ci: fix builds (#4160)

* fix: missing space in amd64 fatpack action * change tab to space * determine github user * use $GITHUB_OUTPUT instead of set-output https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ * update all build workflows * fix: don't protect system packages from pip Discussed in: https://github.com/raspiblitz/raspiblitz/issues/4170 * add raspi.list only on aarch64 * create auth.log for fail2ban related: https://github.com/raspiblitz/raspiblitz/issues/4044 * Broken builds on amd64 for blitz api and core lightning (debian 12) (#4242) Co-authored-by: openoms <43343391+openoms@users.noreply.github.com> * remove the arm64-rpi-debian12-lean-image-build * deactivate automatic fatpack builds in gh actions --------- Co-authored-by: Akihiko <105069903+0xakihiko@users.noreply.github.com>
2025-02-28 16:58:03 +01:00 · 2023-11-15 15:12:59 +01:00 · 2023-11-15 15:12:59 +01:00 · c67499b222
commit c67499b222
parent 5f1df69528
9 changed files with 83 additions and 115 deletions
--- a/.github/workflows/amd64-fatpack-image.yml
+++ b/.github/workflows/amd64-fatpack-image.yml
@ -7,7 +7,7 @@ concurrency:
 on:
  workflow_dispatch:
  #push:
-  #  branches: [ "dev", "v1.8", "v1.9" ]
+  #  branches: ["dev", "v1.10"]
  #  paths:
  #    - 'build_sdcard.sh'
  #    - 'home.admin/bitcoin.install.sh'
@ -28,7 +28,7 @@ on:
  #    - 'home.admin/blitz.display.sh'
  #    - 'ci/amd64/**'
  #pull_request:
-  #  branches: [ "dev", "v1.8", "v1.9" ]
+  #  branches: ["dev", "v1.10"]
  #  paths:
  #    - 'build_sdcard.sh'
  #    - 'home.admin/bitcoin.install.sh'
@ -56,6 +56,7 @@ jobs:
      - uses: actions/checkout@v3

      - name: Set values
+        id: set_values
        run: |
          echo "BUILD_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV
          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
@ -64,15 +65,20 @@ jobs:
          else
            echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
          fi
+          if [[ "${{github.event_name}}" == "pull_request" ]]; then
+            echo "::set-output name=github_user::${{github.event.pull_request.head.repo.owner.login}}"
+          else
+            echo "::set-output name=github_user::$(echo ${{github.repository}} | cut -d'/' -f1)"
+          fi

-      - name: Hello RaspiBlitz
+      - name: Display the build name
        run: echo "Building the raspiblitz-amd64-debian-image-${{env.BUILD_DATE}}-${{env.BUILD_VERSION}}"

      - name: Run the build script
        run: |
-          echo "Using the variables: --pack fatpack --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi--desktop gnome"
+          echo "Using the variables: --pack fatpack --github_user ${{steps.set_values.outputs.github_user}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi --desktop none"
          cd ci/amd64
-          bash packer.build.amd64-debian.sh	--pack fatpack --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi--desktop gnome
+          bash packer.build.amd64-debian.sh --pack fatpack --github_user ${{steps.set_values.outputs.github_user}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi --desktop none

      - name: Compute checksum of the raw image
        run: |
--- a/.github/workflows/amd64-lean-image.yml
+++ b/.github/workflows/amd64-lean-image.yml
@ -7,7 +7,7 @@ concurrency:
 on:
  workflow_dispatch:
  push:
-    branches: ["dev", "v1.8", "v1.9"]
+    branches: ["dev", "v1.10"]
    paths:
      - "build_sdcard.sh"
      - "home.admin/bitcoin.install.sh"
@ -17,7 +17,7 @@ on:
      - "home.admin/blitz.display.sh"
      - "ci/amd64/**"
  pull_request:
-    branches: ["dev", "v1.8", "v1.9"]
+    branches: ["dev", "v1.10"]
    paths:
      - "build_sdcard.sh"
      - "home.admin/bitcoin.install.sh"
@ -34,6 +34,7 @@ jobs:
      - uses: actions/checkout@v3

