From 5793943af4d0f96201cd8da8e515ff2e17795b1f Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Thu, 16 Jan 2025 12:59:07 -0500 Subject: [PATCH 1/2] github actions: Make Builds on Merge Request Work Since we need to make sure external contributors code actually compiles prior to merging. To get access to the forked repos merge request we need to switch over our push/pull_request to pull_request_target. In addition we're fixing up some Naming Conventions, adding aarch64 to this branch and fixing the naming so that we can quickly identify if the CI is for x86_64 or aarch64. Removes pull request checker it is being rewritten and doesn't work as intented for fork merges. --- ...ck_aarch64.yml => build-check_aarch64.yml} | 7 +-- ...heck_x86_64.yml => build-check_x86_64.yml} | 7 +-- .github/workflows/process-pull-request.yml | 54 ------------------- 3 files changed, 8 insertions(+), 60 deletions(-) rename .github/workflows/{push-check_aarch64.yml => build-check_aarch64.yml} (86%) rename .github/workflows/{push-check_x86_64.yml => build-check_x86_64.yml} (86%) delete mode 100644 .github/workflows/process-pull-request.yml diff --git a/.github/workflows/push-check_aarch64.yml b/.github/workflows/build-check_aarch64.yml similarity index 86% rename from .github/workflows/push-check_aarch64.yml rename to .github/workflows/build-check_aarch64.yml index cafc685af922c..750e95a389e51 100644 --- a/.github/workflows/push-check_aarch64.yml +++ b/.github/workflows/build-check_aarch64.yml @@ -1,6 +1,6 @@ -name: CI +name: aarch64 CI on: - push: + pull_request_target: branches: - '**' - '!mainline' @@ -24,10 +24,11 @@ jobs: - name: Checkout code uses: actions/checkout@v4 with: + ref: "${{ github.event.pull_request.head.sha }}" fetch-depth: 0 - name: Build the Kernel run: | - git config --global --add safe.directory /__w/kernel-src-git/kernel-src-git + git config --global --add safe.directory /__w/kernel-src-tree/kernel-src-tree cp configs/kernel-rt-5.14.0-aarch64-64k.config .config make olddefconfig make -j8 diff --git a/.github/workflows/push-check_x86_64.yml b/.github/workflows/build-check_x86_64.yml similarity index 86% rename from .github/workflows/push-check_x86_64.yml rename to .github/workflows/build-check_x86_64.yml index 197af7a3556c2..d348cff210ecf 100644 --- a/.github/workflows/push-check_x86_64.yml +++ b/.github/workflows/build-check_x86_64.yml @@ -1,6 +1,6 @@ -name: CI +name: x86_64 CI on: - push: + pull_request_target: branches: - '**' - '!mainline' @@ -24,10 +24,11 @@ jobs: - name: Checkout code uses: actions/checkout@v4 with: + ref: "${{ github.event.pull_request.head.sha }}" fetch-depth: 0 - name: Build the Kernel run: | - git config --global --add safe.directory /__w/kernel-src-git/kernel-src-git + git config --global --add safe.directory /__w/kernel-src-tree/kernel-src-tree cp configs/kernel-rt-5.14.0-x86_64.config .config make olddefconfig make -j8 diff --git a/.github/workflows/process-pull-request.yml b/.github/workflows/process-pull-request.yml deleted file mode 100644 index 5764537bed632..0000000000000 --- a/.github/workflows/process-pull-request.yml +++ /dev/null @@ -1,54 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -name: Pull Request Checker - -on: - pull_request: - branches: - - '**' - - '!mainline' - -permissions: - contents: read - -jobs: - test: - - runs-on: ubuntu-latest - strategy: - matrix: - ruby-version: ['3.0'] - - steps: - - uses: actions/checkout@v4 - - name: Set up Ruby - # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby, - # change this to (see https://github.com/ruby/setup-ruby#versioning): - uses: ruby/setup-ruby@v1 - # uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0 - with: - ruby-version: ${{ matrix.ruby-version }} - bundler-cache: true # runs 'bundle install' and caches installed gems automatically - - name: Set up Python - uses: actions/setup-python@v5 - - name: Run tests - run: | - /usr/bin/pip3 install gitPython - python -c "import sys; import git; print(sys.version)" - git fetch origin ${{ github.base_ref }} - git fetch origin ${{ github.head_ref }} - git remote add linux https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git - git fetch --shallow-since="3 years ago" linux - echo "Will run process-git-request.rb with:" - echo "fname = ${{ github.run_id }}" - echo "target_branch = ${{ github.base_ref }}" - echo "source_branch = ${{ github.head_ref }}" - echo "prj_dir = ${{ github.workspace }}" - echo "pull_request = ${{ github.ref }}" - echo "requestor = ${{ github.actor }}" - cd ${{ github.workspace }} - /usr/bin/ruby .github/workflows/process-git-request.rb ${{ github.run_id }} ${{ github.base_ref }} \ - ${{ github.head_ref }} ${{ github.workspace }} ${{ github.ref }} ${{ github.actor }} From 560b05f50ee8602544dc68368976ee2806526203 Mon Sep 17 00:00:00 2001 From: Jonathan Maple Date: Thu, 16 Jan 2025 17:36:12 -0500 Subject: [PATCH 2/2] github actions: reduce workflow execution permission --- .github/workflows/build-check_aarch64.yml | 2 +- .github/workflows/build-check_x86_64.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-check_aarch64.yml b/.github/workflows/build-check_aarch64.yml index 750e95a389e51..e80d64c358e2c 100644 --- a/.github/workflows/build-check_aarch64.yml +++ b/.github/workflows/build-check_aarch64.yml @@ -1,6 +1,6 @@ name: aarch64 CI on: - pull_request_target: + pull_request: branches: - '**' - '!mainline' diff --git a/.github/workflows/build-check_x86_64.yml b/.github/workflows/build-check_x86_64.yml index d348cff210ecf..e082857bcbe0b 100644 --- a/.github/workflows/build-check_x86_64.yml +++ b/.github/workflows/build-check_x86_64.yml @@ -1,6 +1,6 @@ name: x86_64 CI on: - pull_request_target: + pull_request: branches: - '**' - '!mainline'