From 25a5903756891b1a4b09a17c02da8e9d46f7932b Mon Sep 17 00:00:00 2001 From: bakhtin Date: Wed, 2 Oct 2024 17:45:18 +0100 Subject: [PATCH 1/9] Add CI Signed-off-by: bakhtin --- .github/workflows/release.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..fa8ab98 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,33 @@ +name: Release + +on: + push: + branches: + - main + workflow_dispatch: + +jobs: + release: + runs-on: warp-ubuntu-latest-x64-16x + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Restore cached build dependencies + id: cache-build-restore + uses: WarpBuilds/cache/restore@v1 + with: + path: build + key: ${{ runner.os }}-build + + - name: build + run: | + make azure-image + + - name: Cache build dependencies + id: cache-build-save + uses: WarpBuilds/cache/save@v1 + with: + path: build + key: ${{ steps.cache-build-restore.outputs.cache-primary-key }} From 1f03be5c5a6575476995e9fa0e00811c95e5941c Mon Sep 17 00:00:00 2001 From: bakhtin Date: Wed, 2 Oct 2024 17:49:18 +0100 Subject: [PATCH 2/9] Add another branch to test Signed-off-by: bakhtin --- .github/workflows/release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index fa8ab98..a050f85 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -4,6 +4,7 @@ on: push: branches: - main + - tdx-rbuilder-ci workflow_dispatch: jobs: From c01b41b1b9c80e397bfdb8334fec91cb34a28a65 Mon Sep 17 00:00:00 2001 From: bakhtin Date: Thu, 3 Oct 2024 11:58:42 +0100 Subject: [PATCH 3/9] Do not allocate TTY Signed-off-by: bakhtin --- .github/workflows/release.yaml | 2 +- Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a050f85..411e5a5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: uses: WarpBuilds/cache/restore@v1 with: path: build - key: ${{ runner.os }}-build + key: ${{ runner.os }}-yocto-manifests-build - name: build run: | diff --git a/Makefile b/Makefile index 38bbca0..6acc7b2 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ YOCTO_ENV_FILE?=yocto_build_config.env azure-image: tdx-poky mkdir -p build && chmod 0777 ./build mkdir -p reproducible-build/artifacts && chmod 0777 reproducible-build/artifacts - $(DOCKER) run --rm --env-file $(YOCTO_ENV_FILE) -it -v $(CURDIR)/reproducible-build/artifacts:/artifacts -v $(CURDIR)/build:/build tdx-poky + $(DOCKER) run --rm --env-file $(YOCTO_ENV_FILE) -i -v $(CURDIR)/reproducible-build/artifacts:/artifacts -v $(CURDIR)/build:/build tdx-poky chmod 0755 build reproducible-build/artifacts .PHONY: tdx-poky From 2bf3a4c2eec567ed173e1518686a13469c9274d4 Mon Sep 17 00:00:00 2001 From: bakhtin Date: Thu, 3 Oct 2024 13:36:36 +0100 Subject: [PATCH 4/9] Add rclone step Signed-off-by: bakhtin --- .github/workflows/release.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 411e5a5..2734e96 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -26,6 +26,40 @@ jobs: run: | make azure-image + - name: Install rclone + run: | + curl -fSSL https://downloads.rclone.org/v1.68.1/rclone-v1.68.1-linux-amd64.deb -o rclone.deb + sudo dpkg -i rclone.deb + rm -f rclone.deb + + - name: Create test artifact + run: | + echo "test artifact" > /artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic + ln -s /artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic /artifacts/cvm-image-azure-tdx.rootfs.wic + + - name: Upload build artifacts + env: + AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} + run: + mkdir -p ~/.config/rclone + echo < ~/.config/rclone/rclone.conf + [r2] + type = s3 + provider = Cloudflare + env_auth = true + endpoint = ${{ secrets.R2_BUCKET_ENDPOINT }} + region = auto + acl = private + no_check_bucket = true + EOF + + rclone copy -v --transfers=2 --s3-upload-concurrency=40 \ + --contimeout=10m --retries 10 --retries-sleep 60s --error-on-no-transfer \ + --fast-list --checksum --copy-links \ + /artifacts/cvm-image-azure-tdx.rootfs.wic \ + r2:flashbots-public-artifacts/images/cvm-image-azure-tdx.rootfs.wic + - name: Cache build dependencies id: cache-build-save uses: WarpBuilds/cache/save@v1 From 295da6d6d8f252cd9bf51828bb42a1621d4a0549 Mon Sep 17 00:00:00 2001 From: bakhtin Date: Thu, 3 Oct 2024 13:39:17 +0100 Subject: [PATCH 5/9] Fixing stuff Signed-off-by: bakhtin --- .github/workflows/release.