From 81f89ce267cd62313491f5d3cc88f29f0bc5baf7 Mon Sep 17 00:00:00 2001 From: Moritz Warning Date: Sat, 29 Aug 2020 14:07:04 +0200 Subject: [PATCH] add circlei --- .circleci/Dockerfile | 63 +++++++++ .circleci/README | 6 + .circleci/config.yml | 182 +++++++++++++++++++++++++ .github/issue_template | 16 +++ .github/pull_request_template | 5 + .keys/626471F1.asc | 64 +++++++++ .keys/D52BBB6B.asc | 30 +++++ .travis.yml | 16 +++ .travis_do.sh | 244 ++++++++++++++++++++++++++++++++++ 9 files changed, 626 insertions(+) create mode 100644 .circleci/Dockerfile create mode 100644 .circleci/README create mode 100644 .circleci/config.yml create mode 100644 .github/issue_template create mode 100644 .github/pull_request_template create mode 100644 .keys/626471F1.asc create mode 100644 .keys/D52BBB6B.asc create mode 100644 .travis.yml create mode 100755 .travis_do.sh diff --git a/.circleci/Dockerfile b/.circleci/Dockerfile new file mode 100644 index 0000000..342a09b --- /dev/null +++ b/.circleci/Dockerfile @@ -0,0 +1,63 @@ +FROM debian:9 + + +# Configuration version history +# v1.0 - Initial version by Etienne Champetier +# v1.0.1 - Run as non-root, add unzip, xz-utils +# v1.0.2 - Add bzr +# v1.0.3 - Verify usign signatures +# v1.0.4 - Add support for Python3 +# v1.0.5 - Add 19.07 public keys, verify keys + +RUN apt update && apt install -y \ +build-essential \ +bzr \ +curl \ +jq \ +gawk \ +gettext \ +git \ +libncurses5-dev \ +libssl-dev \ +python \ +python3 \ +signify-openbsd \ +subversion \ +time \ +unzip \ +wget \ +xz-utils \ +zlib1g-dev \ +&& rm -rf /var/lib/apt/lists/* + +RUN useradd -c "OpenWrt Builder" -m -d /home/build -s /bin/bash build +USER build +ENV HOME /home/build + +# OpenWrt Build System (PGP key for unattended snapshot builds) +RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/626471F1.asc' | gpg --import \ + && gpg --fingerprint --with-colons '' | grep '^fpr:::::::::54CC74307A2C6DC9CE618269CD84BCED626471F1:$' \ + && echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust + +# OpenWrt Build System (PGP key for 17.01 "Reboot" release builds) +RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/D52BBB6B.asc' | gpg --import \ + && gpg --fingerprint --with-colons '' | grep '^fpr:::::::::B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:$' \ + && echo 'B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:6:' | gpg --import-ownertrust + +# OpenWrt Release Builder (18.06 Signing Key) +RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/17E1CE16.asc' | gpg --import \ + && gpg --fingerprint --with-colons '' | grep '^fpr:::::::::6768C55E79B032D77A28DA5F0F20257417E1CE16:$' \ + && echo '6768C55E79B032D77A28DA5F0F20257417E1CE16:6:' | gpg --import-ownertrust + +# OpenWrt Build System (PGP key for 19.07 release builds) +RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/2074BE7A.asc' | gpg --import \ + && gpg --fingerprint --with-colons '' | grep '^fpr:::::::::D9C6901F45C9B86858687DFF28A39BC32074BE7A:$' \ + && echo 'D9C6901F45C9B86858687DFF28A39BC32074BE7A:6:' | gpg --import-ownertrust + +# untrusted comment: Public usign key for unattended snapshot builds +RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/b5043e70f9a75cde' --create-dirs -o /home/build/usign/b5043e70f9a75cde \ + && echo 'd7ac10f9ed1b38033855f3d27c9327d558444fca804c685b17d9dcfb0648228f */home/build/usign/b5043e70f9a75cde' | sha256sum --check + +# untrusted comment: Public usign key for 19.07 release builds +RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/f94b9dd6febac963' --create-dirs -o /home/build/usign/f94b9dd6febac963 \ + && echo 'b1d09457cfbc36fccfe18382d65c54a2ade3e7fd3902da490a53aa517b512755 */home/build/usign/f94b9dd6febac963' | sha256sum --check diff --git a/.circleci/README b/.circleci/README new file mode 100644 index 0000000..8b26582 --- /dev/null +++ b/.circleci/README @@ -0,0 +1,6 @@ +# Build/update the docker image + +docker pull debian:9 +docker build --rm -t docker.io/openwrtorg/packages-cci:latest . +docker tag docker.io/openwrtorg/packages-cci: +docker push docker.io/openwrtorg/packages-cci diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..014c09b --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,182 @@ +version: 2.0 +jobs: + build: + docker: + - image: docker.io/openwrtorg/packages-cci:v1.0.5 + environment: + - SDK_HOST: "downloads.openwrt.org" + - SDK_PATH: "snapshots/targets/ath79/generic" + - SDK_FILE: "openwrt-sdk-ath79-generic_*.Linux-x86_64.tar.xz" + - BRANCH: "master" + steps: + - checkout: + path: ~/openwrt_packages + + - run: + name: Check changes / verify commits + working_directory: ~/openwrt_packages + command: | + cat >> $BASH_ENV <: ' ($subject)" + RET=1 + fi + + body="$(git show -s --format=%b $commit)" + sob="$(git show -s --format='Signed-off-by: %aN <%aE>' $commit)" + if echo "$body" | grep -qF "$sob"; then + echo_green "Signed-off-by match author" + else + echo_red "Signed-off-by is missing or doesn't match author (should be '$sob')" + RET=1 + fi + done + + exit $RET + + - run: + name: Download the SDK + working_directory: ~/sdk + command: | + curl "https://$SDK_HOST/$SDK_PATH/sha256sums" -sS -o sha256sums + curl "https://$SDK_HOST/$SDK_PATH/sha256sums.asc" -fs -o sha256sums.asc || true + curl "https://$SDK_HOST/$SDK_PATH/sha256sums.sig" -fs -o sha256sums.sig || true + if [ ! -f sha256sums.asc ] && [ ! -f sha256sums.sig ]; then + echo_red "Missing sha256sums signature files" + exit 1 + fi + [ ! -f sha256sums.asc ] || gpg --with-fingerprint --verify sha256sums.asc sha256sums + if [ -f sha256sums.sig ]; then + VERIFIED= + for KEY in ~/usign/*; do + echo "Trying $KEY..." + if signify-openbsd -V -q -p "$KEY" -x sha256sums.sig -m sha256sums; then + echo "...verified" + VERIFIED=1 + break + fi + done + if [ -z "$VERIFIED" ]; then + echo_red "Could not verify usign signature" + exit 1 + fi + fi + rsync -av "$SDK_HOST::downloads/$SDK_PATH/$SDK_FILE" . + sha256sum -c --ignore-missing sha256sums + + - run: + name: Prepare build_dir + working_directory: ~/build_dir + command: | + tar Jxf ~/sdk/$SDK_FILE --strip=1 + touch .config + make prepare-tmpinfo scripts/config/conf + ./scripts/config/conf --defconfig=.config Config.in + make prereq + rm .config + cat > feeds.conf < /dev/null + make defconfig > /dev/null + # enable BUILD_LOG + sed -i 's/# CONFIG_BUILD_LOG is not set/CONFIG_BUILD_LOG=y/' .config + + - run: + name: Install & download source, check package, compile + working_directory: ~/build_dir + command: | + set +o pipefail + PKGS=$(cd ~/openwrt_packages; git diff --diff-filter=d --name-only "origin/$BRANCH..." | grep 'Makefile$' | grep -Ev '/files/|/src/' | awk -F/ '{ print $(NF-1) }') + if [ -z "$PKGS" ] ; then + echo_blue "WARNING: No new or modified packages found!" + exit 0 + fi + + echo_blue "=== Found new/modified packages: $PKGS" + for PKG in $PKGS ; do + echo_blue "===+ Install: $PKG" + ./scripts/feeds install "$PKG" + + echo_blue "===+ Download: $PKG" + make "package/$PKG/download" V=s + + echo_blue "===+ Check package: $PKG" + make "package/$PKG/check" V=s 2>&1 | tee logtmp + RET=${PIPESTATUS[0]} + + if [ $RET -ne 0 ]; then + echo_red "=> Package check failed: $RET)" + exit $RET + fi + + badhash_msg="HASH does not match " + badhash_msg+="|HASH uses deprecated hash," + badhash_msg+="|HASH is missing," + if grep -qE "$badhash_msg" logtmp; then + echo_red "=> Package HASH check failed" + exit 1 + fi + echo_green "=> Package check OK" + done + + make \ + -f .config \ + -f tmp/.packagedeps \ + -f <(echo '$(info $(sort $(package-y) $(package-m)))'; echo -en 'a:\n\t@:') \ + | tr ' ' '\n' >enabled-package-subdirs.txt + for PKG in $PKGS ; do + if ! grep -m1 -qE "(^|/)$PKG$" enabled-package-subdirs.txt; then + echo_red "===+ Building: $PKG skipped. It cannot be enabled with $SDK_FILE" + continue + fi + echo_blue "===+ Building: $PKG" + make "package/$PKG/compile" -j3 V=s || { + RET=$? + echo_red "===+ Building: $PKG failed, rebuilding with -j1 for human readable error log" + make "package/$PKG/compile" -j1 V=s; exit $RET + } + done + + - store_artifacts: + path: ~/build_dir/logs + + - store_artifacts: + path: ~/build_dir/bin + +workflows: + version: 2 + buildpr: + jobs: + - build: + filters: + branches: + ignore: master diff --git a/.github/issue_template b/.github/issue_template new file mode 100644 index 0000000..232baad --- /dev/null +++ b/.github/issue_template @@ -0,0 +1,16 @@ +Please make sure that the issue subject starts with `: ` + +Also make sure that the package is maintained in this repository and not in base which