diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index c6f78f5..0000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,56 +0,0 @@ -name: Test-Jaildk - -on: - push: - branches: - - main - - -jobs: - test: - runs-on: ubuntu-latest - name: Test jaildk on FreeBSD - steps: - - name: checkout - uses: actions/checkout@v4 - - name: Test in FreeBSD - uses: vmactions/freebsd-vm@v1 - id: testjaildk - with: - release: "14.3" - usesh: true - prepare: | - pkg install -y curl cpdup - - run: | - freebsd-version - sysctl hw.model - sysctl hw.ncpu - sysctl hw.physmem - sysctl hw.usermem - ls -la - ifconfig em0 172.16.0.1/32 alias - ifconfig -a - set -x -e - sysrc jail_enable="YES" - cp .github/assets/jail.conf /etc/ - - cp src/jaildk.sh jaildk - sh jaildk setup /jail - - fetch https://download.freebsd.org/ftp/releases/amd64/amd64/14.3-RELEASE/base.txz -o /jail/base/14.3-RELEASE-base.txz - mkdir -p /jail/base/14.3-RELEASE - tar -xf /jail/base/14.3-RELEASE-base.txz -C /jail/base/14.3-RELEASE --unlink - - /jail/bin/jaildk create test - ls -l /jail/etc/test - /jail/bin/jaildk build test -m start - df -h /jail/build/test/etc - - echo 'sshd_enable="Yes"' > /jail/build/test/usr/local/etc/rc.conf - chroot /jail/build/test /etc/rc.d/sshd keygen - - /jail/bin/jaildk start test - /jail/bin/jaildk status | grep -E "test|Jail" - - diff --git a/.woodpecker/README.md b/.woodpecker/README.md new file mode 100644 index 0000000..36e56f8 --- /dev/null +++ b/.woodpecker/README.md @@ -0,0 +1,67 @@ +## Running CI Tests with Woodpecker-CI on FreeBSD + +By default the woodpecker intance on Codeberg doesn't support +FreeBSD. Running FreeBSD inside a qemu VM in a linux docker image +didn't work. Also, this particular tool needs to run outside a jail, +since it is a jail management tool. + +So, this is my setup: + +I deployed a freebsd VM on Hetzner Cloud: `ci-agent.daemon.de`. It +runs the `woodpecker-agent` build for freebsd. The agent runs as rool +directly on the host. This is a security risk and the reason why we +use a VM. + +The VM does **NOT** run continuously. So in order to execute +workflows, first unsuspend the VM: + +```default +hcloud server poweron ci-agent +``` + +When it's running, execute workflows (i.e. push). + +## Setup + +Deploy a new FreeBSD VM using the latest freebsd-snapshot. + +Upgrade to latest Release (or the one you want to run tests on). + +Clone [woodpecker-ci](https://github.com/woodpecker-ci/woodpecker). + +Execute: + +```default +make build-agent GOOS=freebsd +``` + +Clone [plugin-git](https://github.com/woodpecker-ci/plugin-git.git) + +Execute: + +```default +GOOS=freebsd go build +``` + +Copy the newly built binaries `dist/woodpecker-agent` into the VM to +`/usr/local/bin`. + +```default +scp woodpecker-ci/dist/woodpecker-agent agent:/usr/local/bin/ +scp plugin-git/plugin-git agent:/usr/local/bin/ +``` + +Add the agent token to `/etc/rc.conf`: + +```sh +woodpeckeragent_enable=YES +woodpeckeragent_token=***** +``` + +Create the [rc-Script](woodpeckeragent.sh) in +`/usr/local/etc/rc.d/woodpeckeragent`. + +Install `git-lfs`: `pkg install bash cpdup git git-lfs`. + + +Start it: `service woodpeckeragent start` diff --git a/.github/assets/jail.conf b/.woodpecker/assets/jail.conf similarity index 100% rename from .github/assets/jail.conf rename to .woodpecker/assets/jail.conf diff --git a/.woodpecker/build.yaml b/.woodpecker/build.yaml new file mode 100644 index 0000000..cfaa130 --- /dev/null +++ b/.woodpecker/build.yaml @@ -0,0 +1,53 @@ +# +# CAUTION: this pipeline needs a FreeBSD VM, refer for the README.md +# in this directory for details! + +matrix: + release: + - 14.3-RELEASE-p7 + releaselink: + - 14.3-RELEASE + +labels: + platform: freebsd/amd64 + +steps: + test: + image: bash + when: + event: [push] + commands: + - freebsd-version + - uname -a + - sysctl hw.model + - sysctl hw.ncpu + - sysctl hw.physmem + - sysctl hw.usermem + + # clean up earlier runs, if any + - if jls | grep -q test; then jail -r test; fi + - mount | cut -d' ' -f3 | grep /jail | sed '1!G;h;$!d' | while read D; do umount $D; done + - chflags -R noschg /jail + - rm -rf /jail + + - ifconfig vtnet0 172.16.0.1/32 alias + - ifconfig vtnet0 + + - sysrc jail_enable="YES" + - cp .woodpecker/assets/jail.conf /etc/ + + - cp src/jaildk.sh jaildk + - sh jaildk setup /jail + + - if ! test -e /jail/base/${release}-base.txz; then fetch https://download.freebsd.org/ftp/releases/amd64/amd64/${releaselink}/base.txz -o /jail/base/${release}-base.txz; mkdir -p /jail/base/${release}; tar -xf /jail/base/${release}-base.txz -C /jail/base/${release} --unlink; fi + + - /jail/bin/jaildk create test + - ls -l /jail/etc/test + - /jail/bin/jaildk build test -m start + - df -h /jail/build/test/etc + + - echo 'sshd_enable="Yes"' > /jail/build/test/usr/local/etc/rc.conf + - chroot /jail/build/test /etc/rc.d/sshd keygen + + - /jail/bin/jaildk start test + - /jail/bin/jaildk status | grep -E "test|Jail" diff --git a/.woodpecker/woodpeckeragent.sh b/.woodpecker/woodpeckeragent.sh new file mode 100644 index 0000000..3b7614e --- /dev/null +++ b/.woodpecker/woodpeckeragent.sh @@ -0,0 +1,37 @@ +#!/bin/sh + +# PROVIDE: woodpeckeragent +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# woodpeckeragent_enable (bool): Set to NO by default. +# Set it to YES to enable woodpeckeragent. + +. /etc/rc.subr + +name=woodpeckeragent +rcvar=woodpeckeragent_enable + +load_rc_config $name + +: ${woodpeckeragent_enable:="NO"} +: ${woodpeckeragent_token:="foo"} +: ${woodpeckeragent_server:="grpc.ci.codeberg.org"} + + +pidfile=/var/run/woodpeckeragent.pid +command="/usr/sbin/daemon" +procname="/usr/local/bin/woodpecker-agent" +command_args="-f -p ${pidfile} -T ${name} \ + /usr/bin/env PATH=$PATH:/usr/local/bin ${procname} \ + --server ${woodpeckeragent_server} \ + --grpc-token ${woodpeckeragent_token} \ + --grpc-secure true \ + --agent-config /tmp/woodpecker-agent \ + --log-level debug" + +load_rc_config $name +run_rc_command "$1"