instrument-cluster-os/.github/workflows/ci.yml at main · chrshdl/instrument-cluster-os · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: CI instrument-cluster

on:
  push:
    tags: [ 'v*' ]
  pull_request:
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        board: [raspberrypi4-64]
    steps:
      - name: Free disk space
        uses: endersonmenezes/free-disk-space@v3
        with:
          remove_android: true
          remove_tool_cache: true

      - name: Install host dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y \
            build-essential git python3 unzip rsync bc libncurses5-dev \
            bison flex cpio wget libssl-dev libgnutls28-dev

      - name: Checkout this repo
        uses: actions/checkout@v4

      - name: Checkout Buildroot 2025.02.10
        uses: actions/checkout@v4
        with:
          repository: "buildroot/buildroot"
          ref: "2025.02.10"
          path: buildroot

      - name: Build for ${{ matrix.board }}
        run: |
          make -C buildroot BR2_EXTERNAL=../ O=../output ${{ matrix.board }}_defconfig
          make -C buildroot O=../output

      - name: Create RAUC Bundle
        env:
          RAUC_CERT: ${{ secrets.RAUC_CERT_PEM }}
          RAUC_KEY: ${{ secrets.RAUC_KEY_PEM }}
        run: |
          if [[ -z "$RAUC_CERT" ]] || [[ -z "$RAUC_KEY" ]]; then
            echo "::error::Secrets RAUC_CERT_PEM or RAUC_KEY_PEM are missing!"
            exit 1
          fi

          if [[ "${{ matrix.board }}" == "raspberrypi4-64" ]]; then
              COMPAT="InstrumentCluster-RPi4"
          else
              COMPAT="InstrumentCluster-RPi5"
          fi

          VERSION="${{ github.ref_name }}.${{ github.run_number }}"
          BUNDLE_DIR="board/${{ matrix.board }}/rauc-bundle-manifest"

          sed -i "s/@BOARD_COMPATIBLE@/$COMPAT/g" "$BUNDLE_DIR/manifest.raucm"
          sed -i "s/@BUILD_VERSION@/$VERSION/g" "$BUNDLE_DIR/manifest.raucm"

          echo "Checking rootfs integrity..."
          /sbin/e2fsck -nf output/images/rootfs.ext4 || echo "::warning::Filesystem check reported issues"

          cp output/images/rootfs.ext4 "$BUNDLE_DIR/rootfs.ext4"

          mkdir -p keys
          cat <<< "$RAUC_CERT" > keys/cert.pem
          cat <<< "$RAUC_KEY" > keys/key.pem
          chmod 600 keys/key.pem

          echo "Bundling and Signing..."
          ./output/host/bin/rauc bundle \
            --cert keys/cert.pem \
            --key keys/key.pem \
            --keyring keys/cert.pem \
            "$BUNDLE_DIR/" \
            output/images/update-${{ matrix.board }}.raucb

          ./output/host/bin/rauc info \
            --keyring keys/cert.pem \
            output/images/update-${{ matrix.board }}.raucb

          shred -u keys/key.pem
          rm "$BUNDLE_DIR/rootfs.ext4"

      - name: Rename Factory Image
        run: |
          mv output/images/sdcard.img output/images/factory-${{ matrix.board }}.img

      - name: Upload to Release
        if: startsWith(github.ref, 'refs/tags/')
        uses: softprops/action-gh-release@v2
        with:
          files: |
            output/images/factory-${{ matrix.board }}.img
            output/images/update-${{ matrix.board }}.raucb
        env:
          GITHUB_TOKEN: ${{ secrets.INSTRUMENT_CLUSTER_OS_RELEASE_PAT }}