Build CPU Binaries #33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build CPU Binaries | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| inputs: | |
| create_release: | |
| description: 'Create a release after building' | |
| required: false | |
| default: false | |
| type: boolean | |
| release_tag: | |
| description: 'Release tag (e.g., v1.0.0)' | |
| required: false | |
| type: string | |
| architectures: | |
| description: 'Architectures to build (comma-separated: aarch64,x86_64)' | |
| required: false | |
| default: 'aarch64,x86_64' | |
| type: string | |
| schedule: | |
| # Run weekly on Sundays at 00:00 UTC to check for new cpu releases | |
| - cron: '0 0 * * 0' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| strategy: | |
| matrix: | |
| arch: [aarch64, x86_64] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.21' | |
| - name: Build everything using Makefile | |
| run: | | |
| echo "Building CPU binaries and initramfs for ${{ matrix.arch }} using Makefile..." | |
| make ARCH=${{ matrix.arch }} all | |
| echo "Build completed successfully for ${{ matrix.arch }}!" | |
| - name: Show build summary | |
| run: | | |
| echo "=== Build Summary for ${{ matrix.arch }} ===" | |
| ls -la build/binaries/${{ matrix.arch }}/ | |
| echo "" | |
| echo "Binary info:" | |
| file build/binaries/${{ matrix.arch }}/cpu build/binaries/${{ matrix.arch }}/cpud | |
| echo "" | |
| echo "SSH keys:" | |
| ls -la build/binaries/${{ matrix.arch }}/identity* | |
| echo "" | |
| echo "Initramfs:" | |
| ls -la build/initramfs/${{ matrix.arch }}/ | |
| echo "" | |
| echo "Sizes:" | |
| du -h build/binaries/${{ matrix.arch }}/* build/initramfs/${{ matrix.arch }}/* | |
| echo "" | |
| echo "Build info:" | |
| cat build/binaries/${{ matrix.arch }}/BUILD_INFO.txt | |
| - name: Get CPU version for release naming | |
| run: | | |
| cd build/repos/cpu | |
| echo "CPU_VERSION=$(git describe --tags --always)" >> $GITHUB_ENV | |
| echo "Building u-root/cpu version: $(git describe --tags --always)" | |
| - name: Create checksums | |
| run: | | |
| cd build/binaries/${{ matrix.arch }} | |
| echo "Creating checksums for ${{ matrix.arch }}..." | |
| sha256sum cpu > cpu.sha256 | |
| sha256sum cpud > cpud.sha256 | |
| sha256sum identity > identity.sha256 | |
| sha256sum identity.pub > identity.pub.sha256 | |
| sha256sum BUILD_INFO.txt > BUILD_INFO.txt.sha256 | |
| cd ../../initramfs/${{ matrix.arch }} | |
| sha256sum cpud-initramfs.cpio.gz > cpud-initramfs.cpio.gz.sha256 | |
| cd ../../binaries/${{ matrix.arch }} | |
| echo "Checksums created:" | |
| cat *.sha256 | |
| echo "Initramfs checksum:" | |
| cat ../../initramfs/${{ matrix.arch }}/*.sha256 | |
| - name: Create tarball | |
| run: | | |
| cd build/binaries/${{ matrix.arch }} | |
| cp ../../initramfs/${{ matrix.arch }}/cpud-initramfs.cpio.gz . | |
| cp ../../initramfs/${{ matrix.arch }}/cpud-initramfs.cpio.gz.sha256 . | |
| tar -czf ../../../cpu-binaries-${{ matrix.arch }}-${{ env.CPU_VERSION }}.tar.gz * | |
| cd ../../.. | |
| echo "Tarball created:" | |
| ls -la cpu-binaries-${{ matrix.arch }}-*.tar.gz | |
| sha256sum cpu-binaries-${{ matrix.arch }}-*.tar.gz > cpu-binaries-${{ matrix.arch }}-${{ env.CPU_VERSION }}.tar.gz.sha256 | |
| - name: Upload binaries as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: cpu-binaries-${{ matrix.arch }}-${{ env.CPU_VERSION }} | |
| path: | | |
| build/binaries/${{ matrix.arch }}/ | |
| build/initramfs/${{ matrix.arch }}/ | |
| cpu-binaries-${{ matrix.arch }}-*.tar.gz | |
| cpu-binaries-${{ matrix.arch }}-*.tar.gz.sha256 | |
| retention-days: 90 | |
| release: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| if: startsWith(github.ref, 'refs/tags/') || github.event.inputs.create_release == 'true' | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: cpu-binaries-* | |
