add github note

2025-12-19 13:41:02 +01:00 · 2025-12-16 20:05:19 +01:00
8 changed files with 58 additions and 242 deletions
--- a/.woodpecker/assets/jail.conf
+++ b/.woodpecker/assets/jail.conf
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,52 @@
 name: Test-Jaildk
 on: [push]
 jobs:
  test:
    runs-on: ubuntu-latest
    name: Test jaildk on FreeBSD
    steps:
    - name: checkout
      uses: actions/checkout@v4
    - name: Test in FreeBSD
      uses: vmactions/freebsd-vm@v1
      id: testjaildk
      with:
        release: "14.1"
        usesh: true
        prepare: |
          pkg install -y curl cpdup
        run: |
          freebsd-version
          sysctl hw.model
          sysctl hw.ncpu
          sysctl hw.physmem
          sysctl hw.usermem
          ls -la
          ifconfig em0 172.16.0.1/32 alias
          ifconfig -a
          set -x -e
          sysrc jail_enable="YES"
          cp .github/assets/jail.conf /etc/
          cp src/jaildk.sh jaildk
          sh jaildk setup /jail
          fetch https://download.freebsd.org/ftp/releases/amd64/amd64/14.1-RELEASE/base.txz -o /jail/base/14.1-RELEASE-base.txz
          mkdir -p /jail/base/14.1-RELEASE
          tar -xf /jail/base/14.1-RELEASE-base.txz -C /jail/base/14.1-RELEASE --unlink
          /jail/bin/jaildk create test
          ls -l /jail/etc/test
          /jail/bin/jaildk build test -m start
          df -h /jail/build/test/etc
          echo 'sshd_enable="Yes"' > /jail/build/test/usr/local/etc/rc.conf
          chroot /jail/build/test /etc/rc.d/sshd keygen
          /jail/bin/jaildk start test
          /jail/bin/jaildk status | grep -E "test|Jail"
--- a/.woodpecker/README.md
+++ b/.woodpecker/README.md
@@ -1,67 +0,0 @@
 ## Running CI Tests with Woodpecker-CI on FreeBSD
 By default the woodpecker intance on Codeberg doesn't support
 FreeBSD. Running FreeBSD inside a qemu VM in a linux docker image
 didn't work. Also, this particular tool needs to run outside a jail,
 since it is a jail management tool.
 So, this is my setup:
 I deployed a freebsd VM on Hetzner Cloud: `ci-agent.daemon.de`. It
 runs the `woodpecker-agent` build for freebsd. The agent runs as rool
 directly on the host. This is a security risk and the reason why we
 use a VM.
 The VM does **NOT** run continuously. So in order to execute
 workflows, first unsuspend the VM:
 ```default
 hcloud server poweron ci-agent
 ```
 When it's running, execute workflows (i.e. push).
 ## Setup
 Deploy a new FreeBSD VM using the latest freebsd-snapshot.
 Upgrade to latest Release (or the one you want to run tests on).
 Clone [woodpecker-ci](https://github.com/woodpecker-ci/woodpecker).
 Execute:
 ```default
 make build-agent GOOS=freebsd
 ```
 Clone [plugin-git](https://github.com/woodpecker-ci/plugin-git.git)
 Execute:
 ```default
 GOOS=freebsd go build
 ```
 Copy the newly built binaries `dist/woodpecker-agent` into the VM to
 `/usr/local/bin`.
 ```default
 scp woodpecker-ci/dist/woodpecker-agent agent:/usr/local/bin/
 scp plugin-git/plugin-git agent:/usr/local/bin/
 ```
 Add the agent token to `/etc/rc.conf`:
 ```sh
 woodpeckeragent_enable=YES
 woodpeckeragent_token=*****
 ```
 Create the [rc-Script](woodpeckeragent.sh) in
 `/usr/local/etc/rc.d/woodpeckeragent`.
 Install `git-lfs`: `pkg install bash cpdup git git-lfs`.
 Start it: `service woodpeckeragent start`
--- a/.woodpecker/build.yaml
+++ b/.woodpecker/build.yaml
@@ -1,55 +0,0 @@
 #
 # CAUTION: this pipeline  needs a FreeBSD VM, refer  for the README.md
 # in this directory for details!
 matrix:
  release:
    - 14.3-RELEASE-p7
  releaselink:
    - 14.3-RELEASE
 labels:
  platform: freebsd/amd64
 steps:
  test:
    image: bash
    when:
      event: [push]
    commands:
      - freebsd-version
      - uname -a
      - sysctl hw.model
      - sysctl hw.ncpu
      - sysctl hw.physmem
      - sysctl hw.usermem
      # clean up earlier runs, if any
      - if jls | grep -q test; then jail -r test; fi
      - mount | cut -d' ' -f3 | grep /jail | sed '1!G;h;$!d' | while read D; do umount $D; done
      - chflags -R noschg /jail
      - rm -rf /jail
      - ifconfig vtnet0 172.16.0.1/32 alias
      - ifconfig vtnet0
      - sysrc jail_enable="YES"
      - cp .woodpecker/assets/jail.conf /etc/
      - cp src/jaildk.sh jaildk
      - sh jaildk setup /jail
      - if ! test -e /jail/base/${release}-base.txz; then fetch https://download.freebsd.org/ftp/releases/amd64/amd64/${releaselink}/base.txz -o /jail/base/${release}-base.txz; fi
      - mkdir -p /jail/base/${release}
      - tar -xf /jail/base/${release}-base.txz -C /jail/base/${release} --unlink
      - /jail/bin/jaildk create test
      - ls -l /jail/etc/test
      - /jail/bin/jaildk build test -m start
      - df -h /jail/build/test/etc
      - echo 'sshd_enable="Yes"' > /jail/build/test/usr/local/etc/rc.conf
      - chroot /jail/build/test /etc/rc.d/sshd keygen
      - /jail/bin/jaildk start test
      - /jail/bin/jaildk status | grep -E "test|Jail"
