-
Notifications
You must be signed in to change notification settings - Fork 1
315 lines (272 loc) · 12.5 KB
/
build.yml
File metadata and controls
315 lines (272 loc) · 12.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
name: Build CPU Binaries
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
inputs:
create_release:
description: 'Create a release after building'
required: false
default: false
type: boolean
release_tag:
description: 'Release tag (e.g., v1.0.0)'
required: false
type: string
architectures:
description: 'Architectures to build (comma-separated: aarch64,x86_64)'
required: false
default: 'aarch64,x86_64'
type: string
schedule:
# Run weekly on Sundays at 00:00 UTC to check for new cpu releases
- cron: '0 0 * * 0'
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
strategy:
matrix:
arch: [aarch64, x86_64]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Build everything using Makefile
run: |
echo "Building CPU binaries and initramfs for ${{ matrix.arch }} using Makefile..."
make ARCH=${{ matrix.arch }} all
echo "Build completed successfully for ${{ matrix.arch }}!"
- name: Show build summary
run: |
echo "=== Build Summary for ${{ matrix.arch }} ==="
ls -la build/binaries/${{ matrix.arch }}/
echo ""
echo "Binary info:"
file build/binaries/${{ matrix.arch }}/cpu build/binaries/${{ matrix.arch }}/cpud
echo ""
echo "SSH keys:"
ls -la build/binaries/${{ matrix.arch }}/identity*
echo ""
echo "Initramfs:"
ls -la build/initramfs/${{ matrix.arch }}/
echo ""
echo "Sizes:"
du -h build/binaries/${{ matrix.arch }}/* build/initramfs/${{ matrix.arch }}/*
echo ""
echo "Build info:"
cat build/binaries/${{ matrix.arch }}/BUILD_INFO.txt
- name: Get CPU version for release naming
run: |
cd build/repos/cpu
echo "CPU_VERSION=$(git describe --tags --always)" >> $GITHUB_ENV
echo "Building u-root/cpu version: $(git describe --tags --always)"
- name: Create checksums
run: |
cd build/binaries/${{ matrix.arch }}
echo "Creating checksums for ${{ matrix.arch }}..."
sha256sum cpu > cpu.sha256
sha256sum cpud > cpud.sha256
sha256sum identity > identity.sha256
sha256sum identity.pub > identity.pub.sha256
sha256sum BUILD_INFO.txt > BUILD_INFO.txt.sha256
cd ../../initramfs/${{ matrix.arch }}
sha256sum cpud-initramfs.cpio.gz > cpud-initramfs.cpio.gz.sha256
cd ../../binaries/${{ matrix.arch }}
echo "Checksums created:"
cat *.sha256
echo "Initramfs checksum:"
cat ../../initramfs/${{ matrix.arch }}/*.sha256
- name: Create tarball
run: |
cd build/binaries/${{ matrix.arch }}
cp ../../initramfs/${{ matrix.arch }}/cpud-initramfs.cpio.gz .
cp ../../initramfs/${{ matrix.arch }}/cpud-initramfs.cpio.gz.sha256 .
tar -czf ../../../cpu-binaries-${{ matrix.arch }}-${{ env.CPU_VERSION }}.tar.gz *
cd ../../..
echo "Tarball created:"
ls -la cpu-binaries-${{ matrix.arch }}-*.tar.gz
sha256sum cpu-binaries-${{ matrix.arch }}-*.tar.gz > cpu-binaries-${{ matrix.arch }}-${{ env.CPU_VERSION }}.tar.gz.sha256
- name: Upload binaries as artifact
uses: actions/upload-artifact@v4
with:
name: cpu-binaries-${{ matrix.arch }}-${{ env.CPU_VERSION }}
path: |
build/binaries/${{ matrix.arch }}/
build/initramfs/${{ matrix.arch }}/
cpu-binaries-${{ matrix.arch }}-*.tar.gz
cpu-binaries-${{ matrix.arch }}-*.tar.gz.sha256
retention-days: 90
release:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
if: startsWith(github.ref, 'refs/tags/') || github.event.inputs.create_release == 'true'
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
with:
pattern: cpu-binaries-*
merge-multiple: false
- name: Get CPU version for release naming
run: |
# Extract version from any artifact directory
for dir in cpu-binaries-*; do
if [ -d "$dir" ]; then
version=$(echo "$dir" | sed 's/cpu-binaries-[^-]*-//')
echo "CPU_VERSION=$version" >> $GITHUB_ENV
break
fi
done
echo "Detected CPU_VERSION: ${{ env.CPU_VERSION }}"
- name: Prepare release files for all architectures
run: |
echo "Preparing release files for all architectures..."
