Ci1 - In progress - test and updates to be done

[liviutomoiaga]

PR Description

This PR adds CI workflows and scripts for preparing and deploying Linux build artifacts to Cloudsmith:

• RPI Artifacts: New workflow and script to prepare Raspberry Pi boot files and kernel modules (32-bit and 64-bit), package them as tar.gz
  archives, and upload to Cloudsmith
• SDG Linux Artifacts: New workflow and scripts to prepare SDG Linux artifacts (ARM, ARM64, Microblaze) with proper directory structure,
  kernel images, DTBs, and git metadata
• Upload to Cloudsmith: Enhanced to support input variable for Cloudsmith repository

PR Type

• Bug fix (a change that fixes an issue)
• New feature (a change that adds new functionality)
• Breaking change (a change that affects other repos or cause CIs to fail)

PR Checklist

• I have conducted a self-review of my own code changes
• I have compiled my changes, including the documentation
• I have tested the changes on the relevant hardware
• I have updated the documentation outside this repo accordingly
• I have provided links for the relevant upstream lore

[liviutomoiaga]

Some tests are still running, but the implementation and the code can be reviewed

[gastmaier]

Will look more in depth later.
but take a look at
https://github.com/analogdevicesinc/linux-security-vulns/blob/ci/.github/workflows/check-artifact.yml#L70-L78

I use the same ci/download_artifacts.sh to get the artifacts I need and manipulate to my wish -> check cve
my wish could be gen a boot partition at adi-kuiper-gen

[gastmaier]

this changes the default for /linux from 12 chars to the full 40 chars.
I was considering to default to 40 chars, maybe we can merge and see where it breaks

[gastmaier]

this is mostly
https://github.com/analogdevicesinc/linux/blob/ci/ci/download_artifacts.sh
no?
Why not source download_artifacts.sh and just use another 'main' method (if any change required)

[liviutomoiaga]

Why I had the feeling that this implementation was only on ci_adapter branch🤔 ? My mistake in this case.

Still, I would suggest to keep the logic apart since the name of the script is download_artifacts.sh and it's not really intuitive from this pov ( just a personal opinion. PS: I think I can come with a better name😅 )

[gastmaier]

This is kuiper-linux boot partition logic no? why can't adi-kuiper-gen do this step on their end?

[liviutomoiaga]

I do not think so. This script mimics the logic from this one and I'm not sure if it can be added as an end step on adi-kuiper-gen, since the flow needs the artifacts from linux-rpi build. Maybe I'm missing something here, but this is my understanding so far

[gastmaier]

Also looks like adi-kuiper-gen logic

[gastmaier]

Also adi-kuiper-gen logic
here we are saying how to boot, beyond dtb_name it is identical to the end of times.

[gastmaier]

Feels duplicated... all because of the kuiper logic...

[gastmaier]

ubuntu-slim is more suitable, only fast internet is needed

[gastmaier]

No need to checkout, you don't use anything from the linux git tree at this job

[gastmaier]

Hi @liviutomoiaga did you have the opportunity to go through my review?

[gastmaier]

some more comments

[gastmaier]

Suggested change

	contents: write
	contents: read

[gastmaier]

Suggested change

	contents: write
	contents: read

[gastmaier]

Suggested change

- uses: analogdevicesinc/doctools/checkout@action

No need to checkout, you get the files that you need on line 59

[gastmaier]

Suggested change

	echo "ERROR: Script download failed or invalid content"
	echo "::error ::deploy-rpi-artifacts: Script download failed or invalid content."

I have been using gh-annotation to surface errors to the summary view of the run
https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-commands

[liviutomoiaga]

Nice tip 👀

[gastmaier]

see https://github.com/analogdevicesinc/linux/blob/ci-adapter/.github/workflows/expand-to-cloudsmith.yml

why not unify 'xlnx' and 'rpi' in to single .yml and .sh scripts, and 'activate' the differences based on the ${{ github.ref }} value?

We destroying the kernel modules is a mistake on the 'xlnx' path is a mistake, unifying them allows to better compare the difference and mitigate the historical shortcomings.

[gastmaier]

github semantic are lower case, dash separated for inputs, e.g., cloudsmith-repo

[gastmaier]

Suggested change

	if [[ -n "${{ inputs.PR_NUMBER }}" ]]; then
	export GIT_SHA="${{ github.event.pull_request.head.sha }}"
	else
	export GIT_SHA="${{ github.sha }}"
	fi
	GIT_SHA="${{ github.event.pull_request.head.sha || github.sha }}"

[gastmaier]

There is mixing inputs with the github.context.
that is problematic

Suggested change

	VERSION_PATH="linux/PRs/${{ inputs.PR_TARGET_BRANCH }}/pr_${{ inputs.PR_NUMBER }}"
	pr=${{ github.ref }} # refs/pull/<pr_number>/merge
	pr="${ref#refs/pull/}"
	pr="${pr%/merge}"
	VERSION_PATH="linux/PRs/${{ github.base_ref }}/pr_${pr}"

Tip: use github search to look for usage examples/inspiration:
https://github.com/search?q=path%3A.github%2Fworkflows+github.base_ref&type=code

[liviutomoiaga]

Many thanks for the tip - that's really useful

[gastmaier]

Suggested change

	MERGE_COMMIT_SHA=$(git rev-parse --short HEAD)
	export GIT_SHA_DATE=$(git show -s --format=%cd --date=format:'%Y-%m-%d %H:%M' ${MERGE_COMMIT_SHA} | sed -e "s/ \|\:/-/g")
	export GIT_SHA_DATE=$(git show -s --format=%cd --date=format:'%Y-%m-%d %H:%M' ${GIT_SHA} | sed -e "s/ \|\:/-/g")

In the previous line you said # Get git SHA (PR source commit or build commit) but then now you are considering only the MERGE_COMMIT_SHA case, but actually looking at head.

[gastmaier]

${{ github.head_ref }}

[gastmaier]

${{ github.ref_name }}: For pull requests that were not merged, the format is <pr_number>/merge.
https://docs.github.com/en/actions/reference/workflows-and-actions/variables

[gastmaier]

Is this supposed for pull_request|push events, or workflow_dispatch too? This defines if you need the inputs. Or is better of using the gihtub context directly (most likely).

[bia1708]

typo for "artifact"

[bia1708]

can't we do cloud-hosted? Afaik you should be able to upload to cloudsmith from the cloud runners as well

[bia1708]

some comments would be nice

[bia1708]

ideally, these files should be committed as executable (git update-index --chmod=+x script.sh)

[bia1708]

you should keep the same style across the script, curly bracket should be on L82

[bia1708]

maybe let's not use default for branch names

[bia1708]

this is a bit of overengineering for things that will mostly stay static, e.g. org_repo would always be analogdevicesinc, right? And the ref should always be ci?

[bia1708]

test if these sources are really needed (you already sourced them on L147)

[bia1708]

extra newline

[bia1708]

Maybe these can be replaced with regexes?

[liviutomoiaga]

Is this supposed for pull_request|push events, or workflow_dispatch too? This defines if you need the inputs. Or is better of using the gihtub context directly (most likely).

I was thinking to have the the following code block implemented in the top-level.yml from main branch. That's why I've added the inputs. Indeed, I'm not sure If I set the PR parameters by default in the deploy-sdg-linux-artifacts.yml will grab the needed values. I have to check that.

[liviutomoiaga]

Hi @liviutomoiaga did you have the opportunity to go through my review?

Hi @gastmaier I'm looking through it. There are some nice suggestions from your side and from @bia1708 that I would like to test. I'll set this PR to Draft for the moment.