null | lz4 -z --fast=1 - ./_local/package_rootfs.tar.flx | |
# ### | |
- name: _hash_rootfs | |
shell: bash | |
run: | | |
export skimfast=${{ inputs.skimfast }} | |
echo $skimfast | |
./ubiquitous_bash.sh _hash_rootfs | |
- name: _ubDistBuild_split-rootfs | |
shell: bash | |
run: | | |
./ubiquitous_bash.sh _ubDistBuild_split-rootfs | sudo -n tee ./_lib/_ubDistBuild_split-rootfs.log && exit ${PIPESTATUS[0]} | |
timeout-minutes: 355 | |
- name: df | |
shell: bash | |
run: | | |
df -h | |
df -h / | |
- name: release! package_rootfs | |
shell: bash | |
run: | | |
#gh release create build-${{ github.run_id }}-${{ github.run_attempt }} --title build --notes "" | |
bash -c ' | |
for currentFile in ./_local/package_rootfs.tar.flx.part* | |
do | |
./ubiquitous_bash.sh _stopwatch gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} "$currentFile" & | |
while [[ $(jobs | wc -l) -ge 3 ]] | |
do | |
sleep 2 | |
done | |
done | |
wait | |
' | |
env: | |
GH_TOKEN: ${{ github.token }} | |
#- name: _package_rm | |
#shell: bash | |
#run: | | |
#./ubiquitous_bash.sh _package_rm | |
build-convert-live: | |
needs: [build, build_release] | |
runs-on: ${{ github.event.inputs.runnerName == '' && 'ubuntu-latest-m' || github.event.inputs.runnerName }} | |
steps: | |
- name: RAND_SEED | |
shell: bash | |
run: | | |
echo "$RAND_SEED" | tee /dev/urandom > /dev/null | |
echo "$RAND_SEED" | tee /dev/random > /dev/null | |
echo "$RAND_SEED" | sudo -n tee /dev/urandom > /dev/null | |
echo "$RAND_SEED" | sudo -n tee /dev/random > /dev/null | |
env: | |
RAND_SEED: ${{ secrets.RAND_SEED }} | |
- name: users | |
shell: bash | |
run: | | |
sudo -u ubuntu -n bash -c 'sudo -n useradd runner --non-unique -u $UID -g $UID' || true | |
sudo -u ubuntu -n bash -c 'sudo -n groupadd runner --non-unique -g $UID' || true | |
sudo -u runner -n bash -c 'sudo -n echo $USER $UID' || true | |
true | |
# https://github.com/easimon/maximize-build-space | |
- name: Maximize build space | |
if: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
uses: easimon/maximize-build-space@master | |
with: | |
root-reserve-mb: 1625 | |
temp-reserve-mb: 50 | |
swap-size-mb: 2 | |
#remove-dotnet: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-dotnet: 'true' | |
#remove-android: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-android: 'true' | |
#remove-haskell: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-haskell: 'true' | |
#remove-codeql: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-codeql: 'true' | |
#remove-docker-images: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-docker-images: 'true' | |
- name: Maximize build space ! remove ONLY | |
if: ${{ github.event.inputs.runnerName == 'ubuntu-latest-m' || github.event.inputs.runnerName == 'ubuntu-latest-l' || github.event.inputs.runnerName == 'ubuntu-latest-h' }} | |
uses: AdityaGarg8/remove-unwanted-software@v4.1 | |
with: | |
remove-dotnet: 'true' | |
remove-android: 'true' | |
remove-haskell: 'true' | |
remove-codeql: 'true' | |
remove-docker-images: 'true' | |
remove-large-packages: 'true' | |
remove-cached-tools: 'true' | |
remove-swapfile: 'true' | |
verbose: 'false' | |
- name: df | |
shell: bash | |
run: | | |
df -h | |
df -h / | |
# https://github.com/orgs/community/discussions/8305 | |
# https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/ | |
# https://github.com/actions/runner-images/discussions/7191 | |
- name: _getCore_ub | |
shell: bash | |
timeout-minutes: 90 | |
run: | | |
mkdir -p ~/core/infrastructure | |
cd ~/core/infrastructure | |
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git | |
cd ubiquitous_bash | |
./_setupUbiquitous.bat | |
- name: _getMinimal_cloud | |
shell: bash | |
run: | | |
! ~/core/infrastructure/ubiquitous_bash/ubiquitous_bash.sh _getMinimal_cloud && exit 1 | |
true | |
#! sudo -n apt-get -y clean && exit 1 | |
df -h | |
df -h / | |
