openwrt/.github/workflows/build.yml

name: Build sub target

on:
  workflow_call:
    secrets:
      coverity_api_token:
    inputs:
      target:
        required: true
        type: string
      testing:
        type: boolean
      build_toolchain:
        type: boolean
      include_feeds:
        type: boolean
      build_full:
        type: boolean
      build_kernel:
        type: boolean
      build_all_modules:
        type: boolean
      build_all_kmods:
        type: boolean
      build_all_boards:
        type: boolean
      use_openwrt_container:
        type: boolean
        default: true
      coverity_project_name:
        type: string
        default: OpenWrt
      coverity_check_packages:
        type: string
      coverity_compiler_template_list:
        type: string
        default: >-
          arm-openwrt-linux-gcc
      coverity_force_compile_packages:
        type: string
        default: >-
          curl
          libnl
          mbedtls
          wolfssl
          openssl

permissions:
  contents: read

jobs:
  setup_build:
    name: Setup build ${{ inputs.target }}
    runs-on: ubuntu-latest
    outputs:
      owner_lc: ${{ steps.lower_owner.outputs.owner_lc }}
      ccache_hash: ${{ steps.ccache_hash.outputs.ccache_hash }}
      container_tag: ${{ steps.determine_tools_container.outputs.container_tag }}

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Set lower case owner name
        id: lower_owner
        run: |
          OWNER_LC=$(echo "${{ github.repository_owner }}" \
            | tr '[:upper:]' '[:lower:]')

          if [ ${{ inputs.use_openwrt_container }} == "true" ]; then
            OWNER_LC=openwrt
          fi

          echo "owner_lc=$OWNER_LC" >> $GITHUB_OUTPUT

      - name: Generate ccache hash
        id: ccache_hash
        run: |
          CCACHE_HASH=$(md5sum include/kernel-* | awk '{ print $1 }' \
           | md5sum | awk '{ print $1 }')
          echo "ccache_hash=$CCACHE_HASH" >> $GITHUB_OUTPUT

      # Per branch tools container tag
      # By default stick to latest
      # For official test targetting openwrt stable branch
      # Get the branch or parse the tag and push dedicated tools containers
      # For local test to use the correct container for stable release testing
      # you need to use for the branch name a prefix of openwrt-[0-9][0-9].[0-9][0-9]-
      - name: Determine tools container tag
        id: determine_tools_container
        run: |
          CONTAINER_TAG=latest
          if [ -n "${{ github.base_ref }}" ]; then
            if echo "${{ github.base_ref }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]$'; then
              CONTAINER_TAG="${{ github.base_ref }}"
            fi
          elif [ ${{ github.ref_type }} == "branch" ]; then
            if echo "${{ github.ref_name }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]$'; then
              CONTAINER_TAG=${{ github.ref_name }}
            elif echo "${{ github.ref_name }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]-'; then
              CONTAINER_TAG="$(echo ${{ github.ref_name }} | sed 's/^\(openwrt-[0-9][0-9]\.[0-9][0-9]\)-.*/\1/')"
            fi
          elif [ ${{ github.ref_type }} == "tag" ]; then
            if echo "${{ github.ref_name }}" | grep -q -E '^v[0-9][0-9]\.[0-9][0-9]\..+'; then
              CONTAINER_TAG=openwrt-"$(echo ${{ github.ref_name }} | sed 's/^v\([0-9][0-9]\.[0-9][0-9]\)\..\+/\1/')"
            fi
          fi
          echo "Tools container to use tools:$CONTAINER_TAG"
          echo "container_tag=$CONTAINER_TAG" >> $GITHUB_OUTPUT

  build:
    name: Build ${{ inputs.target }}
    needs: setup_build
    runs-on: ubuntu-latest

    container: ghcr.io/${{ needs.setup_build.outputs.owner_lc }}/tools:${{ needs.setup_build.outputs.container_tag }}

    permissions:
      contents: read
      packages: read

    steps:
      - name: Checkout master directory
        uses: actions/checkout@v3
        with:
          path: openwrt

      - name: Checkout packages feed
        if: inputs.include_feeds == true
        uses: actions/checkout@v3
        with:
          repository: openwrt/packages
          path: openwrt/feeds/packages