      - name: Set values
+        id: set_values
        run: |
          echo "BUILD_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV
          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
@ -42,14 +43,20 @@ jobs:
          else
            echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
          fi
-      - name: Hello RaspiBlitz
+          if [[ "${{github.event_name}}" == "pull_request" ]]; then
+            echo "::set-output name=github_user::${{github.event.pull_request.head.repo.owner.login}}"
+          else
+            echo "::set-output name=github_user::$(echo ${{github.repository}} | cut -d'/' -f1)"
+          fi
+
+      - name: Display the build name
        run: echo "Building the raspiblitz-amd64-debian-image-${{env.BUILD_DATE}}-${{env.BUILD_VERSION}}"

      - name: Run the build script
        run: |
-          echo "Using the variables: --pack lean --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi --desktop gnome"
+          echo "Using the variables: --pack lean --github_user ${{steps.set_values.outputs.github_user}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi --desktop gnome"
          cd ci/amd64
-          bash packer.build.amd64-debian.sh	--pack lean --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi --desktop gnome
+          bash packer.build.amd64-debian.sh	--pack lean --github_user ${{steps.set_values.outputs.github_user}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi --desktop gnome

      - name: Compute checksum of the raw image
        run: |
--- a/.github/workflows/amd64-lean-legacyboot-image.yml
+++ b/.github/workflows/amd64-lean-legacyboot-image.yml
@ -7,7 +7,7 @@ concurrency:
 on:
  workflow_dispatch:
  push:
-    branches: ["dev", "v1.8", "v1.9"]
+    branches: ["dev", "v1.10"]
    paths:
      - "build_sdcard.sh"
      - "home.admin/bitcoin.install.sh"
@ -17,7 +17,7 @@ on:
      - "home.admin/blitz.display.sh"
      - "ci/amd64/**"
  pull_request:
-    branches: ["dev", "v1.8", "v1.9"]
+    branches: ["dev", "v1.10"]
    paths:
      - "build_sdcard.sh"
      - "home.admin/bitcoin.install.sh"
@ -34,6 +34,7 @@ jobs:
      - uses: actions/checkout@v3

      - name: Set values
+        id: set_values
        run: |
          echo "BUILD_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV
          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
@ -42,15 +43,20 @@ jobs:
          else
            echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
          fi
+          if [[ "${{github.event_name}}" == "pull_request" ]]; then
+            echo "::set-output name=github_user::${{github.event.pull_request.head.repo.owner.login}}"
+          else
+            echo "::set-output name=github_user::$(echo ${{github.repository}} | cut -d'/' -f1)"
+          fi

-      - name: Hello RaspiBlitz
+      - name: Display the build name
        run: echo "Building the raspiblitz-amd64-debian-image-${{env.BUILD_DATE}}-${{env.BUILD_VERSION}}"

      - name: Run the build script
        run: |
-          echo "Using the variables: --pack lean --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot bios --desktop none"
+          echo "Using the variables: --pack lean --github_user ${{steps.set_values.outputs.github_user}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot bios --desktop none"
          cd ci/amd64
-          bash packer.build.amd64-debian.sh	--pack lean --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot bios --desktop none
+          bash packer.build.amd64-debian.sh	--pack lean --github_user ${{steps.set_values.outputs.github_user}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot bios --desktop none

