Builds #711
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Builds | |
on: | |
push: | |
schedule: | |
- cron: '0 10 * * *' | |
permissions: | |
contents: read | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build-incus: | |
name: Build Incus | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-20.04 | |
- ubuntu-22.04 | |
- ubuntu-24.04 | |
- debian-11 | |
- debian-12 | |
arch: | |
- amd64 | |
- arm64 | |
exclude: | |
- os: debian-11 | |
arch: arm64 | |
runs-on: | |
- self-hosted | |
- cpu-4 | |
- mem-4G | |
- disk-50G | |
- arch-${{ matrix.arch }} | |
- image-${{ matrix.os }} | |
env: | |
OS_ARCH: ${{ matrix.arch }} | |
OS_NAME: ${{ matrix.os }} | |
HOME: "/root/" | |
PKG_CONFIG_PATH: "/opt/incus/lib/pkgconfig/" | |
CGO_LDFLAGS: "-L/opt/incus/lib/" | |
CGO_CFLAGS: "-I/opt/incus/include/" | |
LD_LIBRARY_PATH: "/opt/incus/lib/" | |
CPATH: "/opt/incus/include/" | |
PATH: "/opt/incus/bin:/root/.cargo/bin:/usr/local/go/bin:/usr/local/node/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin" | |
LXC_TAG: "v6.0.2" | |
LXCFS_TAG: "v6.0.2" | |
INCUS_TAG: "main" | |
INCUS_UI_CANONICAL_TAG: "0.12" | |
RAFT_TAG: "v0.22.1" | |
COWSQL_TAG: "v1.15.6" | |
CRIU_TAG: "v3.19" | |
EDK2_TAG: "edk2-stable202408" | |
GOLANG_TAG: "go1.23.1" | |
LIBTPMS_TAG: "v0.9.6" | |
LIBURING_TAG: "liburing-2.7" | |
MINIO_TAG: "RELEASE.2024-09-13T20-26-02Z" | |
MINIO_MC_TAG: "RELEASE.2024-09-09T07-53-10Z" | |
NASM_TAG: "nasm-2.16.03" | |
NVIDIA_CONTAINER_TAG: "v1.16.1" | |
QEMU_TAG: "v9.0.2" | |
SEABIOS_TAG: "rel-1.16.3" | |
SKOPEO_TAG: "v1.16.1" | |
SWTPM_TAG: "v0.9.0" | |
UMOCI_TAG: "v0.4.7" | |
VIRTIOFSD_TAG: "v1.11.1" | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Configure git | |
run: | | |
git config --global --add advice.detachedHead false | |
git config --global user.email "noreply@zabbly.com" | |
git config --global user.name "Zabbly Incus build" | |
- name: Install dependencies | |
run: | | |
apt-get update | |
apt-get install --no-install-recommends --yes \ | |
acpica-tools \ | |
asciidoc \ | |
autoconf \ | |
automake \ | |
bison \ | |
bmake \ | |
build-essential \ | |
curl \ | |
debhelper \ | |
devscripts \ | |
dosfstools \ | |
expect \ | |
flex \ | |
gawk \ | |
gettext \ | |
git \ | |
iproute2 \ | |
libacl1-dev \ | |
libaio-dev \ | |
libapparmor-dev \ | |
libbtrfs-dev \ | |
libcap-dev \ | |
libcap-ng-dev \ | |
libdbus-1-dev \ | |
libdevmapper-dev \ | |
libelf-dev \ | |
libfuse3-dev \ | |
libglib2.0-dev \ | |
libgnutls28-dev \ | |
libgpgme-dev \ | |
libjson-glib-dev \ | |
libnet1-dev \ | |
libnl-3-dev \ | |
libnuma-dev \ | |
libpam0g-dev \ | |
libpixman-1-dev \ | |
libprotobuf-c-dev \ | |
libprotobuf-dev \ | |
librbd-dev \ | |
libseccomp-dev \ | |
libselinux1-dev \ | |
libspice-server-dev \ | |
libsqlite3-dev \ | |
libssl-dev \ | |
libtirpc-dev \ | |
libtool \ | |
libudev-dev \ | |
libusb-1.0-0-dev \ | |
libusbredirhost-dev \ | |
libuv1-dev \ | |
lsb-release \ | |
mtools \ | |