      - name: Checkout luci feed
        if: inputs.include_feeds == true
        uses: actions/checkout@v3
        with:
          repository: openwrt/luci
          path: openwrt/feeds/luci

      - name: Checkout routing feed
        if: inputs.include_feeds == true
        uses: actions/checkout@v3
        with:
          repository: openwrt/routing
          path: openwrt/feeds/routing

      - name: Checkout telephony feed
        if: inputs.include_feeds == true
        uses: actions/checkout@v3
        with:
          repository: openwrt/telephony
          path: openwrt/feeds/telephony

      - name: Fix permission
        run: |
          chown -R buildbot:buildbot openwrt

      - name: Initialization environment
        run: |
          TARGET=$(echo ${{ inputs.target }} | cut -d "/" -f 1)
          SUBTARGET=$(echo ${{ inputs.target }} | cut -d "/" -f 2)
          echo "TARGET=$TARGET" >> "$GITHUB_ENV"
          echo "SUBTARGET=$SUBTARGET" >> "$GITHUB_ENV"

      - name: Prepare prebuilt tools
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          mkdir -p staging_dir build_dir
          ln -s /prebuilt_tools/staging_dir/host staging_dir/host
          ln -s /prebuilt_tools/build_dir/host build_dir/host

          ./scripts/ext-tools.sh --refresh

      - name: Update & Install feeds
        if: inputs.include_feeds == true
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          ./scripts/feeds update -a
          ./scripts/feeds install -a

      - name: Parse toolchain file
        if: inputs.build_toolchain == false
        id: parse-toolchain
        working-directory: openwrt
        run: |
          TOOLCHAIN_PATH=snapshots

          if [ -n "${{ github.base_ref }}" ]; then
            if echo "${{ github.base_ref }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]$'; then
              major_ver="$(echo ${{ github.base_ref }} | sed 's/^openwrt-/v/')"
            fi
          elif [ "${{ github.ref_type }}" = "branch" ]; then
            if echo "${{ github.ref_name }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]$'; then
              major_ver="$(echo ${{ github.ref_name }} | sed 's/^openwrt-/v/')"
            elif echo "${{ github.ref_name }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]-'; then
              major_ver="$(echo ${{ github.ref_name }} | sed 's/^openwrt-\([0-9][0-9]\.[0-9][0-9]\)-.*/v\1/')"
            fi
          elif [ "${{ github.ref_type }}" = "tag" ]; then
            if echo "${{ github.ref_name }}" | grep -q -E '^v[0-9][0-9]\.[0-9][0-9]\..+'; then
              major_ver="$(echo ${{ github.ref_name }} | sed 's/^\(v[0-9][0-9]\.[0-9][0-9]\)\..\+/\1/')"
            fi
          fi

          if [ -n "$major_ver" ]; then
            git fetch --tags -f
            latest_tag="$(git tag --sort=-creatordate -l $major_ver* | head -n1)"
            if [ -n "$latest_tag" ]; then
              TOOLCHAIN_PATH=releases/$(echo $latest_tag | sed 's/^v//')
            fi
          fi

          SUMS_FILE="https://downloads.cdn.openwrt.org/$TOOLCHAIN_PATH/targets/${{ env.TARGET }}/${{ env.SUBTARGET }}/sha256sums"
          if curl $SUMS_FILE | grep -q ".*openwrt-toolchain.*tar.xz"; then
            TOOLCHAIN_STRING="$( curl $SUMS_FILE | grep ".*openwrt-toolchain.*tar.xz")"
            TOOLCHAIN_FILE=$(echo "$TOOLCHAIN_STRING" | sed -n -e 's/.*\(openwrt-toolchain.*\).tar.xz/\1/p')
            
            echo "toolchain-type=external_toolchain" >> $GITHUB_OUTPUT
          elif curl $SUMS_FILE | grep -q ".*openwrt-sdk.*tar.xz"; then
            TOOLCHAIN_STRING="$( curl $SUMS_FILE | grep ".*openwrt-sdk.*tar.xz")"
            TOOLCHAIN_FILE=$(echo "$TOOLCHAIN_STRING" | sed -n -e 's/.*\(openwrt-sdk.*\).tar.xz/\1/p')

            echo "toolchain-type=external_sdk" >> $GITHUB_OUTPUT
          else
            echo "toolchain-type=internal" >> $GITHUB_OUTPUT
          fi

          echo "TOOLCHAIN_FILE=$TOOLCHAIN_FILE" >> "$GITHUB_ENV"
          echo "TOOLCHAIN_PATH=$TOOLCHAIN_PATH" >> "$GITHUB_ENV"

      - name: Cache ccache
        uses: actions/cache@v3
        with:
          path: openwrt/.ccache
          key: ccache-kernel-${{ env.TARGET }}/${{ env.SUBTARGET }}-${{ needs.setup_build.outputs.ccache_hash }}
          restore-keys: |
            ccache-kernel-${{ env.TARGET }}/${{ env.SUBTARGET }}-

      - name: Download external toolchain/sdk
        if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type != 'internal'
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          wget -O - https://downloads.cdn.openwrt.org/${{ env.TOOLCHAIN_PATH }}/targets/${{ env.TARGET }}/${{ env.SUBTARGET }}/${{ env.TOOLCHAIN_FILE }}.tar.xz \
            | tar --xz -xf -

      - name: Configure testing kernel
        if: inputs.testing == true
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          echo CONFIG_TESTING_KERNEL=y >> .config

      - name: Configure all kernel modules
        if: inputs.build_all_kmods == true
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          echo CONFIG_ALL_KMODS=y >> .config

      - name: Configure all modules
        if: inputs.build_all_modules == true
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          echo CONFIG_ALL=y >> .config

      - name: Configure all boards
        if: inputs.build_all_boards == true
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          echo CONFIG_TARGET_MULTI_PROFILE=y >> .config
          echo CONFIG_TARGET_PER_DEVICE_ROOTFS=y >> .config
          echo CONFIG_TARGET_ALL_PROFILES=y >> .config

      - name: Configure external toolchain
        if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type == 'external_toolchain'
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          echo CONFIG_DEVEL=y >> .config
          echo CONFIG_AUTOREMOVE=y >> .config
          echo CONFIG_CCACHE=y >> .config

          ./scripts/ext-toolchain.sh \
            --toolchain ${{ env.TOOLCHAIN_FILE }}/toolchain-* \
            --overwrite-config \
            --config ${{ env.TARGET }}/${{ env.SUBTARGET }}

      - name: Adapt external sdk to external toolchain format
        if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type == 'external_sdk'
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          TOOLCHAIN_DIR=${{ env.TOOLCHAIN_FILE }}/staging_dir/$(ls ${{ env.TOOLCHAIN_FILE }}/staging_dir | grep toolchain)
          TOOLCHAIN_BIN=$TOOLCHAIN_DIR/bin
          OPENWRT_DIR=$(pwd)

          # Find target name from toolchain info.mk
          GNU_TARGET_NAME=$(cat $TOOLCHAIN_DIR/info.mk | grep TARGET_CROSS | sed 's/^TARGET_CROSS=\(.*\)-$/\1/')

          cd $TOOLCHAIN_BIN

          # Revert sdk wrapper scripts applied to all the bins
          for app in $(find . -name "*.bin"); do
            TARGET_APP=$(echo $app | sed 's/\.\/\.\(.*\)\.bin/\1/')
            rm $TARGET_APP
            mv .$TARGET_APP.bin $TARGET_APP
          done

          # Setup the wrapper script in the sdk toolchain dir simulating an external toolchain build
          cp $OPENWRT_DIR/target/toolchain/files/wrapper.sh $GNU_TARGET_NAME-wrapper.sh
          for app in cc gcc g++ c++ cpp ld as ; do
            [ -f $GNU_TARGET_NAME-$app ] && mv $GNU_TARGET_NAME-$app $GNU_TARGET_NAME-$app.bin
            ln -sf $GNU_TARGET_NAME-wrapper.sh $GNU_TARGET_NAME-$app
          done

      - name: Configure external toolchain with sdk
        if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type == 'external_sdk'
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          echo CONFIG_DEVEL=y >> .config
          echo CONFIG_AUTOREMOVE=y >> .config
          echo CONFIG_CCACHE=y >> .config

          ./scripts/ext-toolchain.sh \
            --toolchain ${{ env.TOOLCHAIN_FILE }}/staging_dir/toolchain-* \
            --overwrite-config \
            --config ${{ env.TARGET }}/${{ env.SUBTARGET }}

      - name: Configure internal toolchain
        if: inputs.build_toolchain == true || steps.parse-toolchain.outputs.toolchain-type == 'internal'
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          echo CONFIG_DEVEL=y >> .config
          echo CONFIG_AUTOREMOVE=y >> .config
          echo CONFIG_CCACHE=y >> .config

          echo "CONFIG_TARGET_${{ env.TARGET }}=y" >> .config
          echo "CONFIG_TARGET_${{ env.TARGET }}_${{ env.SUBTARGET }}=y" >> .config

          make defconfig

      - name: Show configuration
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: ./scripts/diffconfig.sh

      - name: Build tools
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: make tools/install -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh

      - name: Build toolchain
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: make toolchain/install -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh

      - name: Build Kernel
        if: inputs.build_kernel == true
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: make target/compile -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh

      - name: Build Kernel Kmods
        if: inputs.build_kernel == true
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: make package/linux/compile -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh

      - name: Build everything
        if: inputs.build_full == true
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: make -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh

      - name: Coverity prepare toolchain
        if: inputs.coverity_check_packages != ''
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          wget -q https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.coverity_api_token }}&project=${{ inputs.coverity_project_name }}" -O coverity.tar.gz
          wget -q https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.coverity_api_token }}&project=${{ inputs.coverity_project_name }}&md5=1" -O coverity.tar.gz.md5
          echo ' coverity.tar.gz' >> coverity.tar.gz.md5
          md5sum -c coverity.tar.gz.md5

          mkdir cov-analysis-linux64
          tar xzf coverity.tar.gz --strip 1 -C cov-analysis-linux64
          export PATH=$(pwd)/cov-analysis-linux64/bin:$PATH

          for template in ${{ inputs.coverity_compiler_template_list }}; do
            cov-configure --template --comptype gcc --compiler "$template"
          done

      - name: Clean and recompile packages with Coverity toolchain
        if: inputs.coverity_check_packages != ''
        shell: su buildbot -c "bash {0}"
        working-directory: openwrt
        run: |
          set -o pipefail -o errexit

          coverity_check_packages=(${{ inputs.coverity_check_packages }})
          printf -v clean_packages "package/%s/clean " "${coverity_check_packages[@]}"
          make -j$(nproc) BUILD_LOG=1 $clean_packages || ret=$? .github/workflows/scripts/show_build_failures.sh

          coverity_force_compile_packages=(${{ inputs.coverity_force_compile_packages }})
          printf -v force_compile_packages "package/%s/compile " "${coverity_force_compile_packages[@]}"
          make -j$(nproc) BUILD_LOG=1 $force_compile_packages || ret=$? .github/workflows/scripts/show_build_failures.sh

          printf -v compile_packages "package/%s/compile " "${coverity_check_packages[@]}"
          export PATH=$(pwd)/cov-analysis-linux64/bin:$PATH
          cov-build --dir cov-int make -j $(nproc) BUILD_LOG=1 $compile_packages || ret=$? .github/workflows/scripts/show_build_failures.sh

      - name: Upload build to Coverity for analysis
        if: inputs.coverity_check_packages != ''
        shell: su buildbot -c "sh -e {0}"
        working-directory: openwrt
        run: |
          tar czf cov-int.tar.gz ./cov-int
          curl \
            --form token="${{ secrets.coverity_api_token }}" \
            --form email="[email protected]" \
            --form [email protected] \
            --form version="${{ github.ref_name }}-${{ github.sha }}" \
            --form description="OpenWrt ${{ github.ref_name }}-${{ github.sha }}" \
            "https://scan.coverity.com/builds?project=${{ inputs.coverity_project_name }}"

      - name: Upload logs
        if: failure()
        uses: actions/upload-artifact@v3
        with:
          name: ${{ env.TARGET }}-${{ env.SUBTARGET }}-logs
          path: "openwrt/logs"