# Create release structure
mkdir -p release-files
# Process each architecture
for arch in aarch64 x86_64; do
echo "Processing $arch..."
artifact_dir="cpu-binaries-$arch-${{ env.CPU_VERSION }}"
if [ -d "$artifact_dir" ]; then
echo "Found artifact directory: $artifact_dir"
# Copy binaries with arch suffix to avoid conflicts
if [ -d "$artifact_dir/build/binaries/$arch" ]; then
mkdir -p "release-files/$arch"
cp -r "$artifact_dir/build/binaries/$arch"/* "release-files/$arch/"
# Create symlinks for architecture-specific binaries in root
cd release-files
ln -sf "$arch/cpu" "cpu-$arch"
ln -sf "$arch/cpud" "cpud-$arch"
ln -sf "$arch/identity" "identity-$arch"
ln -sf "$arch/identity.pub" "identity.pub-$arch"
ln -sf "$arch/BUILD_INFO.txt" "BUILD_INFO-$arch.txt"
ln -sf "$arch/cpu.sha256" "cpu-$arch.sha256"
ln -sf "$arch/cpud.sha256" "cpud-$arch.sha256"
ln -sf "$arch/identity.sha256" "identity-$arch.sha256"
ln -sf "$arch/identity.pub.sha256" "identity.pub-$arch.sha256"
ln -sf "$arch/BUILD_INFO.txt.sha256" "BUILD_INFO-$arch.txt.sha256"
cd ..
fi
# Copy initramfs with arch suffix
if [ -d "$artifact_dir/build/initramfs/$arch" ]; then
cp "$artifact_dir/build/initramfs/$arch"/* "release-files/$arch/"
cd release-files
ln -sf "$arch/cpud-initramfs.cpio.gz" "cpud-initramfs-$arch.cpio.gz"
ln -sf "$arch/cpud-initramfs.cpio.gz.sha256" "cpud-initramfs-$arch.cpio.gz.sha256"
cd ..
fi
# Copy tarball
if [ -f "$artifact_dir/cpu-binaries-$arch-${{ env.CPU_VERSION }}.tar.gz" ]; then
cp "$artifact_dir/cpu-binaries-$arch-${{ env.CPU_VERSION }}.tar.gz" release-files/
cp "$artifact_dir/cpu-binaries-$arch-${{ env.CPU_VERSION }}.tar.gz.sha256" release-files/
fi
else
echo "Warning: Artifact directory $artifact_dir not found"
fi
done
echo "Release files prepared:"
find release-files/ -type f | sort
- name: Create release (manual or on tag)
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.event.inputs.release_tag || github.ref_name }}
name: CPU Binaries ${{ github.event.inputs.release_tag || github.ref_name }}
files: |
release-files/cpu-aarch64
release-files/cpud-aarch64
release-files/cpu-x86_64
release-files/cpud-x86_64
release-files/identity-aarch64
release-files/identity.pub-aarch64
release-files/identity-x86_64
release-files/identity.pub-x86_64
release-files/BUILD_INFO-aarch64.txt
release-files/BUILD_INFO-x86_64.txt
release-files/cpu-aarch64.sha256
release-files/cpud-aarch64.sha256
release-files/cpu-x86_64.sha256
release-files/cpud-x86_64.sha256
release-files/identity-aarch64.sha256
release-files/identity.pub-aarch64.sha256
release-files/identity-x86_64.sha256
release-files/identity.pub-x86_64.sha256
release-files/BUILD_INFO-aarch64.txt.sha256
release-files/BUILD_INFO-x86_64.txt.sha256
release-files/cpud-initramfs-aarch64.cpio.gz
release-files/cpud-initramfs-aarch64.cpio.gz.sha256
release-files/cpud-initramfs-x86_64.cpio.gz
release-files/cpud-initramfs-x86_64.cpio.gz.sha256
release-files/cpu-binaries-aarch64-${{ env.CPU_VERSION }}.tar.gz
