From 2a0d8ce03fd0038ce39cb474b9332857cde39f83 Mon Sep 17 00:00:00 2001 From: Kyle Harding Date: Wed, 23 Oct 2024 10:16:33 -0400 Subject: [PATCH 1/6] Allow overriding the meta-balena ref for workflow dispatch This enables manual testing of meta-balena PRs directly on device repos. Changelog-entry: Allow custom meta-balena ref on workflow dispatch Signed-off-by: Kyle Harding --- .github/workflows/generic-aarch64.yml | 7 +++++++ .github/workflows/generic-amd64-fs.yml | 7 +++++++ .github/workflows/generic-amd64.yml | 7 +++++++ .github/workflows/kontron-come-xelx.yml | 7 +++++++ .github/workflows/studio-automatedx86-sb.yml | 7 +++++++ 5 files changed, 35 insertions(+) diff --git a/.github/workflows/generic-aarch64.yml b/.github/workflows/generic-aarch64.yml index c3208dc2..b7ab9782 100644 --- a/.github/workflows/generic-aarch64.yml +++ b/.github/workflows/generic-aarch64.yml @@ -30,6 +30,11 @@ on: required: false type: string default: balena-staging.com + meta-balena-ref: + description: meta-balena ref if not the currently pinned version + required: false + type: string + default: '' jobs: yocto: @@ -47,6 +52,8 @@ jobs: force-finalize: ${{ inputs.force-finalize || false }} # Default to balena-staging.com for workflow dispatch, but balena-cloud.com for other events deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com' }} + # Allow overriding the meta-balena ref for workflow dispatch events + meta-balena-ref: ${{ inputs.meta-balena-ref || '' }} # Use QEMU workers for testing and run cloud suite against balenaCloud production test_matrix: > { diff --git a/.github/workflows/generic-amd64-fs.yml b/.github/workflows/generic-amd64-fs.yml index f775b882..8bdcc0c5 100644 --- a/.github/workflows/generic-amd64-fs.yml +++ b/.github/workflows/generic-amd64-fs.yml @@ -30,6 +30,11 @@ on: required: false type: string default: balena-staging.com + meta-balena-ref: + description: meta-balena ref if not the currently pinned version + required: false + type: string + default: '' jobs: yocto: @@ -47,6 +52,8 @@ jobs: force-finalize: ${{ inputs.force-finalize || false }} # Default to balena-staging.com for workflow dispatch, but balena-cloud.com for other events deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com+generic-amd64-fs-signing-key' }} + # Allow overriding the meta-balena ref for workflow dispatch events + meta-balena-ref: ${{ inputs.meta-balena-ref || '' }} # Sign image for secure boot sign-image: true # FIXME: Disable finalize-on-push until we have a test to verify that SIGN_KMOD_KEY_APPEND is set diff --git a/.github/workflows/generic-amd64.yml b/.github/workflows/generic-amd64.yml index 889b9125..09b2eb0a 100644 --- a/.github/workflows/generic-amd64.yml +++ b/.github/workflows/generic-amd64.yml @@ -30,6 +30,11 @@ on: required: false type: string default: balena-staging.com + meta-balena-ref: + description: meta-balena ref if not the currently pinned version + required: false + type: string + default: '' jobs: yocto: @@ -47,6 +52,8 @@ jobs: force-finalize: ${{ inputs.force-finalize || false }} # Default to balena-staging.com for workflow dispatch, but balena-cloud.com for other events deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com+sign-api-key' }} + # Allow overriding the meta-balena ref for workflow dispatch events + meta-balena-ref: ${{ inputs.meta-balena-ref || '' }} # Sign image for secure boot sign-image: true # Use QEMU workers for testing and run cloud suite against balenaCloud production diff --git a/.github/workflows/kontron-come-xelx.yml b/.github/workflows/kontron-come-xelx.yml index 2e788fd7..7e790d9c 100644 --- a/.github/workflows/kontron-come-xelx.yml +++ b/.github/workflows/kontron-come-xelx.yml @@ -30,6 +30,11 @@ on: required: false type: string default: balena-staging.com + meta-balena-ref: + description: meta-balena ref if not the currently pinned version + required: false + type: string + default: '' jobs: yocto: @@ -47,3 +52,5 @@ jobs: force-finalize: ${{ inputs.force-finalize || false }} # Default to balena-staging.com for workflow dispatch, but balena-cloud.com for other events deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com' }} + # Allow overriding the meta-balena ref for workflow dispatch events + meta-balena-ref: ${{ inputs.meta-balena-ref || '' }} diff --git a/.github/workflows/studio-automatedx86-sb.yml