Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
b50d94f
feat: add package scripts for Debian and Alpine
edubart Jan 17, 2025
c4c076b
feat: bump emulator, rootfs and tools
edubart Apr 25, 2025
461ded2
feat: bump emulator (0.20.0), rootfs and tools (0.17.2)
endersonmaia Apr 14, 2026
6e1ab5d
feat(alpine): bump Alpine to 3.23, fix TARGET_ARCH for docker
endersonmaia Apr 15, 2026
51cfc31
feat: fix build for Alpine
endersonmaia Apr 15, 2026
0f2e1ba
feat(debian): stick to ubuntu:noble
endersonmaia Apr 15, 2026
4c9d942
docs: use cartesi.github.io/linux-packages
endersonmaia Apr 22, 2026
146853d
feat(debian): enable CI build with multiple architecture
endersonmaia Apr 14, 2026
e23ea7b
feat(debian): use docker/buid-push-action
endersonmaia Apr 15, 2026
e6c66c6
feat(debian): split sign step
endersonmaia Apr 16, 2026
ed5464f
feat(debian): enable cache in CI
endersonmaia Apr 16, 2026
55587f1
feat(debian): add packages-info target
endersonmaia Apr 16, 2026
1347933
feat(debian): add test step to CI
endersonmaia Apr 16, 2026
287acef
feat(debian): test works without signed packages
endersonmaia Apr 16, 2026
ea58bba
feat(debian): test works with select packages
endersonmaia Apr 16, 2026
ef2d04a
feat(debian): add sign job
endersonmaia Apr 16, 2026
90e6a6a
feat(debian): add publish job
endersonmaia Apr 17, 2026
587f266
feat(build): limit PACKAGES_ALLARCH build only for amd64
endersonmaia Apr 22, 2026
3ab10ee
feat(debian): update docs
endersonmaia Apr 27, 2026
3c8d2e8
ci(debian): add debian:trixie to test matrix
endersonmaia Apr 29, 2026
19addab
feat: persist cdn/apt in git lfs cdn branch
endersonmaia Apr 29, 2026
931fd38
feat(alpine): enable CI build with multiple architecture
endersonmaia Apr 15, 2026
78e3ffa
ci(debian): limit jobs to debian/ scope
endersonmaia May 13, 2026
ead20cd
feat(alpine): fetch cdn/ before sync, upload
endersonmaia May 20, 2026
910a0c8
chore(alpine): set e-mail address
endersonmaia May 27, 2026
a0d6795
feat: use cdn branch to avoid rebuilding
endersonmaia Jun 10, 2026
c9d1b04
feat: add remote repository to build scripts
endersonmaia Jun 10, 2026
9e6913d
feat: only test,sign if packages were built
endersonmaia Jun 10, 2026
06d14d2
feat: get CDN files before index and sign
endersonmaia Jun 10, 2026
2d1c18a
fix: .sh execution permissions
endersonmaia Jun 10, 2026
169c4b3
fix: avoid rm failing
endersonmaia Jun 11, 2026
055234c
refactor: builder images
endersonmaia Jun 11, 2026
8bca770
fix(alpine): inject KEY_NAME to setup-env.sh
endersonmaia Jun 12, 2026
cd14722
feat: improve reproducibility
endersonmaia Jun 19, 2026
68735ef
feat: add cartesi-rollups-node Debian and Alpine packages
endersonmaia Jun 9, 2026
0fec973
fix(alpine): download .apk from git LFS
endersonmaia Jun 19, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
275 changes: 275 additions & 0 deletions .github/workflows/alpine.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,275 @@
name: Alpine Packages
on:
push:
paths:
- ".github/workflows/alpine.yml"
- "alpine/**"

jobs:
alpine-build:
strategy:
fail-fast: false
matrix:
include:
- runner: ubuntu-24.04
arch: x86_64
docker_arch: amd64
- runner: ubuntu-24.04-arm
arch: aarch64
docker_arch: arm64
- runner: ubuntu-24.04-riscv
arch: riscv64
docker_arch: riscv64

runs-on: ${{ matrix.runner }}
name: Alpine Build
permissions:
packages: write
contents: read
steps:
- name: Checkout source code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: recursive

- name: Setup up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0

- name: Make builder container image
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
with:
context: alpine
file: alpine/Dockerfile
platforms: linux/${{ matrix.docker_arch }}
tags: cartesi/apk-builder-${{ matrix.docker_arch }}
load: true
push: false
cache-from: type=gha,scope=${{ matrix.docker_arch }}
cache-to: type=gha,scope=${{ matrix.docker_arch }},mode=max

- name: Generate disposable build keys
working-directory: alpine
run: make key KEY_NAME=disposable

- name: Restore published packages from cdn branch
continue-on-error: true
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: cdn
path: cdn
lfs: true
sparse-checkout: |
apk

- name: Build packages
working-directory: alpine
run: make packages TARGET_ARCH=${{ matrix.arch }} KEY_NAME=disposable

- name: Export builder container image
run: docker save cartesi/apk-builder-${{ matrix.docker_arch }} | gzip > /tmp/apk-builder-${{ matrix.docker_arch }}.tar.gz

- name: Upload builder container image
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: image-apk-builder-${{ matrix.docker_arch }}
path: /tmp/apk-builder-${{ matrix.docker_arch }}.tar.gz

- name: Upload artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: artifacts-apk-${{ matrix.arch }}
path: cdn/apk

alpine-check:
name: Alpine Check
runs-on: ubuntu-24.04
needs: alpine-build
outputs:
packages_built: ${{ steps.check.outputs.packages_built }}
steps:
- name: Download apk artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: artifacts-apk-*
path: cdn/apk/
merge-multiple: true
- name: Check for new packages
id: check
run: |
if find cdn/apk/stable -name '*.apk' -size +1000c | grep -q .; then
echo "packages_built=true" >> $GITHUB_OUTPUT
else
echo "packages_built=false" >> $GITHUB_OUTPUT
fi

alpine-test:
name: Alpine Test
runs-on: ubuntu-24.04
needs: [alpine-build, alpine-check]
if: needs.alpine-check.outputs.packages_built == 'true'
permissions:
packages: write
contents: read
steps:
- name: Checkout source code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: recursive

- name: Download apk artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: artifacts-apk-*
path: cdn/apk/
merge-multiple: true

- name: Download builder images
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: image-apk-builder-*
path: /tmp/images

- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0

- name: Import builder images
run: find /tmp/images -name '*.tar.gz' | xargs -I {} docker image load --input {}

- name: Test
working-directory: alpine
run: |
make test-packages TARGET_ARCH=x86_64 KEY_NAME=disposable
make test-packages TARGET_ARCH=aarch64 KEY_NAME=disposable
make test-packages TARGET_ARCH=riscv64 KEY_NAME=disposable

alpine-sign:
runs-on: ubuntu-24.04
name: Alpine Signing
needs: [alpine-build, alpine-test, alpine-check]
if: needs.alpine-check.outputs.packages_built == 'true'
#FIXME: uncomment when process is validated
#if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) && needs.alpine-check.outputs.packages_built == 'true'
environment: signing
steps:
- name: Checkout source code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: recursive

- name: Checkout cdn with LFS
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: cdn
path: cdn
lfs: true
sparse-checkout: |
apk

- name: Download apk artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: artifacts-apk-*
path: cdn/apk/
merge-multiple: true

- name: Download builder images
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
pattern: image-apk-builder-*
path: /tmp/images

- name: Import builder image
run: find /tmp/images -name '*.tar.gz' | xargs -I {} docker image load --input {}

- name: Import APK signing key
working-directory: alpine
env:
APK_KEY: ${{ secrets.APK_KEY }}
APK_PUB_KEY: ${{ vars.APK_PUB_KEY }}
run: |
mkdir -p key
chmod 700 key
echo "$APK_KEY" > key/cartesi-apk-key.rsa
echo "$APK_PUB_KEY" > key/cartesi-apk-key.rsa.pub
echo "PACKAGER_PRIVKEY=/root/.abuild/cartesi-apk-key.rsa" > key/abuild.conf

- name: Set up QEMU
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0

- name: Sign packages
working-directory: alpine
run: |
make re-sign TARGET_ARCH=x86_64 KEY_NAME=cartesi-apk-key
make re-sign TARGET_ARCH=aarch64 KEY_NAME=cartesi-apk-key
make re-sign TARGET_ARCH=riscv64 KEY_NAME=cartesi-apk-key

- name: Upload signed artifacts
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: signed-artifacts-apk
path: cdn/apk

publish:
name: Alpine Publish
needs: alpine-sign
#FIXME: uncomment when process is validated
#if: startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-24.04
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
permissions:
pages: write
id-token: write
contents: write
steps:
- name: Create RSA Public Key from variable
env:
APK_PUB_KEY: ${{ vars.APK_PUB_KEY }}
run: |
mkdir -p _site/apk/keys
echo "$APK_PUB_KEY" > _site/apk/keys/cartesi-apk-key.rsa.pub

- name: Checkout git persisted cdn/ artifacts
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: cdn
path: cdn
lfs: true
sparse-checkout: |
apk
apt

- name: Download signed archives
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: signed-artifacts-apk
path: _site/apk/

- name: List _site/ content
run: tree _site/

- name: Sync cdn/ and _site/
run: |
cp -vr --update=none cdn/* _site/
cp -vr --update=none _site/* cdn/
rm _site/apk/keys/disposable.rsa.pub || true

- name: Persist packages into git cdn
run: |
cd cdn/apk/
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add --sparse keys/ stable/
git diff --staged --quiet || git commit -m "Update cdn/apk ${{ github.ref_name }}"
git push origin cdn

- name: Setup Pages
uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v5.0.0

- name: Upload artifact
uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0

- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0
Loading
Loading