| merge-multiple: false | |
| - name: Get CPU version for release naming | |
| run: | | |
| # Extract version from any artifact directory | |
| for dir in cpu-binaries-*; do | |
| if [ -d "$dir" ]; then | |
| version=$(echo "$dir" | sed 's/cpu-binaries-[^-]*-//') | |
| echo "CPU_VERSION=$version" >> $GITHUB_ENV | |
| break | |
| fi | |
| done | |
| echo "Detected CPU_VERSION: ${{ env.CPU_VERSION }}" | |
| - name: Prepare release files for all architectures | |
| run: | | |
| echo "Preparing release files for all architectures..." | |
| # Create release structure | |
| mkdir -p release-files | |
| # Process each architecture | |
| for arch in aarch64 x86_64; do | |
| echo "Processing $arch..." | |
| artifact_dir="cpu-binaries-$arch-${{ env.CPU_VERSION }}" | |
| if [ -d "$artifact_dir" ]; then | |
| echo "Found artifact directory: $artifact_dir" | |
| # Copy binaries with arch suffix to avoid conflicts | |
| if [ -d "$artifact_dir/build/binaries/$arch" ]; then | |
| mkdir -p "release-files/$arch" | |
| cp -r "$artifact_dir/build/binaries/$arch"/* "release-files/$arch/" | |
| # Create symlinks for architecture-specific binaries in root | |
| cd release-files | |
| ln -sf "$arch/cpu" "cpu-$arch" | |
| ln -sf "$arch/cpud" "cpud-$arch" | |
| ln -sf "$arch/identity" "identity-$arch" | |
| ln -sf "$arch/identity.pub" "identity.pub-$arch" | |
| ln -sf "$arch/BUILD_INFO.txt" "BUILD_INFO-$arch.txt" | |
| ln -sf "$arch/cpu.sha256" "cpu-$arch.sha256" | |
| ln -sf "$arch/cpud.sha256" "cpud-$arch.sha256" | |
| ln -sf "$arch/identity.sha256" "identity-$arch.sha256" | |
| ln -sf "$arch/identity.pub.sha256" "identity.pub-$arch.sha256" | |
| ln -sf "$arch/BUILD_INFO.txt.sha256" "BUILD_INFO-$arch.txt.sha256" | |
| cd .. | |
| fi | |
| # Copy initramfs with arch suffix | |
| if [ -d "$artifact_dir/build/initramfs/$arch" ]; then | |
| cp "$artifact_dir/build/initramfs/$arch"/* "release-files/$arch/" | |
| cd release-files | |
| ln -sf "$arch/cpud-initramfs.cpio.gz" "cpud-initramfs-$arch.cpio.gz" | |
| ln -sf "$arch/cpud-initramfs.cpio.gz.sha256" "cpud-initramfs-$arch.cpio.gz.sha256" | |
| cd .. | |
| fi | |
| # Copy tarball | |
| if [ -f "$artifact_dir/cpu-binaries-$arch-${{ env.CPU_VERSION }}.tar.gz" ]; then | |
| cp "$artifact_dir/cpu-binaries-$arch-${{ env.CPU_VERSION }}.tar.gz" release-files/ | |
| cp "$artifact_dir/cpu-binaries-$arch-${{ env.CPU_VERSION }}.tar.gz.sha256" release-files/ | |
| fi | |
| else | |
| echo "Warning: Artifact directory $artifact_dir not found" | |
| fi | |
| done | |
| echo "Release files prepared:" | |
| find release-files/ -type f | sort | |
| - name: Create release (manual or on tag) | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ github.event.inputs.release_tag || github.ref_name }} | |
| name: CPU Binaries ${{ github.event.inputs.release_tag || github.ref_name }} | |
| files: | | |
| release-files/cpu-aarch64 | |
| release-files/cpud-aarch64 | |
| release-files/cpu-x86_64 | |
| release-files/cpud-x86_64 | |
| release-files/identity-aarch64 | |
| release-files/identity.pub-aarch64 | |
| release-files/identity-x86_64 | |
| release-files/identity.pub-x86_64 | |
| release-files/BUILD_INFO-aarch64.txt | |
| release-files/BUILD_INFO-x86_64.txt | |
| release-files/cpu-aarch64.sha256 | |
| release-files/cpud-aarch64.sha256 | |
| release-files/cpu-x86_64.sha256 | |
| release-files/cpud-x86_64.sha256 | |
| release-files/identity-aarch64.sha256 | |
| release-files/identity.pub-aarch64.sha256 | |
| release-files/identity-x86_64.sha256 | |
| release-files/identity.pub-x86_64.sha256 | |
| release-files/BUILD_INFO-aarch64.txt.sha256 | |
