From 26c101edc3e918be4fbfe76b3514d1c8398f7d31 Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Fri, 9 Oct 2020 15:31:01 -1000 Subject: [PATCH] CI: remove CircleCI for now The GitHub CI offers currenlty more architecture and the Signed-of-by test is covered via the DOC CI test. In case GitHub ever changes policies, we can simply switch back. Signed-off-by: Paul Spooren --- .circleci/Dockerfile | 93 ---------------------- .circleci/README | 6 -- .circleci/config.yml | 182 ------------------------------------------- 3 files changed, 281 deletions(-) delete mode 100644 .circleci/Dockerfile delete mode 100644 .circleci/README delete mode 100644 .circleci/config.yml diff --git a/.circleci/Dockerfile b/.circleci/Dockerfile deleted file mode 100644 index b2914c38b9..0000000000 --- a/.circleci/Dockerfile +++ /dev/null @@ -1,93 +0,0 @@ -FROM debian:10 - - -# Configuration version history -# v1.0 - Initial version by Etienne Champetier -# v1.0.1 - Run as non-root, add unzip, xz-utils -# v1.0.2 - Add bzr -# v1.0.3 - Verify usign signatures -# v1.0.4 - Add support for Python3 -# v1.0.5 - Add 19.07 public keys, verify keys -# v1.0.6 - Add 21.02 public keys, update Debian image to version 10, add rsync -# v1.0.7 - Add 22.03 public keys, 18.06 v2 gpg key, 18.06 usign key - -RUN apt update && apt install -y \ -build-essential \ -bzr \ -curl \ -jq \ -gawk \ -gettext \ -git \ -libncurses5-dev \ -libssl-dev \ -python \ -python3 \ -signify-openbsd \ -subversion \ -rsync \ -time \ -unzip \ -wget \ -xz-utils \ -zlib1g-dev \ -&& rm -rf /var/lib/apt/lists/* - -RUN useradd -c "OpenWrt Builder" -m -d /home/build -s /bin/bash build -USER build -ENV HOME /home/build - -# OpenWrt Build System (PGP key for unattended snapshot builds) -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/626471F1.asc' | gpg --import \ - && gpg --fingerprint --with-colons '' | grep '^fpr:::::::::54CC74307A2C6DC9CE618269CD84BCED626471F1:$' \ - && echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust - -# OpenWrt Build System (PGP key for 17.01 "Reboot" release builds) -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/D52BBB6B.asc' | gpg --import \ - && gpg --fingerprint --with-colons '' | grep '^fpr:::::::::B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:$' \ - && echo 'B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:6:' | gpg --import-ownertrust - -# OpenWrt Release Builder (18.06 Signing Key) -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/17E1CE16.asc' | gpg --import \ - && gpg --fingerprint --with-colons '' | grep '^fpr:::::::::6768C55E79B032D77A28DA5F0F20257417E1CE16:$' \ - && echo '6768C55E79B032D77A28DA5F0F20257417E1CE16:6:' | gpg --import-ownertrust - -# OpenWrt Build System (PGP key for 18.06 release builds) -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/15807931.asc' | gpg --import \ - && gpg --fingerprint --with-colons '' | grep '^fpr:::::::::AD0507363D2BCE9C9E36CEC4FBCB78F015807931:$' \ - && echo 'AD0507363D2BCE9C9E36CEC4FBCB78F015807931:6:' | gpg --import-ownertrust - -# OpenWrt Build System (PGP key for 19.07 release builds) -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/2074BE7A.asc' | gpg --import \ - && gpg --fingerprint --with-colons '' | grep '^fpr:::::::::D9C6901F45C9B86858687DFF28A39BC32074BE7A:$' \ - && echo 'D9C6901F45C9B86858687DFF28A39BC32074BE7A:6:' | gpg --import-ownertrust - -# OpenWrt Build System (PGP key for 21.02 