diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index f0eb5bc..7fb04b7 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -1,102 +1,80 @@ name: Docker -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - on: push: branches: [ "main" ] - # Publish semver tags as releases. tags: [ 'v*.*.*' ] pull_request: branches: [ "main" ] env: - # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io - # github.repository as / IMAGE_NAME: ${{ github.repository }} - jobs: build: - runs-on: ubuntu-latest permissions: contents: read packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. id-token: write + strategy: + matrix: + board: + - milkv-duo + - milkv-duo-lite + - milkv-duo256m + - milkv-duo256m-lite + steps: - name: Checkout repository uses: actions/checkout@v3 - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 + uses: sigstore/cosign-installer@v3.1.1 with: cosign-release: 'v2.1.1' - # Set up BuildKit Docker container builder to be able to build - # multi-platform images and export cache - # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@v3.0.0 - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@v3.0.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + uses: docker/metadata-action@v5.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} flavor: | latest=${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} - + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=sha - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + uses: docker/build-push-action@v5.0.0 with: context: . push: ${{ github.event_name != 'pull_request' }} - tags: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - ${{ steps.meta.outputs.tags }} - + tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + build-args: BOARD=${{ matrix.board }} cache-from: type=gha cache-to: type=gha,mode=max - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - name: Sign the published Docker image if: ${{ github.event_name != 'pull_request' }} env: - # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable TAGS: ${{ steps.meta.outputs.tags }} DIGEST: ${{ steps.build-and-push.outputs.digest }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} diff --git a/Dockerfile b/Dockerfile index eb3626c..405f5eb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,26 @@ # Use an Ubuntu base image FROM ubuntu:20.04 -ENV SDK_URL="https://github.com/milkv-duo/duo-app-sdk/releases/download/duo-app-sdk-v1.2.0/duo-sdk-v1.2.0.tar.gz" +ARG BOARD=milkv-duo256m + +ENV SDK_URL="https://github.com/milkv-duo/duo-buildroot-sdk.git" ENV TOOLCHAIN_FILE=/CMakeToolchain.txt ENV DEBIAN_FRONTEND=non-interactive ENV BUILD_OUTPUT=/build-output -RUN apt-get update \ - && apt-get install -y \ - wget git make build-essential libtool \ - cmake pkg-config +RUN apt-get update +RUN apt install -y pkg-config build-essential ninja-build \ + automake autoconf libtool wget curl git gcc libssl-dev \ + bc slib squashfs-tools android-sdk-libsparse-utils jq \ + python3-distutils scons parallel tree python3-dev python3-pip \ + device-tree-compiler ssh cpio fakeroot libncurses5 flex bison \ + libncurses5-dev genext2fs rsync unzip dosfstools mtools tcl \ + openssh-client make cmake expect + +WORKDIR / +RUN git clone https://github.com/milkv-duo/duo-buildroot-sdk.git --depth=1 +WORKDIR duo-buildroot-sdk +RUN ./build.sh $BOARD #Make a libs output directory for our builds RUN mkdir -p $BUILD_OUTPUT/bin @@ -28,9 +39,9 @@ ENV CPPFLAGS="-I$BUILD_OUTPUT/include" ENV LD_LIBRARY_PATH="$BUILD_OUTPUT/lib" #Download and install SDK -RUN wget ${SDK_URL} -O duo-sdk.tar.gz -RUN tar -xzf duo-sdk.tar.gz -RUN rm -r duo-sdk.tar.gz +RUN mkdir -p $MILKV_DUO_SDK +RUN ln -s /duo-buildroot-sdk/host-tools/gcc/* $MILKV_DUO_SDK/. +RUN ln -s /duo-buildroot-sdk/install/soc_*/br-rootfs $MILKV_DUO_SDK/rootfs # Create the toolchain file for CMake RUN echo "set(CMAKE_SYSTEM_NAME Linux)" >> $TOOLCHAIN_FILE @@ -39,5 +50,7 @@ RUN echo "set(CMAKE_CROSSCOMPILING TRUE)" >> $TOOLCHAIN_FILE RUN echo "set(CMAKE_C_COMPILER riscv64-unknown-linux-musl-gcc)" >> $TOOLCHAIN_FILE RUN echo "set(CMAKE_CXX_COMPILER riscv64-unknown-linux-musl-g++)" >> $TOOLCHAIN_FILE +WORKDIR $MILKV_DUO_SDK + #Default to a bash session. CMD bash \ No newline at end of file diff --git a/Examples/Dockerfile-joe b/Examples/Dockerfile-joe new file mode 100644 index 0000000..2e3c6ef --- /dev/null +++ b/Examples/Dockerfile-joe @@ -0,0 +1,11 @@ +FROM ghcr.io/logicethos/duo-sdk-docker:latest + +RUN wget https://sourceforge.net/projects/joe-editor/files/latest/download -O joe-latest.tar.gz \ + && tar -xvf joe-latest.tar.gz \ + && cd joe-* \ + && ./configure linux64-riscv64 shared no-asm --prefix=$BUILD_OUTPUT \ + && make && make install + +WORKDIR $BUILD_OUTPUT + +CMD bash \ No newline at end of file diff --git a/Examples/Dockerfile-nano b/Examples/Dockerfile-nano new file mode 100644 index 0000000..286cc3d --- /dev/null +++ b/Examples/Dockerfile-nano @@ -0,0 +1,19 @@ +FROM ghcr.io/logicethos/duo-sdk-docker:latest + + +RUN wget https://ftp.gnu.org/pub/gnu/ncurses/ncurses-6.2.tar.gz \ + && tar -xzvf ncurses-6.2.tar.gz \ + && cd ncurses-6.2 \ + && ./configure --host=riscv64-linux-gnu --prefix=$BUILD_OUTPUT \ + && make && echo $BUILD_OUTPUT && make install + + +RUN wget https://www.nano-editor.org/dist/v5/nano-5.8.tar.xz \ + && tar -xf nano-5.8.tar.xz \ + && cd nano-5.8 \ + && ./configure --host=riscv64-linux-gnu --prefix=$BUILD_OUTPUT \ + && make && make install + +WORKDIR $BUILD_OUTPUT + +CMD bash \ No newline at end of file