Skip to content

Build

Build #62

Workflow file for this run

name: Build
on:
workflow_dispatch:
inputs:
branch:
description: 'branch name to build'
required: true
default: 'kvm-nyx-5.10.73'
publish:
description: 'publish a Github release'
required: true
default: 'false'
jobs:
debian_package:
runs-on: intellabs-01
container:
image: ubuntu:22.04
defaults:
run:
shell: bash
steps:
- name: Ensure node and git
run: apt-get update && apt-get install -y nodejs git
- run: |
BRANCH=${{ inputs.branch }}
# remove / (forbidden character in upload-artifact name)
BRANCH=${BRANCH//\//}
# env.ref = kafl/sdv-6.1
echo "ref=${{ inputs.branch }}" >> $GITHUB_ENV
# env.ref_art = kaflsdv-6.1 (for artifact name)
echo "ref_art=${BRANCH///}" >> $GITHUB_ENV
- uses: actions/checkout@v4
with:
ref: ${{ env.ref }}
path: sources
- name: Ensure sudo
run: apt-get update && apt-get install -y sudo
- name: Install ccache
run: sudo apt-get install -y ccache
- name: Install build deps
run: sudo apt-get install -y libelf-dev dwarves debhelper-compat flex bison bc cpio kmod libssl-dev rsync python3
- name: Get ubuntu's 22.04 6.5.0-27-generic kernel config
run: |
sudo apt install -y zstd
apt download linux-modules-6.5.0-27-generic
ar x linux-modules-6.5.0-27-generic_6.5.0-27.28~22.04.1_amd64.deb data.tar.zst
tar -xvf data.tar.zst './boot/config-6.5.0-27-generic'
mv boot/config-6.5.0-27-generic sources/.config
rm -r boot/ data.tar.zst *.deb
- name: Configure kernel and enable Nyx
run: |
# disable kernel signature
./scripts/config --disable SYSTEM_TRUSTED_KEYS
./scripts/config --disable SYSTEM_REVOCATION_KEYS
# enable KVM
./scripts/config --module KVM
# disable KVM_WERROR (otherwise compilation issues in modified KVM)
./scripts/config --disable KVM_WERROR
# enable Nyx
./scripts/config --enable KVM_NYX
# disable KVM_HYPERV due to compilation issue
./scripts/config --disable KVM_HYPERV
# tweak locaversion
./scripts/config --set-str LOCALVERSION -nyx
# save space
./scripts/config --disable DEBUG_INFO
./scripts/config --enable MODULE_COMPRESS
./scripts/config --enable MODULE_COMPRESS_ZSTD
working-directory: sources
- name: Configure SDV kernel
if: "contains(env.ref, 'sdv')"
run: |
./scripts/config --enable INTEL_TDX_HOST
# tweak locaversion
./scripts/config --set-str LOCALVERSION -sdv
working-directory: sources
- name: make olddefconfig
run: make olddefconfig
working-directory: sources
- uses: actions/cache@v4
with:
path: ~/.cache/ccache
key: "${{ runner.os }}-${{ env.ref }}-${{ hashFiles('.config') }}"
restore-keys: |
"${{ runner.os }}-${{ env.ref }}"
"${{ runner.os }}"
- name: Build kernel
run: |
export PATH="/usr/lib/ccache:$PATH"
make -j$(nproc) bindeb-pkg
working-directory: sources
- uses: actions/upload-artifact@v4
with:
name: linux-${{ env.ref_art }}
path: '*.deb'
- run: rm -rf *.deb
release:
# this job makes an official Github release
if: ${{ inputs.publish == 'true' }}
needs: [debian_package]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: |
BRANCH=${{ inputs.branch }}
# remove / (forbidden character in upload-artifact name)
BRANCH=${BRANCH///}
# env.ref_art = kaflsdv-6.1 (for artifact name)
echo "ref_art=${BRANCH///}" >> $GITHUB_ENV
# download all artifacts to the current dir
- uses: actions/download-artifact@v4
with:
name: linux-${{ env.ref_art }}
- name: Create a Release
id: create_release
uses: softprops/action-gh-release@v1
with:
name: 'Prebuild host kernel package for ${{ inputs.branch }}'
tag_name: ${{ inputs.branch }}
files: '*.deb'