Skip to content

Commit 3afa9e1

Browse files
AtomicFSAtomicFS
committed
feat(docker): store toolchains in separate repository
- we are constantly battling with not enough space in GitHub cache - so instead of cache we will use separate GitHub repository to store the coreboot toolchains - this also has the benefit that our self-hosted runners will not have to upload so much data all the time Signed-off-by: AtomicFS <[email protected]>
1 parent 23a6aed commit 3afa9e1

File tree

1 file changed

+60
-95
lines changed

1 file changed

+60
-95
lines changed

.github/workflows/docker-build-and-test.yml

+60-95
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,7 @@ jobs:
9797
ca-certificates \
9898
curl \
9999
git \
100+
git-lfs \
100101
jq \
101102
sudo \
102103
tzdata \
@@ -129,37 +130,40 @@ jobs:
129130
COREBOOT_HASH="$( git rev-parse --short HEAD )"
130131
echo "${COREBOOT_HASH}"
131132
echo "COREBOOT_HASH=${COREBOOT_HASH}" >> "${GITHUB_OUTPUT}"
132-
- name: Artefact and cache key
133+
134+
- name: Check if toolchain is stored in firmware-action-toolchains repo
135+
continue-on-error: true
136+
run: |
137+
# Check if the toolchain exists without downloading it
138+
wget --spider "https://raw.githubusercontent.com/9elements/firmware-action-toolchains/refs/heads/main/coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-xgcc.tar"
139+
touch .firmware-action-toolchains-exist
140+
- name: Check if toolchain exist
141+
id: toolchains-exist
142+
run: |
143+
if [ -f ".firmware-action-toolchains-exist" ]; then
144+
echo "toolchain is stored in firmware-action-toolchains repository, skipping rest of the job"
145+
echo "EXIST=true" >> "${GITHUB_OUTPUT}"
146+
else
147+
echo "toolchain is NOT stored in firmware-action-toolchains repository, will build it"
148+
echo "EXIST=false" >> "${GITHUB_OUTPUT}"
149+
fi
150+
151+
- name: Cache key
133152
id: cache-key
134153
run: |
135154
CACHE_KEY="coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}-${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}"
136155
echo "${CACHE_KEY}"
137156
echo "CACHE_KEY=${CACHE_KEY}" >> "${GITHUB_OUTPUT}"
138-
139157
- name: Restore cached toolchains
140158
id: cache-toolchains
141159
uses: actions/cache/restore@v4
142160
with:
143161
path: coreboot/util/crossgcc/xgcc
144162
key: ${{ steps.cache-key.outputs.CACHE_KEY }}-xgcc
145-
- name: Restore cached utils
146-
id: cache-utils
147-
uses: actions/cache/restore@v4
148-
with:
149-
path: /usr/local/bin
150-
key: ${{ steps.cache-key.outputs.CACHE_KEY }}-utils
151-
152-
- name: Debug list crossgcc
153-
if: steps.cache-toolchains.outputs.cache-hit == 'true'
154-
run: |
155-
ls -a1lh coreboot/util/crossgcc/xgcc
156-
- name: Debug list utils
157-
if: steps.cache-utils.outputs.cache-hit == 'true'
158-
run: |
159-
ls -a1lh /usr/local/bin
160163

