diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e06aab1566f2..d334e4b603ca 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -14,14 +14,10 @@ name: "CodeQL" on: push: branches: [ "main" ] - # pull_request: - # branches: [ "main" ] + pull_request: + branches: [ "main" ] schedule: - cron: '44 8 * * 2' -# also trigger on when commented /scan-codeql on the pr - issue_comment: - types: [created] - pattern: /scan jobs: analyze: diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index bded19b70aa1..60df73ab67b7 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -36,7 +36,7 @@ jobs: - name: Build Artifacts Package id: build_package run: | - cp arch/x86_64/boot/bzImage kernel-x86_64-${VERSION}.tar.gz + cp arch/x86_64/boot/bzImage kernel-x86_64-${SHA}.tar.gz sha256sum kernel-x86_64-${SHA}.tar.gz >> kernel-x86_64-${SHA}.tar.gz.sha256 echo "image_name=kernel-x86_64-${SHA}.tar.gz" >> "$GITHUB_OUTPUT" echo "image_hash=$(cat kernel-x86_64-${SHA}.tar.gz.sha256)" >> "$GITHUB_OUTPUT" @@ -67,7 +67,7 @@ jobs: SHA: ${{ github.event.pull_request.head.sha }} IMAGE_HASH: ${{ needs.build_kernel.outputs.image_hash }} IMAGE_NAME: ${{ needs.build_kernel.outputs.image_name }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.ROBOT_TOKEN }} run: | git config user.name okmachina git config user.email 163742220+okmachina@users.noreply.github.com diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index cc7780245b1a..96f126b13abe 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -12,9 +12,15 @@ jobs: env: SHA: ${{ github.event.pull_request.head.sha }} VERSION: ${{ github.event.pull_request.head.ref }} + GH_TOKEN: ${{ secrets.ROBOT_TOKEN }} outputs: image_hash: ${{ steps.build_package.outputs.image_hash }} image_name: ${{ steps.build_package.outputs.image_name }} + kernel_release: ${{ steps.build_package.outputs.kernel_release }} + artifact_url: ${{ steps.upload-artifact.outputs.artifact-url }} + arrifact_id: ${{ steps.upload-artifact.outputs.artifact-id }} + kernel_version: ${{ steps.build_package.outputs.kernel_version }} + GH_TOKEN: ${{ secrets.ROBOT_TOKEN }} steps: - name: Checkout repository uses: actions/checkout@v4 @@ -25,56 +31,62 @@ jobs: export CHROMEOS_KERNEL_FAMILY=termina - name: Prepare kernel configuration run: make olddefconfig - - name: Build kernel image run: make -j$(nproc) bzImage - name: Build Artifacts Package id: build_package run: | - cp arch/x86_64/boot/bzImage kernel-x86_64-${VERSION}.tar.gz - sha256sum kernel-x86_64-${SHA}.tar.gz >> kernel-x86_64-${SHA}.tar.gz.sha256 - echo "image_name=kernel-x86_64-${SHA}.tar.gz" >> "$GITHUB_OUTPUT" - echo "image_hash=$(cat kernel-x86_64-${SHA}.tar.gz.sha256)" >> "$GITHUB_OUTPUT" - - uses: actions/upload-artifact@v4 - with: - name: oklinux-kernel-x86_64-${{ github.event.pull_request.head.sha }} - path: kernel-x86_64-* + export KERNEL_VERSION=$(cat version.txt) + export KERNEL_RELEASE="${KERNEL_VERSION}-${SHA}" + cp arch/x86_64/boot/bzImage kernel-x86_64-${KERNEL_RELEASE}.bzImage + sha256sum kernel-x86_64-${KERNEL_RELEASE}.bzImage >> kernel-x86_64-${KERNEL_RELEASE}.bzImage.sha256 + echo "image_name=kernel-x86_64-${KERNEL_RELEASE}.bzImage" >> "$GITHUB_OUTPUT" + echo "image_hash=$(cat kernel-x86_64-${KERNEL_RELEASE}.bzImage.sha256)" >> "$GITHUB_OUTPUT" + echo "kernel_release=${KERNEL_RELEASE}" >> "$GITHUB_OUTPUT" + echo "kernel_version=${KERNEL_VERSION}" >> "$GITHUB_OUTPUT" + curl -X POST \ + --data-binary @kernel-x86_64-${KERNEL_RELEASE}.bzImage \ + oknotokcomputer.sevki.workers.dev/kernel-x86_64-${KERNEL_RELEASE}.bzImage \ + -H "authorization: bearer ${GH_TOKEN}" \ + -H "x-image-sha: $(cat kernel-x86_64-${KERNEL_RELEASE}.bzImage.sha256)" \ + -H "x-commit: ${SHA}" + curl -X POST \ + --data-binary @kernel-x86_64-${KERNEL_RELEASE}.bzImage \ + oknotokcomputer.sevki.workers.dev/kernel-x86_64-latest.bzImage \ + -H "authorization: bearer ${GH_TOKEN}" \ + -H "x-image-sha: $(cat kernel-x86_64-${KERNEL_RELEASE}.bzImage.sha256)" \ + -H "x-commit: ${SHA}" propose_release: runs-on: ubuntu-latest needs: build_kernel steps: - - env: - VERSION: ${{ github.event.pull_request.head.ref }} - SHA: ${{ github.event.pull_request.head.sha }} - IMAGE_HASH: ${{ needs.build_kernel.outputs.image_hash }} - IMAGE_NAME: ${{ needs.build_kernel.outputs.image_name }} - uses: actions/checkout@v4 - with: - repository: "sevki/okLinux" - - name: make download-script - run: | - echo "curl -L https://api.github.com/repos/sevki/kernel/actions/artifacts/1330970479/${IMAGE_NAME} > ${IMAGE_NAME}" > download-kernel.sh - echo "sha256sum -c ${IMAGE_NAME}.sha256" >> download-kernel.sh - chmod +x download-kernel.sh - - name: create pull request + - name: create pull request env: - VERSION: ${{ github.event.pull_request.head.ref }} - SHA: ${{ github.event.pull_request.head.sha }} + KERNEL_RELEASE: ${{ needs.build_kernel.outputs.kernel_release }} + KERNEL_VERSION: ${{ needs.build_kernel.outputs.kernel_version }} IMAGE_HASH: ${{ needs.build_kernel.outputs.image_hash }} IMAGE_NAME: ${{ needs.build_kernel.outputs.image_name }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - git config user.name okmachina - git config user.email 163742220+okmachina@users.noreply.github.com - git remote add okLinux "https://${{ secrets.ROBOT_TOKEN }}@github.com/sevki/okLinux.git" - git add download-kernel.sh - echo $IMAGE_HASH >> ${IMAGE_NAME}.sha256 - git add ${IMAGE_NAME}.sha256 - git commit -m "Update to${SHA}" - export COMMIT=$(git rev-parse HEAD) - git checkout -b "update-to-${SHA}" - git push okLinux "update-to-${SHA}" - gh pr create --title "Update to ${SHA}" --body "Update to ${SHA}" --base main --head "update-to-${SHA}" + GH_TOKEN: ${{ secrets.ROBOT_TOKEN }} + ARTIFACT_URL: ${{ needs.build_kernel.outputs.artifact_url }} + uses: actions/github-script@v7 + with: + script: | + github.rest.repos.createDeployment({ + owner: context.repo.owner, + repo: context.repo.repo, + ref: context.sha, + environment: `oklinux-${process.env.KERNEL_VERSION}-staging`, + required_contexts: [], + transient_environment: true, + payload: { + kernel_release: process.env.KERNEL_RELEASE, + kernel_version: process.env.KERNEL_VERSION, + image_hash: process.env.IMAGE_HASH, + image_name: process.env.IMAGE_NAME, + artifact_url: process.env.ARTIFACT_URL + } + }); + build_kernel_docs: runs-on: ubuntu-latest steps: