Add: build-system

naa0yama · Feb 22, 2024 · 9d5b64c · 9d5b64c
1 parent bcf8284
commit 9d5b64c
Show file tree

Hide file tree

Showing 7 changed files with 202 additions and 56 deletions.
diff --git a/.github/workflows/build-system.yml b/.github/workflows/build-system.yml
@@ -0,0 +1,59 @@
+name: Build system provisioning
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 360 # default 6 hour
+    env:
+      TZ: Asia/Tokyo
+    permissions:
+      contents: write
+
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Checkout repository
+        uses: actions/checkout@v4.0.0
+
+      - name: "get openwrt version from Dockerfile"
+        run: |
+          set -eux
+
+          OPENWRT_VERSION=$(grep -oP '(?<=OPENWRT_VERSION=").+(?=")' Dockerfile)
+          if [ -z "$OPENWRT_VERSION" ]; then
+            exit 1
+          fi
+
+          echo "OPENWRT_VERSION=${OPENWRT_VERSION}" >> $GITHUB_ENV
+
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ghcr.io/${{ github.repository }}/build-system
+          tags: |
+            # set latest tag for default branch
+            type=raw,value=latest,enable={{is_default_branch}}
+
+            # OpenWrt version tag
+            type=raw,value=${{ env.OPENWRT_VERSION }},enable={{is_default_branch}}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5.0.0
+        with:
+          push: true
+          cache-from: type=gha,scope=build-system-${{ env.OPENWRT_VERSION }}
+          cache-to: type=gha,mode=max,scope=build-system-${{ env.OPENWRT_VERSION }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -5,13 +5,17 @@ on:
     inputs:
       version:
         required: true
-        default: "23.05.2"
+        default: "v23.05.2"
         description: OpenWrt version
         type: string
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/${{ github.repository }}/build-system:${{ inputs.version }}
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.github_token }}
     timeout-minutes: 360 # default 6 hour
     env:
       TZ: Asia/Tokyo
@@ -30,74 +34,24 @@ jobs:
       - name: Confirm git commit SHA output
         run: echo ${{ env.COMMIT_SHORT_SHA }}
 
-      - name: Installing dependencies
-        run: |
-          sudo apt update
-          sudo apt install build-essential clang flex bison g++ gawk \
-          gcc-multilib g++-multilib gettext git libncurses-dev libssl-dev \
-          python3-distutils rsync unzip zlib1g-dev file wget
-
-      - name: git clone openwrt/openwrt
-        run: |
-          set -eux
-
-          git clone https://git.openwrt.org/openwrt/openwrt.git
-          cd openwrt
-          git pull
-
-      - name: configure code version
-        working-directory: openwrt
-        run: |
-          set -eux
-
-          git branch -a
-          git tag
-          git checkout v${{ inputs.version }}
-
-      - name: Cache dependencies
-        id: cache-build
-        uses: actions/cache@v4.0.0
-        with:
-          path: |
-            ./openwrt/bin/
-            ./openwrt/build_dir/
-            ./openwrt/dl/
-            ./openwrt/feeds/
-            ./openwrt/staging_dir/
-            ./openwrt/tmp/
-          key: built-${{ inputs.version }}
-
-      - name: Cache hit check
-        run: |
-          echo "-->${{steps.cache-build.outputs.cache-hit}}<--"
-
-      - name: Update the feeds
-        working-directory: openwrt
-        run: |
-          set -eux
-
-          ./scripts/feeds update -a
-          ./scripts/feeds install -a
-
       - name: Expand to full config
-        working-directory: openwrt
+        # working-directory: openwrt
         run: |
           set -eux
 
           cp ../mvebu-cortexa9-fortinet_fg-50e.ini .config
           make defconfig
 
       - name: Building firmware
-        working-directory: openwrt
+        # working-directory: openwrt
         run: |
           set -eux
 
           cd .
-          time make --directory ./ -j $(($(nproc)+1)) clean
           time make --directory ./ -j $(($(nproc)+1)) download world
 
       - name: Archive artifacts
-        working-directory: openwrt/bin/targets/mvebu/cortexa9
+        working-directory: bin/targets/mvebu/cortexa9
         run: |
           set -eux
 

