feat(cmd): refactor how coreboot blobs are handled #1390

Workflow file for this run

.github/workflows/docker-build-and-test.yml at 168181a

	---
	# Test built docker images by building simple projects inside them

	name: dagger
	on:
	pull_request:
	paths:
	- '.dagger-ci'
	- '.github/workflows/docker-build-and-test.yml'
	- 'docker/**'
	- 'tests/**'
	push:
	branches: ['main']
	paths:
	- '.dagger-ci'
	- '.github/workflows/docker-build-and-test.yml'
	- 'docker/**'
	- 'tests/**'
	release:
	workflow_dispatch:
	inputs:
	skip_rerun:
	description: "Skip rerun?"
	required: true
	default: false
	type: boolean
	retries:
	description: "Number of rerun retries"
	required: true
	default: "5"
	type: choice
	options: ["1", "2", "3", "4", "5", "6", "7", "8", "9"]

	permissions:
	contents: read

	jobs:
	#=============================
	# Dynamically generate matrix
	#=============================

	get-matrix:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: get-matrix
	id: get-matrix
	run: \|
	# Disable SC2046: Quote this to prevent word splitting
	# I can't quote this, just look at it
	# shellcheck disable=SC2046
	echo matrix=$( yq --input-format yaml --output-format json '.services \| keys[]' docker/compose.yaml \| sed 's/"//g' \| jq -Rs 'split("\n") \| del(.[-1])' \| jq -c ) >> "${GITHUB_OUTPUT}"
	- name: Check
	run: \|
	jq . <<< '${{ steps.get-matrix.outputs.matrix }}'
	outputs:
	matrix: ${{ steps.get-matrix.outputs.matrix }}

	get-matrix-coreboot:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: get-matrix
	id: get-matrix
	run: \|
	# shellcheck disable=SC2046
	echo matrix=$( yq --input-format yaml --output-format json '.services \| keys[] \| select(. \| test("coreboot.*"))' docker/compose.yaml \| sed 's/"//g' \| jq -Rs 'split("\n") \| del(.[-1])' \| jq -c ) >> "${GITHUB_OUTPUT}"
	- name: Check
	run: \|
	jq . <<< '${{ steps.get-matrix.outputs.matrix }}'
	outputs:
	matrix: ${{ steps.get-matrix.outputs.matrix }}

	#=====================
	# Coreboot toolchains
	#=====================

	build-coreboot-toolchains:
	timeout-minutes: 120
	needs:
	- get-matrix-coreboot
	strategy:
	fail-fast: false
	matrix:
	arch: ['amd64', 'arm64']
	dockerfile: ${{ fromJson(needs.get-matrix-coreboot.outputs.matrix) }}
	runs-on: ${{ matrix.arch == 'arm64' && 'ARM64' \|\| 'ubuntu-latest' }}
	container:
	# At the time of writing (2024-10) we cannot use ubuntu:noble as it is broken
	image: ubuntu:jammy
	env:
	DEBIAN_FRONTEND: noninteractive
	# Use coreboot mirrors
	BUILDGCC_OPTIONS: -m
	steps:
	- name: Install dependencies for CI
	run: \|
	apt-get update
	apt-get install -y --no-install-recommends \
	build-essential \
	ca-certificates \
	curl \
	git \
	git-lfs \
	jq \
	sudo \
	tzdata \
	upx-ucl \
	wget
	update-ca-certificates
	- name: Get yq
	# the --no-check-certificate is needed because GitHub
	run: \|
	wget -q --no-check-certificate -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${{ matrix.arch }}
	chmod 755 /usr/local/bin/yq
	- name: Configure tzdata
	run: \|
	dpkg-reconfigure --frontend noninteractive tzdata
	- name: Checkout
	uses: actions/checkout@v4
	- name: Get coreboot version
	id: version
	run: \|
	yq -r '.services.["${{ matrix.dockerfile }}"].build.args[] \| select(test("COREBOOT_VERSION=.*"))' docker/compose.yaml >> "${GITHUB_OUTPUT}"