timeout-minutes: 90 | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: _getMinimal_cloud | |
shell: bash | |
run: | | |
! ./ubiquitous_bash.sh _getMinimal_cloud && exit 1 | |
true | |
#! sudo -n apt-get -y clean && exit 1 | |
df -h | |
df -h / | |
timeout-minutes: 355 | |
- name: _test_hash_legacy | |
shell: bash | |
run: | | |
if [[ -e "/etc/ssl/openssl_legacy.cnf" ]] | |
then | |
echo -n | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 | |
exit ${PIPESTATUS[0]} | |
else | |
echo -n | openssl dgst -whirlpool -binary | xxd -p -c 256 | |
exit ${PIPESTATUS[0]} | |
fi | |
- name: _get_vmImg_ubDistBuild | |
shell: bash | |
run: | | |
#export FORCE_AXEL=8 | |
#./ubiquitous_bash.sh _get_vmImg_ubDistBuild "latest" | |
# DANGER: Github Actions (strictly internal) ONLY! | |
#export FORCE_AXEL=8 | |
#export MANDATORY_HASH="true" | |
cd ./_local | |
rm -f hash-download.txt | |
../ubiquitous_bash.sh _wget_githubRelease_join-stdout "${{ github.repository }}" "" "package_image.tar.flx" 2> /dev/null | tee >(../ubiquitous_bash.sh _get_extract_ubDistBuild-tar --extract ./vm.img --to-stdout | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 > hash-download.txt) | ../ubiquitous_bash.sh _get_extract_ubDistBuild | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: fallocate --dig-holes | |
shell: bash | |
run: | | |
fallocate --dig-holes ./_local/vm.img | |
- name: _hash_img | |
shell: bash | |
run: | | |
export skimfast=${{ inputs.skimfast }} | |
echo $skimfast | |
#./ubiquitous_bash.sh _hash_img | |
cat _local/hash-download.txt | |
- name: _fetchAccessories extendedInterface | |
shell: bash | |
run: | | |
cd _local | |
git clone https://github.com/mirage335-colossus/extendedInterface.git | |
cd extendedInterface | |
mkdir -p ../extendedInterface-accessories/integrations/ubcp | |
curl -L -o ../extendedInterface-accessories/integrations/ubcp/package_ubcp-core.7z $(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/mirage335-colossus/ubiquitous_bash/releases" | jq -r ".[] | select(.name == \"internal\") | .assets[] | select(.name == \"package_ubcp-core.7z\") | .browser_download_url" | sort -n -r | head -n1) | |
./ubiquitous_bash.sh _build_extendedInterface-fetch | sudo -n tee ../../_lib/_extendedInterface.log && exit ${PIPESTATUS[0]} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: _fetchAccessories ubDistBuild | |
shell: bash | |
run: | | |
cd _local | |
git clone https://github.com/soaringDistributions/ubDistBuild.git | |
cd ubDistBuild | |
mkdir -p ../ubDistBuild-accessories/integrations/ubcp | |
curl -L -o ../ubDistBuild-accessories/integrations/ubcp/package_ubcp-core.7z $(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/mirage335-colossus/ubiquitous_bash/releases" | jq -r ".[] | select(.name == \"internal\") | .assets[] | select(.name == \"package_ubcp-core.7z\") | .browser_download_url" | sort -n -r | head -n1) | |
./ubiquitous_bash.sh _build_ubDistBuild-fetch | sudo -n tee ../../_lib/_ubDistBuild.log && exit ${PIPESTATUS[0]} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: _convert-live _create_ubDistBuild_feedAccessories | |
shell: bash | |
run: | | |
export current_diskConstrained="true" | |
./ubiquitous_bash.sh _convert_rm | |
./ubiquitous_bash.sh _create_ubDistBuild_feedAccessories | sudo -n tee ./_create_ubDistBuild_feedAccessories.log && exit ${PIPESTATUS[0]} | |
./ubiquitous_bash.sh _safeRMR ./_local/livefs | |
true | |
# DANGER: GitHub Actions ONLY! | |
- name: _create_ubDistBuild_feedAccessories rm | |
shell: bash | |
run: | | |
rm -rf ../extendedInterface-accessories | |
[[ -e ../extendedInterface-accessories ]] && exit 1 || true | |
rm -rf ../ubDistBuild-accessories | |
[[ -e ../ubDistBuild-accessories ]] && exit 1 || true | |
# DANGER: GitHub Actions ONLY! | |
- name: _fetchAccessories rm | |
shell: bash | |
run: | | |
cd _local | |
rm -rf extendedInterface | |