ninja-build \ | |
pkg-config \ | |
protobuf-c-compiler \ | |
protobuf-compiler \ | |
python3-cryptography \ | |
python3-jinja2 \ | |
python3-pexpect \ | |
python3-pip \ | |
python3-setuptools \ | |
python3-venv \ | |
rsync \ | |
socat \ | |
uuid-dev \ | |
xmlto \ | |
xorriso | |
pip3 install meson || pip3 install meson --break-system-packages | |
pip3 install tomli || pip3 install tomli --break-system-packages | |
- name: Install backported debhelper (on focal) | |
if: ${{ matrix.os == 'ubuntu-20.04' }} | |
run: | | |
if [ "${OS_ARCH}" = "amd64" ]; then | |
echo "deb http://archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse" >> /etc/apt/sources.list | |
else | |
echo "deb http://ports.ubuntu.com/ubuntu-ports focal-backports main restricted universe multiverse" >> /etc/apt/sources.list | |
fi | |
apt-get install -t focal-backports debhelper --yes | |
- name: Install backported git (on focal) | |
if: ${{ matrix.os == 'ubuntu-20.04' }} | |
run: | | |
apt-get install software-properties-common --yes | |
add-apt-repository ppa:git-core/ppa --yes | |
apt-get install git --yes | |
- name: Install Go | |
run: | | |
curl -sL "https://go.dev/dl/${GOLANG_TAG}.linux-${OS_ARCH}.tar.gz" | tar -C /usr/local/ -zx | |
go version | |
- name: Install Rust | |
run: | | |
curl -sL https://sh.rustup.rs -o install-rust.sh | |
bash install-rust.sh -y | |
- name: Install Node | |
run: | | |
[ "${OS_ARCH}" = "amd64" ] && NODE_ARCH=x64 | |
[ "${OS_ARCH}" = "arm64" ] && NODE_ARCH=arm64 | |
mkdir /usr/local/node/ | |
curl -sL "https://nodejs.org/dist/v20.10.0/node-v20.10.0-linux-${NODE_ARCH}.tar.xz" | tar -C /usr/local/node/ -Jx --strip-components=1 | |
- name: Build environment | |
run: | | |
mkdir /build/ | |
mkdir -p \ | |
/opt/incus/bin/ \ | |
/opt/incus/include/ \ | |
/opt/incus/lib/ \ | |
/opt/incus/lib/systemd/system/ \ | |
/opt/incus/share/ | |
- name: Get the code | |
run: | | |
# Ubuntu 20.04 is no longer supported by recent QEMU. | |
[ "${OS_NAME}" = "ubuntu-20.04" ] && QEMU_TAG="v9.0.2" | |
git clone https://github.com/axboe/liburing /build/liburing --depth 1 -b "${LIBURING_TAG}" | |
git clone https://github.com/cowsql/raft /build/raft --depth 1 -b "${RAFT_TAG}" | |
git clone https://github.com/cowsql/cowsql /build/cowsql --depth 1 -b "${COWSQL_TAG}" | |
git clone https://github.com/lxc/lxc /build/lxc --depth 1 -b "${LXC_TAG}" | |
git clone https://github.com/lxc/lxcfs /build/lxcfs --depth 1 -b "${LXCFS_TAG}" | |
git clone https://github.com/lxc/incus /build/incus -b "${INCUS_TAG}" | |
git clone https://github.com/opencontainers/umoci /build/umoci --depth 1 -b "${UMOCI_TAG}" | |
git clone https://github.com/containers/skopeo /build/skopeo --depth 1 -b "${SKOPEO_TAG}" | |
git clone https://github.com/checkpoint-restore/criu /build/criu --depth 1 -b "${CRIU_TAG}" | |
git clone https://github.com/NVIDIA/libnvidia-container /build/libnvidia-container --depth 1 -b "${NVIDIA_CONTAINER_TAG}" | |