      - name: Compute checksum of the raw image
        run: |
--- a/.github/workflows/arm64-rpi-debian12-lean-image.yml
+++ b/.github/workflows/arm64-rpi-debian12-lean-image.yml
@ -1,77 +0,0 @@
-name: arm64-rpi-debian12-lean-image-build
-
-concurrency:
-  group: arm64-rpi-debian12-lean-image-build-${{ github.head_ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches: ["dev"]
-    paths:
-      - "build_sdcard.sh"
-      - "home.admin/bitcoin.install.sh"
-      - "home.admin/tor.install.sh"
-      - "home.admin/blitz.i2pd.sh"
-      - "home.admin/blitz.web.sh"
-      - "home.admin/blitz.display.sh"
-      - "ci/arm64-rpi/**"
-  pull_request:
-    branches: ["dev"]
-    paths:
-      - "build_sdcard.sh"
-      - "home.admin/bitcoin.install.sh"
-      - "home.admin/tor.install.sh"
-      - "home.admin/blitz.i2pd.sh"
-      - "home.admin/blitz.web.sh"
-      - "home.admin/blitz.display.sh"
-      - "ci/arm64-rpi/**"
-
-jobs:
-  arm64-rpi-image-build:
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Set values
-        run: |
-          echo "BUILD_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV
-          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
-          if [ -z "$GITHUB_HEAD_REF" ]; then
-            echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
-          else
-            echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
-          fi
-
-      - name: Hello Raspiblitz
-        run: echo "Building the raspiblitz-arm64-rpi-lean-image-${{ env.BUILD_DATE }}-${{ env.BUILD_VERSION }}"
-
-      - name: Run the build script
-        run: |
-          echo "Using the variables: --pack lean --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}} --image_link https://raspi.debian.net/tested/20230612_raspi_4_bookworm.img.xz --image_checksum a68cd2bfe7831c438d8a5d832803ae0db17afec9f3cd370d9e8748c7b5456283"
-          cd ci/arm64-rpi
-          bash packer.build.arm64-rpi.sh --pack lean --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}} --image_link https://raspi.debian.net/tested/20230612_raspi_4_bookworm.img.xz --image_checksum a68cd2bfe7831c438d8a5d832803ae0db17afec9f3cd370d9e8748c7b5456283
-
-      - name: Compute checksum of the raw image
-        run: |
-          cd ci/arm64-rpi
-          sha256sum raspiblitz-arm64-rpi-lean.img > raspiblitz-arm64-rpi-lean.img.sha256
-
-      - name: Compress image
-        run: |
-          cd ci/arm64-rpi
-          gzip -v9 raspiblitz-arm64-rpi-lean.img
-
-      - name: Compute checksum of the compressed image
-        run: |
-          cd ci/arm64-rpi
-          sha256sum raspiblitz-arm64-rpi-lean.img.gz > raspiblitz-arm64-rpi-lean.img.gz.sha256
-
-      - name: Upload the image and checksums
-        uses: actions/upload-artifact@v3
-        with:
-          name: raspiblitz-arm64-rpi--debian12-image-${{ env.BUILD_DATE }}-${{ env.BUILD_VERSION }}
-          path: |
-            ${{ github.workspace }}/ci/arm64-rpi/raspiblitz-arm64-rpi-lean.img.sha256
-            ${{ github.workspace }}/ci/arm64-rpi/raspiblitz-arm64-rpi-lean.img.gz
-            ${{ github.workspace }}/ci/arm64-rpi/raspiblitz-arm64-rpi-lean.img.gz.sha256
--- a/.github/workflows/arm64-rpi-fatpack-image.yml
+++ b/.github/workflows/arm64-rpi-fatpack-image.yml
@ -7,7 +7,7 @@ concurrency:
 on:
  workflow_dispatch:
  #push:
-  #  branches: [ "dev", "v1.8", "v1.9" ]
+  #  branches: [ "dev", "v1.10" ]
  #  paths:
  #    - 'build_sdcard.sh'
  #    - 'home.admin/bitcoin.install.sh'
@ -28,7 +28,7 @@ on:
  #    - 'home.admin/blitz.display.sh'
  #    - 'ci/arm64-rpi/**'
  #pull_request:
-  #  branches: [ "dev", "v1.8", "v1.9" ]
+  #  branches: [ "dev", "v1.10" ]
  #  paths:
  #    - 'build_sdcard.sh'
  #    - 'home.admin/bitcoin.install.sh'
@ -47,7 +47,7 @@ on:
  #    - 'home.admin/blitz.web.api.sh'
  #    - 'home.admin/blitz.web.ui.sh'
  #    - 'home.admin/blitz.display.sh'
-  #    - 'ci/arm64-rpi/**'
+  #    - 'ci/amd64/**'

 jobs:
  arm64-rpi-image-build:
@ -56,6 +56,7 @@ jobs:
      - uses: actions/checkout@v3