161164
- name: Install dependencies if needed
162-
if: steps.cache-toolchains.outputs.cache-hit != 'true'
165+
# != 'true' because on miss the cache-hit is empty
166+
if: steps.toolchains-exist.outputs.EXIST == 'false' && steps.cache-toolchains.outputs.cache-hit != 'true'
163167
run: |
164168
apt-get install -y --no-install-recommends \
165169
acpica-tools \
@@ -185,69 +189,57 @@ jobs:
185189
uuid-dev \
186190
zlib1g-dev
187191
- name: Install dependencies if needed (amd64)
188-
if: matrix.arch == 'amd64' && steps.cache-toolchains.outputs.cache-hit != 'true'
192+
if: matrix.arch == 'amd64' && steps.toolchains-exist.outputs.EXIST == 'false' && steps.cache-toolchains.outputs.cache-hit != 'true'
189193
run: |
190194
apt-get install -y --no-install-recommends \
191195
iucode-tool
192196
193197
- name: Build coreboot toolchains
194-
if: steps.cache-toolchains.outputs.cache-hit != 'true'
198+
if: steps.toolchains-exist.outputs.EXIST == 'false' && steps.cache-toolchains.outputs.cache-hit != 'true'
195199
run: |
196200
cd coreboot
197201
make crossgcc CPUS="$(nproc)"
198-
- name: Build coreboot utils
199-
if: steps.cache-utils.outputs.cache-hit != 'true'
200-
run: |
201-
cd coreboot
202-
make -C util/ifdtool install
203-
make -C util/cbfstool install
204202
- name: Compress toolchain binaries
205203
# This step should shrink the size of single toolchain from 1.5 GB down to around 700 MB
206204
# I think it is save to compress all binaries except libraries, hence the '-wholename'
207-
if: steps.cache-toolchains.outputs.cache-hit != 'true'
205+
if: steps.toolchains-exist.outputs.EXIST == 'false' && steps.cache-toolchains.outputs.cache-hit != 'true'
208206
run: |
207+
PWD=$( pwd )
209208
cd coreboot/util/crossgcc/xgcc
210209
# shellcheck disable=SC2016
211210
find . -type f -wholename '*/bin/*' -exec bash -c 'upx-ucl -9 "$1"' shell {} \; || true
212211
212+
cd "${PWD}"
213+
# Tar toolchain to prevent permission loss
214+
# Docs: https://github.com/actions/upload-artifact?tab=readme-ov-file#permission-loss
215+
mv "coreboot/util/crossgcc/xgcc" "coreboot/util/crossgcc/${{ matrix.arch }}-xgcc"
216+
tar -cf "${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-xgcc.tar" "coreboot/util/crossgcc/${{ matrix.arch }}-xgcc"
217+
sha256sum "${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-xgcc.tar" > "${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-xgcc.tar.sha256"
218+
213219
# Store toolchains and utils in cache
214220
- name: Cache toolchains
215221
uses: actions/cache/save@v4
216-
if: steps.cache-toolchains.outputs.cache-hit != 'true'
222+
if: steps.toolchains-exist.outputs.EXIST == 'false' && steps.cache-toolchains.outputs.cache-hit != 'true'
217223
with:
218224
path: coreboot/util/crossgcc/xgcc
219225
key: ${{ steps.cache-key.outputs.CACHE_KEY }}-xgcc
220-
- name: Cache utils
221-
uses: actions/cache/save@v4
222-
if: steps.cache-utils.outputs.cache-hit != 'true'
223-
with:
224-
path: /usr/local/bin
225-
key: ${{ steps.cache-key.outputs.CACHE_KEY }}-utils
226226

227-
# Upload toolchains and utils as artifacts
228-
- name: Tar toolchain to prevent permission loss
229-
# Docs: https://github.com/actions/upload-artifact?tab=readme-ov-file#permission-loss
227+
- name: Commit the toolchain into firmware-action-toolchains repository
228+
if: steps.toolchains-exist.outputs.EXIST == 'false'
230229
run: |
231-
if [ ! -f "coreboot/util/crossgcc/xgcc-tar/${{ steps.cache-key.outputs.CACHE_KEY }}-xgcc.tar" ]; then
232-
mv coreboot/util/crossgcc/xgcc coreboot/util/crossgcc/${{ matrix.arch }}-xgcc
233-
tar -cf ${{ steps.cache-key.outputs.CACHE_KEY }}-xgcc.tar coreboot/util/crossgcc/${{ matrix.arch }}-xgcc
234-
fi
235-
- name: Upload toolchain
236-
uses: actions/[email protected]
237-
with:
238-
name: ${{ steps.cache-key.outputs.CACHE_KEY }}-xgcc
239-
path: ${{ steps.cache-key.outputs.CACHE_KEY }}-xgcc.tar
240-
retention-days: 30
241-
include-hidden-files: true
242-
compression-level: 9
243-
- name: Upload utils
244-
uses: actions/[email protected]
245-
with:
246-
name: ${{ steps.cache-key.outputs.CACHE_KEY }}-utils
247-
path: /usr/local/bin
248-
retention-days: 30
249-
include-hidden-files: true
250-
compression-level: 9
230+
# Clone repo without downloading LFS items
231+
GIT_LFS_SKIP_SMUDGE=1 git clone https://github.com/9elements/firmware-action-toolchains.git
232+
cd firmware-action-toolchains
233+
git branch "feat/${{ steps.version.outputs.COREBOOT_VERSION }}-${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}"
234+
mkdir -p "coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/"
235+
mv "../${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-xgcc.tar" "coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/"
236+
mv "../${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-xgcc.tar.sha256" "coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/"
237+
git lfs install
238+
git add .
239+
git commit -m "feat: add toolchain for coreboot ${{ steps.version.outputs.COREBOOT_VERSION }}"
240+
git push --set-upstream "feat/${{ steps.version.outputs.COREBOOT_VERSION }}-${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}"
241+
242+
251243
252244
#=========================
253245
# Build Docker containers
@@ -319,56 +311,33 @@ jobs:
319311
COREBOOT_HASH="$( git rev-parse --short HEAD )"
320312
echo "${COREBOOT_HASH}"
321313
echo "COREBOOT_HASH=${COREBOOT_HASH}" >> "${GITHUB_OUTPUT}"
322-
- name: Artefact and cache key
323-
id: cache-key
324-
if: startsWith(matrix.dockerfile, 'coreboot')
325-
run: |
326-
CACHE_KEY="coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}-${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}"
327-
echo "CACHE_KEY=${CACHE_KEY}"
328-
echo "CACHE_KEY=${CACHE_KEY}" >> "${GITHUB_OUTPUT}"
329314
330315
#=================================
331316
# Download artifacts for coreboot
332317
#=================================
333318