git clone https://github.com/minio/minio /build/minio --depth 1 -b "${MINIO_TAG}" | |
git clone https://github.com/minio/mc /build/mc --depth 1 -b "${MINIO_MC_TAG}" | |
git clone https://gitlab.com/qemu-project/seabios /build/seabios --depth 1 -b "${SEABIOS_TAG}" | |
git clone https://github.com/tianocore/edk2 /build/edk2 --recurse-submodules --shallow-submodules --depth 1 -b "${EDK2_TAG}" | |
git clone https://github.com/stefanberger/libtpms /build/libtpms --depth 1 -b "${LIBTPMS_TAG}" | |
git clone https://github.com/stefanberger/swtpm /build/swtpm --depth 1 -b "${SWTPM_TAG}" | |
git clone https://gitlab.com/virtio-fs/virtiofsd /build/virtiofsd --depth 1 -b "${VIRTIOFSD_TAG}" | |
git clone https://gitlab.com/qemu-project/qemu /build/qemu --depth 1 -b "${QEMU_TAG}" | |
git clone https://github.com/canonical/lxd-ui /build/incus-ui-canonical --depth 1 -b "${INCUS_UI_CANONICAL_TAG}" | |
mkdir /build/nasm/ | |
curl -sL "https://www.nasm.us/pub/nasm/releasebuilds/$(echo ${NASM_TAG} | cut -d- -f2)/${NASM_TAG}.tar.gz" | tar -C /build/nasm/ -zx --strip-components=1 | |
- name: Build liburing | |
run: | | |
cd /build/liburing | |
./configure --prefix=/opt/incus | |
make | |
mkdir -p /build/target/liburing/ | |
DESTDIR=/build/target/liburing make install | |
rsync -a /build/target/liburing/opt/incus/include/* /opt/incus/include/ | |
rsync -a /build/target/liburing/opt/incus/lib/* /opt/incus/lib/ | |
- name: Build raft | |
run: | | |
cd /build/raft | |
autoreconf -i | |
./configure --prefix=/opt/incus | |
make | |
mkdir -p /build/target/raft/ | |
DESTDIR=/build/target/raft/ make install | |
rsync -a /build/target/raft/opt/incus/include/ /opt/incus/include/ | |
rsync -a /build/target/raft/opt/incus/lib/ /opt/incus/lib/ | |
- name: Build cowsql | |
run: | | |
cd /build/cowsql | |
autoreconf -i | |
./configure --prefix=/opt/incus | |
make | |
mkdir -p /build/target/cowsql/ | |
DESTDIR=/build/target/cowsql/ make install | |
rsync -a /build/target/cowsql/opt/incus/include/ /opt/incus/include/ | |
rsync -a /build/target/cowsql/opt/incus/lib/ /opt/incus/lib/ | |
- name: Build LXC | |
run: | | |
cd /build/lxc | |
meson setup build \ | |
--prefix=/opt/incus \ | |
--libdir=/opt/incus/lib \ | |
-Dexamples=false \ | |
-Dman=false \ | |
-Dtools=false \ | |
-Dtests=false \ | |
-Dmemfd-rexec=false \ | |
-Dapparmor=true \ | |
-Dseccomp=true \ | |
-Dselinux=true \ | |
-Dcapabilities=true \ | |
-Dio-uring-event-loop=false | |
meson compile -C build | |
mkdir -p /build/target/lxc/ | |
DESTDIR=/build/target/lxc/ meson install -C build | |
rsync -a /build/target/lxc/opt/incus/include/ /opt/incus/include/ | |
rsync -a /build/target/lxc/opt/incus/lib/ /opt/incus/lib/ | |
mkdir -p /opt/incus/share/lxc/config/common.conf.d/ | |
mkdir -p /opt/incus/share/lxc/hooks/ | |
cp /build/target/lxc/opt/incus/share/lxc/hooks/nvidia /opt/incus/share/lxc/hooks/ | |
- name: Build LXCFS | |
run: | | |
REPO="${PWD}" | |
cd /build/lxcfs | |
