Build #62
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
workflow_dispatch: | |
inputs: | |
branch: | |
description: 'branch name to build' | |
required: true | |
default: 'kvm-nyx-5.10.73' | |
publish: | |
description: 'publish a Github release' | |
required: true | |
default: 'false' | |
jobs: | |
debian_package: | |
runs-on: intellabs-01 | |
container: | |
image: ubuntu:22.04 | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Ensure node and git | |
run: apt-get update && apt-get install -y nodejs git | |
- run: | | |
BRANCH=${{ inputs.branch }} | |
# remove / (forbidden character in upload-artifact name) | |
BRANCH=${BRANCH//\//} | |
# env.ref = kafl/sdv-6.1 | |
echo "ref=${{ inputs.branch }}" >> $GITHUB_ENV | |
# env.ref_art = kaflsdv-6.1 (for artifact name) | |
echo "ref_art=${BRANCH///}" >> $GITHUB_ENV | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ env.ref }} | |
path: sources | |
- name: Ensure sudo | |
run: apt-get update && apt-get install -y sudo | |
- name: Install ccache | |
run: sudo apt-get install -y ccache | |
- name: Install build deps | |
run: sudo apt-get install -y libelf-dev dwarves debhelper-compat flex bison bc cpio kmod libssl-dev rsync python3 | |
- name: Get ubuntu's 22.04 6.5.0-27-generic kernel config | |
run: | | |
sudo apt install -y zstd | |
apt download linux-modules-6.5.0-27-generic | |
ar x linux-modules-6.5.0-27-generic_6.5.0-27.28~22.04.1_amd64.deb data.tar.zst | |
tar -xvf data.tar.zst './boot/config-6.5.0-27-generic' | |
mv boot/config-6.5.0-27-generic sources/.config | |
rm -r boot/ data.tar.zst *.deb | |
- name: Configure kernel and enable Nyx | |
run: | | |
# disable kernel signature | |
./scripts/config --disable SYSTEM_TRUSTED_KEYS | |
./scripts/config --disable SYSTEM_REVOCATION_KEYS | |
# enable KVM | |
./scripts/config --module KVM | |
# disable KVM_WERROR (otherwise compilation issues in modified KVM) | |
./scripts/config --disable KVM_WERROR | |
# enable Nyx | |
./scripts/config --enable KVM_NYX | |
# disable KVM_HYPERV due to compilation issue | |
./scripts/config --disable KVM_HYPERV | |
# tweak locaversion | |
./scripts/config --set-str LOCALVERSION -nyx | |
# save space | |
./scripts/config --disable DEBUG_INFO | |
./scripts/config --enable MODULE_COMPRESS | |
./scripts/config --enable MODULE_COMPRESS_ZSTD | |
working-directory: sources | |
- name: Configure SDV kernel | |
if: "contains(env.ref, 'sdv')" | |
run: | | |
./scripts/config --enable INTEL_TDX_HOST | |
# tweak locaversion | |
./scripts/config --set-str LOCALVERSION -sdv | |
working-directory: sources | |
- name: make olddefconfig | |
run: make olddefconfig | |
working-directory: sources | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cache/ccache | |
key: "${{ runner.os }}-${{ env.ref }}-${{ hashFiles('.config') }}" | |
restore-keys: | | |
"${{ runner.os }}-${{ env.ref }}" | |
"${{ runner.os }}" | |
- name: Build kernel | |
run: | | |
export PATH="/usr/lib/ccache:$PATH" | |
make -j$(nproc) bindeb-pkg | |
working-directory: sources | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: linux-${{ env.ref_art }} | |
path: '*.deb' | |
- run: rm -rf *.deb | |
release: | |
# this job makes an official Github release | |
if: ${{ inputs.publish == 'true' }} | |
needs: [debian_package] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: | | |
BRANCH=${{ inputs.branch }} | |
# remove / (forbidden character in upload-artifact name) | |
BRANCH=${BRANCH///} | |
# env.ref_art = kaflsdv-6.1 (for artifact name) | |
echo "ref_art=${BRANCH///}" >> $GITHUB_ENV | |
# download all artifacts to the current dir | |
- uses: actions/download-artifact@v4 | |
with: | |
name: linux-${{ env.ref_art }} | |
- name: Create a Release | |
id: create_release | |
uses: softprops/action-gh-release@v1 | |
with: | |
name: 'Prebuild host kernel package for ${{ inputs.branch }}' | |
tag_name: ${{ inputs.branch }} | |
files: '*.deb' |