334-
- name: Download coreboot toolchains from current run (if possible)
335-
id: artifacts-toolchains-current
319+
- name: Download coreboot toolchains from firmware-action-toolchains repository
320+
id: firmware-action-toolchains
336321
if: startsWith(matrix.dockerfile, 'coreboot')
337-
uses: dawidd6/action-download-artifact@v6
338-
with:
339-
name: ${{ steps.cache-key.outputs.CACHE_KEY }}-.*
340-
name_is_regexp: true
341-
if_no_artifact_found: warn
342-
run_id: ${{ github.event.workflow_run.id }}
343-
# It is possible that current run did not produce any artifacts (to save bandwidth on self-hosted runners)
344-
# In which case we have to look for artifacts in older runs
345-
- name: Download coreboot toolchains from older run
346-
if: startsWith(matrix.dockerfile, 'coreboot') && steps.artifacts-toolchains-current.outputs.found_artifact != 'true'
347-
uses: dawidd6/action-download-artifact@v6
348-
with:
349-
name: ${{ steps.cache-key.outputs.CACHE_KEY }}-.*
350-
name_is_regexp: true
351-
search_artifacts: true
322+
continue-on-error: true
323+
run: |
324+
for arch in "amd64" "arm64"; do
325+
wget --continue --tries=3 "https://raw.githubusercontent.com/9elements/firmware-action-toolchains/refs/heads/main/coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${arch}-xgcc.tar";
326+
wget --continue --tries=3 "https://raw.githubusercontent.com/9elements/firmware-action-toolchains/refs/heads/main/coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${arch}-xgcc.tar.sha256";
327+
sha256sum -c "${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${arch}-xgcc.tar.sha256";
328+
done
352329
353330
- name: Prepare toolchains
354331
if: startsWith(matrix.dockerfile, 'coreboot')
355332
run: |
356333
mkdir -p docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}
357-
for f in ${{ steps.cache-key.outputs.CACHE_KEY }}-*-xgcc/*.tar; do
334+
for f in ${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-*-xgcc/*.tar; do
358335
ARCH=$( basename "${f}" | sed -E 's/coreboot\-[0-9\.]+\-[a-z0-9]+\-([a-z0-9]+)\-.*/\1/g' )
359336
echo "extracting ${f} -> ${{ steps.version.outputs.COREBOOT_VERSION }} / ${ARCH}"
360337
mkdir -p "${f}.dir/"
361338
tar -xf "${f}" -C "${f}.dir/"
362339
mv "${f}.dir/coreboot/util/crossgcc/${ARCH}-xgcc" "docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}/xgcc-${ARCH}"
363-
done
364-
- name: Prepare utils
365-
if: startsWith(matrix.dockerfile, 'coreboot')
366-
run: |
367-
for f in ${{ steps.cache-key.outputs.CACHE_KEY }}-*-utils; do
368-
ARCH=$( basename "${f}" | sed -E 's/coreboot\-[0-9\.]+\-[a-z0-9]+\-([a-z0-9]+)\-.*/\1/g' )
369-
echo "${f} -> ${{ steps.version.outputs.COREBOOT_VERSION }} / ${ARCH}"
370-
chmod +rx "${f}"/*
371-
mv "${f}" "docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}/utils-${ARCH}"
340+
rm -rf "${f}"
372341
done
373342
374343
- name: Debug list artifacts
@@ -383,10 +352,6 @@ jobs:
383352
if: startsWith(matrix.dockerfile, 'coreboot')
384353
run: |
385354
ls -a1lh docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}/xgcc-*/bin
386-
- name: Debug list utils (amd64)
387-
if: startsWith(matrix.dockerfile, 'coreboot')
388-
run: |
389-
ls -a1lh docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}/utils-*
390355
391356
#============================
392357
# Build the docker container

0 commit comments

Comments
 (0)