[[ -e extendedInterface ]] && exit 1 || true | |
rm -rf ubDistBuild | |
[[ -e ubDistBuild ]] && exit 1 || true | |
- name: _convert-live _convert-live_ISO | |
shell: bash | |
run: | | |
export current_diskConstrained="true" | |
./ubiquitous_bash.sh _convert_rm | |
./ubiquitous_bash.sh _convert-live_ISO | sudo -n tee ./_convert-live_ISO.log && exit ${PIPESTATUS[0]} | |
./ubiquitous_bash.sh _safeRMR ./_local/livefs | |
true | |
- name: _convert-live log | |
shell: bash | |
run: | | |
#./_create_ubDistBuild_feedAccessories.log | |
cat ./_convert-live_ISO.log | sudo -n tee ./_convert-live.log && exit ${PIPESTATUS[0]} | |
- name: _hash_live | |
shell: bash | |
run: | | |
export skimfast=${{ inputs.skimfast }} | |
echo $skimfast | |
./ubiquitous_bash.sh _hash_live | |
- name: _ubDistBuild_split-live | |
shell: bash | |
run: | | |
./ubiquitous_bash.sh _ubDistBuild_split-live | |
- name: df | |
shell: bash | |
run: | | |
df -h | |
df -h / | |
- name: release! live | |
shell: bash | |
run: | | |
#gh release create build-${{ github.run_id }}-${{ github.run_attempt }} --title build --notes "" | |
bash -c ' | |
for currentFile in ./_local/vm-live.iso.part* | |
do | |
./ubiquitous_bash.sh _stopwatch gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} "$currentFile" & | |
while [[ $(jobs | wc -l) -ge 3 ]] | |
do | |
sleep 2 | |
done | |
done | |
wait | |
' | |
env: | |
GH_TOKEN: ${{ github.token }} | |
#- name: _package_rm | |
#shell: bash | |
#run: | | |
#./ubiquitous_bash.sh _package_rm | |
build-hash: | |
needs: [build, build-convert-rootfs, build-convert-live] | |
runs-on: ubuntu-latest | |
#runs-on: ${{ github.event.inputs.runnerName == '' && 'ubuntu-latest' || github.event.inputs.runnerName }} | |
steps: | |
- name: report! API Rate Limit | |
shell: bash | |
run: | | |
curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ""${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit | |
#curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq -r ".rate" | |
- name: users | |
shell: bash | |
run: | | |
sudo -u ubuntu -n bash -c 'sudo -n useradd runner --non-unique -u $UID -g $UID' || true | |
sudo -u ubuntu -n bash -c 'sudo -n groupadd runner --non-unique -g $UID' || true | |
sudo -u runner -n bash -c 'sudo -n echo $USER $UID' || true | |
true | |
# https://github.com/easimon/maximize-build-space | |
- name: Maximize build space | |
if: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
uses: easimon/maximize-build-space@master | |
with: | |
root-reserve-mb: 1625 | |
temp-reserve-mb: 50 | |
swap-size-mb: 2 | |
#remove-dotnet: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-dotnet: 'true' | |
#remove-android: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-android: 'true' | |
#remove-haskell: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-haskell: 'true' | |
#remove-codeql: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-codeql: 'true' | |
#remove-docker-images: ${{ github.event.inputs.runnerName != 'ubuntu-latest-m' && github.event.inputs.runnerName != 'ubuntu-latest-l' && github.event.inputs.runnerName != 'ubuntu-latest-h' }} | |
remove-docker-images: 'true' | |
- name: Maximize build space ! remove ONLY | |
if: ${{ github.event.inputs.runnerName == 'ubuntu-latest-m' || github.event.inputs.runnerName == 'ubuntu-latest-l' || github.event.inputs.runnerName == 'ubuntu-latest-h' }} | |
uses: AdityaGarg8/remove-unwanted-software@v4.1 | |
with: | |
remove-dotnet: 'true' | |
remove-android: 'true' | |
remove-haskell: 'true' | |
remove-codeql: 'true' | |
remove-docker-images: 'true' | |
remove-large-packages: 'true' | |
remove-cached-tools: 'true' | |
remove-swapfile: 'true' | |
verbose: 'false' | |
- name: df | |
shell: bash | |
run: | | |
df -h | |
df -h / | |
- name: _getCore_ub | |
shell: bash | |
run: | | |
mkdir -p ~/core/infrastructure | |
cd ~/core/infrastructure | |
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git | |
cd ubiquitous_bash | |
./_setupUbiquitous.bat | |
./ubiquitous_bash.sh _custom_splice_opensslConfig | |
#- name: _getMinimal_cloud | |
#shell: bash | |
#run: | | |
#! ~/core/infrastructure/ubiquitous_bash/ubiquitous_bash.sh _getMinimal_cloud && exit 1 | |
#true | |
##! sudo -n apt-get -y clean && exit 1 | |
#df -h | |
#df -h / | |
- name: _getMost-aria2 | |
shell: bash | |
run: | | |
sudo -n apt-get -y clean | |
sudo -n apt-get update | |
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y aria2 | |
timeout-minutes: 355 | |
- name: _getMost-aria2 | |
shell: bash | |
run: | | |
sudo -n apt-get -y clean | |
sudo -n apt-get update | |
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y aria2 | |
timeout-minutes: 355 | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: _test_hash_legacy | |
shell: bash | |
run: | | |
if [[ -e "/etc/ssl/openssl_legacy.cnf" ]] | |
then | |
echo -n | env OPENSSL_CONF="/etc/ssl/openssl_legacy.cnf" openssl dgst -whirlpool -binary | xxd -p -c 256 | |
exit ${PIPESTATUS[0]} | |
else | |
echo -n | openssl dgst -whirlpool -binary | xxd -p -c 256 | |
exit ${PIPESTATUS[0]} | |
fi | |
#- name: txt-stat/tboot | |
#shell: bash | |
#run: | | |
#cat /proc/cpuinfo | grep 'model name' | |
#echo | |
#sudo -n txt-stat || true | |
#true | |
- name: sev/AMD | |
shell: bash | |
run: | | |
cat /proc/cpuinfo | grep 'model name' | |
echo | |
echo 'cat /sys/module/kvm_amd/parameters/sev' | |
cat /sys/module/kvm_amd/parameters/sev || true | |
echo 'dmesg | grep -i sev' | |
sudo -n dmesg | grep -i sev || true | |
true | |
- name: sgx/Intel | |
shell: bash | |
run: | | |
cat /proc/cpuinfo | grep 'model name' | |
echo | |
echo 'grep sgx /proc/cpuinfo' | |
grep sgx /proc/cpuinfo || true | |
echo 'dmesg | grep sgx' | |
sudo -n dmesg | grep -i sgx || true | |
# Apparently normal: ' sgx: [Firmware Bug]: Unable to map EPC section to online node. Fallback to the NUMA node 0. ' | |
true | |
# ATTENTION: _prog-ops/hash-custom.sh | |
- name: _hash_ubdist-fast | |
shell: bash | |
run: | | |
export skimfast=${{ inputs.skimfast }} | |
echo $skimfast | |
#export FORCE_AXEL=8 | |
#export MANDATORY_HASH="true" | |
./ubiquitous_bash.sh _hash_ubdist-fast | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: hash ___________________________ | |
shell: bash | |
run: | | |
cat ./_local/_hash-ubdist.txt | |
- name: artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: _hash-ubdist.txt | |
path: | | |
./_local/_hash-ubdist.txt | |
- name: release! hash | |
shell: bash | |
run: | | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/_hash-ubdist.txt | |
env: | |
GH_TOKEN: ${{ github.token }} | |
build-analysis: | |
needs: [build, build_release] | |
runs-on: ubuntu-latest | |
steps: | |
- name: report! API Rate Limit | |
shell: bash | |
run: | | |
curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ""${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/rate_limit | |
#curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq -r ".rate" | |
- name: _getCore_ub | |
shell: bash | |
run: | | |
mkdir -p ~/core/infrastructure | |
cd ~/core/infrastructure | |
git clone --depth 1 --recursive https://github.com/mirage335-colossus/ubiquitous_bash.git | |
cd ubiquitous_bash | |
./_setupUbiquitous.bat | |
./ubiquitous_bash.sh _custom_splice_opensslConfig | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 1 | |
submodules: 'recursive' | |
- name: _getMinimal_cloud | |
shell: bash | |
run: | | |
! ./ubiquitous_bash.sh _getMinimal_cloud && exit 1 | |
true | |
#! sudo -n apt-get -y clean && exit 1 | |
df -h | |
df -h / | |
timeout-minutes: 355 | |
- name: _getMost-aria2 | |
shell: bash | |
run: | | |
sudo -n apt-get -y clean | |
sudo -n apt-get update | |
sudo -n env DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install --install-recommends -y aria2 | |