should be submitted at https://bugs.openwrt.org or in the LuCI repository which should be submitted at https://github.com/openwrt/luci/issues. + +Issues related to releases below 18.06 and forks are not supported or maintained and will be closed. + +# Issue template (remove lines from top till here) + +Maintainer: @\ (find it by checking history of the package Makefile) +Environment: (put here arch, model, OpenWrt version) + +Description: + +``` +Formating code blocks by wrapping them with pairs of ``` +``` diff --git a/.github/pull_request_template b/.github/pull_request_template new file mode 100644 index 0000000..4bc4af6 --- /dev/null +++ b/.github/pull_request_template @@ -0,0 +1,5 @@ +Maintainer: me / @\ (find it by checking history of the package Makefile) +Compile tested: (put here arch, model, OpenWrt version) +Run tested: (put here arch, model, OpenWrt version, tests done) + +Description: diff --git a/.keys/626471F1.asc b/.keys/626471F1.asc new file mode 100644 index 0000000..3a96895 --- /dev/null +++ b/.keys/626471F1.asc @@ -0,0 +1,64 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: LEDE GnuPG key for unattended build jobs + +mQINBFeXZ7wBEAC3QZ+jhWrdj2XW9AdZpZrgHETZCW7lXxI3pJ2kS4UXNq+40KR2 +GJOdsXDnLb7ZiHNn6yio6qKLXFD/bimxK+22HSJlc3LSF2kKzNrgKoFR2rIKbL3c +Us7GpWY8VqGTrfwR6OQNcoWqa1n5/tK9xuqKhfpoA2Eci8K+w5YCzCmnOz2vzbgS +ptuFshTKYI2Z/DLQZyP+OQkEYPfCdani2KsISn4DTx8xFjmW/sb/zf0isemTwWyK +Oh76FTa0tYdjTtAv3JHqyr2XkddM/oUSc09baCOfhUdo7Ep5rUqKw7BQsjreBYoZ +WcL/hmlIksUrFlqo/HRpoBgCZpSjsF/Z9otZpSugMHVVlRCnAKQiWxWAd+V+y2FG +q79myPgiMkbkaIrCelrUhDFRQ5wTnfAppFolw+xtT9bwdkwxZDNBe6PCYuLqD8wg +jtDtt3q5UaUOMGJrMDKZ0Wi6ycdl/sM59kLfyBV4ybmYkwOLTlMvOATiyUZeJJZO +2bTKBvD+izsx3Ea4VLPWYSFmk6QwaOMtj6tcXwBgtljzqMJ0S9Gubmopy3WAkP/m +/6ETJpuIupqEtvbRTX4O/+qnBgY40aQX7B4NgJi2SypP/WML5v2B2amLlhTcN+we +ULWyH9KvfKny5mrtG5C9xq1eAgKtB2QEDEbRyz34DWVWGpqIY1mscaNv8wARAQAB +tFtMRURFIEJ1aWxkIFN5c3RlbSAoTEVERSBHbnVQRyBrZXkgZm9yIHVuYXR0ZW5k +ZWQgYnVpbGQgam9icykgPGxlZGUtYWRtQGxpc3RzLmluZnJhZGVhZC5vcmc+iQI4 +BBMBAgAiBQJXl2e8AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDNhLzt +YmRx8aJ2D/9eRQWekaeX8eAcAgzguFS12ODlg23lJx00d0zLhZcA6LycYJRmFN+M +0tsVDZ6y7bLy1/h0YFYvYlJk4ZE+6sb4I/GSkMyqeZAy8whELYfEphXVYx0/wgyn +d57wE0lDo8/zmt3rK1eD0zJioN7cL3A/t3L++al4gwmqtTfUIl96AXc3YBe/rwXS +i7ShENVKYjTaMugP5BJ9kUZuaIjmXZWvREbURgBMWR7uR56XKJBwDBQMtHq2AoZs +2iNR3dG8r70Sb/cMSgAqhwDZfeV71r7+Pd+asvxYb0JeNNgZ2ss/BA5yapUKZLgu +hV6y7JSfHdb7q1t1j/wfqgYtQJB5K31JGxj+yaRxcF8LbvGZBNhaIJV+s4HmTeq4 +yI20pCRNd8lLY80XAISTk8DPwgTLOvMPKbDYW4+/FC8J6qoD9DByQxDduUWn5uD4 +LbVZ96v9+Ltf9LJzaxFVSE/dSsvgFNjo6u29ueG6aTxUIOc4Wi3mC0qNhqoyAbg6 +Xg922EF/sd6hf3aQU9rpcPbcsNognGgrKfyREvMlBsQ9U3pRcKPlG05bfUcayXkh +59qIVU4kKCaW6LBy1fkBYyY3Nj5eoCAe9fm9ivi58FdI+7sKc2A1fMuVS83B370s +qAsu6v2rvqYz6nS5VFIWYJmL8kbUmf5FWwbucH7/jr9s3bB0wUHcI7kCDQRXl2h/ +ARAAztMdT5ig5MKM02TFsmGvdc0SQVHPJymPTh6i/XwAbSeaTErvGLP3ke+2cdCj +MOes4steII5MU6aD57i1zU/6xhZ2Zr8sZ4fCOzfqoI4AOIeeuiO+I5by2P+M+vj2 +v/U7KMWeixFjTkotWcvGGriP1jcRY1FHMrTfq/5lZYNHHzz/2zvszq02/WP+b/Gh +1Rf1yfr5DlXKw6Q+7fkCg8BWfLichTtHiR0OcO0mtD6ECxz+iqDElbSAeE9Q02fO +FTF4snHwCJvykHQ4EKudEoXcIEOR8TyH2tKorD821E/DSV9OA9XIBpDHavFQ3GCs +29GQcqci46nOLn/LWqgTB86sgH4mnQrGsceVYzf8avM8c8TyxkufBd/k01lPn1sK +/573AWdFRXVmOCMmlxPcI8k1+iGH1C7z0aX43NvhEI3xfbgTK8E/7Klrn/5xXUu2 +UBYov0gKaZRy3LpGF/ySR1pvnHZmUP58my2LDfWDHdHrGmkjLaqyk/+qC9NKwUQB +S7jV7Mm15B0bkR7grLx+vN5lXVeGwyDL2dbRT0+cH8loHb+lBOR8AbDm4SJXdaRd +DtPyq85KN+jm+9NToRz+oydL9rmguU5zRcIDtaFiYr7ZtkLJU3U02rp0uf/DdytF +tzS/YEbpgg2Ui37q55ml707zJL2DvBffy/F2kiNpVfZ4u5cAEQEAAYkEPgQYAQIA +CQUCV5dofwIbAgIpCRDNhLztYmRx8cFdIAQZAQIABgUCV5dofwAKCRD5NSWoi2mQ +KQ/PD/9c/snQ2iok9H9PFinYmuOA6tf4Nbn0yX9oOTslDJ8ot6SB4OXGXGeT0lvq +ytbYVeAlifBElYRVFYZt76dbjhqmsmDMZsYHbaXIYLZSPuTETVE3pZrpWhm9Qkhb +eEyihAofgWleBmJcd8VXnrzsNkJGNokA6gqZ/ldqJtzMwkeHM58DHo/gFNNNlxe8 +M83PHA0rN48F6DU4tZeEvz+/QGrnn4DWcBhmWo+2ZLvTLI4cB9389j8ks7FFFXLi +1gnWigWr29uGv8iZpAneY6414cZW3G79wTIwAATRvIvrI9pcvriUrMdOycTcwXOa +d9eXq/mJdg8dEpKiIA8Vc9UNdT93aZt8r610LbORmdq+wFjEhWvh7xKu9hFm/3UM +QUaVl3jsIlqZT4G8es+RLHnKVOzLMRovqRKRbsCsXxIxsVqxzhKQ5+wLCpisVNfH +51WCTSLoAz7s0jKLCSzueUIbhV2vNBM5lFLNCl35UgN1aYuRusI7GyqkPT/A8VWj +xVxn7o2SBIwyu4hZ4jFsq3qHOygIuRtdOHRX1vREmp7FA3+fVnx0CJUilfnGjhf/ +oydfEC6GuWUn9kTEf2eJsONwQ9gPQ9QC9cFGRFRrVwQcejr7V+DBZSdzY8YLvn7R +qR3MmlXdpWijqj7noi2C+kbVqbLiX/LWe2axgKE+UTB7lGdl7v25D/99uFIzJmqA +dhEAEQgb17L7kOV0MOBwFtZ6fElJaQEQV49JiQmgTzALDgXD0ACpT5qoQYCBTwuz +m2D93ekfMnzxF8PmwW6a2czrG1KoRir2EayhgEoOJuWHLneb5nUc7X3krGNSJ3my ++lMw2QA3wIX7EAS6JJUnZFp7wawecdCekRF9ZE1Z/ZBiUZR17DkbAoYjEYZFxiXA +cG6sFEM9uTG+y91RcQPq8tY+jw2d76ZjHSnoKjnP2VxsmtiWQ7yLj/5tjrVzQftI +bbQQTK4V4O4aV2Y1wgkDbNPNJ6t0biQkHQv+4vaLMonOfMgGdWdYJ4hE9nlt61Aq +GidOnyMxOb+2XpVypOoOPcTyTqe8BUjCcvHQwukZLk3XE7OQoR0wZBFhOr4JCYzT +xIz9XYrSykZgkZMp8O4zbP+j1ZTXtJEvvPHjOS1HkL1O1H+W98dnl+oQMNQhHvvE +6UfWEolfuWvBpfP12pUnRQAAyCBql4JAFeoCJEdJGkz8oFOFxv0kCpd7JM1gWEs2 +u0w61+5MelmliHImWiyhgV4XyKW6jeKWIpe9E5L7b8SPI5HHdT7opy3G7aD1XI3k +jdaIiMnJbq0nSvc5VqRE7Uv0EEcepvFeiuYHYydluxRyNf/ts2JskfEnsOc1JiS+ +GPeIoGmFL85qtFOzc4sqYQGhLj9iMRfmNw== +=W2Tk +-----END PGP PUBLIC KEY BLOCK----- diff --git a/.keys/D52BBB6B.asc b/.keys/D52BBB6B.asc new file mode 100644 index 0000000..7a001d8 --- /dev/null +++ b/.keys/D52BBB6B.asc @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: LEDE 17.01 "Reboot" public key + +mQINBFh9DQ8BEACmjR9z4mEXjTWBTcqHI8U38III55qStU4zX4mtYEm8KjaNyBu0 +F8ghe22IAPQcHuvQh0lzr2AoTYi+ZAUlHrLb3s+YdJJD2KoSD1nXW8PgtoT92tai +utJjSKsB2ZWJc4nskAYXTkDmhTuuHBEg9hvljhXkrPxmcEDN/v1f5fv82U8JLYwt +g1mGJmW7SsdKtkJbAmEMCi/MFFA2fxLNV33qGhzm4UeAsUrLIGBjbCtU/BK8Im28 +eAF9VP08OUK/QX7te6K6qumvuEIIc/GG4yatdbxltS1SjWYMS0vpqXm4v50CoMaB +/XCcdq1zlIyIxQW9UF6xJDLhsHv/3iOginR/vRDbdRWk/YPwlx/d9h9GK309YhXu +GUK/lrBHIZwZ4VEowYjK76isXmRuU9ZeTK9SeKdIyLzYg5NIXW9cvGR+4NKIqfmE +xxbVupm7Vc+3n4KUdS2t9SLXdkG+YYmyDabftyuACU2+xeHyKcUBn4yxbrcBp5Rs +5RgOIn/2BtiEQNSc8AagU1ie57VGErrwrpdW/Cmxrs+KG7Io8Pwv+nG9M53DqPwb +Zuun75iuni9wAR5IVUsUWdIoalb/I4ht58FDOt2iS/KdVwi8yyCHS8gH1J3MzZWP +Yy9k0pgup54CTXGv/KzDOAsPZzkwNiziWIVE0N49bZFkO0CXgAufOAEtewARAQAB +tFNMRURFIFJlbGVhc2UgQnVpbGRlciAoMTcuMDEgIlJlYm9vdCIgU2lnbmluZyBL +ZXkpIDxsZWRlLWRldkBsaXN0cy5sZWRlLXByb2plY3Qub3JnPokCPgQTAQIAKAUC +WH0NDwIbAwUJA8JnAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQgzxgENUr +u2tMaA//aRvfrOoMTVtjw+Pru+hBC7IhkusJ70x8gUxSPmHZX0+KvIvILyAeVEho +TW5lMwwo6b66GcBmP53qu/rech8HyunyyDUYFEvdE/ym3uO6NpE/3N/Z69TJiC+k +1imElx5njTZkH/qZSClqN8j6ehspywnSKWNfSOM/9K1G7qtWgiqIaDYa+sdtRHjx +oh4dtKiauUced0C1i7V1vT1ko8iZKWFiwj9GJSaoVxyUwI2fG3iV2qdcinPCL0nU +BfVIhU5cXMZ6VtVg5Ly6NqUbrhZzVVl8DMnu5z4MOLZWseob4LhK5W0v+DUTezJS +Cvei+woJ3SIy0CLXe6eDKwbCS5kCaoNbExeTnSz7/Mg14NjREhtWkq79rnHrH9MV +QAXyjmd3q0D5sDLzk8nQ3fGaH1Zg+o+VECkwEwz4ypctXqRAcHyIkYHmv8rFYlQY +dJlfs1NgZzk9EWfZ0/RLUdqNx6beKm27r2W1j+gcaM01sk5q9TPZeuNHh8psFlCD +b5mq6XBstA9NwN9pg5zS+UkfjjMU5FiBIEVv4Lt/dblNkjID/+XUBkHpSAz13GDW +k0ElkSBgBvz8TSm68EUGTfTVhK21x+1x15/8AUoV8V+4txncMhnJNmrEcKolnMeF +96xgcoHpPszlHxjiwS6hrFPDyhfYwU9plDI7ojcIleqK98XjRHY= +=aN5O +-----END PGP PUBLIC KEY BLOCK----- diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..5f03189 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,16 @@ +git: + depth: 10 + quiet: true + +language: c +os: linux +dist: focal +cache: + directories: + - $HOME/sdk + +before_script: + - ./.travis_do.sh download_sdk + +script: + - ./.travis_do.sh test_packages diff --git a/.travis_do.sh b/.travis_do.sh new file mode 100755 index 0000000..af37fc3 --- /dev/null +++ b/.travis_do.sh @@ -0,0 +1,244 @@ +#!/bin/bash +# +# MIT Alexander Couzens + +set -e + +SDK_HOME="$HOME/sdk" +SDK_PATH=https://downloads.openwrt.org/snapshots/targets/mpc85xx/p2020/ +SDK=-sdk-mpc85xx-p2020_ +PACKAGES_DIR="$PWD" + +echo_red() { printf "\033[1;31m$*\033[m\n"; } +echo_green() { printf "\033[1;32m$*\033[m\n"; } +echo_blue() { printf "\033[1;34m$*\033[m\n"; } + +exec_status() { + PATTERN="$1" + shift + while :;do sleep 590;echo "still running (please don't kill me Travis)";done & + ("$@" 2>&1) | tee logoutput + R=${PIPESTATUS[0]} + kill $! && wait $! 2>/dev/null + if [ $R -ne 0 ]; then + echo_red "=> '$*' failed (return code $R)" + return 1 + fi + if grep -qE "$PATTERN" logoutput; then + echo_red "=> '$*' failed (log matched '$PATTERN')" + return 1 + fi + + echo_green "=> '$*' successful" + return 0 +} + +get_sdk_file() { + if [ -e "$SDK_HOME/sha256sums" ] ; then + grep -- "$SDK" "$SDK_HOME/sha256sums" | awk '{print $2}' | sed 's/*//g' + else + false + fi +} + +# download will run on the `before_script` step +# The travis cache will be used (all files under $HOME/sdk/). Meaning +# We don't have to download the file again +download_sdk() { + mkdir -p "$SDK_HOME" + cd "$SDK_HOME" + + echo_blue "=== download SDK" + wget "$SDK_PATH/sha256sums" -O sha256sums + wget "$SDK_PATH/sha256sums.gpg" -O sha256sums.asc + + # LEDE Build System (LEDE GnuPG key for unattended build jobs) + gpg --import $PACKAGES_DIR/.keys/626471F1.asc + echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust + # LEDE Release Builder (17.01 "Reboot" Signing Key) + gpg --import $PACKAGES_DIR/.keys/D52BBB6B.asc + echo 'B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:6:' | gpg --import-ownertrust + + echo_blue "=== Verifying sha256sums signature" + gpg --verify sha256sums.asc + echo_blue "=== Verified sha256sums signature." + if ! grep -- "$SDK" sha256sums > sha256sums.small ; then + echo_red "=== Can not find $SDK file in sha256sums." + echo_red "=== Is \$SDK out of date?" + false + fi + + # if missing, outdated or invalid, download again + if ! sha256sum -c ./sha256sums.small ; then + local sdk_file + sdk_file="$(get_sdk_file)" + echo_blue "=== sha256 doesn't match or SDK file wasn't downloaded yet." + echo_blue "=== Downloading a fresh version" + wget "$SDK_PATH/$sdk_file" -O "$sdk_file" + fi + + # check again and fail here if the file is still bad + echo_blue "Checking sha256sum a second time" + if ! sha256sum -c ./sha256sums.small ; then + echo_red "=== SDK can not be verified!" + false + fi + echo_blue "=== SDK is up-to-date" +} + +# test_package will run on the `script` step. +# test_package call make download check for very new/modified package +test_packages2() { + local commit_range=$TRAVIS_COMMIT_RANGE + if [ -z "$TRAVIS_PULL_REQUEST_SHA" ]; then + echo_blue "Using only the latest commit, since we're not in a Pull Request" + commit_range=HEAD~1 + fi + + # search for new or modified packages. PKGS will hold a list of package like 'admin/muninlite admin/monit ...' + PKGS=$(git diff --diff-filter=d --name-only "$commit_range" | grep 'Makefile$' | grep -v '/files/' | awk -F'/Makefile' '{ print $1 }') + + if [ -z "$PKGS" ] ; then + echo_blue "No new or modified packages found!" + return 0 + fi + + echo_blue "=== Found new/modified packages:" + for pkg in $PKGS ; do + echo "===+ $pkg" + done + + echo_blue "=== Setting up SDK" + tmp_path=$(mktemp -d) + cd "$tmp_path" + tar Jxf "$SDK_HOME/$(get_sdk_file)" --strip=1 + + # use github mirrors to spare lede servers + cat > feeds.conf < /dev/null + ./scripts/feeds install -a > /dev/null + make defconfig > /dev/null + echo_blue "=== Setting up SDK done" + + RET=0 + # E.g: pkg_dir => admin/muninlite + # pkg_name => muninlite + for pkg_dir in $PKGS ; do + pkg_name=$(echo "$pkg_dir" | awk -F/ '{ print $NF }') + echo_blue "=== $pkg_name: Starting quick tests" + + exec_status '^ERROR' make "package/$pkg_name/download" V=s || RET=1 + badhash_msg_regex="HASH