build-cn10k-nginx #60
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build-cn10k-nginx | |
on: | |
push: | |
schedule: | |
- cron: "0 0 * * 1" | |
pull_request: | |
permissions: | |
contents: write | |
pages: write | |
id-token: write | |
packages: write | |
jobs: | |
ubuntu-cn10k-build: | |
name: ubuntu-cn10k-arm64 | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: true | |
matrix: | |
include: | |
- arch: aarch64 | |
distro: ubuntu22.04 | |
compiler: gcc | |
library: static | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Generate cache keys | |
id: get_ref_keys | |
run: | | |
echo 'ccache=ccache-${{ matrix.distro }}-${{ matrix.compiler }}-${{ matrix.arch }}-'$(date -u +%Y-w%W) >> $GITHUB_OUTPUT | |
- name: Retrieve ccache cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/.ccache | |
key: ${{ steps.get_ref_keys.outputs.ccache }}-${{ github.ref }} | |
restore-keys: | | |
${{ steps.get_ref_keys.outputs.ccache }}-refs/heads/main | |
- name: Extract version details | |
id: version | |
run: | | |
mkdir -p "${PWD}/artifacts" | |
git tag --points-at HEAD > /tmp/tags | |
[ -s /tmp/tags ] && PKG_POSTFIX= || PKG_POSTFIX=-devel | |
echo "PKG_VERSION_NAME=`cat VERSION`" >> "${PWD}/artifacts/env" | |
echo "PKG_POSTFIX=${PKG_POSTFIX}" >> "${PWD}/artifacts/env" | |
source "${PWD}/artifacts/env" | |
- uses: uraimo/run-on-arch-action@v2.8.1 | |
name: Build NGINX and generate package | |
id: build | |
with: | |
arch: ${{ matrix.arch }} | |
distro: ${{ matrix.distro }} | |
githubToken: ${{ github.token }} | |
setup: | | |
mkdir -p ~/.ccache | |
dockerRunArgs: | | |
--volume "${PWD}/artifacts:/artifacts" | |
--volume "${HOME}/.ccache:/root/.ccache" | |
shell: /bin/bash | |
install: | | |
apt-get update -q -y | |
apt-get install -y build-essential gcc meson ccache git doxygen apt-utils | |
apt-get install -y build-essential ccache git software-properties-common | |
add-apt-repository -y ppa:ubuntu-toolchain-r/test | |
apt-get update -q -y | |
apt-get install -y libnl-3-dev libnl-route-3-dev libnl-xfrm-3-dev | |
apt-get install -y sphinx-common python3-sphinx-rtd-theme pkg-config | |
apt-get install -y libarchive-dev libbsd-dev libbpf-dev | |
apt-get install -y libfdt-dev libjansson-dev autoconf dh-autoreconf | |
apt-get install -y libssl-dev ninja-build python3-pip | |
apt-get install -y python3-pyelftools python3-setuptools python3-wheel zlib1g-dev | |
apt-get install -y gcc-13 bzip2-doc icu-devtools libacl1-dev libattr1-dev | |
apt-get install -y libbz2-dev libgmp-dev libgmpxx4ldbl libicu-dev liblz4-dev | |
apt-get install -y liblzma-dev libxml2-dev libzstd-dev nettle-dev wget lsb-release | |
run: | | |
source /artifacts/env | |
git config --global --add safe.directory "${PWD}" | |
DISTRO=ubuntu-`lsb_release -rs` | |
echo "DISTRO=${DISTRO}" >> /artifacts/env | |
export CC='ccache gcc-13 -mcpu=neoverse-n2+sve2+crypto' | |
echo "cache_dir = /root/.ccache" > /root/.ccache/ccache.conf | |
ccache -p | |
pkg-config --list-all | |