      - name: Set values
+        id: set_values
        run: |
          echo "BUILD_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV
          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
@ -64,15 +65,20 @@ jobs:
          else
            echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
          fi
+          if [[ "${{github.event_name}}" == "pull_request" ]]; then
+            echo "::set-output name=github_user::${{github.event.pull_request.head.repo.owner.login}}"
+          else
+            echo "::set-output name=github_user::$(echo ${{github.repository}} | cut -d'/' -f1)"
+          fi

-      - name: Hello Raspiblitz
-        run: echo "Building the raspiblitz-arm64-rpi-fatpack-image-${{ env.BUILD_DATE }}-${{ env.BUILD_VERSION }}"
+      - name: Display the build name
+        run: echo "Building the raspiblitz-arm64-rpi-fatpack-image-${{env.BUILD_DATE}}-${{env.BUILD_VERSION}}"

      - name: Run the build script
        run: |
-          echo "Using the variables: --pack fatpack --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}}"
+          echo "Using the variables: --pack fatpack --github_user ${{steps.set_values.outputs.github_user}} --branch ${{env.BRANCH_NAME}}"
          cd ci/arm64-rpi
-          bash packer.build.arm64-rpi.sh --pack fatpack --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}}
+          bash packer.build.arm64-rpi.sh --pack fatpack --github_user ${{steps.set_values.outputs.github_user}} --branch ${{env.BRANCH_NAME}}

      - name: Compute checksum of the raw image
        run: |
--- a/.github/workflows/arm64-rpi-lean-image.yml
+++ b/.github/workflows/arm64-rpi-lean-image.yml
@ -7,7 +7,7 @@ concurrency:
 on:
  workflow_dispatch:
  push:
-    branches: ["dev", "v1.8", "v1.9"]
+    branches: ["dev", "v1.10"]
    paths:
      - "build_sdcard.sh"
      - "home.admin/bitcoin.install.sh"
@ -17,7 +17,7 @@ on:
      - "home.admin/blitz.display.sh"
      - "ci/arm64-rpi/**"
  pull_request:
-    branches: ["dev", "v1.8", "v1.9"]
+    branches: ["dev", "v1.10"]
    paths:
      - "build_sdcard.sh"
      - "home.admin/bitcoin.install.sh"
@ -34,6 +34,7 @@ jobs:
      - uses: actions/checkout@v3

      - name: Set values
+        id: set_values
        run: |
          echo "BUILD_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV
          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
@ -42,15 +43,20 @@ jobs:
          else
            echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
          fi
+          if [[ "${{github.event_name}}" == "pull_request" ]]; then
+            echo "::set-output name=github_user::${{github.event.pull_request.head.repo.owner.login}}"
+          else
+            echo "::set-output name=github_user::$(echo ${{github.repository}} | cut -d'/' -f1)"
+          fi

-      - name: Hello Raspiblitz
+      - name: Display the build name
        run: echo "Building the raspiblitz-arm64-rpi-lean-image-${{ env.BUILD_DATE }}-${{ env.BUILD_VERSION }}"

      - name: Run the build script
        run: |
-          echo "Using the variables: --pack lean --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}}"
+          echo "Using the variables: --pack lean --github_user ${{steps.set_values.outputs.github_user}} --branch ${{env.BRANCH_NAME}}"
          cd ci/arm64-rpi
-          bash packer.build.arm64-rpi.sh --pack lean --github_user $GITHUB_ACTOR --branch ${{env.BRANCH_NAME}}
+          bash packer.build.arm64-rpi.sh --pack lean --github_user ${{steps.set_values.outputs.github_user}} --branch ${{env.BRANCH_NAME}}