release-files/cpu-binaries-aarch64-${{ env.CPU_VERSION }}.tar.gz.sha256
release-files/cpu-binaries-x86_64-${{ env.CPU_VERSION }}.tar.gz
release-files/cpu-binaries-x86_64-${{ env.CPU_VERSION }}.tar.gz.sha256
body: |
# CPU Binaries for Multiple Architectures
Built from [u-root/cpu](https://github.com/u-root/cpu) version: `${{ env.CPU_VERSION }}`
## Supported Architectures
- **aarch64** (ARM64) - For Raspberry Pi, Apple Silicon, AWS Graviton, etc.
- **x86_64** (AMD64) - For Intel/AMD x86-64 systems
## Files
### Architecture-Specific Binaries
Download the binaries for your target architecture:
#### aarch64 (ARM64)
- `cpu-aarch64` - CPU client binary for aarch64
- `cpud-aarch64` - CPU daemon binary for aarch64
- `cpud-initramfs-aarch64.cpio.gz` - U-root initramfs for aarch64
- `cpu-binaries-aarch64-${{ env.CPU_VERSION }}.tar.gz` - Complete archive for aarch64
#### x86_64 (AMD64)
- `cpu-x86_64` - CPU client binary for x86_64
- `cpud-x86_64` - CPU daemon binary for x86_64
- `cpud-initramfs-x86_64.cpio.gz` - U-root initramfs for x86_64
- `cpu-binaries-x86_64-${{ env.CPU_VERSION }}.tar.gz` - Complete archive for x86_64
### SSH Keys (per architecture)
- `identity-<arch>` - Default SSH private key
- `identity.pub-<arch>` - Default SSH public key (also embedded in initramfs)
- `identity-<arch>.sha256` - Private key checksum
- `identity.pub-<arch>.sha256` - Public key checksum
**⚠️ WARNING**: These are default keys for convenience. Generate your own keys for production use!
### Build Information
- `BUILD_INFO-<arch>.txt` - Build information and usage notes (per architecture)
- `*-<arch>.sha256` - SHA256 checksums for verification
## Usage
1. **Download** the appropriate binaries for your target architecture
2. **Rename** to remove architecture suffix: `mv cpu-aarch64 cpu`
3. **Verify** checksums with `sha256sum -c <file>.sha256`
4. **Make executable** with `chmod +x cpu cpud`
5. **Use initramfs** with Linux kernel (boot parameters: `init=/init`)
## Multi-Architecture Support
This release includes binaries for multiple architectures built from the same source code.
Choose the appropriate architecture for your target system:
- **aarch64**: Raspberry Pi, Apple Silicon Macs, AWS Graviton instances
- **x86_64**: Intel/AMD desktop/server systems, most cloud instances
SSH public keys are embedded in each architecture's initramfs at `/etc/identity.pub` for automatic authentication.
## Quick Start
### For aarch64 systems:
```bash
wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpu-aarch64
wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpud-aarch64
mv cpu-aarch64 cpu && mv cpud-aarch64 cpud
chmod +x cpu cpud
```
### For x86_64 systems:
```bash
wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpu-x86_64
wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpud-x86_64
mv cpu-x86_64 cpu && mv cpud-x86_64 cpud
chmod +x cpu cpud
```
draft: false
prerelease: false
make_latest: true
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}