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,114 @@
+FROM ubuntu:22.04 as build-base
+
+ARG \
+    BUILD_USERNAME="builder" \
+    DEBIAN_FRONTEND="noninteractive" \
+    OPENWRT_VERSION="v23.05.2"
+
+LABEL version="0.0.1"
+LABEL description="A working container for building OpenWrt"
+LABEL repository="https://github.com/naa0yama/OpenWrt-FortiGate-50E-custom-image"
+
+#- -----------------------------------------------------------------------------
+#- - Base
+#- -----------------------------------------------------------------------------
+# Build system setup
+# Ref: https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem
+RUN set -eux \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends \
+    build-essential \
+    clang \
+    flex \
+    bison \
+    g++ \
+    gawk \
+    gcc-multilib \
+    g++-multilib \
+    gettext \
+    git \
+    libncurses-dev \
+    libssl-dev \
+    python3-distutils \
+    rsync \
+    unzip \
+    zlib1g-dev \
+    file \
+    wget \
+    ca-certificates \
+    libcurl4-openssl-dev \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Debug settings
+RUN set -eux \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends \
+    bash \
+    sudo \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && useradd -m "${BUILD_USERNAME}" \
+    && mkdir -p /etc/sudoers.d \
+    && echo "${BUILD_USERNAME} ALL=NOPASSWD: ALL" > "/etc/sudoers.d/${BUILD_USERNAME}"
+
+# Set git patching
+RUN set -eux \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    software-properties-common \
+    gpg-agent \
+    && add-apt-repository -y -u ppa:git-core/ppa \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends git \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && git --version --build-options
+
+# gitconfig global
+RUN set -eux \
+    && git config --global user.name "user" \
+    && git config --global user.email "user@example.com" \
+    && git config --global http.postBuffer 500M \
+    && git config --global https.postBuffer 500M
+
+USER ${BUILD_USERNAME}
+WORKDIR "/home/${BUILD_USERNAME}"
+
+
+#- -----------------------------------------------------------------------------
+#- - Preparing the source code
+#- -----------------------------------------------------------------------------
+# Build system usage
+# Ref: https://openwrt.org/docs/guide-developer/toolchain/use-buildsystem
+FROM build-base as runner
+
+# Download and update the sources
+RUN set -eux \
+    && git clone --verbose --progress --depth 1 --branch "${OPENWRT_VERSION}" \
+    https://github.com/openwrt/openwrt.git \
+    && cd openwrt
+
+# # # Update the feeds
+WORKDIR "/home/${BUILD_USERNAME}/openwrt"
+RUN set -eux \
+    && sed -i'' -e 's@git.openwrt.org/feed@github.com/openwrt@g' ./feeds.conf.default \
+    && sed -i'' -e 's@git.openwrt.org/project@github.com/openwrt@g' ./feeds.conf.default \
+    && cat ./feeds.conf.default \
+    && ./scripts/feeds update -a \
+    && ./scripts/feeds install -a
+
+#- -----------------------------------------------------------------------------
+#- - Runner
+#- -----------------------------------------------------------------------------
+FROM runner
+
+COPY --chown=${BUILD_USERNAME}:${BUILD_USERNAME} \
+    config/mvebu-cortexa9-fortinet_fg-50e.ini "/home/${BUILD_USERNAME}/openwrt/.config"
+RUN set -eux \
+    && make defconfig \
+    && make --directory ./ -j $(($(nproc)+1)) download world \
+    && rm -rf openwrt/bin/targets
diff --git a/README.md b/README.md
@@ -1,6 +1,12 @@
 # OpenWrt FortiGate 50E custom image
 OpenWrt custom image for Fortinet FortiGate 50E (FRRouting+VRF+veth+WireGuard)
 
+```bash
+mkdir -p dist
+time docker run --rm -it -u $(id -u):$(id -g) -v ./config:/config -v dist:/dist builder
+
+```
+
 ## Firmware settings
 
 **[Custom settings can be found in this file](mvebu-cortexa9-fortinet_fg-50e.ini)**

diff --git a/mvebu-cortexa9-fortinet_fg-50e.ini → config/mvebu-cortexa9-fortinet_fg-50e.ini b/mvebu-cortexa9-fortinet_fg-50e.ini → config/mvebu-cortexa9-fortinet_fg-50e.ini
@@ -133,6 +133,7 @@ CONFIG_PACKAGE_lua=y
 CONFIG_PACKAGE_luasocket=y
 CONFIG_PACKAGE_luci=y
 CONFIG_PACKAGE_luci-app-commands=y
+CONFIG_PACKAGE_luci-app-cloudflared=y
 CONFIG_PACKAGE_luci-app-firewall=y
 CONFIG_PACKAGE_luci-app-https-dns-proxy=y
 CONFIG_PACKAGE_luci-app-mwan3=y

diff --git a/dist/.gitkeep b/dist/.gitkeep
diff --git a/renovate.json b/renovate.json
@@ -8,5 +8,17 @@
   ],
   "pre-commit": {
     "enabled": true
-  }
+  },
+  "regexManagers": [
+    {
+      "fileMatch": [
+        "^Dockerfile$"
+      ],
+      "matchStrings": [
+        "ENV OPENWRT_VERSION=\"(?<currentValue>v\\d+\\.\\d+\\.\\d+)\"\n"
+      ],
+      "depNameTemplate": "openwrt/openwrt",
+      "datasourceTemplate": "github-releases"
+    }
+  ]
 }