	- name: Restore cached coreboot repo
	uses: actions/cache/restore@v4
	id: cache-coreboot-repo
	with:
	path: ./coreboot
	key: coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}
	- name: Clone coreboot
	if: steps.cache-coreboot-repo.outputs.cache-hit != 'true'
	run: \|
	git clone --depth 1 "https://review.coreboot.org/coreboot.git" -b "${{ steps.version.outputs.COREBOOT_VERSION }}"
	- name: Store coreboot repo in cache
	uses: actions/cache/save@v4
	if: steps.cache-coreboot-repo.outputs.cache-hit != 'true'
	with:
	path: ./coreboot
	key: coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}

	- name: Get coreboot commit hash
	id: coreboot-hash
	run: \|
	cd coreboot
	COREBOOT_HASH="$( git rev-parse --short HEAD )"
	echo "${COREBOOT_HASH}"
	echo "COREBOOT_HASH=${COREBOOT_HASH}" >> "${GITHUB_OUTPUT}"

	- name: Check if toolchain is stored in firmware-action-toolchains repo
	continue-on-error: true
	run: \|
	# Check if the toolchain exists without downloading it
	wget --no-verbose --tries=3 "https://github.com/9elements/firmware-action-toolchains/raw/refs/heads/main/coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-xgcc.tar.sha256"
	- name: Check if tools are stored in firmware-action-toolchains repo
	continue-on-error: true
	run: \|
	# Check if the tools exists without downloading it
	wget --no-verbose --tries=3 "https://github.com/9elements/firmware-action-toolchains/raw/refs/heads/main/coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-tools.tar.sha256"
	- name: Check if toolchain exist
	id: toolchains-exist
	run: \|
	if [ -f "${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-xgcc.tar.sha256" ]; then
	echo "toolchain is stored in firmware-action-toolchains repository, skipping rest of the job"
	echo "EXIST=true" >> "${GITHUB_OUTPUT}"
	else
	echo "toolchain is NOT stored in firmware-action-toolchains repository, will build it"
	echo "EXIST=false" >> "${GITHUB_OUTPUT}"
	fi
	- name: Check if tools exist
	id: tools-exist
	run: \|
	if [ -f "${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-tools.tar.sha256" ]; then
	echo "tools are stored in firmware-action-toolchains repository, skipping rest of the job"
	echo "EXIST=true" >> "${GITHUB_OUTPUT}"
	else
	echo "tools are NOT stored in firmware-action-toolchains repository, will build it"
	echo "EXIST=false" >> "${GITHUB_OUTPUT}"
	fi

	- name: Cache key toolchains
	id: cache-key
	run: \|
	CACHE_KEY="coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}-${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-xgcc"
	echo "${CACHE_KEY}"
	echo "CACHE_KEY=${CACHE_KEY}" >> "${GITHUB_OUTPUT}"
	- name: Cache key tools
	id: cache-tools-key
	run: \|
	CACHE_KEY="coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}-${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-tools"
	echo "${CACHE_KEY}"
	echo "CACHE_KEY=${CACHE_KEY}" >> "${GITHUB_OUTPUT}"
	- name: Tar filename toolchains
	id: tar-filename
	run: \|
	TAR_FILENAME="${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-xgcc.tar"
	echo "${TAR_FILENAME}"
	echo "TAR_FILENAME=${TAR_FILENAME}" >> "${GITHUB_OUTPUT}"
	- name: Tar filename tools
	id: tar-filename-tools
	run: \|
	TAR_FILENAME="${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}-tools.tar"
	echo "${TAR_FILENAME}"
	echo "TAR_FILENAME=${TAR_FILENAME}" >> "${GITHUB_OUTPUT}"

