Skip to content

build-cn9k-nginx

build-cn9k-nginx #45

name: build-cn9k-nginx
on:
push:
schedule:
- cron: "0 0 * * 1"
pull_request:
permissions:
contents: write
pages: write
id-token: write
packages: write
jobs:
ubuntu-cn9k-build:
name: ubuntu-cn9k-arm64
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
include:
- arch: aarch64
distro: ubuntu22.04
compiler: gcc
library: static
steps:
- name: Checkout sources
uses: actions/checkout@v4
- name: Generate cache keys
id: get_ref_keys
run: |
echo 'ccache=ccache-${{ matrix.distro }}-${{ matrix.compiler }}-${{ matrix.arch }}-'$(date -u +%Y-w%W) >> $GITHUB_OUTPUT
- name: Retrieve ccache cache
uses: actions/cache@v4
with:
path: ~/.ccache
key: ${{ steps.get_ref_keys.outputs.ccache }}-${{ github.ref }}
restore-keys: |
${{ steps.get_ref_keys.outputs.ccache }}-refs/heads/main
- name: Extract version details
id: version
run: |
mkdir -p "${PWD}/artifacts"
git tag --points-at HEAD > /tmp/tags
[ -s /tmp/tags ] && PKG_POSTFIX= || PKG_POSTFIX=-devel
echo "PKG_VERSION_NAME=`cat VERSION`" >> "${PWD}/artifacts/env"
echo "PKG_POSTFIX=${PKG_POSTFIX}" >> "${PWD}/artifacts/env"
source "${PWD}/artifacts/env"
- uses: uraimo/run-on-arch-action@v2.8.1
name: Build NGINX and generate package
id: build
with:
arch: ${{ matrix.arch }}
distro: ${{ matrix.distro }}
githubToken: ${{ github.token }}
setup: |
mkdir -p ~/.ccache
dockerRunArgs: |
--volume "${PWD}/artifacts:/artifacts"
--volume "${HOME}/.ccache:/root/.ccache"
shell: /bin/bash
install: |
apt-get update -q -y
apt-get install -y build-essential gcc meson ccache git doxygen apt-utils
apt-get install -y build-essential ccache git software-properties-common
add-apt-repository -y ppa:ubuntu-toolchain-r/test
apt-get update -q -y
apt-get install -y libnl-3-dev libnl-route-3-dev libnl-xfrm-3-dev
apt-get install -y sphinx-common python3-sphinx-rtd-theme pkg-config
apt-get install -y libarchive-dev libbsd-dev libbpf-dev
apt-get install -y libfdt-dev libjansson-dev autoconf dh-autoreconf
apt-get install -y libssl-dev ninja-build python3-pip
apt-get install -y python3-pyelftools python3-setuptools python3-wheel zlib1g-dev
apt-get install -y gcc-13 bzip2-doc icu-devtools libacl1-dev libattr1-dev
apt-get install -y libbz2-dev libgmp-dev libgmpxx4ldbl libicu-dev liblz4-dev
apt-get install -y liblzma-dev libxml2-dev libzstd-dev nettle-dev wget lsb-release
run: |
source /artifacts/env
git config --global --add safe.directory "${PWD}"
DISTRO=ubuntu-`lsb_release -rs`
echo "DISTRO=${DISTRO}" >> /artifacts/env
export CC='ccache gcc-13 -mcpu=octeontx2+crc+crypto+lse'
echo "cache_dir = /root/.ccache" > /root/.ccache/ccache.conf
ccache -p
pkg-config --list-all
BASE_DIR=${PWD}
OPENSSL_PATCH_VERSION=$(ls patches/nginx/deps/openssl/ | head -n 1)
OPENSSL_VERSION=${OPENSSL_PATCH_VERSION#v}
echo "OPENSSL_VERSION=${OPENSSL_VERSION}" >> /artifacts/env
wget "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz"
tar -xzf openssl-${OPENSSL_VERSION}.tar.gz
cd "${PWD}/openssl-${OPENSSL_VERSION}"
for patch in ${BASE_DIR}/patches/nginx/deps/openssl/${OPENSSL_PATCH_VERSION}/*.patch; do
patch -p1 < "$patch"
done
./Configure --prefix=$PWD/install linux-aarch64
until make; do echo "Building OpenSSL failed, retrying"; done
make install
mkdir -p "${PWD}/install/usr/lib/cn9k/openssl-${OPENSSL_VERSION}"
mv "${PWD}/install/lib" "${PWD}/install/usr/lib/cn9k/openssl-${OPENSSL_VERSION}/."
mv "${PWD}/install/bin" "${PWD}/install/usr/lib/cn9k/openssl-${OPENSSL_VERSION}/."
mv "${PWD}/install/include" "${PWD}/install/usr/lib/cn9k/openssl-${OPENSSL_VERSION}/."
