Skip to content
mkosi

GHA: unset SUDO env vars when calling mkosi build #390

Sign in to view logs

GHA: unset SUDO env vars when calling mkosi build

GHA: unset SUDO env vars when calling mkosi build #390

Workflow file for this run

.github/workflows/mkosi.yml at f52965d
---
# vi: ts=2 sw=2 et:
# SPDX-License-Identifier: LGPL-2.1-or-later
# Simple boot tests that build and boot the mkosi images generated by the mkosi config files in mkosi.default.d/.
name: mkosi
on:
push:
branches:
- main
- v[0-9]+-stable
paths:
- '**'
- '!README*'
- '!LICENSE*'
- '!LICENSES/**'
- '!TODO'
- '!docs/**'
- '!man/**'
- '!catalog/**'
- '!shell-completion/**'
- '!po/**'
- '!.**'
- '.github/**'
pull_request:
branches:
- main
- v[0-9]+-stable
paths:
- '**'
- '!README*'
- '!LICENSE*'
- '!LICENSES/**'
- '!TODO'
- '!docs/**'
- '!man/**'
- '!catalog/**'
- '!shell-completion/**'
- '!po/**'
- '!.**'
- '.github/**'
permissions:
contents: read
env:
# Enable debug logging in systemd, but keep udev's log level to info,
# since it's _very_ verbose in the QEMU task
# Disable the ISC DHCP servers, as they are failing in Ubuntu
KERNEL_CMDLINE: "systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console systemd.mask=isc-dhcp-server6.service systemd.mask=isc-dhcp-server.service"
jobs:
ci:
runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ matrix.distro }}-${{ matrix.release }}-${{ github.ref }}
cancel-in-progress: true
strategy:
fail-fast: false
matrix:
include:
- distro: arch
release: rolling
- distro: debian
release: testing
- distro: ubuntu
release: jammy
- distro: fedora
release: "37"
- distro: fedora
release: rawhide
- distro: opensuse
release: tumbleweed
- distro: centos
release: "9"
steps:
- name: mkosi dependencies
run: sudo apt-get install --assume-yes --no-install-recommends python3-pyelftools makepkg
- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
- uses: systemd/mkosi@4be912b0fa4931403fddf649aa242cd4406471c4
- name: Configure
run: |
tee mkosi.default <<- EOF
[Distribution]
Distribution=${{ matrix.distro }}
Release=${{ matrix.release }}
SecureBoot=yes
[Content]
Environment=CI_BUILD=1
[Output]
KernelCommandLine=${{ env.KERNEL_CMDLINE }}
[Host]
# Sometimes we run on a host with /dev/kvm, but it is broken, so explicitly disable it
QemuKvm=no
EOF
# TODO: Remove once archlinux-keyring is updated in ppa:michel-slm/kernel-utils.
tee mkosi.conf.d/arch/11-arch-keyring.conf <<- EOF
[Distribution]
Distribution=arch
RepositoryKeyCheck=no
EOF
mkdir -p mkosi.repart/
tee mkosi.repart/00-esp.conf <<- EOF
[Partition]
Type=esp
Format=vfat
CopyFiles=/boot:/
SizeMinBytes=512M
SizeMaxBytes=512M
EOF
tee mkosi.repart/10-root.conf <<- EOF
[Partition]
Type=root
Format=ext4
CopyFiles=/
Minimize=guess
EOF
sudo ln -svf "$(dirname "$(readlink /usr/bin/bootctl)")/systemd-keyutil" /usr/lib/systemd/systemd-keyutil
/usr/lib/systemd/systemd-keyutil --version
- name: Generate secure boot key
run: sudo mkosi genkey
- name: Build ${{ matrix.distro }}
run: sudo env -u SUDO_USER -u SUDO_UID -u SUDO_GID mkosi --repository-key-check=false
- name: Show ${{ matrix.distro }} image summary
run: sudo mkosi summary
- name: Boot ${{ matrix.distro }} systemd-nspawn
run: sudo mkosi boot ${{ env.KERNEL_CMDLINE }} audit=0
- name: Check ${{ matrix.distro }} systemd-nspawn
run: sudo mkosi shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
- name: Boot ${{ matrix.distro }} QEMU
run: timeout -k 30 10m sudo mkosi qemu
- name: Check ${{ matrix.distro }} QEMU
run: sudo mkosi shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"