release builds) -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/88CA59E8.asc' | gpg --import \ - && gpg --fingerprint --with-colons '' | grep '^fpr:::::::::667205E379BAF348863A5C6688CA59E88F681580:$' \ - && echo '667205E379BAF348863A5C6688CA59E88F681580:6:' | gpg --import-ownertrust - -# OpenWrt Build System (GnuPGP key for 22.03 release builds) -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/CD54E82DADB3684D.asc' | gpg --import \ - && gpg --fingerprint --with-colons '' | grep '^fpr:::::::::BF856781A01293C8409ABE72CD54E82DADB3684D:$' \ - && echo 'BF856781A01293C8409ABE72CD54E82DADB3684D:6:' | gpg --import-ownertrust - -# untrusted comment: Public usign key for unattended snapshot builds -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/b5043e70f9a75cde' --create-dirs -o /home/build/usign/b5043e70f9a75cde \ - && echo 'd7ac10f9ed1b38033855f3d27c9327d558444fca804c685b17d9dcfb0648228f */home/build/usign/b5043e70f9a75cde' | sha256sum --check - -# untrusted comment: Public usign key for 18.06 release builds -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/1035ac73cc4e59e3' --create-dirs -o /home/build/usign/1035ac73cc4e59e3 \ - && echo '8dc2e7f5c4e634437e6641f4df77a18bf59f0c8e9016c8ba4be5d4a0111e68c2 */home/build/usign/1035ac73cc4e59e3' | sha256sum --check - -# untrusted comment: Public usign key for 19.07 release builds -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/f94b9dd6febac963' --create-dirs -o /home/build/usign/f94b9dd6febac963 \ - && echo 'b1d09457cfbc36fccfe18382d65c54a2ade3e7fd3902da490a53aa517b512755 */home/build/usign/f94b9dd6febac963' | sha256sum --check - -# untrusted comment: Public usign key for 21.02 release builds -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/2f8b0b98e08306bf' --create-dirs -o /home/build/usign/2f8b0b98e08306bf \ - && echo 'd102bdd75421c62490b97f520f9db06aadb44ad408b244755d26e96ea5cd3b7f */home/build/usign/2f8b0b98e08306bf' | sha256sum --check - -# untrusted comment: Public usign key for 22.03 release builds -RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/4d017e6f1ed5d616' --create-dirs -o /home/build/usign/4d017e6f1ed5d616 \ - && echo 'f3c5fdf447d7c2743442e68077d60acc7c3e91754849e1f4b6be837b4204b7e2 */home/build/usign/4d017e6f1ed5d616' | sha256sum --check diff --git a/.circleci/README b/.circleci/README deleted file mode 100644 index 8626412c7b..0000000000 --- a/.circleci/README +++ /dev/null @@ -1,6 +0,0 @@ -# Build/update the docker image - -docker pull debian:10 -docker build --rm -t docker.io/openwrtorg/packages-cci:latest . -docker tag docker.io/openwrtorg/packages-cci: -docker push docker.io/openwrtorg/packages-cci diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index 305813734c..0000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,182 +0,0 @@ -version: 2.0 -jobs: - build: - docker: - - image: docker.io/openwrtorg/packages-cci:v1.0.7 - environment: - - SDK_HOST: "downloads.openwrt.org" - - SDK_PATH: "snapshots/targets/ath79/generic" - - SDK_FILE: "openwrt-sdk-ath79-generic_*.Linux-x86_64.tar.xz" - - BRANCH: "master" - steps: - - checkout: - path: ~/openwrt_packages - - - run: - name: Check changes / verify commits - working_directory: ~/openwrt_packages - command: | - cat >> $BASH_ENV <: ' ($subject)" - RET=1 - fi - - body="$(git show -s --format=%b $commit)" - sob="$(git show -s --format='Signed-off-by: %aN <%aE>' $commit)" - if echo "$body" | grep -qF "$sob"; then - echo_green "Signed-off-by match author" - else - echo_red "Signed-off-by is missing or doesn't match author (should be '$sob')" - RET=1 - fi - done - - exit $RET - - - run: - name: Download the SDK - working_directory: ~/sdk - command: | - curl "https://$SDK_HOST/$SDK_PATH/sha256sums" -sS -o sha256sums - curl "https://$SDK_HOST/$SDK_PATH/sha256sums.asc" -fs -o sha256sums.asc || true - curl "https://$SDK_HOST/$SDK_PATH/sha256sums.sig" -fs -o sha256sums.sig || true - if [ ! -f sha256sums.asc ] && [ ! -f sha256sums.sig ]; then - echo_red "Missing sha256sums signature files" - exit 1 - fi - [ ! -f sha256sums.asc ] || gpg --with-fingerprint --verify sha256sums.asc sha256sums - if [ -f sha256sums.sig ]; then - VERIFIED= - for KEY in ~/usign/*; do - echo "Trying $KEY..." - if signify-openbsd -V -q -p "$KEY" -x sha256sums.sig -m sha256sums; then - echo "...verified" - VERIFIED=1 - break - fi - done - if [ -z "$VERIFIED" ]; then - echo_red "Could not verify usign signature" - exit 1 - fi - fi - rsync -av "$SDK_HOST::downloads/$SDK_PATH/$SDK_FILE" . - sha256sum -c --ignore-missing sha256sums - - - run: - name: Prepare build_dir - working_directory: ~/build_dir - command: | - tar Jxf ~/sdk/$SDK_FILE --strip=1 - touch .config - make prepare-tmpinfo scripts/config/conf - ./scripts/config/conf --defconfig=.config Config.in - make prereq - rm .config - cat > feeds.conf < /dev/null - make defconfig > /dev/null - # enable BUILD_LOG - sed -i 's/# CONFIG_BUILD_LOG is not set/CONFIG_BUILD_LOG=y/' .config - - - run: - name: Install & download source, check package, compile - working_directory: ~/build_dir - command: | - set +o pipefail - PKGS=$(cd ~/openwrt_packages; git diff --diff-filter=d --name-only "origin/$BRANCH..." | grep 'Makefile$' | grep -Ev '/files/|/src/' | awk -F/ '{ print $(NF-1) }') - if [ -z "$PKGS" ] ; then - echo_blue "WARNING: No new or modified packages found!" - exit 0 - fi - - echo_blue "=== Found new/modified packages: $PKGS" - for PKG in $PKGS ; do - echo_blue "===+ Install: $PKG" - ./scripts/feeds install "$PKG" - - echo_blue "===+ Download: $PKG" - make "package/$PKG/download" V=s - - echo_blue "===+ Check package: $PKG" - make "package/$PKG/check" V=s 2>&1 | tee logtmp - RET=${PIPESTATUS[0]} - - if [ $RET -ne 0 ]; then - echo_red "=> Package check failed: $RET)" - exit $RET - fi - - badhash_msg="HASH does not match " - badhash_msg+="|HASH uses deprecated hash," - badhash_msg+="|HASH is missing," - if grep -qE "$badhash_msg" logtmp; then - echo_red "=> Package HASH check failed" - exit 1 - fi - echo_green "=> Package check OK" - done - - make \ - -f .config \ - -f tmp/.packagedeps \ - -f <(echo '$(info $(sort $(package-y) $(package-m)))'; echo -en 'a:\n\t@:') \ - | tr ' ' '\n' >enabled-package-subdirs.txt - for PKG in $PKGS ; do - if ! grep -m1 -qE "(^|/)$PKG$" enabled-package-subdirs.txt; then - echo_red "===+ Building: $PKG skipped. It cannot be enabled with $SDK_FILE" - continue - fi - echo_blue "===+ Building: $PKG" - make "package/$PKG/compile" -j3 V=s || { - RET=$? - echo_red "===+ Building: $PKG failed, rebuilding with -j1 for human readable error log" - make "package/$PKG/compile" -j1 V=s; exit $RET - } - done - - - store_artifacts: - path: ~/build_dir/logs - - - store_artifacts: - path: ~/build_dir/bin - -workflows: - version: 2 - buildpr: - jobs: - - build: - filters: - branches: - ignore: master -- 2.30.2