| release-files/BUILD_INFO-x86_64.txt.sha256 | |
| release-files/cpud-initramfs-aarch64.cpio.gz | |
| release-files/cpud-initramfs-aarch64.cpio.gz.sha256 | |
| release-files/cpud-initramfs-x86_64.cpio.gz | |
| release-files/cpud-initramfs-x86_64.cpio.gz.sha256 | |
| release-files/cpu-binaries-aarch64-${{ env.CPU_VERSION }}.tar.gz | |
| release-files/cpu-binaries-aarch64-${{ env.CPU_VERSION }}.tar.gz.sha256 | |
| release-files/cpu-binaries-x86_64-${{ env.CPU_VERSION }}.tar.gz | |
| release-files/cpu-binaries-x86_64-${{ env.CPU_VERSION }}.tar.gz.sha256 | |
| body: | | |
| # CPU Binaries for Multiple Architectures | |
| Built from [u-root/cpu](https://github.com/u-root/cpu) version: `${{ env.CPU_VERSION }}` | |
| ## Supported Architectures | |
| - **aarch64** (ARM64) - For Raspberry Pi, Apple Silicon, AWS Graviton, etc. | |
| - **x86_64** (AMD64) - For Intel/AMD x86-64 systems | |
| ## Files | |
| ### Architecture-Specific Binaries | |
| Download the binaries for your target architecture: | |
| #### aarch64 (ARM64) | |
| - `cpu-aarch64` - CPU client binary for aarch64 | |
| - `cpud-aarch64` - CPU daemon binary for aarch64 | |
| - `cpud-initramfs-aarch64.cpio.gz` - U-root initramfs for aarch64 | |
| - `cpu-binaries-aarch64-${{ env.CPU_VERSION }}.tar.gz` - Complete archive for aarch64 | |
| #### x86_64 (AMD64) | |
| - `cpu-x86_64` - CPU client binary for x86_64 | |
| - `cpud-x86_64` - CPU daemon binary for x86_64 | |
| - `cpud-initramfs-x86_64.cpio.gz` - U-root initramfs for x86_64 | |
| - `cpu-binaries-x86_64-${{ env.CPU_VERSION }}.tar.gz` - Complete archive for x86_64 | |
| ### SSH Keys (per architecture) | |
| - `identity-<arch>` - Default SSH private key | |
| - `identity.pub-<arch>` - Default SSH public key (also embedded in initramfs) | |
| - `identity-<arch>.sha256` - Private key checksum | |
| - `identity.pub-<arch>.sha256` - Public key checksum | |
| **⚠️ WARNING**: These are default keys for convenience. Generate your own keys for production use! | |
| ### Build Information | |
| - `BUILD_INFO-<arch>.txt` - Build information and usage notes (per architecture) | |
| - `*-<arch>.sha256` - SHA256 checksums for verification | |
| ## Usage | |
| 1. **Download** the appropriate binaries for your target architecture | |
| 2. **Rename** to remove architecture suffix: `mv cpu-aarch64 cpu` | |
| 3. **Verify** checksums with `sha256sum -c <file>.sha256` | |
| 4. **Make executable** with `chmod +x cpu cpud` | |
| 5. **Use initramfs** with Linux kernel (boot parameters: `init=/init`) | |
| ## Multi-Architecture Support | |
| This release includes binaries for multiple architectures built from the same source code. | |
| Choose the appropriate architecture for your target system: | |
| - **aarch64**: Raspberry Pi, Apple Silicon Macs, AWS Graviton instances | |
| - **x86_64**: Intel/AMD desktop/server systems, most cloud instances | |
| SSH public keys are embedded in each architecture's initramfs at `/etc/identity.pub` for automatic authentication. | |
| ## Quick Start | |
| ### For aarch64 systems: | |
| ```bash | |
| wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpu-aarch64 | |
| wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpud-aarch64 | |
| mv cpu-aarch64 cpu && mv cpud-aarch64 cpud | |
| chmod +x cpu cpud | |
| ``` | |
| ### For x86_64 systems: | |
| ```bash | |
| wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpu-x86_64 | |
| wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpud-x86_64 | |
| mv cpu-x86_64 cpu && mv cpud-x86_64 cpud | |
| chmod +x cpu cpud | |
| ``` | |
| draft: false | |
| prerelease: false | |
| make_latest: true | |
| generate_release_notes: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |