ci: switch to GitHub actions

simplify much, GitLab less

Signed-off-by: Paul Spooren <paul.spooren@rhebo.com>

.github/workflows/containers.yml

@@ -0,0 +1,243 @@
+name: Build and push containers
+
+on:
+  # push:
+  # pull_request:
+  workflow_dispatch:
+    inputs:
+      release:
+        description: "Release to deploy (empty for snapshots)"
+        required: false
+
+  schedule:
+    - cron: "0 5 * * *" # daily snapshot
+    - cron: "0 6 * * 0" # weekly 22.03-SNAPSHOT
+    - cron: "0 7 * * 0" # weekly 21.02-SNAPSHOT
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  generate_matrix:
+    name: Set matrix for SDKs
+    runs-on: ubuntu-latest
+    outputs:
+      imagebuilders: ${{ steps.find_targets.outputs.imagebuilders }}
+      sdks: ${{ steps.find_targets.outputs.sdks }}
+      release: ${{ steps.find_targets.outputs.release }}
+      owner: ${{ steps.find_targets.outputs.owner }}
+      suffix: ${{ steps.find_targets.outputs.suffix }}
+
+    steps:
+      - name: Set relase to 22.03-SNAPSHOT
+        if: github.event.schedule == '0 6 * * 0'
+        run: |
+          echo "RELEASE=22.03-SNAPSHOT" >> "$GITHUB_ENV"
+          echo "REF=openwrt-22.03" >> "$GITHUB_ENV"
+
+      - name: Set relase to 21.02-SNAPSHOT
+        if: github.event.schedule == '0 7 * * 0'
+        run: |
+          echo "RELEASE=21.02-SNAPSHOT" >> "$GITHUB_ENV"
+          echo "REF=openwrt-21.02" >> "$GITHUB_ENV"
+
+      - name: Set relase manually
+        if: github.event.inputs.release != ''
+        run: |
+          echo "RELEASE=${{ github.event.inputs.release }}" >> "$GITHUB_ENV"
+          echo "REF=v${{ github.event.inputs.release }}" >> "$GITHUB_ENV"
+
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          repository: openwrt/openwrt
+          ref: ${{ env.REF}}
+
+      - name: Set targets and release
+        id: find_targets
+        run: |
+          JSON='['
+          FIRST=1
+
+          while read -r line;
+          do
+            TARGET=$(echo "$line" | cut -d " " -f 1)
+
+            [[ $FIRST -ne 1 ]] && JSON="$JSON"','
+            
+            JSON="$JSON"'{"target":"'"$TARGET"'","tags":"'"${TARGET/\//-}"'"}'
+            FIRST=0
+          done <<< "$(perl ./scripts/dump-target-info.pl targets 2>/dev/null)"
+
+          JSON='{"include":'"$JSON"']}'
+          echo -e "\n---- imagebuilders ----\n"
+          echo "$JSON"
+          echo -e "\n---- imagebuilders ----\n"
+          echo "imagebuilders=$JSON" >> "$GITHUB_OUTPUT"
+
+          JSON='['
+          FIRST=1
+
+          while read -r line;
+          do
+            ARCH=$(echo "$line" | cut -d " " -f 1)
+            TARGET=$(echo "$line" | cut -d " " -f 2)
+            TARGETS=$(echo "$line" | cut -d " " -f 2- | sed -e 's/ /\\n/g')
+
+            [[ $FIRST -ne 1 ]] && JSON="$JSON"','
+            
+            JSON="$JSON"'{"arch":"'"$ARCH"'","target":"'"$TARGET"'","tags":"'"$ARCH"'\\n'"$TARGETS"'"}'
+            FIRST=0
+          done <<< "$(perl ./scripts/dump-target-info.pl architectures 2>/dev/null)"
+
+          JSON='{"include":'"$JSON"']}'
+          echo -e "\n---- sdks ----\n"
+          echo "$JSON"
+          echo -e "\n---- sdks ----\n"
+          echo "sdks=$JSON" >> "$GITHUB_OUTPUT"
+
+          echo "release=$RELEASE" >> "$GITHUB_OUTPUT"
+          SUFFIX=${REF:+-$REF}
+          SUFFIX=${SUFFIX:--master}
+          echo "suffix=$SUFFIX" >> "$GITHUB_OUTPUT"
+          echo "owner=${GITHUB_REPOSITORY_OWNER,,}" >> "$GITHUB_OUTPUT"
+
+  push-imagebuilder-container:
+    name: ImageBuilder
+    runs-on: ubuntu-latest
+    needs: generate_matrix
+    strategy:
+      fail-fast: False
+      matrix: ${{fromJson(needs.generate_matrix.outputs.imagebuilders)}}
+
+    steps:
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ needs.generate_matrix.outputs.owner }}/imagebuilder
+          flavor: |
+            latest=false
+            suffix=${{ needs.generate_matrix.outputs.suffix }}
+          tags: ${{ matrix.tags }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          file: Dockerfile.unify
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            DOWNLOAD_FILE=imagebuilder-.*x86_64.tar.xz
+            RELEASE=${{ needs.generate_matrix.outputs.release }}
+            TARGET=${{ matrix.target }}
+
+  push-sdk-container:
+    name: SDK
+    runs-on: ubuntu-latest
+    needs: generate_matrix
+    strategy:
+      fail-fast: False
+      matrix: ${{fromJson(needs.generate_matrix.outputs.sdks)}}
+
+    steps:
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ needs.generate_matrix.outputs.owner }}/sdk
+          flavor: |
+            latest=false
+            suffix=${{ needs.generate_matrix.outputs.suffix }}
+          tags: ${{ matrix.tags }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          file: Dockerfile.unify
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          build-args: |
+            DOWNLOAD_FILE=sdk-.*.Linux-x86_64.tar.xz
+            RELEASE=${{ needs.generate_matrix.outputs.release }}
+            TARGET=${{ matrix.target }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  push-rootfs-container:
+    name: RootFS
+    runs-on: ubuntu-latest
+    needs: generate_matrix
+    strategy:
+      fail-fast: False
+      matrix:
+        include:
+          - target: x86/64
+            arch: x86_64
+          - target: x86/generic
+            arch: i386_pentium4
+          - target: x86/geode
+            arch: i386_pentium-mmx
+          - target: armvirt/32
+            arch: arm_cortex-a15_neon-vfpv4
+          - target: armvirt/64
+            arch: aarch64_cortex-a53
+          - target: malta/be
+            arch: mips_24kc
+          - target: mvebu/cortexa9
+            arch: arm_cortex-a9_vfpv3-d16
+
+    steps:
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ needs.generate_matrix.outputs.owner }}/rootfs
+          flavor: |
+            latest=false
+            suffix=${{ needs.generate_matrix.outputs.suffix }}
+          tags: |
+            ${{ matrix.target }}
+            ${{ matrix.arch }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          file: Dockerfile.unify
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          build-args: |
+            DOWNLOAD_FILE=openwrt-.*-rootfs.tar.gz
+            WORKDIR=/
+            USER=root
+            RELEASE=${{ needs.generate_matrix.outputs.release }}
+            TARGET=${{ matrix.target }}
+            BASE_IMAGE=scratch
+            CMD=ash
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile.unify