BASE_DIR=${PWD} | |
OPENSSL_PATCH_VERSION=$(ls patches/nginx/deps/openssl/ | head -n 1) | |
OPENSSL_VERSION=${OPENSSL_PATCH_VERSION#v} | |
echo "OPENSSL_VERSION=${OPENSSL_VERSION}" >> /artifacts/env | |
wget "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz" | |
tar -xzf openssl-${OPENSSL_VERSION}.tar.gz | |
cd "${PWD}/openssl-${OPENSSL_VERSION}" | |
for patch in ${BASE_DIR}/patches/nginx/deps/openssl/${OPENSSL_PATCH_VERSION}/*.patch; do | |
patch -p1 < "$patch" | |
done | |
./Configure --prefix=$PWD/install linux-aarch64 | |
until make; do echo "Building OpenSSL failed, retrying"; done | |
make install | |
mkdir -p "${PWD}/install/usr/lib/cn10k/openssl-${OPENSSL_VERSION}" | |
mv "${PWD}/install/lib" "${PWD}/install/usr/lib/cn10k/openssl-${OPENSSL_VERSION}/." | |
mv "${PWD}/install/bin" "${PWD}/install/usr/lib/cn10k/openssl-${OPENSSL_VERSION}/." | |
mv "${PWD}/install/include" "${PWD}/install/usr/lib/cn10k/openssl-${OPENSSL_VERSION}/." | |
mv "${PWD}/install/ssl" "${PWD}/install/usr/lib/cn10k/openssl-${OPENSSL_VERSION}/." | |
mv "${PWD}/install/share" "${PWD}/install/usr/lib/cn10k/openssl-${OPENSSL_VERSION}/." | |
mkdir -p "${PWD}/install/DEBIAN" | |
mkdir -p "${PWD}/install/debian" | |
cd "${PWD}/install" | |
sed -i "s/^prefix=.*/prefix=\/usr\/lib\/cn10k\/openssl-${OPENSSL_VERSION}/g" usr/lib/cn10k/openssl-${OPENSSL_VERSION}/lib/pkgconfig/openssl.pc | |
sed -i "s/^prefix=.*/prefix=\/usr\/lib\/cn10k\/openssl-${OPENSSL_VERSION}/g" usr/lib/cn10k/openssl-${OPENSSL_VERSION}/lib/pkgconfig/libssl.pc | |
sed -i "s/^prefix=.*/prefix=\/usr\/lib\/cn10k\/openssl-${OPENSSL_VERSION}/g" usr/lib/cn10k/openssl-${OPENSSL_VERSION}/lib/pkgconfig/libcrypto.pc | |
echo 'Source: OpenSSL' > debian/control | |
echo 'Package: openssl-'${OPENSSL_VERSION}'-cn10k'${PKG_POSTFIX} >> DEBIAN/control | |
echo 'Version: '${PKG_VERSION_NAME} >> DEBIAN/control >> DEBIAN/control | |
echo "Maintainer: Jerin Jacob (jerinj@marvell.com)" >> DEBIAN/control | |
echo "Architecture: arm64" >> DEBIAN/control | |
echo "Homepage: https://www.openssl.org/" >> DEBIAN/control | |
echo "Description: OpenSSL with Asynchronous support for Marvell Octeon 10" >> DEBIAN/control | |
echo "Provides: libssl.so.1.1, libcrypto.so.1.1" >> DEBIAN/control | |
rm -rf debian | |
cd .. | |
mv "${PWD}/install" "${PWD}/openssl-${OPENSSL_VERSION}-cn10k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64" | |
dpkg --build "openssl-${OPENSSL_VERSION}-cn10k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64" | |
cp -r "openssl-${OPENSSL_VERSION}-cn10k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64.deb" /artifacts/. | |
apt-get install ./openssl-${OPENSSL_VERSION}-cn10k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64.deb | |
cd .. | |
PCRE_PATCH_VERSION=$(ls patches/nginx/deps/pcre | head -n 1) | |
PCRE_VERSION=${PCRE_PATCH_VERSION#v} | |
wget "https://sourceforge.net/projects/pcre/files/pcre/${PCRE_VERSION}/pcre-${PCRE_VERSION}.tar.gz/download" | |