      - name: Compute checksum of the raw image
        run: |
--- a/build_sdcard.sh
+++ b/build_sdcard.sh
@ -237,10 +237,14 @@ done
 # AUTO-DETECTION: CPU-ARCHITECTURE
 # ---------------------------------------
 cpu="$(uname -m)" && echo "cpu=${cpu}"
-architecture="$(dpkg --print-architecture 2>/dev/null)" && echo "architecture=${architecture}"
 case "${cpu}" in
-  arm*|aarch64|x86_64|amd64);;
-  *) echo -e "# FAIL #\nCan only build on ARM, aarch64, x86_64 not on: cpu=${cpu}"; exit 1;;
+  aarch64|x86_64);;
+  *) echo -e "# FAIL #\nCan only build on aarch64 or x86_64 not on: cpu=${cpu}"; exit 1;;
+esac
+architecture="$(dpkg --print-architecture 2>/dev/null)" && echo "architecture=${architecture}"
+case "${architecture}" in
+  arm*|amd64);;
+  *) echo -e "# FAIL #\nCan only build on arm* or amd64 not on: architecture=${cpu}"; exit 1;;
 esac

 # AUTO-DETECTION: OPERATINGSYSTEM
@ -293,7 +297,7 @@ HandleLidSwitchDocked=ignore" | tee /etc/systemd/logind.conf.d/nosuspend.conf
 # https://github.com/rootzoll/raspiblitz/issues/138
 # https://daker.me/2014/10/how-to-fix-perl-warning-setting-locale-failed-in-raspbian.html
 # https://stackoverflow.com/questions/38188762/generate-all-locales-in-a-docker-image
-if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian" ]; then
+if [ "${cpu}" = "aarch64" ] && { [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian" ]; }; then
  echo -e "\n*** FIXING LOCALES FOR BUILD ***"
  sed -i "s/^# en_US.UTF-8 UTF-8.*/en_US.UTF-8 UTF-8/g" /etc/locale.gen
  sed -i "s/^# en_US ISO-8859-1.*/en_US ISO-8859-1/g" /etc/locale.gen
@ -378,10 +382,13 @@ else
  exit 1
 fi

-# remove any debian python protection from pip installing modules
-if [ -f rm /usr/lib/python3.*/EXTERNALLY-MANAGED ]; then
-  rm /usr/lib/python3.*/EXTERNALLY-MANAGED
-fi
+# don't protect system packages from pip install
+# tracking issue: https://github.com/raspiblitz/raspiblitz/issues/4170
+for PYTHONDIR in /usr/lib/python3.*; do
+  if [ -f "$PYTHONDIR/EXTERNALLY-MANAGED" ]; then
+    rm "$PYTHONDIR/EXTERNALLY-MANAGED"
+  fi
+done

 # make sure /usr/bin/pip exists (and calls pip3 in Debian Buster)
 update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
@ -708,6 +715,10 @@ bash -c "echo 'vm.overcommit_memory=1' >> /etc/sysctl.conf"
 # based on https://raspibolt.org/security.html#fail2ban
 echo "*** HARDENING ***"
 apt_install --no-install-recommends python3-systemd fail2ban
+# https://github.com/raspiblitz/raspiblitz/issues/4044
+if [ ! -f /var/log/auth.log ]; then
+  touch /var/log/auth.log
+fi

 # *** CACHE DISK IN RAM & KEYVALUE-STORE***
 echo "Activating CACHE RAM DISK ... "
--- a/ci/amd64/packer.build.amd64-debian.sh
+++ b/ci/amd64/packer.build.amd64-debian.sh
@ -13,8 +13,6 @@ else
  echo "# Packer is installed"
 fi

-
-
 # install qemu
 echo "# Install qemu ..."
 sudo apt-get update
--- a/home.admin/config.scripts/blitz.web.api.sh
+++ b/home.admin/config.scripts/blitz.web.api.sh
@ -281,11 +281,16 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
      exit 1
    fi
  else
-    echo "# using lastest code in branch"
+    echo "# using the latest code in branch"
  fi
  # install
  echo "# running install"
  sudo -u blitzapi python3 -m venv venv
+  # see https://github.com/raspiblitz/raspiblitz/issues/4169 - requires a Cython upgrade.
+  if ! sudo -u blitzapi ./venv/bin/pip install --upgrade Cython; then
+    echo "error='pip install upgrade Cython'"
+    exit 1
+  fi
  if ! sudo -u blitzapi ./venv/bin/pip install -r requirements.txt --no-deps; then
    echo "error='pip install failed'"
    exit 1