meson setup build \ | |
--prefix=/opt/incus \ | |
--libdir=/opt/incus/lib \ | |
-Ddocs=false \ | |
-Dtests=false | |
meson compile -C build | |
mkdir -p /build/target/lxcfs/ | |
DESTDIR=/build/target/lxcfs/ meson install -C build | |
rsync -a /build/target/lxcfs/opt/incus/bin/ /opt/incus/bin/ | |
rsync -a /build/target/lxcfs/opt/incus/share/ /opt/incus/share/ | |
rsync -a /build/target/lxcfs/opt/incus/lib/ /opt/incus/lib/ | |
sed -i "s#/var/lib/lxcfs#/var/lib/incus-lxcfs#g" /opt/incus/share/lxcfs/lxc.mount.hook | |
patch -p1 /opt/incus/share/lxcfs/lxc.mount.hook < "${REPO}/patches/lxcfs-0001-hook.patch" | |
- name: Build Incus | |
run: | | |
REPO="${PWD}" | |
cd /build/incus | |
go build -o "/opt/incus/bin/fuidshift" github.com/lxc/incus/v6/cmd/fuidshift | |
go build -o "/opt/incus/bin/incus" github.com/lxc/incus/v6/cmd/incus | |
go build -o "/opt/incus/bin/incus-benchmark" github.com/lxc/incus/v6/cmd/incus-benchmark | |
go build -o "/opt/incus/bin/incus-migrate" github.com/lxc/incus/v6/cmd/incus-migrate | |
go build -o "/opt/incus/bin/incus-simplestreams" github.com/lxc/incus/v6/cmd/incus-simplestreams | |
go build -o "/opt/incus/bin/incus-user" github.com/lxc/incus/v6/cmd/incus-user | |
go build -o "/opt/incus/bin/incusd" -tags=libsqlite3 github.com/lxc/incus/v6/cmd/incusd | |
go build -o "/opt/incus/bin/lxc-to-incus" github.com/lxc/incus/v6/cmd/lxc-to-incus | |
go build -o "/opt/incus/bin/lxd-to-incus" -tags=libsqlite3 github.com/lxc/incus/v6/cmd/lxd-to-incus | |
mkdir -p /opt/incus/agent | |
if [ "$(uname -m)" = "x86_64" ]; then | |
GOARCH=amd64 CGO_ENABLED=0 go build -o "/opt/incus/agent/incus-agent.linux.x86_64" -tags=agent,netgo github.com/lxc/incus/v6/cmd/incus-agent | |
GOARCH=386 CGO_ENABLED=0 go build -o "/opt/incus/agent/incus-agent.linux.i686" -tags=agent,netgo github.com/lxc/incus/v6/cmd/incus-agent | |
elif [ "$(uname -m)" = "aarch64" ]; then | |
GOARCH=arm64 CGO_ENABLED=0 go build -o "/opt/incus/agent/incus-agent.linux.aarch64" -tags=agent,netgo github.com/lxc/incus/v6/cmd/incus-agent | |
fi | |
make build-mo | |
mkdir -p /opt/incus/share/locale | |
cp po/*.mo /opt/incus/share/locale/ | |
make doc | |
cp -R doc/html /opt/incus/doc | |
mkdir -p /opt/incus/share/completions/ | |
/opt/incus/bin/incus completion bash > /opt/incus/share/completions/bash | |
/opt/incus/bin/incus completion fish > /opt/incus/share/completions/fish | |
/opt/incus/bin/incus completion zsh > /opt/incus/share/completions/zsh | |
- name: Build UI (canonical) | |
run: | | |
REPO="${PWD}" | |
cd /build/incus-ui-canonical | |
# Specific tweaking | |
git am "${REPO}/patches/ui-canonical-0001-Branding.patch" | |
git am "${REPO}/patches/ui-canonical-0002-Update-navigation.patch" | |
git am "${REPO}/patches/ui-canonical-0003-Update-certificate-generation.patch" | |
git am "${REPO}/patches/ui-canonical-0004-Remove-external-links.patch" | |
git am "${REPO}/patches/ui-canonical-0005-Remove-Canonical-image-servers.patch" | |