@@ -0,0 +1,58 @@
+ARG BASE_IMAGE=registry.gitlab.com/openwrt/buildbot/buildworker:latest
+
+FROM registry.gitlab.com/openwrt/buildbot/buildworker:latest
+
+WORKDIR /build/
+
+# use "sdk-.*.Linux-x86_64.tar.xz" to create the SDK
+ARG DOWNLOAD_FILE="imagebuilder-.*x86_64.tar.xz"
+ARG TARGET=x86/64
+ARG FILE_HOST=downloads.openwrt.org
+ARG RELEASE
+
+# if $RELEASE is empty fallback to snapshots
+ENV RELEASE_PATH=${RELEASE:+releases/$RELEASE}
+ENV RELEASE_PATH=${RELEASE_PATH:-snapshots}
+ENV DOWNLOAD_PATH=$RELEASE_PATH/targets/$TARGET
+
+RUN curl "https://$FILE_HOST/$DOWNLOAD_PATH/sha256sums" -fs -o sha256sums
+RUN curl "https://$FILE_HOST/$DOWNLOAD_PATH/sha256sums.asc" -fs -o sha256sums.asc || true
+RUN curl "https://$FILE_HOST/$DOWNLOAD_PATH/sha256sums.sig" -fs -o sha256sums.sig || true
+
+ADD keys/*.asc keys/
+RUN gpg --import keys/*.asc
+RUN gpg --with-fingerprint --verify sha256sums.asc sha256sums
+
+# determine archive name
+RUN echo $(grep "$DOWNLOAD_FILE" sha256sums | cut -d "*" -f 2) >> ~/file_name
+
+# download imagebuilder/sdk archive
+RUN wget --quiet "https://$FILE_HOST/$DOWNLOAD_PATH/$(cat ~/file_name)"
+
+# shrink checksum file to single desired file and verify downloaded archive
+RUN grep "$(cat ~/file_name)" sha256sums > sha256sums_min
+RUN cat sha256sums_min
+RUN sha256sum -c sha256sums_min
+
+# cleanup
+RUN rm -rf sha256sums{,_min,.sig,.asc} keys/
+
+RUN tar xf "$(cat ~/file_name)" --strip=1 --no-same-owner -C .
+RUN rm -rf "$(cat ~/file_name)"
+
+FROM $BASE_IMAGE
+
+ARG USER=buildbot
+ARG WORKDIR=/builder/
+ARG CMD="/bin/bash"
+
+USER $USER
+WORKDIR $WORKDIR
+
+COPY --from=0 --chown=$USER:$USER /build/ ./
+
+ENTRYPOINT [ ]
+
+# required to have CMD as ENV to be executed
+ENV CMD_ENV=${CMD}
+CMD ${CMD_ENV}