b/.github/workflows/studio-automatedx86-sb.yml index 32469149..c1bca458 100644 --- a/.github/workflows/studio-automatedx86-sb.yml +++ b/.github/workflows/studio-automatedx86-sb.yml @@ -30,6 +30,11 @@ on: required: false type: string default: balena-staging.com + meta-balena-ref: + description: meta-balena ref if not the currently pinned version + required: false + type: string + default: '' jobs: yocto: @@ -51,3 +56,5 @@ jobs: sign-image: true # FIXME: Disable finalize-on-push until we have a test to verify that SIGN_KMOD_KEY_APPEND is set finalize-on-push-if-tests-passed: false + # Allow overriding the meta-balena ref for workflow dispatch events + meta-balena-ref: ${{ inputs.meta-balena-ref || '' }} From 4fd2f7ecef351200c1c175f2ae1b5adc69af2992 Mon Sep 17 00:00:00 2001 From: Kyle Harding Date: Wed, 23 Oct 2024 14:40:37 -0400 Subject: [PATCH 2/6] Update the default signing environments for workflow dispatch The signed image types should default to the staging signing environment on manual workflow deploys. Signed-off-by: Kyle Harding --- .github/workflows/generic-amd64-fs.yml | 2 +- .github/workflows/generic-amd64.yml | 2 +- .github/workflows/studio-automatedx86-sb.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/generic-amd64-fs.yml b/.github/workflows/generic-amd64-fs.yml index 8bdcc0c5..c3d62ab8 100644 --- a/.github/workflows/generic-amd64-fs.yml +++ b/.github/workflows/generic-amd64-fs.yml @@ -29,7 +29,7 @@ on: description: Environment to use for build and deploy required: false type: string - default: balena-staging.com + default: balena-staging.com+generic-amd64-fs-signing-key meta-balena-ref: description: meta-balena ref if not the currently pinned version required: false diff --git a/.github/workflows/generic-amd64.yml b/.github/workflows/generic-amd64.yml index 09b2eb0a..70d188ba 100644 --- a/.github/workflows/generic-amd64.yml +++ b/.github/workflows/generic-amd64.yml @@ -29,7 +29,7 @@ on: description: Environment to use for build and deploy required: false type: string - default: balena-staging.com + default: balena-staging.com+sign-api-key meta-balena-ref: description: meta-balena ref if not the currently pinned version required: false diff --git a/.github/workflows/studio-automatedx86-sb.yml b/.github/workflows/studio-automatedx86-sb.yml index c1bca458..d9e3d1e8 100644 --- a/.github/workflows/studio-automatedx86-sb.yml +++ b/.github/workflows/studio-automatedx86-sb.yml @@ -29,7 +29,7 @@ on: description: Environment to use for build and deploy required: false type: string - default: balena-staging.com + default: balena-staging.com+studio-automatedx86-sb-signing-key meta-balena-ref: description: meta-balena ref if not the currently pinned version required: false From d844da61a218f5594dadcfb276a4fda13125107e Mon Sep 17 00:00:00 2001 From: Kyle Harding Date: Tue, 29 Oct 2024 10:48:54 -0400 Subject: [PATCH 3/6] Require yocto runners with more memory for QEMU tests Signed-off-by: Kyle Harding --- .github/workflows/generic-amd64.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/generic-amd64.yml b/.github/workflows/generic-amd64.yml index 70d188ba..9f3fd069 100644 --- a/.github/workflows/generic-amd64.yml +++ b/.github/workflows/generic-amd64.yml @@ -62,6 +62,6 @@ jobs: "test_suite": ["os","cloud","hup"], "environment": ["balena-cloud.com"], "worker_type": ["qemu"], - "runs_on": [["self-hosted", "X64", "kvm"]], + "runs_on": [["self-hosted", "X64", "kvm", "yocto"]], "secure_boot": ["sb",""] } From 1fbba3a810fa85fedfe012441fb2c79e927692f6 Mon Sep 17 00:00:00 2001 From: Kyle Harding Date: Thu, 21 Nov 2024 08:39:46 -0500 Subject: [PATCH 4/6] Allow overriding the yocto-scripts ref for workflow dispatch Signed-off-by: Kyle Harding --- .github/workflows/generic-aarch64.yml | 7 +++++++ .github/workflows/generic-amd64-fs.yml | 7 +++++++ .github/workflows/generic-amd64.yml | 7 +++++++ .github/workflows/kontron-come-xelx.yml | 7 +++++++ .github/workflows/studio-automatedx86-sb.yml | 7 +++++++ 5 files changed, 35 insertions(+) diff --git a/.github/workflows/generic-aarch64.yml b/.github/workflows/generic-aarch64.yml index b7ab9782..22621c3b 100644 --- a/.github/workflows/generic-aarch64.yml +++ b/.github/workflows/generic-aarch64.yml @@ -35,6 +35,11 @@ on: required: false type: string default: '' + yocto-scripts-ref: + description: yocto-scripts ref if not the currently