	- name: Restore cached toolchains
	id: cache-toolchains
	uses: actions/cache/restore@v4
	if: steps.toolchains-exist.outputs.EXIST == 'false'
	with:
	path: \|
	${{ steps.tar-filename.outputs.TAR_FILENAME }}
	${{ steps.tar-filename.outputs.TAR_FILENAME }}.sha256
	key: ${{ steps.cache-key.outputs.CACHE_KEY }}
	- name: Restore cached tools
	id: cache-tools
	uses: actions/cache/restore@v4
	if: steps.tools-exist.outputs.EXIST == 'false'
	with:
	path: \|
	${{ steps.tar-filename-tools.outputs.TAR_FILENAME }}
	${{ steps.tar-filename-tools.outputs.TAR_FILENAME }}.sha256
	key: ${{ steps.cache-tools-key.outputs.CACHE_KEY }}

	- name: Install dependencies if needed
	# != 'true' because on miss the cache-hit is empty
	if: ${{ (steps.toolchains-exist.outputs.EXIST == 'false' && steps.cache-toolchains.outputs.cache-hit != 'true') \|\| (steps.tools-exist.outputs.EXIST == 'false' && steps.cache-tools.outputs.cache-hit != 'true') }}
	run: \|
	apt-get install -y --no-install-recommends \
	acpica-tools \
	bc \
	bison \
	bsdmainutils \
	build-essential \
	flex \
	gnat \
	imagemagick \
	libelf-dev \
	libncurses5-dev \
	libnss3-dev \
	libssl-dev \
	m4 \
	nasm \
	openssh-client \
	pkgconf \
	python-is-python3 \
	python3-pip \
	qemu-system-x86 \
	upx-ucl \
	uuid-dev \
	zlib1g-dev
	- name: Install dependencies if needed (amd64)
	if: ${{ matrix.arch == 'amd64' && (( steps.toolchains-exist.outputs.EXIST == 'false' && steps.cache-toolchains.outputs.cache-hit != 'true' ) \|\| ( steps.tools-exist.outputs.EXIST == 'false' && steps.cache-tools.outputs.cache-hit != 'true' )) }}
	run: \|
	apt-get install -y --no-install-recommends \
	iucode-tool

	- name: Build coreboot toolchains
	if: steps.toolchains-exist.outputs.EXIST == 'false' && steps.cache-toolchains.outputs.cache-hit != 'true'
	run: \|
	cd coreboot
	make crossgcc CPUS="$(nproc)"
	- name: Build coreboot tools
	if: steps.tools-exist.outputs.EXIST == 'false' && steps.cache-tools.outputs.cache-hit != 'true'
	run: \|
	cd coreboot
	make -C util/ifdtool install
	make -C util/cbfstool install
	env:
	PREFIX: /tmp/bin-tools
	- name: Compress toolchain binaries
	# This step should shrink the size of single toolchain from 1.5 GB down to around 700 MB
	# I think it is save to compress all binaries except libraries, hence the '-wholename'
	if: steps.toolchains-exist.outputs.EXIST == 'false' && steps.cache-toolchains.outputs.cache-hit != 'true'
	run: \|
	cd coreboot/util/crossgcc/xgcc
	# shellcheck disable=SC2016
	find . -type f -wholename '/bin/' -exec bash -c 'upx-ucl -9 "$1"' shell {} \; \|\| true

	- name: Tar toolchain to prevent permission loss
	if: steps.toolchains-exist.outputs.EXIST == 'false' && steps.cache-toolchains.outputs.cache-hit != 'true'
	run: \|
	# Docs: https://github.com/actions/upload-artifact?tab=readme-ov-file#permission-loss
	mv "coreboot/util/crossgcc/xgcc" "coreboot/util/crossgcc/${{ matrix.arch }}-xgcc"
	tar -cf "${{ steps.tar-filename.outputs.TAR_FILENAME }}" "coreboot/util/crossgcc/${{ matrix.arch }}-xgcc"
	sha256sum "${{ steps.tar-filename.outputs.TAR_FILENAME }}" > "${{ steps.tar-filename.outputs.TAR_FILENAME }}.sha256"
	- name: Tar tools to prevent permission loss
	if: steps.tools-exist.outputs.EXIST == 'false' && steps.cache-tools.outputs.cache-hit != 'true'
	run: \|
	# Docs: https://github.com/actions/upload-artifact?tab=readme-ov-file#permission-loss
	mv "/tmp/bin-tools/bin" "${{ matrix.arch }}-tools"
	tar -cf "${{ steps.tar-filename-tools.outputs.TAR_FILENAME }}" "${{ matrix.arch }}-tools"
	sha256sum "${{ steps.tar-filename-tools.outputs.TAR_FILENAME }}" > "${{ steps.tar-filename-tools.outputs.TAR_FILENAME }}.sha256"