keys/2074BE7A.asc

@@ -0,0 +1,54 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: OpenWrt 19.07 public key
+
+mQINBF0rEacBEACjsqSfFW5EU4yPzHrcuLBYmOjvYsRIKPrBga9EusuMdpJ5PMfs
+ebFSBlgWSpS/ePnyMIwCNqGFhZTj6QCwBUfRxH6nOGn3jFj9eaFwrZNIh8PMiuD7
+wJo7Z4nSwPj6PNFIchzwg6M/O6hTAqdvfDOXLWRbJFXd5sJsr3ueO3K2nwlP2fer
+qoy/jaVZODK2+6XsTI6FNBNUQKNq9raS+jNjiEA6v1dUIBEfq6uzCHYdq3Wlc34W
+DSNGNCOn5O2fXtHdnisGzyy1YmwSv5WxvZGI9+qGnQWmalNXGKKlbVSD+qsZTFuO
+cZne/tXBBYLLA3XIf9X8bjTzVuI6b2a4uUbUVp2BVeqNFipQhU27DmFd+Qj00wVE
+lkA3cWQ00WDO8Anja8HF2VF4TsBeLz6FZymGlecG6Ekg+Qb3TxqaTDJy/U/peC69
+RHJtUzVSql2wQ35Q5ssXS0GABqCv4KVd8NSPrrAPslr2wP9GsnkvbfEe3QTQXzon
++agvMk/1P6ekC2ocoruvJ7L0wI+79Hbki5mh5HPlw/HTo7oC3ay6g79BbxxGi3UF
+fqv/PblDPTeIeuk93ksQrQgcPzW3gc391yyd5GGeuxcHXppFWJPHdxvqpROUDqnm
+4Lq2W7a+sThvUyOdRPOKZZzeiowhEBJ2nPUNEbv8UzQX4cWM4yV+0DuWqQARAQAB
+tFNPcGVuV3J0IEJ1aWxkIFN5c3RlbSAoUEdQIGtleSBmb3IgMTkuMDcgcmVsZWFz
+ZSBidWlsZHMpIDxwZ3BzaWduLTE5LjA3QG9wZW53cnQub3JnPokCVwQTAQgAQQIb
+AwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAIZARYhBNnGkB9FybhoWGh9/yijm8Mg
+dL56BQJhEXdJBQkFx5kiAAoJECijm8MgdL56hYYP/0hSqyoVmkzzgbPXVi0LjZI7
+yizF9fZTXfCPJ7Q89inVhq9A2gQQJ+y/f8kEsw6FIqDo7UBFRQbssgbliOsC4BDF
+L9lIx2UzNya2U3N6mu5ugJ+fQ61UWzSENSi0liR/YoQgAAiw/aKjrJcJcfQVuxWv
+1y/WUvlzXr4maZQ4qWB9ztEkoH6+Nv+gN6hTeXZIHyMipj5T+fIkopSAF484fXh7
+MC8js8Ye+j9cUJwVqfBEUn1tTFbiTK8n3vrBOnbPsBJJVO0401oAt+ctRzNn623a
+8l2yOHdOUbNvw5qHFmTdL6yIf+R6Kgwght7/6wDVo1eYUaswU5+fFGpudZOixMZR
+6m1dwPl1WVL2zu9HjOgbGhVpANPm72IARb75O32uKc7A01A5AredMJqhsLXpE3Q5
+AlWRg6QQD8TQd5PfgkZbwmUI6slqCHvI3Q1izRtGC1RCLIYGswaYF9L4ZyKgEUaT
+VjAcn3NVBurQ+Nezf4BaP4FaBDAEUSzS17HI1Ti5Ei7TjnHC8Hqg2KkQZMkXuSUY
+wGjxRYnyPV1I5S9c03rhWIoyT0cOxy794zrU/sU9WetSJHiRcsR3AnDReiMRhtrK