mv "${PWD}/install/ssl" "${PWD}/install/usr/lib/cn9k/openssl-${OPENSSL_VERSION}/."
mv "${PWD}/install/share" "${PWD}/install/usr/lib/cn9k/openssl-${OPENSSL_VERSION}/."
mkdir -p "${PWD}/install/DEBIAN"
mkdir -p "${PWD}/install/debian"
cd "${PWD}/install"
sed -i "s/^prefix=.*/prefix=\/usr\/lib\/cn9k\/openssl-${OPENSSL_VERSION}/g" usr/lib/cn9k/openssl-${OPENSSL_VERSION}/lib/pkgconfig/openssl.pc
sed -i "s/^prefix=.*/prefix=\/usr\/lib\/cn9k\/openssl-${OPENSSL_VERSION}/g" usr/lib/cn9k/openssl-${OPENSSL_VERSION}/lib/pkgconfig/libssl.pc
sed -i "s/^prefix=.*/prefix=\/usr\/lib\/cn9k\/openssl-${OPENSSL_VERSION}/g" usr/lib/cn9k/openssl-${OPENSSL_VERSION}/lib/pkgconfig/libcrypto.pc
echo 'Source: OpenSSL' > debian/control
echo 'Package: openssl-'${OPENSSL_VERSION}'-cn9k'${PKG_POSTFIX} >> DEBIAN/control
echo 'Version: '${PKG_VERSION_NAME} >> DEBIAN/control >> DEBIAN/control
echo "Maintainer: Jerin Jacob (jerinj@marvell.com)" >> DEBIAN/control
echo "Architecture: arm64" >> DEBIAN/control
echo "Homepage: https://www.openssl.org/" >> DEBIAN/control
echo "Description: OpenSSL with Asynchronous support for Marvell Octeon 9" >> DEBIAN/control
echo "Provides: libssl.so.1.1, libcrypto.so.1.1" >> DEBIAN/control
rm -rf debian
cd ..
mv "${PWD}/install" "${PWD}/openssl-${OPENSSL_VERSION}-cn9k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64"
dpkg --build "openssl-${OPENSSL_VERSION}-cn9k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64"
cp -r "openssl-${OPENSSL_VERSION}-cn9k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64.deb" /artifacts/.
apt-get install ./openssl-${OPENSSL_VERSION}-cn9k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64.deb
cd ..
PCRE_PATCH_VERSION=$(ls patches/nginx/deps/pcre | head -n 1)
PCRE_VERSION=${PCRE_PATCH_VERSION#v}
wget "https://sourceforge.net/projects/pcre/files/pcre/${PCRE_VERSION}/pcre-${PCRE_VERSION}.tar.gz/download"
mv download pcre-${PCRE_VERSION}.tar.gz
tar xzf pcre-${PCRE_VERSION}.tar.gz
cd "${PWD}/pcre-${PCRE_VERSION}"
for patch in ${BASE_DIR}/patches/nginx/deps/pcre/${PCRE_PATCH_VERSION}/*.patch; do
patch -p1 < "$patch"
done
cd ..
export PCRE_PATH=$BASE_DIR/pcre-${PCRE_VERSION}
NGINX_PATCH_VERSION=$(ls patches/nginx | tail -n 1)
NGINX_VERSION=${NGINX_PATCH_VERSION#v}
echo "NGINX_VERSION=$NGINX_VERSION" >> /artifacts/env
wget "https://github.com/nginx/nginx/archive/release-${NGINX_VERSION}.tar.gz"
tar xzf release-${NGINX_VERSION}.tar.gz
cd "${PWD}/nginx-release-${NGINX_VERSION}"
for patch in ${BASE_DIR}/patches/nginx/${NGINX_PATCH_VERSION}/*.patch; do
patch -p1 < "$patch"
done
chmod +x configure
mkdir install
./configure --with-pcre=${PCRE_PATH} --with-http_ssl_module --without-http_gzip_module --with-cc-opt="-DNGX_SECURE_MEM -I/usr/lib/cn9k/openssl-${OPENSSL_VERSION}/include -Wno-error=deprecated-declarations" --with-threads --with-file-aio --with-ld-opt="-Wl,-rpath=/usr/lib/cn9k/openssl-${OPENSSL_VERSION}/lib -L/usr/lib/cn9k/openssl-${OPENSSL_VERSION}/lib -lssl -lcrypto" --add-dynamic-module=modules/nginx_cpt_module/
until make; do make clean;echo "Building NGINX failed, retrying"; done
DESTDIR=${PWD}/install/ make install
mkdir -p "${PWD}/install/DEBIAN"
mkdir -p "${PWD}/install/debian"
cd "${PWD}/install"
echo 'Source: NGINX' > debian/control
echo 'Package: nginx-'${NGINX_VERSION}'-cn9k'${PKG_POSTFIX} >> DEBIAN/control
echo 'Version: '${PKG_VERSION_NAME} >> DEBIAN/control
echo "Depends: `dpkg-shlibdeps --ignore-missing-info -O usr/local/nginx/sbin/nginx | awk -F'Depends=' '{print $2}'`, openssl-${OPENSSL_VERSION}-cn9k${PKG_POSTFIX} (= ${PKG_VERSION_NAME})" >> DEBIAN/control
echo "Maintainer: Jerin Jacob (jerinj@marvell.com)" >> DEBIAN/control
echo "Architecture: arm64" >> DEBIAN/control
echo "Homepage: https://nginx.org/" >> DEBIAN/control
echo "Description: Asynchronous NGINX for Marvell Octeon 9" >> DEBIAN/control
rm -rf debian
cd ..