	# Store toolchains and utils in cache
	- name: Cache toolchains
	uses: actions/cache/save@v4
	if: steps.toolchains-exist.outputs.EXIST == 'false' && steps.cache-toolchains.outputs.cache-hit != 'true'
	with:
	path: \|
	${{ steps.tar-filename.outputs.TAR_FILENAME }}
	${{ steps.tar-filename.outputs.TAR_FILENAME }}.sha256
	key: ${{ steps.cache-key.outputs.CACHE_KEY }}
	- name: Cache tools
	uses: actions/cache/save@v4
	if: steps.tools-exist.outputs.EXIST == 'false' && steps.cache-tools.outputs.cache-hit != 'true'
	with:
	path: \|
	${{ steps.tar-filename-tools.outputs.TAR_FILENAME }}
	${{ steps.tar-filename-tools.outputs.TAR_FILENAME }}.sha256
	key: ${{ steps.cache-tools-key.outputs.CACHE_KEY }}


	- name: Checkout
	uses: actions/checkout@v4
	if: steps.toolchains-exist.outputs.EXIST == 'false' \|\| steps.tools-exist.outputs.EXIST == 'false'
	with:
	repository: '9elements/firmware-action-toolchains'
	path: 'firmware-action-toolchains'
	ref: 'main'
	lfs: false
	token: ${{ secrets.GH_PAT_TOOLCHAINS }}
	- name: Set up Git
	if: steps.toolchains-exist.outputs.EXIST == 'false'
	run: \|
	cd firmware-action-toolchains
	git config user.name "github-actions[bot]"
	git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
	git lfs install
	- name: Prepare files for firmware-action-toolchains repository
	if: steps.toolchains-exist.outputs.EXIST == 'false'
	run: \|
	# Clone repo without downloading LFS items
	cd firmware-action-toolchains
	mkdir -p "coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/"
	mv "../${{ steps.tar-filename.outputs.TAR_FILENAME }}" "coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/"
	mv "../${{ steps.tar-filename.outputs.TAR_FILENAME }}.sha256" "coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/"
	- name: Prepare tool files for firmware-action-toolchains repository
	if: steps.tools-exist.outputs.EXIST == 'false'
	run: \|
	# Clone repo without downloading LFS items
	cd firmware-action-toolchains
	mkdir -p "coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/"
	mv "../${{ steps.tar-filename-tools.outputs.TAR_FILENAME }}" "coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/"
	mv "../${{ steps.tar-filename-tools.outputs.TAR_FILENAME }}.sha256" "coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/"
	- name: Create pull request in firmware-action-toolchains repository
	uses: peter-evans/create-pull-request@v7
	if: steps.toolchains-exist.outputs.EXIST == 'false' \|\| steps.tools-exist.outputs.EXIST == 'false'
	with:
	path: 'firmware-action-toolchains'
	token: ${{ secrets.GH_PAT_TOOLCHAINS }}
	add-paths: \|
	coreboot/**
	branch: "feat/${{ steps.version.outputs.COREBOOT_VERSION }}-${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${{ matrix.arch }}"
	commit-message: "feat: add toolchain and tools for coreboot ${{ steps.version.outputs.COREBOOT_VERSION }} ${{ matrix.arch }}"
	body: "add toolchain and tools for coreboot ${{ steps.version.outputs.COREBOOT_VERSION }} for ${{ matrix.arch }}"
	title: "feat: add toolchain and tools for coreboot ${{ steps.version.outputs.COREBOOT_VERSION }} for ${{ matrix.arch }}"
	labels: "${{ matrix.arch }}"