+txQ3HP427kgkRjX7hNg2465HEfedSWnbXmZ44brNTKPazjqGVAcjM3/YkxnD8oAm
+H1IHsN1b1IWrndQPMcjRiQIzBBABCAAdFiEEVMx0MHosbcnOYYJpzYS87WJkcfEF
+Al03Ur8ACgkQzYS87WJkcfH26g//XNSGKHdF6q1uKzi3VtVTp45QXhdXRR0lcLqF
+SKeSozDeq1Af6A5Oamv92fN6MzgHO+Y3jzapEQXbykcGegd3fSs88CpvsQr12Ryq
+jVsep4rLnP3xj4NsyhcPCiMJ/jYUCzrRX1Xsqoxa8B3NCdqkuY7Mf6uPBIHf8fKe
+Qdnjl2IoWaw/X8gfDDj6g9vUfyygCtj22Ky7NjK6tXFyh9SwE/qElE5VyU81ottK
+ZkeaPzQKe//lzFtmwYUz+C3HQwKjRGK1dA7Z7JZju5abuEx1qnLSokRBMEanzLvs
+P29o/LozNP9/j7BOGj/5wkbMu+6FYQMyCklNojMHypxufQbVgwK1d6Nhar/znxIe
+qmy0nHVLXuPITchlrCyXrjrXHoSe9lxKytgkc93CUArWKyxVt0pmRYU/4DRH3tKF
+QmmCe3wD+xCBGaZTE2BA2t/j9TRELT7uRsIE56xNbV4Ct3tWztJplbFw0As+iTzT
+H9mJjpu65L9S1V6WWthiB95XFY1j/zp4K07wZsgdNwRR5fWWAPjBvPHkzTrXCN8w
+XCePICPTtQY2P8Z9PoqXwObdPE47Nf3RT24AEyKBxFBQjq/Fj2KzLgf2alXkvRVJ
+PR2Gl8zOl8FvKWEInfBoYsXWTyZk/IiUru1xvVq+behVkVh+6VuSndvsmMPaQs0/
+t0rQROOJAjMEEAEIAB0WIQStBQc2PSvOnJ42zsT7y3jwFYB5MQUCXTdTKQAKCRD7
+y3jwFYB5MSN2D/9iA4BdRe7wAkqSIgS2OmSlrFKb3EwgYjs50QnJwwKzSkN34sd5
+i02rXi8qYEXXmf3zWVSxTwOgA2TS/VswwDrev7dN5o58ziSqreRzSS5ia5n66a/N
+usPPNA69Bt6jz2dHmuGKB1y3jlv38eQrDmudOzq4YFxfnIlJVgkPkYaZ0rgpwDlu
+Pj9Ue2Ux9gDKidsa3wVAckmOqc2EnuK9d5bdYgjLw/BbnXHkaBaStEAqoaAId623
+U7jrG2FmY5wtbvUwd4mUZFW35ODHYYyREXeLaxpLM0mKDS1z6Yfk4UP2rDjEF9pl
+XdhMjREH3YGICtuhuQMb7xovOQJdIr0Ux+BDcnAcai2+7q+r6dq+Yu3J13WszV0d
+4vaBpaYRr5aX84O0PT599H04h2ZgBMGlTOoUlOXZ9hoI94rURU8oBPckw8wGvr84
+SIStXgrOeatJqhakMlrFcJiuYFL/LWbYVwR9MsuniEowuTlN11/3FqTaAhswY6Xy
+8dllzIg4jcwgWmQUUeTs++wRAkB++zAQNoc78fJQn2sltgP3Po8dobsCQic4WMuN
+0HhJtj5h/m57grSQ3DVLvygM7lvCpCfPjqnYQkoSdqP5DT6hXEWaaR1zuxROa4+4
+26+mAggKUg63Jcw1oZWtsFFmmhx9Aj1PI98zHZo3+7qxWeLgnm3Smbs0EA==
+=VpI5
+-----END PGP PUBLIC KEY BLOCK-----