git am "${REPO}/patches/ui-canonical-0006-Remove-version-check.patch" | |
git am "${REPO}/patches/ui-canonical-0007-Improve-OpenFGA-support.patch" | |
git am "${REPO}/patches/ui-canonical-0008-Update-keys-that-aren-t-VM-specific.patch" | |
git am "${REPO}/patches/ui-canonical-0009-Fix-cluster-evacuation.patch" | |
git am "${REPO}/patches/ui-canonical-0010-Rename-user.ui_title-to-user.ui.title.patch" | |
git am "${REPO}/patches/ui-canonical-0011-Add-user.uid.sso_only.patch" | |
git am "${REPO}/patches/ui-canonical-0012-Skip-LXD-identity-API.patch" | |
git am "${REPO}/patches/ui-canonical-0013-Fix-network-forward-count-logic.patch" | |
git am "${REPO}/patches/ui-canonical-0014-Hide-Cluster-option-when-not-clustered.patch" | |
git am "${REPO}/patches/ui-canonical-0015-Add-optional-location-column.patch" | |
git am "${REPO}/patches/ui-canonical-0016-Make-migration-an-action.patch" | |
git am "${REPO}/patches/ui-canonical-0017-Wait-for-projects-list-to-be-loaded.patch" | |
git am "${REPO}/patches/ui-canonical-0018-Respect-image-profile-list.patch" | |
git am "${REPO}/patches/ui-canonical-0019-Add-support-for-LVM-Cluster.patch" | |
git am "${REPO}/patches/ui-canonical-0020-Fix-stateful-snapshots-creation.patch" | |
sed -i -f "${REPO}/patches/ui-canonical-renames.sed" src/*/*.ts* src/*/*/*.ts* src/*/*/*/*.ts* src/*/*/*/*/*.ts* | |
npm install yarn --global | |
yarn install | |
yarn build | |
mkdir -p /opt/incus/ui-canonical/ | |
rsync -a /build/incus-ui-canonical/build/ui/ /opt/incus/ui-canonical/ | |
- name: Build CRIU | |
run: | | |
cd /build/criu | |
make WERROR=0 | |
cp criu/criu /opt/incus/bin/ | |
- name: Build libnvidia-container | |
run: | | |
REPO="${PWD}" | |
cd /build/libnvidia-container | |
patch -p1 < "${REPO}/patches/nvidia-0001-Fix-for-22.04-build.patch" | |
patch -p1 < "${REPO}/patches/nvidia-0002-pre-load-libdl.patch" | |
make prefix=/ | |
mkdir /build/target/libnvidia-container | |
DESTDIR=/build/target/libnvidia-container make install prefix=/ | |
rsync -a /build/target/libnvidia-container/bin/ /opt/incus/bin/ | |
rsync -a /build/target/libnvidia-container/include/ /opt/incus/include/ | |
rsync -a /build/target/libnvidia-container/lib/ /opt/incus/lib/ | |
- name: Build minio | |
run: | | |
cd /build/minio | |
make build | |
cp minio /opt/incus/bin/ | |
- name: Build minio client | |
run: | | |
cd /build/mc | |
make build | |
cp mc /opt/incus/bin/ | |
- name: Build seabios | |
if: ${{ matrix.arch == 'amd64' }} | |
run: | | |
REPO="${PWD}" | |
cd /build/seabios | |
# Build a traditional seabios. | |
make clean distclean | |
echo "CONFIG_QEMU=y" > .config | |
echo "CONFIG_QEMU_HARDWARE=y" >> .config | |
echo "CONFIG_BOOTSPLASH=n" >> .config | |
echo "CONFIG_ROM_SIZE=256" >> .config | |
echo "CONFIG_XEN=n" >> .config | |
echo "CONFIG_PVSCSI=n" >> .config | |
echo "CONFIG_ESP_SCSI=n" >> .config | |
echo "CONFIG_LSI_SCSI=n" >> .config | |
echo "CONFIG_MEGASAS=n" >> .config | |