timeout-minutes: 355 | |
- name: analysis! missing-binaries | |
shell: bash | |
run: | | |
mkdir -p ./_local/analysis | |
#cp ./_local/lsmodReport ./_local/analysis/lsmodReport | |
#cp ./_local/binReport ./_local/analysis/binReport | |
#cp ./_local/coreReport ./_local/analysis/coreReport | |
#cp ./_local/dpkg ./_local/analysis/dpkg | |
cd ./_local/analysis | |
# Get the list of releases | |
RELEASES=$(curl -s -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/"${{ github.repository }}"/releases) | |
# Download binReport file for the current release | |
curl -s -H "Authorization: token $GH_TOKEN" -L -o "lsmodReport-$currentReleaseTag" "https://github.com/"${{ github.repository }}"/releases/download/$currentReleaseTag/lsmodReport" | |
curl -s -H "Authorization: token $GH_TOKEN" -L -o "binReport-$currentReleaseTag" "https://github.com/"${{ github.repository }}"/releases/download/$currentReleaseTag/binReport" | |
curl -s -H "Authorization: token $GH_TOKEN" -L -o "coreReport-$currentReleaseTag" "https://github.com/"${{ github.repository }}"/releases/download/$currentReleaseTag/coreReport" | |
curl -s -H "Authorization: token $GH_TOKEN" -L -o "dpkg-$currentReleaseTag" "https://github.com/"${{ github.repository }}"/releases/download/$currentReleaseTag/dpkg" | |
# Loop through each release | |
for RELEASE in $(echo "$RELEASES" | jq -r '.[].tag_name' | sort --reverse); do | |
# Compare the list of binaries in this release to the current release | |
if [ "$RELEASE" != "$currentReleaseTag" ]; then | |
# Download the binReport file for this release | |
curl -s -H "Authorization: token $GH_TOKEN" -L -o "lsmodReport-$RELEASE" "https://github.com/"${{ github.repository }}"/releases/download/$RELEASE/lsmodReport" | |
curl -s -H "Authorization: token $GH_TOKEN" -L -o "binReport-$RELEASE" "https://github.com/"${{ github.repository }}"/releases/download/$RELEASE/binReport" | |
curl -s -H "Authorization: token $GH_TOKEN" -L -o "coreReport-$RELEASE" "https://github.com/"${{ github.repository }}"/releases/download/$RELEASE/coreReport" | |
curl -s -H "Authorization: token $GH_TOKEN" -L -o "dpkg-$RELEASE" "https://github.com/"${{ github.repository }}"/releases/download/$RELEASE/dpkg" | |
echo | tee -a ./missing-lsmodReport | |
echo "Binaries (lsmod) loaded in $RELEASE but not in currentRelease $currentReleaseTag:" | tee -a ./missing-lsmodReport | |
comm -23 <(sort "lsmodReport-$RELEASE") <(sort "lsmodReport-$currentReleaseTag") | tee -a ./missing-lsmodReport | |
echo | tee -a ./missing-binReport | |
echo "Binaries (filesystem) in $RELEASE but not in currentRelease $currentReleaseTag:" | tee -a ./missing-binReport | |
comm -23 <(sort "binReport-$RELEASE") <(sort "binReport-$currentReleaseTag") | tee -a ./missing-binReport | |
echo | tee -a ./missing-coreReport | |
echo "Binaries (core) in $RELEASE but not in currentRelease $currentReleaseTag:" | tee -a ./missing-coreReport | |
comm -23 <(sort "coreReport-$RELEASE") <(sort "coreReport-$currentReleaseTag") | tee -a ./missing-coreReport | |
echo | tee -a ./missing-dpkg | |
echo "Binaries (dpkg) in $RELEASE but not in currentRelease $currentReleaseTag:" | tee -a ./missing-dpkg | |
comm -23 <(sort "dpkg-$RELEASE") <(sort "dpkg-$currentReleaseTag") | tee -a ./missing-dpkg | |
fi | |
done | |
env: | |
currentReleaseTag: build-${{ github.run_id }}-${{ github.run_attempt }} | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: release! analysis! missing-binaries | |
shell: bash | |
run: | | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/analysis/missing-lsmodReport | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/analysis/missing-binReport | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/analysis/missing-coreReport | |
gh release upload build-${{ github.run_id }}-${{ github.run_attempt }} ./_local/analysis/missing-dpkg | |
env: | |
GH_TOKEN: ${{ github.token }} | |