	#=========================
	# Build Docker containers
	#=========================

	build:
	name: build_test_publish
	runs-on: ubuntu-latest
	timeout-minutes: 60
	needs:
	- get-matrix
	- build-coreboot-toolchains
	strategy:
	fail-fast: false
	matrix:
	dockerfile: ${{ fromJson(needs.get-matrix.outputs.matrix) }}
	permissions:
	contents: read
	packages: write
	steps:
	- name: Setup python
	uses: actions/setup-python@v5
	with:
	python-version: '3.x'

	- name: Checkout
	uses: actions/checkout@v4

	- name: Get coreboot version
	id: version
	if: startsWith(matrix.dockerfile, 'coreboot')
	run: yq -r '.services.["${{ matrix.dockerfile }}"].build.args[] \| select(test("COREBOOT_VERSION=.*"))' docker/compose.yaml >> "${GITHUB_OUTPUT}"

	- name: Restore cached coreboot repo
	uses: actions/cache/restore@v4
	if: startsWith(matrix.dockerfile, 'coreboot')
	id: cache-coreboot-repo
	with:
	path: ./coreboot
	key: coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}
	- name: Clone coreboot
	if: startsWith(matrix.dockerfile, 'coreboot') && steps.cache-coreboot-repo.outputs.cache-hit != 'true'
	run: \|
	git clone --depth 1 "https://review.coreboot.org/coreboot.git" -b "${{ steps.version.outputs.COREBOOT_VERSION }}"
	- name: Store coreboot repo in cache
	uses: actions/cache/save@v4
	if: startsWith(matrix.dockerfile, 'coreboot') && steps.cache-coreboot-repo.outputs.cache-hit != 'true'
	with:
	path: ./coreboot
	key: coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}

	- name: Get coreboot commit hash
	id: coreboot-hash
	if: startsWith(matrix.dockerfile, 'coreboot')
	run: \|
	cd coreboot
	COREBOOT_HASH="$( git rev-parse --short HEAD )"
	echo "${COREBOOT_HASH}"
	echo "COREBOOT_HASH=${COREBOOT_HASH}" >> "${GITHUB_OUTPUT}"

	#=================================
	# Download artifacts for coreboot
	#=================================

	- name: Download coreboot toolchains from firmware-action-toolchains repository
	id: firmware-action-toolchains
	if: startsWith(matrix.dockerfile, 'coreboot')
	run: \|
	for arch in "amd64" "arm64"; do
	wget --continue --no-verbose --tries=3 "https://github.com/9elements/firmware-action-toolchains/raw/refs/heads/main/coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${arch}-xgcc.tar"
	wget --continue --no-verbose --tries=3 "https://github.com/9elements/firmware-action-toolchains/raw/refs/heads/main/coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${arch}-xgcc.tar.sha256"
	sha256sum -c "${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${arch}-xgcc.tar.sha256";
	wget --continue --no-verbose --tries=3 "https://github.com/9elements/firmware-action-toolchains/raw/refs/heads/main/coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${arch}-tools.tar"
	wget --continue --no-verbose --tries=3 "https://github.com/9elements/firmware-action-toolchains/raw/refs/heads/main/coreboot/${{ steps.version.outputs.COREBOOT_VERSION }}/${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${arch}-tools.tar.sha256"
	sha256sum -c "${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-${arch}-tools.tar.sha256";
	done

