Skip to content

[GuiVM] add Audio Control systemctl service #2509

[GuiVM] add Audio Control systemctl service

[GuiVM] add Audio Control systemctl service #2509

Workflow file for this run

# SPDX-FileCopyrightText: 2022-2023 TII (SSRC) and the Ghaf contributors
#
# SPDX-License-Identifier: Apache-2.0
name: build
on:
pull_request_target:
branches:
- main
permissions:
contents: read
jobs:
# This workflow uses environment-based authorization together
# with 'pull_request_target' trigger as explained in:
# https://ssrc.atlassian.net/wiki/x/OABjMg
check-identity:
runs-on: ubuntu-latest
outputs:
authorized_user: ${{ steps.check-authorized-user.outputs.authorized_user}}
environment: "internal-build-workflow"
steps:
- name: Check identity
id: check-authorized-user
shell: bash
run: |
authorized_user='False'
for user in ${{ vars.AUTHORIZED_USERS }};
do
if [ "$user" = "${{ github.actor }}" ]; then
authorized_user='True'
break
fi
done
echo "github.event_name: ${{ github.event_name }}"
echo "github.repository: ${{ github.repository }}"
echo "github.event.pull_request.head.repo.full_name: ${{ github.event.pull_request.head.repo.full_name }}"
echo "github.actor: ${{ github.actor }}"
echo "authorized_user=$authorized_user"
echo "authorized_user=$authorized_user" >> "$GITHUB_OUTPUT"
authorize-internal:
needs: [check-identity]
runs-on: ubuntu-latest
if: ${{ needs.check-identity.outputs.authorized_user == 'True' }}
steps:
- name: Authorize internal
run: echo "authorized"
authorize-external:
needs: [check-identity]
runs-on: ubuntu-latest
if: ${{ needs.check-identity.outputs.authorized_user == 'False' }}
environment: ${{ ( github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external-build-workflow' ) || ( 'internal-build-workflow' ) }}
steps:
- name: Authorize external
run: echo "authorized"
authorize:
needs: [authorize-internal, authorize-external]
runs-on: ubuntu-latest
# See: https://github.com/actions/runner/issues/491#issuecomment-660122693
if: |
always() &&
(needs.authorize-internal.result == 'success' || needs.authorize-internal.result == 'skipped') &&
(needs.authorize-external.result == 'success' || needs.authorize-external.result == 'skipped') &&
!(needs.authorize-internal.result == 'skipped' && needs.authorize-external.result == 'skipped')
steps:
- name: Authorize
run: echo "authorized"
build-yml-check:
uses: ./.github/workflows/build-yml-check.yml
build_matrix:
name: "build"
needs: [authorize, build-yml-check]
runs-on: ubuntu-latest
timeout-minutes: 360
strategy:
matrix:
include:
- arch: x86_64-linux
target: generic-x86_64-debug
- arch: x86_64-linux
target: lenovo-x1-carbon-gen11-debug
- arch: x86_64-linux
target: nvidia-jetson-orin-agx-debug-from-x86_64
- arch: x86_64-linux
target: nvidia-jetson-orin-nx-debug-from-x86_64
- arch: x86_64-linux
target: microchip-icicle-kit-debug-from-x86_64
- arch: x86_64-linux
target: doc
- arch: aarch64-linux
target: nvidia-jetson-orin-nx-debug
- arch: aarch64-linux
target: nvidia-jetson-orin-agx-debug
if: |
always() &&
needs.authorize.result == 'success' &&
needs.build-yml-check.outputs.result == 'not-changed'
concurrency:
# Cancel any in-progress workflow runs from the same PR or branch,
# allowing matrix jobs to run concurrently:
group: ${{ github.workflow }}.${{ github.event.pull_request.number || github.ref }}.${{ matrix.arch }}.${{ matrix.target }}
cancel-in-progress: true
steps:
- name: Apt install
run: sudo apt-get update; sudo apt-get install -y inxi git
- name: Print runner system info
run: sudo inxi -c0 --width -1 --basic --memory-short
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
fetch-depth: 0
- name: Rebase
run: |
BASE="origin/${{ github.base_ref }}"
COMMITS="$(git rev-list "$BASE".. --count)"
CONTEXT=5
echo -e "\n[+] Git log before rebase (with $CONTEXT commits context):"
git log --oneline -n$(( COMMITS + CONTEXT ))
echo -e "\n[+] Rebasing $COMMITS commit(s) on top of '$BASE'"
git config user.email "[email protected]"; git config user.name "Foo Bar"
git rebase "$BASE"
echo -e "\n[+] Git log after rebase (with $CONTEXT commits context):"
git log --oneline -n$(( COMMITS + CONTEXT ))
- name: Install nix
uses: cachix/install-nix-action@v30
- name: Prepare build
run: |
sh -c "umask 377; echo '${{ secrets.BUILDER_SSH_KEY }}' >builder_key"
sudo sh -c "echo '${{ vars.BUILDER_SSH_KNOWN_HOST }}' >>/etc/ssh/ssh_known_hosts"
- name: Build ${{ matrix.arch }}.${{ matrix.target }}
run: |
if [ "${{ matrix.arch }}" == "x86_64-linux" ]; then
BUILDER='${{ vars.BUILDER_X86 }}'
elif [ "${{ matrix.arch }}" == "aarch64-linux" ]; then
BUILDER='${{ vars.BUILDER_AARCH }}'
else
echo "::error::Unknown architecture: '${{ matrix.arch }}'"
exit 1
fi
NIX_FAST_BUILD_GITREF="1775c732"
nix run github:Mic92/nix-fast-build/"$NIX_FAST_BUILD_GITREF"#nix-fast-build -- \
--flake .#packages.${{ matrix.arch }}.${{ matrix.target }} \
--remote "$BUILDER" \
--remote-ssh-option IdentityFile builder_key \
--option accept-flake-config true \
--no-download --skip-cached --no-nom