does not match " + badhash_msg_regex="$badhash_msg_regex|HASH uses deprecated hash," + badhash_msg_regex="$badhash_msg_regex|HASH is missing," + exec_status '^ERROR'"|$badhash_msg_regex" make "package/$pkg_name/check" V=s || RET=1 + + echo_blue "=== $pkg_name: quick tests done" + done + + [ $RET -ne 0 ] && return $RET + + for pkg_dir in $PKGS ; do + pkg_name=$(echo "$pkg_dir" | awk -F/ '{ print $NF }') + echo_blue "=== $pkg_name: Starting compile test" + + # we can't enable verbose built else we often hit Travis limits + # on log size and the job get killed + exec_status '^ERROR' make "package/$pkg_name/compile" -j3 || RET=1 + + echo_blue "=== $pkg_name: compile test done" + + echo_blue "=== $pkg_name: begin compile logs" + for f in $(find logs/package/feeds/packages/$pkg_name/ -type f); do + echo_blue "Printing last 200 lines of $f" + tail -n200 "$f" + done + echo_blue "=== $pkg_name: end compile logs" + + echo_blue "=== $pkg_name: begin packages sizes" + du -ba bin/ + echo_blue "=== $pkg_name: end packages sizes" + done + + return $RET +} + +test_commits() { + RET=0 + if [ -z "$TRAVIS_PULL_REQUEST_SHA" ]; then + echo_blue "Skipping commits tests (not in a Pull Request)" + return 0 + fi + for commit in $(git rev-list ${TRAVIS_COMMIT_RANGE/.../..}); do + echo_blue "=== Checking commit '$commit'" + if git show --format='%P' -s $commit | grep -qF ' '; then + echo_red "Pull request should not include merge commits" + RET=1 + fi + + author="$(git show -s --format=%aN $commit)" + if echo $author | grep -q '\S\+\s\+\S\+'; then + echo_green "Author name ($author) seems ok" + else + echo_red "Author name ($author) need to be your real name 'firstname lastname'" + RET=1 + fi + + subject="$(git show -s --format=%s $commit)" + if echo "$subject" | grep -q -e '^[0-9A-Za-z,/_-]\+: ' -e '^Revert '; then + echo_green "Commit subject line seems ok ($subject)" + else + echo_red "Commit subject line MUST start with ': ' ($subject)" + RET=1 + fi + + body="$(git show -s --format=%b $commit)" + sob="$(git show -s --format='Signed-off-by: %aN <%aE>' $commit)" + if echo "$body" | grep -qF "$sob"; then + echo_green "Signed-off-by match author" + else + echo_red "Signed-off-by is missing or doesn't match author (should be '$sob')" + RET=1 + fi + done + + return $RET +} + +test_packages() { + test_commits && test_packages2 || return 1 +} + +echo_blue "=== Travis ENV" +env +echo_blue "=== Travis ENV" + +if [ -n "$TRAVIS_PULL_REQUEST_SHA" ]; then + while true; do + # if clone depth is too small, git rev-list / diff return incorrect or empty results + C="$(git rev-list ${TRAVIS_COMMIT_RANGE/.../..} | tail -n1)" 2>/dev/null + [ -n "$C" -a "$C" != "a22de9b74cf9579d1ce7e6cf1845b4afa4277b00" ] && break + echo_blue "Fetching 50 commits more" + git fetch origin --deepen=50 + done +fi + +if [ $# -ne 1 ] ; then + cat <