[Kernel Config] Re-enable Kernel IBT (#73) #2816
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Kernel CI | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
workflow_dispatch: | |
# manual trigger | |
schedule: | |
- cron: '0 6,14,22 * * *' | |
env: | |
IS_LTS: NO | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
container: locietta/loia-dev-base:latest | |
outputs: | |
current_version: ${{ steps.out.outputs.current_version }} | |
release_version: ${{ steps.out.outputs.release_version }} | |
clang_version: ${{ steps.out.outputs.clang_version }} | |
rebuild_flag: ${{ steps.out.outputs.rebuild_flag }} | |
strategy: | |
matrix: | |
include: | |
- arch: GENERIC_CPU2 | |
image-name: bzImage-x64v2 | |
- arch: GENERIC_CPU3 | |
image-name: bzImage-x64v3 | |
- arch: GENERIC_CPU4 | |
image-name: bzImage-x64v4 | |
- arch: MSKYLAKE | |
image-name: bzImage-skylake | |
steps: | |
- uses: actions/checkout@main | |
- name: Install dependencies | |
id: dep | |
run: | | |
pacman -Syu --noconfirm pahole xmlto inetutils bc cpio jq ccache go | |
GOBIN=/usr/bin go install go.chromium.org/luci/cipd/client/cmd/...@latest | |
cipd install fuchsia/third_party/clang/linux-amd64 latest -root /usr/local/fuchsia-clang | |
echo "PATH=/usr/local/fuchsia-clang/bin:$PATH" >> $GITHUB_ENV | |
- name: Trust this directory | |
run: git config --global --add safe.directory '*' # v2.35.3 or later | |
- name: Initialize ccache | |
uses: hendrikmuhs/[email protected] | |
with: | |
max-size: 2048M | |
key: ${{ github.job }}-${{ matrix.arch }} | |
- name: Prepare source code | |
shell: bash | |
run: | | |
export CURL_UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0" | |
export VERSION_BRANCH=$(curl -s https://xanmod.org/ -A $CURL_UA | awk '/MAIN/{getline; getline; print}' | grep -oP '[0-9]+\.[0-9]+') | |
git clone https://github.com/xanmod/linux.git -b $VERSION_BRANCH --depth 1 linux | |
cd linux && ../config.sh | |
scripts/config -d GENERIC_CPU3 # avoid override warning for duplicate arch flags | |
scripts/config -e ${{ matrix.arch }} | |
# Load version info into env | |
echo "CLANG_VERSION=$(clang --version | head -n1)" | tee -a $GITHUB_ENV | |
export CURRENT_VERSION=$(make kernelrelease) | |
# must query with a token, or will fail with api rate limit on public runners | |
export RELEASED_TAG=$(curl -sL -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}'\ | |
https://api.github.com/repos/Locietta/xanmod-kernel-WSL2/tags\?per_page\=60 | jq -r '.[].name' | grep -v 'lts' | head -n 1) | |
export RELEASED_VERSION=$(echo $RELEASED_TAG | sed "s#\(.*-locietta-WSL2-xanmod[0-9][0-9]*\).*#\1#" ) | |
export RELEASED_MINOR=$(echo $RELEASED_TAG | sed "s#\(.*-locietta-WSL2-xanmod[0-9][0-9]*\).*\([0-9][0-9]*\).*#\2#" ) | |
echo "CURRENT_VERSION=$CURRENT_VERSION" | tee -a $GITHUB_ENV | |
echo "RELEASED_VERSION=$RELEASED_VERSION" | tee -a $GITHUB_ENV | |
if [[ $CURRENT_VERSION != $RELEASED_VERSION || \ | |
($CURRENT_VERSION = $RELEASED_VERSION && 1 -gt "$RELEASED_MINOR") || \ | |
"${{ github.event_name }}" = 'pull_request' ]]; then | |
echo "REBUILD_FLAG=1" | tee -a $GITHUB_ENV | |
else | |
echo "REBUILD_FLAG=" | tee -a $GITHUB_ENV | |
fi | |
- name: Build kernel | |
if: ${{ env.REBUILD_FLAG }} | |
run: | | |
cd linux && ../build.sh | |
mv arch/x86/boot/bzImage ../${{ matrix.image-name }} | |
cd .. && sha256sum ${{ matrix.image-name }} > ${{ matrix.image-name }}.sha256 | |
- name: Upload bzImage | |
uses: actions/upload-artifact@main | |
if: ${{ env.REBUILD_FLAG }} | |
with: | |
name: ${{ matrix.image-name }} | |
path: | | |
${{ matrix.image-name }} | |
${{ matrix.image-name }}.sha256 | |
- id: out | |
run: | | |
echo "current_version=${{ env.CURRENT_VERSION }}" >> $GITHUB_OUTPUT | |
echo "release_version=${{ env.RELEASED_VERSION }}" >> $GITHUB_OUTPUT | |
echo "clang_version=${{ env.CLANG_VERSION }}" >> $GITHUB_OUTPUT | |
echo "rebuild_flag=${{ env.REBUILD_FLAG }}" >> $GITHUB_OUTPUT | |
release: | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@main | |
- uses: actions/download-artifact@main | |
with: | |
path: release_images/ | |
- id: fetch_commit_sha | |
run: | | |
if [ ${{ github.event_name }} = 'pull_request' ]; then | |
echo "sha=${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT | |
echo "RELEASE_TAG=${{ needs.build.outputs.current_version }}.1-PR" | tee -a $GITHUB_ENV | |
else | |
echo "sha=${{ github.sha }}" >> $GITHUB_OUTPUT | |
echo "RELEASE_TAG=${{ needs.build.outputs.current_version }}.1" | tee -a $GITHUB_ENV | |
fi | |
- name: Release | |
uses: softprops/action-gh-release@master | |
if: ${{ needs.build.outputs.rebuild_flag }} | |
with: | |
name: ${{ env.RELEASE_TAG }} | |
tag_name: ${{ env.RELEASE_TAG }} | |
draft: ${{ github.event_name == 'pull_request' }} | |
target_commitish: ${{ steps.fetch_commit_sha.outputs.sha }} | |
body: | | |
Latest XanMod kernel for WSL2, built with ${{ needs.build.outputs.clang_version }}. | |
Provide builds on different archs with matrix build utility of GitHub Action. | |
* `bzImage-x64v{2,3,4}` for generic-x86_64-v{2,3,4} | |
* `bzImage-skylake` for intel skylake | |
To check supported x86_64 level on your machine, see [how to check supported x86_64 level of the hardware](https://unix.stackexchange.com/questions/631217/how-do-i-check-if-my-cpu-supports-x86-64-v2?msclkid=42ca61e9aa7111ecbcab7bb1a4204357). | |
And if you happen to use intel skylake chips (just like me), you can choose `bzImage-skylake` for best tuning. | |
**NOTE for Win11**: the minimum requirement of Win11 ensures generic-x86_64-v3 support, so feel free to use `bzImage-x64v3`. | |
files: | | |
release_images/*/* | |
token: ${{ secrets.CUSTOM_GITHUB_TOKEN }} | |
# generate_release_notes: true | |
fail_on_unmatched_files: true |