echo "CONFIG_MPT_SCSI=n" >> .config | |
echo "CONFIG_FLOPPY=n" >> .config | |
echo "CONFIG_FLASH_FLOPPY=n" >> .config | |
make oldnoconfig V=1 | |
make V=1 PYTHON=python3 | |
mkdir -p /opt/incus/share/qemu/ | |
cp out/bios.bin /opt/incus/share/qemu/seabios.bin | |
- name: Build nasm | |
run: | | |
REPO="${PWD}" | |
cd /build/nasm | |
patch -p1 < "${REPO}/patches/nasm-0000-disable-manpages.patch" | |
./configure --prefix=/opt/incus | |
make | |
mkdir -p /build/target/nasm/ | |
DESTDIR=/build/target/nasm make install | |
rsync -a /build/target/nasm/opt/incus/bin/ /opt/incus/bin/ | |
- name: Build EDK2 | |
run: | | |
REPO="${PWD}" | |
cd /build/edk2 | |
patch -p1 < "${REPO}/patches/edk2-0001-force-DUID-LLT.patch" | |
cp "${REPO}/patches/edk2-0002-logo.bmp" MdeModulePkg/Logo/Logo.bmp | |
patch -p1 < "${REPO}/patches/edk2-0003-boot-delay.patch" | |
patch -p1 < "${REPO}/patches/edk2-0004-gcc-errors.patch" | |
patch -p1 < "${REPO}/patches/edk2-0005-Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch" | |
patch -p1 < "${REPO}/patches/edk2-0006-disable-EFI-memory-attributes-protocol.patch" | |
EDK2_ARCH="X64" | |
EDK2_PKG="OvmfPkg/OvmfPkgX64.dsc" | |
EDK2_FV_CODE="OVMF_CODE" | |
EDK2_FV_VARS="OVMF_VARS" | |
if [ "$(uname -m)" = "aarch64" ]; then | |
EDK2_ARCH="AARCH64" | |
EDK2_PKG="ArmVirtPkg/ArmVirtQemu.dsc" | |
EDK2_FV_CODE="QEMU_EFI" | |
EDK2_FV_VARS="QEMU_VARS" | |
fi | |
build_edk2() { | |
TARGET_CODE="$1" | |
shift | |
TARGET_VARS="$1" | |
shift | |
set -ex | |
( | |
cat << EOF | |
. ./edksetup.sh | |
make -C BaseTools ARCH=${EDK2_ARCH} | |
build -a ${EDK2_ARCH} -t GCC5 -b RELEASE -p ${EDK2_PKG} \ | |
-DSMM_REQUIRE=FALSE \ | |
-DSECURE_BOOT_ENABLE=TRUE \ | |
-DNETWORK_IP4_ENABLE=TRUE \ | |
-DNETWORK_IP6_ENABLE=TRUE \ | |
-DNETWORK_TLS_ENABLE=TRUE \ | |
-DNETWORK_HTTP_BOOT_ENABLE=TRUE \ | |
-DTPM2_ENABLE=TRUE \ | |
-DTPM2_CONFIG_ENABLE=TRUE \ | |
$@ | |
EOF | |
) | bash -e | |
cp Build/*/*/FV/${EDK2_FV_CODE}.fd "${TARGET_CODE}" | |
cp Build/*/*/FV/${EDK2_FV_VARS}.fd "${TARGET_VARS}" | |
if [ "$(uname -m)" = "aarch64" ]; then | |
truncate -s 64m "${TARGET_CODE}" | |
truncate -s 64m "${TARGET_VARS}" | |
fi | |
} | |
mkdir -p "/opt/incus/share/qemu/" | |
build_edk2 \ | |
"/opt/incus/share/qemu/OVMF_CODE.4MB.fd" \ | |
"/opt/incus/share/qemu/OVMF_VARS.4MB.fd" \ | |
-DFD_SIZE_4MB | |
ln -s OVMF_CODE.4MB.fd /opt/incus/share/qemu/OVMF_CODE.fd | |
ln -s OVMF_VARS.4MB.fd /opt/incus/share/qemu/OVMF_VARS.fd | |
- name: Build libtmps | |
run: | | |
cd /build/libtpms | |
./autogen.sh | |
./configure --prefix=/opt/incus --with-tpm2 --with-openssl | |
make | |
mkdir -p /build/target/libtpms/ | |
DESTDIR=/build/target/libtpms make install | |
rsync -a /build/target/libtpms/opt/incus/include/ /opt/incus/include/ | |
rsync -a /build/target/libtpms/opt/incus/lib/ /opt/incus/lib/ | |
- name: Build swtpm | |
run: | | |
cd /build/swtpm | |
./autogen.sh | |
./configure --prefix=/opt/incus --with-seccomp --with-openssl --without-cuse | |