pinned version + required: false + type: string + default: '' jobs: yocto: @@ -54,6 +59,8 @@ jobs: deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com' }} # Allow overriding the meta-balena ref for workflow dispatch events meta-balena-ref: ${{ inputs.meta-balena-ref || '' }} + # Allow overriding the yocto-scripts ref for workflow dispatch events + yocto-scripts-ref: ${{ inputs.yocto-scripts-ref || '' }} # Use QEMU workers for testing and run cloud suite against balenaCloud production test_matrix: > { diff --git a/.github/workflows/generic-amd64-fs.yml b/.github/workflows/generic-amd64-fs.yml index c3d62ab8..38d9d90c 100644 --- a/.github/workflows/generic-amd64-fs.yml +++ b/.github/workflows/generic-amd64-fs.yml @@ -35,6 +35,11 @@ on: required: false type: string default: '' + yocto-scripts-ref: + description: yocto-scripts ref if not the currently pinned version + required: false + type: string + default: '' jobs: yocto: @@ -54,6 +59,8 @@ jobs: deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com+generic-amd64-fs-signing-key' }} # Allow overriding the meta-balena ref for workflow dispatch events meta-balena-ref: ${{ inputs.meta-balena-ref || '' }} + # Allow overriding the yocto-scripts ref for workflow dispatch events + yocto-scripts-ref: ${{ inputs.yocto-scripts-ref || '' }} # Sign image for secure boot sign-image: true # FIXME: Disable finalize-on-push until we have a test to verify that SIGN_KMOD_KEY_APPEND is set diff --git a/.github/workflows/generic-amd64.yml b/.github/workflows/generic-amd64.yml index 9f3fd069..d547326a 100644 --- a/.github/workflows/generic-amd64.yml +++ b/.github/workflows/generic-amd64.yml @@ -35,6 +35,11 @@ on: required: false type: string default: '' + yocto-scripts-ref: + description: yocto-scripts ref if not the currently pinned version + required: false + type: string + default: '' jobs: yocto: @@ -54,6 +59,8 @@ jobs: deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com+sign-api-key' }} # Allow overriding the meta-balena ref for workflow dispatch events meta-balena-ref: ${{ inputs.meta-balena-ref || '' }} + # Allow overriding the yocto-scripts ref for workflow dispatch events + yocto-scripts-ref: ${{ inputs.yocto-scripts-ref || '' }} # Sign image for secure boot sign-image: true # Use QEMU workers for testing and run cloud suite against balenaCloud production diff --git a/.github/workflows/kontron-come-xelx.yml b/.github/workflows/kontron-come-xelx.yml index 7e790d9c..7720533c 100644 --- a/.github/workflows/kontron-come-xelx.yml +++ b/.github/workflows/kontron-come-xelx.yml @@ -35,6 +35,11 @@ on: required: false type: string default: '' + yocto-scripts-ref: + description: yocto-scripts ref if not the currently pinned version + required: false + type: string + default: '' jobs: yocto: @@ -54,3 +59,5 @@ jobs: deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com' }} # Allow overriding the meta-balena ref for workflow dispatch events meta-balena-ref: ${{ inputs.meta-balena-ref || '' }} + # Allow overriding the yocto-scripts ref for workflow dispatch events + yocto-scripts-ref: ${{ inputs.yocto-scripts-ref || '' }} diff --git a/.github/workflows/studio-automatedx86-sb.yml b/.github/workflows/studio-automatedx86-sb.yml index d9e3d1e8..9106380e 100644 --- a/.github/workflows/studio-automatedx86-sb.yml +++ b/.github/workflows/studio-automatedx86-sb.yml @@ -35,6 +35,11 @@ on: required: false type: string default: '' + yocto-scripts-ref: + description: yocto-scripts ref if not the currently pinned version + required: false + type: string + default: '' jobs: yocto: @@ -58,3 +63,5 @@ jobs: finalize-on-push-if-tests-passed: false # Allow overriding the meta-balena ref for workflow dispatch events meta-balena-ref: ${{ inputs.meta-balena-ref || '' }} + # Allow overriding the yocto-scripts ref for workflow dispatch events + yocto-scripts-ref: ${{ inputs.yocto-scripts-ref || '' }} From bb10c399b09e46445f8101dcbc0c3461d099a490 Mon Sep 17 00:00:00 2001 From: Kyle Harding Date: Thu, 21 Nov 2024 08:40:54 -0500 Subject: [PATCH 5/6] Pin yocto scripts workflow to master This workflow should be considered stable, and we want to avoid multiple PRs to bump both the yocto-scripts submodule and the workflow separately, especially if it creates drift. Signed-off-by: Kyle Harding --- .github/workflows/generic-aarch64.yml | 2 +- .github/workflows/generic-amd64-fs.yml | 2 +- .github/workflows/generic-amd64.yml | 2 +- .github/workflows/kontron-come-xelx.yml | 2 +- .github/workflows/studio-automatedx86-sb.