mv "${PWD}/install" "${PWD}/nginx-${NGINX_VERSION}-cn9k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64"
dpkg --build "${PWD}/nginx-${NGINX_VERSION}-cn9k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64"
cp "${PWD}/nginx-${NGINX_VERSION}-cn9k${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64.deb" /artifacts/.
- name: Export version name
id: artifacts
run: |
source "${PWD}/artifacts/env"
echo $PKG_VERSION_NAME
echo "PKG_VERSION_NAME=${PKG_VERSION_NAME}" >> "$GITHUB_OUTPUT"
echo $NGINX_VERSION
echo "NGINX_VERSION=${NGINX_VERSION}" >> "$GITHUB_OUTPUT"
echo $OPENSSL_VERSION
echo "OPENSSL_VERSION=${OPENSSL_VERSION}" >> "$GITHUB_OUTPUT"
echo $DISTRO
echo "DISTRO=${DISTRO}" >> "$GITHUB_OUTPUT"
[[ "$PKG_POSTFIX" == "-devel" ]] && TAG=devel || TAG=${PKG_VERSION_NAME}
[[ "$PKG_POSTFIX" == "-devel" ]] && IS_DEVEL="true" || IS_DEVEL="false"
echo "PKG_POSTFIX=${PKG_POSTFIX}" >> "$GITHUB_OUTPUT"
echo "TAG=${TAG}" >> "$GITHUB_OUTPUT"
echo "IS_DEVEL=${IS_DEVEL}" >> "$GITHUB_OUTPUT"
- name: Delete existing release
if: ${{ github.event_name == 'push' }}
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release delete nginx-${{ steps.artifacts.outputs.NGINX_VERSION }}-cn9k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }} --cleanup-tag -y
gh release delete openssl-${{ steps.artifacts.outputs.OPENSSL_VERSION }}-cn9k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }} --cleanup-tag -y
continue-on-error: true
- name: Release NGINX cn9k package
uses: softprops/action-gh-release@v2.0.4
if: ${{ github.event_name == 'push' }}
with:
tag_name: nginx-${{ steps.artifacts.outputs.NGINX_VERSION }}-cn9k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}
files: |
${{ github.workspace }}/artifacts/nginx-${{ steps.artifacts.outputs.NGINX_VERSION }}-cn9k${{ steps.artifacts.outputs.PKG_POSTFIX }}_${{ steps.artifacts.outputs.PKG_VERSION_NAME }}_arm64.deb
- name: Release OpenSSL cn9k package
uses: softprops/action-gh-release@v2.0.4
if: ${{ github.event_name == 'push' }}
with:
tag_name: openssl-${{ steps.artifacts.outputs.OPENSSL_VERSION }}-cn9k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}
files: |
${{ github.workspace }}/artifacts/openssl-${{ steps.artifacts.outputs.OPENSSL_VERSION }}-cn9k${{ steps.artifacts.outputs.PKG_POSTFIX }}_${{ steps.artifacts.outputs.PKG_VERSION_NAME }}_arm64.deb
- name: Dispatch package update event
if: ${{ github.event_name == 'push' }}
run: |
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.PPA_REPO_SECRET }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/marvellembeddedprocessors/packages/dispatches \
-d '{"event_type":"dispatch-event", "client_payload": {"package" : "nginx",
"tag": "nginx-${{ steps.artifacts.outputs.NGINX_VERSION }}-cn9k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}",
"distro" : "${{ steps.artifacts.outputs.DISTRO }}",
"platform" : "cn9k",
"devel": "${{ steps.artifacts.outputs.IS_DEVEL }}"}}'
sleep 120
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.PPA_REPO_SECRET }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/marvellembeddedprocessors/packages/dispatches \
-d '{"event_type":"dispatch-event", "client_payload": {"package" : "openssl",
"tag": "openssl-${{ steps.artifacts.outputs.OPENSSL_VERSION }}-cn9k-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}",
"distro" : "${{ steps.artifacts.outputs.DISTRO }}",
"platform" : "cn9k",
"devel": "${{ steps.artifacts.outputs.IS_DEVEL }}"}}'