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2734e96..8c648e8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,9 +22,9 @@ jobs: path: build key: ${{ runner.os }}-yocto-manifests-build - - name: build - run: | - make azure-image + # - name: build + # run: | + # make azure-image - name: Install rclone run: | @@ -32,10 +32,11 @@ jobs: sudo dpkg -i rclone.deb rm -f rclone.deb - - name: Create test artifact + - name: Create test artifact # TODO: remove run: | - echo "test artifact" > /artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic - ln -s /artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic /artifacts/cvm-image-azure-tdx.rootfs.wic + mkdir -p reproducible-build/artifacts + echo "test artifact" > ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic + ln -s /artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs.wic - name: Upload build artifacts env: From 14fcbef8c4e065f1434f87a1e43e6080f60de17e Mon Sep 17 00:00:00 2001 From: bakhtin Date: Thu, 3 Oct 2024 13:44:01 +0100 Subject: [PATCH 6/9] Fix 1 Signed-off-by: bakhtin --- .github/workflows/release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8c648e8..9087198 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -28,7 +28,7 @@ jobs: - name: Install rclone run: | - curl -fSSL https://downloads.rclone.org/v1.68.1/rclone-v1.68.1-linux-amd64.deb -o rclone.deb + curl -fsSL https://downloads.rclone.org/v1.68.1/rclone-v1.68.1-linux-amd64.deb -o rclone.deb sudo dpkg -i rclone.deb rm -f rclone.deb @@ -44,7 +44,7 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} run: mkdir -p ~/.config/rclone - echo < ~/.config/rclone/rclone.conf + cat < ~/.config/rclone/rclone.conf [r2] type = s3 provider = Cloudflare From 3bdff0bf2baf4711bfb6f20e1b174b0cb4e8c0ec Mon Sep 17 00:00:00 2001 From: bakhtin Date: Thu, 3 Oct 2024 13:50:53 +0100 Subject: [PATCH 7/9] Fix 2 Signed-off-by: bakhtin --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9087198..69202d0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -42,7 +42,7 @@ jobs: env: AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} - run: + run: | mkdir -p ~/.config/rclone cat < ~/.config/rclone/rclone.conf [r2] From ac5d21ad95a7a794d098a3ec97b10e5e2bbac178 Mon Sep 17 00:00:00 2001 From: bakhtin Date: Thu, 3 Oct 2024 13:52:44 +0100 Subject: [PATCH 8/9] FIx 3 Signed-off-by: bakhtin --- .github/workflows/release.yaml | 68 ++++++++++++++++++++++++---------- 1 file changed, 48 insertions(+), 20 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 69202d0..b6ac85a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,9 +7,13 @@ on: - tdx-rbuilder-ci workflow_dispatch: +env: + ARTIFACTS_LIST: | # artifacts to upload, one per line + cvm-image-azure-tdx.rootfs.wic + jobs: release: - runs-on: warp-ubuntu-latest-x64-16x + runs-on: warp-custom-ubuntu-2204-x64-32x-highdisk steps: - name: Checkout code @@ -22,9 +26,16 @@ jobs: path: build key: ${{ runner.os }}-yocto-manifests-build - # - name: build - # run: | - # make azure-image + - name: build + run: | + make azure-image + + - name: Cache build dependencies + id: cache-build-save + uses: WarpBuilds/cache/save@v1 + with: + path: build + key: ${{ steps.cache-build-restore.outputs.cache-primary-key }} - name: Install rclone run: | @@ -32,17 +43,19 @@ jobs: sudo dpkg -i rclone.deb rm -f rclone.deb - - name: Create test artifact # TODO: remove - run: | - mkdir -p reproducible-build/artifacts - echo "test artifact" > ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic - ln -s /artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs.wic + # - name: Create test artifact # TODO: remove + # run: | + # mkdir -p reproducible-build/artifacts + # echo "test artifact" > ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic + # echo "test artifact 2" > ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs.wic.test + # ln -rs ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs.wic - name: Upload build artifacts env: AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} run: | + # Setup rclone mkdir -p ~/.config/rclone cat < ~/.config/rclone/rclone.conf [r2] @@ -55,15 +68,30 @@ jobs: no_check_bucket = true EOF - rclone copy -v --transfers=2 --s3-upload-concurrency=40 \ - --contimeout=10m --retries 10 --retries-sleep 60s --error-on-no-transfer \ - --fast-list --checksum --copy-links \ - /artifacts/cvm-image-azure-tdx.rootfs.wic \ - r2:flashbots-public-artifacts/images/cvm-image-azure-tdx.rootfs.wic + # Upload artifacts + TODAY_DATE=$(date +"%Y/%m/%d") + rclone