package-repo_mint: add pin to prevent install of "essential" mintsources #101
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-stick-image | |
| # this is a workflow file for building with github actions | |
| # unfortunately, the upload size limit is 2GiB currently | |
| # transfer.sh has limited the size as well : ( | |
| # so no use for the time being? | |
| # trigger building | |
| on: | |
| # when any release is tagged | |
| push: | |
| tags: | |
| - '*' | |
| # # every day at 23:42 UTC | |
| # schedule: | |
| # - cron: "42 23 * * *" | |
| jobs: | |
| summon: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: export git tag to variable | |
| run: | | |
| echo ::set-env name=TAG::${GITHUB_REF#refs/*/} | |
| echo ::set-env name=BUILD_VARIANT::${TAG%/*} | |
| - name: get some tools | |
| run: | | |
| sudo apt install speedometer iotop iftop fatrace ranger ncdu nmon tig | |
| # # this gives us live ssh debugging capability | |
| # - name: Setup tmate session | |
| # uses: mxschmitt/action-tmate@v2 | |
| - name: checkout the usb-live-linux repo | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: ${{env.TAG}} | |
| - name: set up build prerequisites (i.e. beat the ubuntu with a bent spoon) | |
| run: | | |
| # add debian repo, fetch keys and update apt database | |
| echo "deb http://ftp.debian.org/debian stable main" | sudo tee /etc/apt/sources.list.d/debian-stable.list | |
| sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138 DCC9EFBF77E11517 | |
| sudo apt update | |
| # give debian stable repo highest priority | |
| { | |
| echo "Package: *" | |
| echo "Pin: release a=stable, o=Debian" | |
| echo "Pin-Priority: 1110" | |
| } | sudo tee /etc/apt/preferences.d/debian-stable | |
| # log which packages actually have priority now | |
| apt-cache policy grub-efi-amd64-bin grub-efi-amd64-signed shim-helpers-amd64-signed shim-unsigned shim-signed:amd64 squashfs-tools | |
| # this was a workaround because ubuntu's shim-signed pkg's files clashed | |
| #sudo mkdir -pv /etc/dpkg/dpkg.cfg.d | |
| #echo "force-overwrite" | sudo tee /etc/dpkg/dpkg.cfg.d/force-overwrite | |
| # remove the ubuntu grub stuff before installing the debian pkgs | |
| sudo dpkg --remove shim-signed shim-helpers-amd64-signed shim-unsigned shim-signed:amd64 | |
| # get all the grub packages from debian | |
| time sudo apt --allow-downgrades --verbose-versions install debootstrap rsync pandoc debian-archive-keyring lbzip2 python3-pip grub-pc-bin grub-efi-amd64-bin grub-efi-amd64-signed grub-efi-ia32-bin shim-signed grub-rescue-pc syslinux-common parted fatattr dosfstools f2fs-tools libcdio-utils dialog ccze | |
| # install a mksquashfs with zstd capability | |
| wget http://archive.ubuntu.com/ubuntu/pool/main/s/squashfs-tools/squashfs-tools_4.4-1_amd64.deb | |
| sudo dpkg -i *.deb | |
| # get the fresh live-build magic | |
| git clone https://salsa.debian.org/live-team/live-build.git | |
| cd live-build | |
| # modify build script to unlock zstd mksquashfs power | |
| sed -i 's/comp xz/comp zstd/' scripts/build/binary_rootfs | |
| # install live-build | |
| sudo make install | |
| - name: nuke free some storage space in the github action container | |
| run: | | |
| sudo swapoff /swapfile && sudo rm /swapfile | |
| sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc | |
| df -h $(pwd) /mnt | |
| # - name: cache the packages | |
| # id: cache-packages | |
| # uses: actions/cache@v1 | |
| # with: | |
| # path: cache | |
| # key: ${{ runner.os }}.packages.cache | |
| - name: build ISO | |
| run: | | |
| sudo bash -x scripts/build-live-iso ${{env.BUILD_VARIANT}} | |
| echo ::set-env name=ISO::$(cd iso-images; command ls -tr *.iso|tail -n 1) | |
| echo ::set-env name=BUILDLOG::$(command ls build*.log) | |
| df -h $(pwd) /mnt | |
| - name: store build log as job artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: build.log | |
| path: ${{env.BUILDLOG}} | |
| # # FIXME: upload size limit 2GiB! | |
| # - name: upload release ISO to GH release | |
| # uses: ncipollo/release-action@v1 | |
| # with: | |
| # artifacts: iso-images/${{env.ISO}} | |
| # token: ${{ secrets.GITHUB_TOKEN }} | |
| # draft: true | |
| # #name: '' | |
| # prerelease: true | |
| # allowUpdates: true | |
| # - name: fake ISO, for debugging IMG creation | |
| # run: | | |
| # mkdir -pv iso-images | |
| # echo foo > iso-images/foo.iso | |
| # cp -av /usr/lib/grub-rescue/grub-rescue-cdrom.iso iso-images/foo.iso | |
| # echo ::set-env name=ISO::$(cd iso-images; command ls -tr *.iso|tail -n 1) | |
| # df -h $(pwd) /mnt | |
| # - name: store ISO as job artifact | |
| # uses: actions/upload-artifact@v1 | |
| # with: | |
| # name: ${{env.ISO}} | |
| # path: iso-images/${{env.ISO}} | |
| - name: glue up the final live stick IMG | |
| run: | | |
| # this should produce a special crafted USB stick image in /mnt | |
| sudo bash -x scripts/create-stick-image.sh iso-images/${{env.ISO}} "/mnt" | |
| # get the image name | |
| IMG=$(cd /mnt; command ls -tr *.img|tail -n 1) | |
| # also, export the file name to job env | |
| echo ::set-env name=IMG::$(cd /mnt; command ls -tr *.img|tail -n 1) | |
| # we want more space for shunting | |
| [ ! -d chroot ] || sudo rm -rf chroot | |
| # now multi-core bz2 the image to create the release product | |
| sudo time lbzip2 --verbose --stdout < /mnt/${IMG} > ${IMG}.bz2 | |
| # generate checksum | |
| sha256sum ${IMG}.bz2 > ${IMG}.bz2.sha256sum | |
| # log result and free space | |
| ls -lah . /mnt | |
| df -h $(pwd) /mnt | |
| # - name: store IMG as job artifact | |
| # uses: actions/upload-artifact@v1 | |
| # with: | |
| # name: ${{env.IMG}} | |
| # path: /mnt/${{env.IMG}} | |
| # # FIXME: upload size limit 2GiB! | |
| # - name: upload release IMG to GH release | |
| # uses: ncipollo/release-action@v1 | |
| # with: | |
| # artifacts: ${{env.IMG}}.gz | |
| # token: ${{ secrets.GITHUB_TOKEN }} | |
| # draft: true | |
| # #name: '' | |
| # prerelease: true | |
| # allowUpdates: true | |
| # # transfer.sh says: Due to abuse we've limited max upload size. Thank the pirates! | |
| # - name: try uploading release IMG to transfer.sh | |
| # run: | | |
| # curl --verbose --upload-file ${{env.IMG}}.gz https://transfer.sh/${{env.IMG}}.gz|tee IMG.url | |
| # - name: store transfer.sh URL as job artifact | |
| # uses: actions/upload-artifact@v1 | |
| # with: | |
| # name: IMG.url | |
| # path: IMG.url |