make | |
mkdir -p /build/target/swtpm/ | |
DESTDIR=/build/target/swtpm make install | |
rsync -a /build/target/swtpm/opt/incus/bin/ /opt/incus/bin/ | |
rsync -a /build/target/swtpm/opt/incus/include/ /opt/incus/include/ | |
rsync -a /build/target/swtpm/opt/incus/lib/ /opt/incus/lib/ | |
- name: Build virtiofsd | |
run: | | |
cd /build/virtiofsd | |
cargo build --release | |
cp target/release/virtiofsd /opt/incus/bin/ | |
- name: Build umoci | |
run: | | |
cd /build/umoci | |
go build -o "/opt/incus/bin/umoci" github.com/opencontainers/umoci/cmd/umoci | |
- name: Build skopeo | |
run: | | |
cd /build/skopeo | |
go build -o "/opt/incus/bin/skopeo" github.com/containers/skopeo/cmd/skopeo | |
- name: Build QEMU | |
run: | | |
cd /build/qemu | |
sed -i "s/^unset target_list$/target_list=\"$(uname -m)-softmmu\"/" configure | |
./configure \ | |
--prefix=/opt/incus \ | |
--libexecdir=bin \ | |
--libdir=lib \ | |
--disable-bochs \ | |
--disable-cloop \ | |
--disable-dmg \ | |
--disable-docs \ | |
--disable-guest-agent \ | |
--disable-parallels \ | |
--disable-qed \ | |
--disable-slirp \ | |
--disable-user \ | |
--disable-vdi \ | |
--disable-vnc \ | |
--disable-xen \ | |
--disable-install-blobs \ | |
--enable-attr \ | |
--enable-cap-ng \ | |
--enable-kvm \ | |
--enable-libusb \ | |
--enable-usb-redir \ | |
--enable-linux-aio \ | |
--enable-linux-io-uring \ | |
--enable-numa \ | |
--enable-pie \ | |
--enable-rbd \ | |
--enable-seccomp \ | |
--enable-spice \ | |
--enable-system \ | |
--enable-tcg \ | |
--enable-tools \ | |
--enable-vhost-crypto \ | |
--enable-vhost-kernel \ | |
--enable-vhost-net \ | |
--enable-vhost-user \ | |
--enable-virtfs | |
make | |
mkdir /build/target/qemu/ | |
DESTDIR=/build/target/qemu/ make install | |
rsync -a /build/target/qemu/opt/incus/bin/ /opt/incus/bin/ | |
rsync -a /build/target/qemu/opt/incus/lib/ /opt/incus/lib/ | |
rsync -a /build/target/qemu/opt/incus/share/qemu/ /opt/incus/share/qemu/ | |
cp /build/qemu/pc-bios/kvmvapic.bin /opt/incus/share/qemu/ | |
cp /build/qemu/pc-bios/vgabios-qxl.bin /opt/incus/share/qemu/ | |
cp /build/qemu/pc-bios/vgabios-virtio.bin /opt/incus/share/qemu/ | |
cp /build/qemu/pc-bios/efi-virtio.rom /opt/incus/share/qemu/ | |
- name: Build Secure Boot firmware | |
run: | | |
REPO="${PWD}" | |
cd /build/edk2 | |
FIRMWARE="OVMF" | |
if [ "$(uname -m)" = "aarch64" ]; then | |
FIRMWARE="AAVMF" | |
fi | |
cd "${REPO}/edk2-vars-generator" | |
./edk2-vars-generator -f "${FIRMWARE}" \ | |
-e /build/edk2/Build/*/*/*/EnrollDefaultKeys.efi \ | |
-s /build/edk2/Build/*/*/*/Shell.efi \ | |
-c "/opt/incus/share/qemu/OVMF_CODE.4MB.fd" \ | |
-V "/opt/incus/share/qemu/OVMF_VARS.4MB.fd" \ | |
-C "$(cat ${REPO}/zabbly-sb.oem.crt)" \ | |
-o "/opt/incus/share/qemu/OVMF_VARS.4MB.ms.fd" | |
- name: Systemd units | |
run: | | |
cp systemd/*.service systemd/*.socket /opt/incus/lib/systemd/system/ | |
cp systemd/incusd /opt/incus/lib/systemd/ | |