copy -v --transfers=4 --s3-upload-concurrency=20 \ + --contimeout=1m --retries 3 --retries-sleep 30s \ + --fast-list --checksum --copy-links --files-from <(echo "$ARTIFACTS_LIST") \ + reproducible-build/artifacts \ + r2:flashbots-public-artifacts/tdx-vm-images/$TODAY_DATE - - name: Cache build dependencies - id: cache-build-save - uses: WarpBuilds/cache/save@v1 - with: - path: build - key: ${{ steps.cache-build-restore.outputs.cache-primary-key }} + # Sync today's artifacts to latest + rclone sync -v --transfers=4 --contimeout=1m --retries 3 \ + --retries-sleep 30s --fast-list --checksum \ + r2:flashbots-public-artifacts/tdx-vm-images/$TODAY_DATE \ + r2:flashbots-public-artifacts/tdx-vm-images/latest + + - name: Show upload stats + env: + AWS_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} + run: | + UPLOADED_ARTIFACTS_STATS=$(rclone size r2:flashbots-public-artifacts/tdx-vm-images/latest --json) + UPLOADED_ARTIFACTS_SIZE=$(echo "$UPLOADED_ARTIFACTS_STATS" | jq '.bytes' | numfmt --to=iec) + UPLOADED_ARTIFACTS_COUNT=$(echo "$UPLOADED_ARTIFACTS_STATS" | jq '.count') + echo "✅ Successfully uploaded $UPLOADED_ARTIFACTS_COUNT artifacts (total size $UPLOADED_ARTIFACTS_SIZE):" + echo "$ARTIFACTS_LIST" + + # - name: Setup ssh session + # uses: Warpbuilds/action-debugger@v1.3 From 16c45a3a922538d6607fb6ad93eff0e7d7dc46e7 Mon Sep 17 00:00:00 2001 From: bakhtin Date: Thu, 10 Oct 2024 12:06:06 +0100 Subject: [PATCH 9/9] Proper cache, cached dependencies Signed-off-by: bakhtin --- .github/workflows/release.yaml | 41 +++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b6ac85a..f12deb0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,6 +10,11 @@ on: env: ARTIFACTS_LIST: | # artifacts to upload, one per line cvm-image-azure-tdx.rootfs.wic + ARTIFACTS_DIR: reproducible-build/artifacts + BB_ENV_PASSTHROUGH_ADDITIONS: "DL_DIR SSTATE_DIR" + BITBAKE_CACHE: "${HOME}/bitbake-cache" + DL_DIR: "${BITBAKE_CACHE}/downloads" + SSTATE_DIR: "${BITBAKE_CACHE}/sstate" jobs: release: @@ -19,14 +24,18 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Create cache dir + run: | + mkdir -p ${DL_DIR} ${SSTATE_DIR} + - name: Restore cached build dependencies id: cache-build-restore uses: WarpBuilds/cache/restore@v1 with: - path: build - key: ${{ runner.os }}-yocto-manifests-build + path: ${{ env.BITBAKE_CACHE }} + key: ${{ runner.os }}-yocto-manifests - - name: build + - name: Build run: | make azure-image @@ -34,7 +43,7 @@ jobs: id: cache-build-save uses: WarpBuilds/cache/save@v1 with: - path: build + path: ${{ env.BITBAKE_CACHE }} key: ${{ steps.cache-build-restore.outputs.cache-primary-key }} - name: Install rclone @@ -43,12 +52,17 @@ jobs: sudo dpkg -i rclone.deb rm -f rclone.deb - # - name: Create test artifact # TODO: remove - # run: | - # mkdir -p reproducible-build/artifacts - # echo "test artifact" > ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic - # echo "test artifact 2" > ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs.wic.test - # ln -rs ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs-20241002143710.wic ./reproducible-build/artifacts/cvm-image-azure-tdx.rootfs.wic + - name: Resolve real paths of artifacts + run: | + REALPATH_ARTIFACTS_LIST=$(find ${ARTIFACTS_DIR} -maxdepth 1 -exec realpath {} \;) + echo "REALPATH_ARTIFACTS_LIST=$REALPATH_ARTIFACTS_LIST" >> $GITHUB_ENV + + - name: Calculate hashsums of artifacts + run: | + cd ${ARTIFACTS_DIR} + for artifact in $REALPATH_ARTIFACTS_LIST; do + sha256sum $artifact > $artifact.sha256 + done - name: Upload build artifacts env: @@ -72,8 +86,8 @@ jobs: TODAY_DATE=$(date +"%Y/%m/%d") rclone copy -v --transfers=4 --s3-upload-concurrency=20 \ --contimeout=1m --retries 3 --retries-sleep 30s \ - --fast-list --checksum --copy-links --files-from <(echo "$ARTIFACTS_LIST") \ - reproducible-build/artifacts \ + --fast-list --checksum --copy-links --files-from <(echo "$REALPATH_ARTIFACTS_LIST") \ + ${ARTIFACTS_DIR} \ r2:flashbots-public-artifacts/tdx-vm-images/$TODAY_DATE # Sync today's artifacts to latest @@ -92,6 +106,3 @@ jobs: UPLOADED_ARTIFACTS_COUNT=$(echo "$UPLOADED_ARTIFACTS_STATS" | jq '.count') echo "✅ Successfully uploaded $UPLOADED_ARTIFACTS_COUNT artifacts (total size $UPLOADED_ARTIFACTS_SIZE):" echo "$ARTIFACTS_LIST" - - # - name: Setup ssh session - # uses: Warpbuilds/action-debugger@v1.3