--- a/.woodpecker/release.sh
+++ b/.woodpecker/release.sh
@@ -1,54 +0,0 @@
 #!/bin/bash
 # This is my own simple codeberg generic releaser. It takes to
 # binaries to be uploaded as arguments and takes every other args from
 # env. Works on tags or normal commits (push), tags must start with v.
 set -e
 die() {
    echo $*
    exit 1
 }
 if test -z "$DEPLOY_TOKEN"; then
    die "token DEPLOY_TOKEN not set"
 fi
 git fetch --all
 # determine current tag or commit hash
 version="$CI_COMMIT_TAG"
 previous=""
 log=""
 if test -z "$version"; then
    version="${CI_COMMIT_SHA:0:6}"
    log=$(git log -1 --oneline)
 else
    previous=$(git tag -l | grep -E "^v" | tac | grep -A1 "$version" | tail -1)
    log=$(git log -1 --oneline "${previous}..${version}" | sed 's|^|- |g')
 fi
 # release body
 printf "# Changes\n\n %s\n" "$log" > body.txt
 # create the release
 https --ignore-stdin --check-status -b -A bearer -a "$DEPLOY_TOKEN" POST \
      "https://codeberg.org/api/v1/repos/${CI_REPO_OWNER}/${CI_REPO_NAME}/releases" \
      tag_name="$version" name="Release $version" body=@body.txt > release.json
 # we need the id to upload files
 ID=$(jq -r .id < release.json)
 if test -z "$ID"; then
    cat release.json
    die "failed to create release"
 fi
 # actually upload
 for file in "$@"; do
    https --ignore-stdin --check-status -A bearer -a "$DEPLOY_TOKEN" -f POST \
          "https://codeberg.org/api/v1/repos/${CI_REPO_OWNER}/${CI_REPO_NAME}/releases/$ID/assets" \
          "name=${file}" "attachment@${file}"
 done
--- a/.woodpecker/release.yaml
+++ b/.woodpecker/release.yaml
@@ -1,28 +0,0 @@
 # build release
 labels:
  platform: linux/amd64
 steps:
  compile:
    when:
      event: [tag,manual]
    image: alpine:latest
    commands:
      - apk update
      - apk add --no-cache bash git build-base
      - make
      - file ${CI_REPO_NAME}
      - mv ${CI_REPO_NAME} ${CI_REPO_NAME}-freebsd-all-$CI_COMMIT_TAG
  release:
    image: alpine:latest
    when:
      event: [tag,manual]
    environment:
      DEPLOY_TOKEN:
        from_secret: DEPLOY_TOKEN
    commands:
      - apk update
      - apk add --no-cache bash httpie jq git
      - .woodpecker/release.sh ${CI_REPO_NAME}-*
--- a/.woodpecker/woodpeckeragent.sh
+++ b/.woodpecker/woodpeckeragent.sh
@@ -1,37 +0,0 @@
 #!/bin/sh
 # PROVIDE: woodpeckeragent
 # REQUIRE: LOGIN
 # KEYWORD: shutdown
 #
 # Add the following lines to /etc/rc.conf.local or /etc/rc.conf
 # to enable this service:
 #
 # woodpeckeragent_enable (bool):          Set to NO by default.
 #               Set it to YES to enable woodpeckeragent.
 . /etc/rc.subr
 name=woodpeckeragent
 rcvar=woodpeckeragent_enable
 load_rc_config $name
 : ${woodpeckeragent_enable:="NO"}
 : ${woodpeckeragent_token:="foo"}
 : ${woodpeckeragent_server:="grpc.ci.codeberg.org"}
 pidfile=/var/run/woodpeckeragent.pid
 command="/usr/sbin/daemon"
 procname="/usr/local/bin/woodpecker-agent"
 command_args="-f -p ${pidfile} -T ${name} \
    /usr/bin/env PATH=$PATH:/usr/local/bin ${procname} \
    --server ${woodpeckeragent_server} \
    --grpc-token ${woodpeckeragent_token} \
    --grpc-secure true \
    --agent-config /tmp/woodpecker-agent \
    --log-level debug"
 load_rc_config $name
 run_rc_command "$1"
--- a/README.md
+++ b/README.md
@@ -1,4 +1,9 @@
-[![Test status](https://github.com/tlinden/jaildk/actions/workflows/ci.yaml/badge.svg)](https://github.com/tlinden/jaildk/actions/)
+> [!CAUTION]
 > This software is now being maintained on [Codeberg](https://codeberg.org/scip/leo/).
 >
 > However, due to limitations with woodpecker FreeBSD support, CI test workflows are still being executed here.
 >
 > Devs: no need to push to codeberg and github, there's a mirror script running somewhere else.
 ## jaildk - a FreeBSD jail development kit v2.0.4