mv download pcre-${PCRE_VERSION}.tar.gz | |
tar xzf pcre-${PCRE_VERSION}.tar.gz | |
cd "${PWD}/pcre-${PCRE_VERSION}" | |
for patch in ${BASE_DIR}/patches/nginx/deps/pcre/${PCRE_PATCH_VERSION}/*.patch; do | |
patch -p1 < "$patch" | |
done | |
cd .. | |
export PCRE_PATH=$BASE_DIR/pcre-${PCRE_VERSION} | |
NGINX_PATCH_VERSION=$(ls patches/nginx | tail -n 1) | |
NGINX_VERSION=${NGINX_PATCH_VERSION#v} | |
echo "NGINX_VERSION=$NGINX_VERSION" >> /artifacts/env | |
wget "https://github.com/nginx/nginx/archive/release-${NGINX_VERSION}.tar.gz" | |
tar xzf release-${NGINX_VERSION}.tar.gz | |
cd "${PWD}/nginx-release-${NGINX_VERSION}" | |
for patch in ${BASE_DIR}/patches/nginx/${NGINX_PATCH_VERSION}/*.patch; do | |
patch -p1 < "$patch" | |
done | |
chmod +x configure | |
mkdir install | |
./configure --with-pcre=${PCRE_PATH} --with-http_ssl_module --without-http_gzip_module --with-cc-opt="-DNGX_SECURE_MEM -I/usr/lib/cn10k/openssl-${OPENSSL_VERSION}/include -Wno-error=deprecated-declarations" --with-threads --with-file-aio --with-ld-opt="-Wl,-rpath=/usr/lib/cn10k/openssl-${OPENSSL_VERSION}/lib -L/usr/lib/cn10k/openssl-${OPENSSL_VERSION}/lib -lssl -lcrypto" --add-dynamic-module=modules/nginx_cpt_module/ | |
until make; do make clean;echo "Building NGINX failed, retrying"; done | |
DESTDIR=${PWD}/install/ make install | |
mkdir -p "${PWD}/install/DEBIAN" | |
mkdir -p "${PWD}/install/debian" | |
cd "${PWD}/install" | |
echo 'Source: NGINX' > debian/control | |
echo 'Package: nginx-'${NGINX_VERSION}'-cn10k'${PKG_POSTFIX} >> DEBIAN/control | |
echo 'Version: '${PKG_VERSION_NAME} >> DEBIAN/control | |
echo "Depends: `dpkg-shlibdeps --ignore-missing-info -O usr/local/nginx/sbin/nginx | awk -F'Depends=' '{print $2}'`, openssl-${OPENSSL_VERSION}-cn10k${PKG_POSTFIX} (= ${PKG_VERSION_NAME})" >> DEBIAN/control | |
echo "Maintainer: Jerin Jacob (jerinj@marvell.com)" >> DEBIAN/control | |
echo "Architecture: arm64" >> DEBIAN/control | |
echo "Homepage: https://nginx.org/" >> DEBIAN/control | |
echo "Description: Asynchronous NGINX for Marvell Octeon 10" >> DEBIAN/control | |
rm -rf debian | |
cd .. | |
mv "${PWD}/install" "${PWD}/nginx-${NGINX_VERSION}-cn10k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64" | |
dpkg --build "${PWD}/nginx-${NGINX_VERSION}-cn10k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64" | |
cp "${PWD}/nginx-${NGINX_VERSION}-cn10k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64.deb" /artifacts/. | |
- name: Export version name | |
id: artifacts | |
run: | | |
source "${PWD}/artifacts/env" | |
echo $PKG_VERSION_NAME | |
echo "PKG_VERSION_NAME=${PKG_VERSION_NAME}" >> "$GITHUB_OUTPUT" | |
echo $NGINX_VERSION | |
echo "NGINX_VERSION=${NGINX_VERSION}" >> "$GITHUB_OUTPUT" | |
echo $OPENSSL_VERSION | |
echo "OPENSSL_VERSION=${OPENSSL_VERSION}" >> "$GITHUB_OUTPUT" | |
echo $DISTRO | |
echo "DISTRO=${DISTRO}" >> "$GITHUB_OUTPUT" | |
[[ "$PKG_POSTFIX" == "-devel" ]] && TAG=devel || TAG=${PKG_VERSION_NAME} | |