	- name: Prepare toolchains
	if: startsWith(matrix.dockerfile, 'coreboot')
	run: \|
	mkdir -p docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}
	for f in ${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-*-xgcc.tar; do
	ARCH=$( basename "${f}" \| sed -E "s/[a-z0-9]{8}-([a-z0-9_-])-xgcc./\1/g" )
	echo "extracting ${f} -> ${{ steps.version.outputs.COREBOOT_VERSION }} / ${ARCH}"
	mkdir -p "${f}.dir/"
	tar -xf "${f}" -C "${f}.dir/"
	mv "${f}.dir/coreboot/util/crossgcc/${ARCH}-xgcc" "docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}/xgcc-${ARCH}"
	rm -rf "${f}"
	done
	for f in ${{ steps.coreboot-hash.outputs.COREBOOT_HASH }}-*-tools.tar; do
	ARCH=$( basename "${f}" \| sed -E "s/[a-z0-9]{8}-([a-z0-9_-])-tools./\1/g" )
	echo "extracting ${f} -> ${{ steps.version.outputs.COREBOOT_VERSION }} / ${ARCH}"
	mkdir -p "${f}.dir/"
	tar -xf "${f}" -C "${f}.dir/"
	mv "${f}.dir/${ARCH}-tools" "docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}/tools-${ARCH}"
	rm -rf "${f}"
	done

	- name: Debug list artifacts
	if: startsWith(matrix.dockerfile, 'coreboot')
	run: \|
	ls -a1lh docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}/
	- name: Debug list xgcc (amd64)
	if: startsWith(matrix.dockerfile, 'coreboot')
	run: \|
	ls -a1lh docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}/xgcc-*
	- name: Debug list tools (amd64)
	if: startsWith(matrix.dockerfile, 'coreboot')
	run: \|
	ls -a1lh docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}/tools-*
	- name: Debug list xgcc/bin (amd64)
	if: startsWith(matrix.dockerfile, 'coreboot')
	run: \|
	ls -a1lh docker/coreboot/coreboot-${{ steps.version.outputs.COREBOOT_VERSION }}/xgcc-*/bin

	#============================
	# Build the docker container
	#============================

	- name: Setup docker-compose
	uses: KengoTODA/actions-setup-docker-compose@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Validate compose file
	run: docker-compose -f docker/compose.yaml config

	- name: Install python dependencies
	run: pip install -r ./.dagger-ci/daggerci/requirements.txt

	- name: Run dagger pipeline
	timeout-minutes: 60
	run: \|
	if [[ "${GITHUB_EVENT_NAME}" == 'release' ]] \|\| [[ "${GITHUB_REF}" == *'main' ]] \|\| [[ "${GITHUB_REF_TYPE}" == 'tag' ]]; then
	echo "Enable publishing"
	python .dagger-ci/daggerci/main.py -d ${{ matrix.dockerfile }} --publish
	else
	echo "Disable publishing"
	python .dagger-ci/daggerci/main.py -d ${{ matrix.dockerfile }}
	fi
	shell: bash
	env:
	GITHUB_USER: ${{ github.actor }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	DOCKERHUB_USER: ${{ vars.DOCKERHUB_USER }}
	DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}


	#====================
	# Re-run failed jobs
	#====================

	auto-rerun-failed:
	if: failure() && (github.event.inputs.skip_rerun \|\| 'false') == 'false'
	runs-on: ubuntu-latest
	needs:
	- build
	concurrency:
	group: auto-rerun-failed-jobs
	cancel-in-progress: true
	permissions:
	actions: write
	env:
	GH_TOKEN: "${{ secrets.AUTO_RERUN \|\| github.token }}"
	github_repo: ""
	# To use ci-auto-rerun-failed-jobs.yml hosted in a remote repository else default to the current repository. Requires PAT token AUTO_RERUN
	retries: ${{ github.event.inputs.retries \|\| '3' }}
	distinct_id: ${{ github.run_id }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: ci-auto-rerun-failed-jobs via ${{ env.github_repo \|\| github.repository }}
	run: >
	gh workflow run docker-build-and-test-rerun.yml
	--repo "${github_repo:-$GITHUB_REPOSITORY}"
	-f github_repo="${GITHUB_REPOSITORY}"
	-f run_id="${GITHUB_RUN_ID}"
	-f attempts="${GITHUB_RUN_ATTEMPT}"
	-f retries="${retries}"
	-f distinct_id="${distinct_id}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(cmd): refactor how coreboot blobs are handled #1390

Workflow file

feat(cmd): refactor how coreboot blobs are handled #1390

Jobs

Run details

Workflow file for this run