cp systemd/incus-startup /opt/incus/lib/systemd/ | |
cp systemd/incus-user /opt/incus/lib/systemd/ | |
- name: Strip and cleanup binaries | |
run: | | |
rm -Rf /opt/incus/lib/debug/ | |
rm -Rf /opt/incus/include/ | |
rm -Rf /opt/incus/lib/pkgconfig/ | |
rm /opt/incus/lib/*.a /opt/incus/lib/*.la /opt/incus/lib/*/*.a /opt/incus/lib/*/*.la | |
rm /opt/incus/bin/nasm | |
rm /opt/incus/bin/ndisasm | |
rm /opt/incus/bin/qemu-bridge-helper | |
rm /opt/incus/bin/qemu-edid | |
rm /opt/incus/bin/qemu-io | |
rm /opt/incus/bin/qemu-nbd | |
rm /opt/incus/bin/qemu-pr-helper | |
rm /opt/incus/bin/qemu-storage-daemon | |
rm /opt/incus/bin/swtpm_* | |
rm /opt/incus/share/qemu/trace-events-all | |
strip /opt/incus/bin/* | |
strip /opt/incus/lib/*so* | |
- name: Make a Debian package | |
env: | |
PKGOS: ${{ matrix.os }} | |
run: | | |
[ "${PKGOS}" = "debian-11" ] && CODENAME=bullseye | |
[ "${PKGOS}" = "debian-12" ] && CODENAME=bookworm | |
[ "${PKGOS}" = "ubuntu-20.04" ] && CODENAME=focal | |
[ "${PKGOS}" = "ubuntu-22.04" ] && CODENAME=jammy | |
[ "${PKGOS}" = "ubuntu-24.04" ] && CODENAME=noble | |
mkdir -p pkg/ pkg/lib/systemd/ pkg/opt/ pkg/usr/bin/ \ | |
pkg/usr/share/bash-completion/completions/ \ | |
pkg/usr/share/fish/vendor_completions.d/ \ | |
pkg/usr/share/zsh/vendor-completions/ | |
cp -R debian pkg/debian | |
cp bin/* pkg/usr/bin/ | |
cp -R /opt/incus pkg/opt/ | |
cp -R etc pkg/etc | |
mv pkg/opt/incus/lib/systemd/system pkg/lib/systemd/system | |
ln -s /opt/incus/share/completions/bash pkg/usr/share/bash-completion/completions/incus | |
ln -s /opt/incus/share/completions/fish pkg/usr/share/fish/vendor_completions.d/incus.fish | |
ln -s /opt/incus/share/completions/zsh pkg/usr/share/zsh/vendor-completions/_incus | |
ln -s /opt/incus/bin/lxd-to-incus pkg/usr/bin/lxd-to-incus | |
ln -s /opt/incus/bin/fuidshift pkg/usr/bin/fuidshift | |
ln -s /opt/incus/bin/incus-migrate pkg/usr/bin/incus-migrate | |
ln -s /opt/incus/bin/incus-simplestreams pkg/usr/bin/incus-simplestreams | |
mkdir -p pkg/var/lib/incus | |
chmod 711 pkg/var/lib/incus | |
mkdir -p pkg/var/log/incus | |
chmod 700 pkg/var/log/incus | |
mkdir -p pkg/usr/share/locale | |
for i in /opt/incus/share/locale/*.mo; do | |
LANG=$(echo $i | sed -e "s#.*/locale/##g" -e "s#.mo\$##g") | |
mkdir -p pkg/usr/share/locale/${LANG}/LC_MESSAGES | |
ln -s ${i} pkg/usr/share/locale/${LANG}/LC_MESSAGES/incus.mo | |
done | |
cd pkg | |
dch --package incus --create -D ${CODENAME} -M -m "Automated Incus daily build" -v 1:0~$(echo ${PKGOS} | sed "s/-//g")~$(date -u +%Y%m%d%H%M) --force-distribution | |
dpkg-buildpackage -b | |
cd .. | |
mkdir out | |
mv incus_* out/ | |
mv incus-base_* out/ | |
mv incus-client_* out/ | |
mv incus-extra_* out/ | |
mv incus-ui-canonical_* out/ | |
- name: Upload resulting build | |
uses: actions/upload-artifact@v3 | |
continue-on-error: true | |
with: | |
name: ${{ matrix.os }}-${{ matrix.arch }} | |
path: out/* |