[[ "$PKG_POSTFIX" == "-devel" ]] && IS_DEVEL="true" || IS_DEVEL="false" | |
echo "PKG_POSTFIX=${PKG_POSTFIX}" >> "$GITHUB_OUTPUT" | |
echo "TAG=${TAG}" >> "$GITHUB_OUTPUT" | |
echo "IS_DEVEL=${IS_DEVEL}" >> "$GITHUB_OUTPUT" | |
- name: Delete existing release | |
if: ${{ github.event_name == 'push' }} | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
gh release delete nginx-${{ steps.artifacts.outputs.NGINX_VERSION }}-cn10k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }} --cleanup-tag -y | |
gh release delete openssl-${{ steps.artifacts.outputs.OPENSSL_VERSION }}-cn10k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }} --cleanup-tag -y | |
continue-on-error: true | |
- name: Release NGINX cn10k package | |
uses: softprops/action-gh-release@v2.0.4 | |
if: ${{ github.event_name == 'push' }} | |
with: | |
draft: false | |
tag_name: nginx-${{ steps.artifacts.outputs.NGINX_VERSION }}-cn10k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }} | |
files: | | |
${{ github.workspace }}/artifacts/nginx-${{ steps.artifacts.outputs.NGINX_VERSION }}-cn10k${{ steps.artifacts.outputs.PKG_POSTFIX }}_${{ steps.artifacts.outputs.PKG_VERSION_NAME }}_arm64.deb | |
- name: Release OpenSSL cn10k package | |
uses: softprops/action-gh-release@v2.0.4 | |
if: ${{ github.event_name == 'push' }} | |
with: | |
draft: false | |
tag_name: openssl-${{ steps.artifacts.outputs.OPENSSL_VERSION }}-cn10k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }} | |
files: | | |
${{ github.workspace }}/artifacts/openssl-${{ steps.artifacts.outputs.OPENSSL_VERSION }}-cn10k${{ steps.artifacts.outputs.PKG_POSTFIX }}_${{ steps.artifacts.outputs.PKG_VERSION_NAME }}_arm64.deb | |
- name: Dispatch package update event | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
curl -L \ | |
-X POST \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "Authorization: Bearer ${{ secrets.PPA_REPO_SECRET }}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
https://api.github.com/repos/marvellembeddedprocessors/packages/dispatches \ | |
-d '{"event_type":"dispatch-event", "client_payload": {"package" : "nginx", | |
"tag": "nginx-${{ steps.artifacts.outputs.NGINX_VERSION }}-cn10k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}", | |
"distro" : "${{ steps.artifacts.outputs.DISTRO }}", | |
"platform" : "cn10k", | |
"devel": "${{ steps.artifacts.outputs.IS_DEVEL }}"}}' | |
sleep 120 | |
curl -L \ | |
-X POST \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "Authorization: Bearer ${{ secrets.PPA_REPO_SECRET }}" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
https://api.github.com/repos/marvellembeddedprocessors/packages/dispatches \ | |
-d '{"event_type":"dispatch-event", "client_payload": {"package" : "openssl", | |
"tag": "openssl-${{ steps.artifacts.outputs.OPENSSL_VERSION }}-cn10k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}", | |
"distro" : "${{ steps.artifacts.outputs.DISTRO }}", | |
"platform" : "cn10k", | |
"devel": "${{ steps.artifacts.outputs.IS_DEVEL }}"}}' |