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/generic-aarch64.yml b/.github/workflows/generic-aarch64.yml index 22621c3b..b2e88601 100644 --- a/.github/workflows/generic-aarch64.yml +++ b/.github/workflows/generic-aarch64.yml @@ -44,7 +44,7 @@ on: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@v1.26.0 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/generic-amd64-fs.yml b/.github/workflows/generic-amd64-fs.yml index 38d9d90c..13b643e4 100644 --- a/.github/workflows/generic-amd64-fs.yml +++ b/.github/workflows/generic-amd64-fs.yml @@ -44,7 +44,7 @@ on: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@v1.26.0 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/generic-amd64.yml b/.github/workflows/generic-amd64.yml index d547326a..d9e1e6d6 100644 --- a/.github/workflows/generic-amd64.yml +++ b/.github/workflows/generic-amd64.yml @@ -44,7 +44,7 @@ on: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@v1.26.0 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/kontron-come-xelx.yml b/.github/workflows/kontron-come-xelx.yml index 7720533c..9d993d06 100644 --- a/.github/workflows/kontron-come-xelx.yml +++ b/.github/workflows/kontron-come-xelx.yml @@ -44,7 +44,7 @@ on: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@v1.26.0 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/studio-automatedx86-sb.yml b/.github/workflows/studio-automatedx86-sb.yml index 9106380e..302835c0 100644 --- a/.github/workflows/studio-automatedx86-sb.yml +++ b/.github/workflows/studio-automatedx86-sb.yml @@ -44,7 +44,7 @@ on: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@v1.26.0 + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while From 639f7f6b43a5d4a30322348ba3198f2aac33d7b0 Mon Sep 17 00:00:00 2001 From: Kyle Harding Date: Thu, 21 Nov 2024 12:01:18 -0500 Subject: [PATCH 6/6] DO NOT MERGE: point to qemu debug branch of yocto workflow Signed-off-by: Kyle Harding --- .github/workflows/generic-aarch64.yml | 2 +- .github/workflows/generic-amd64-fs.yml | 2 +- .github/workflows/generic-amd64.yml | 2 +- .github/workflows/kontron-come-xelx.yml | 2 +- .github/workflows/studio-automatedx86-sb.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/generic-aarch64.yml b/.github/workflows/generic-aarch64.yml index b2e88601..0ee48d26 100644 --- a/.github/workflows/generic-aarch64.yml +++ b/.github/workflows/generic-aarch64.yml @@ -44,7 +44,7 @@ on: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@kyle/qemu-debug # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/generic-amd64-fs.yml b/.github/workflows/generic-amd64-fs.yml index 13b643e4..689bccb1 100644 --- a/.github/workflows/generic-amd64-fs.yml +++ b/.github/workflows/generic-amd64-fs.yml @@ -44,7 +44,7 @@ on: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@kyle/qemu-debug # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/generic-amd64.yml b/.github/workflows/generic-amd64.yml index d9e1e6d6..95f8375f 100644 --- a/.github/workflows/generic-amd64.yml +++ b/.github/workflows/generic-amd64.yml @@ -44,7 +44,7 @@ on: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@kyle/qemu-debug # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/kontron-come-xelx.yml b/.github/workflows/kontron-come-xelx.yml index 9d993d06..304c1928 100644 --- a/.github/workflows/kontron-come-xelx.yml +++ b/.github/workflows/kontron-come-xelx.yml @@ -44,7 +44,7 @@ on: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@kyle/qemu-debug # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while diff --git a/.github/workflows/studio-automatedx86-sb.yml b/.github/workflows/studio-automatedx86-sb.yml index 302835c0..8bd3c878 100644 --- a/.github/workflows/studio-automatedx86-sb.yml +++ b/.github/workflows/studio-automatedx86-sb.yml @@ -44,7 +44,7 @@ on: jobs: yocto: name: Yocto - uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@master + uses: balena-os/balena-yocto-scripts/.github/workflows/yocto-build-deploy.yml@kyle/qemu-debug # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events. # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork. # This condition will prevent the workflow from running twice for the same pull request while