build kernels on CI

.github/workflows/images.yml

@@ -0,0 +1,160 @@
+name: Build Kernels
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+permissions:
+  contents: read
+  packages: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  read-config:
+    runs-on: ubuntu-latest
+    outputs:
+      kernel: ${{ steps.kernel.outputs.config }}
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Read versions.json
+      id: kernel
+      run: |
+        {
+          echo "config<<EOF"
+          cat versions.json
+          echo -e "\nEOF"
+        } | tee -a "$GITHUB_OUTPUT"
+
+  build-and-push:
+    runs-on: ubuntu-latest
+    needs: read-config
+    strategy:
+      matrix:
+        kernel_version: ${{ fromJSON(needs.read-config.outputs.kernel).versions }}
+    env:
+      latest_stable: ${{ fromJSON(needs.read-config.outputs.kernel).latest_stable }}
+
+    steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Cache ccache output
+      uses: actions/cache@v3
+      with:
+        path: ccache
+        key: ccache-${{ matrix.kernel_version }}-amd64-${{ hashFiles('config') }}
+
+    - name: Inject ccache into builder
+      uses: reproducible-containers/[email protected]
+      with:
+        cache-source: ccache
+        cache-target: /root/.ccache
+
+    - name: Kernel metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ghcr.io/${{ github.repository_owner }}/ci-kernels
+        flavor: latest=false
+        tags: |
+          type=raw,value=${{ matrix.kernel_version }}
+          type=match,pattern=^\d+\.\d+,group=0,value=${{ matrix.kernel_version }}
+
+    - name: Selftests metadata
+      id: selftests-meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ghcr.io/${{ github.repository_owner }}/ci-kernels
+        flavor: latest=false
+        tags: |
+          type=raw,value=${{ matrix.kernel_version }},suffix=-selftests
+          type=match,pattern=^\d+\.\d+,group=0,value=${{ matrix.kernel_version }},suffix=-selftests
+
+    - name: Log in to GitHub Container Registry
+      if: github.ref == 'refs/heads/master'
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build kernel
+      uses: docker/build-push-action@v5
+      with:
+        target: vmlinux
+        platforms: |
+          linux/amd64
+          ${{ matrix.kernel_version == env.latest_stable && 'linux/arm64' || '' }}
+        build-args: |
+          KERNEL_VERSION=${{ matrix.kernel_version }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        push: ${{ github.ref == 'refs/heads/master' }}
+
+    - name: Build selftests
+      if: matrix.kernel_version == env.latest_stable
+      uses: docker/build-push-action@v5
+      with:
+        target: vmlinux
+        platforms: |
+          linux/amd64
+        build-args: |
+          KERNEL_VERSION=${{ matrix.kernel_version }}
+        tags: ${{ steps.selftests-meta.outputs.tags }}
+        labels: ${{ steps.selftests-meta.outputs.labels }}
+        push: ${{ github.ref == 'refs/heads/master' }}
+
+  build-arm64:
+    runs-on: ubuntu-latest
+    needs: read-config
+    env:
+      latest_version: ${{ fromJSON(needs.read-config.outputs.kernel).versions[0] }}
+
+    steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Cache ccache output
+      uses: actions/cache@v3
+      with:
+        path: ccache
+        key: ccache-${{ matrix.kernel_version }}-arm64-${{ hashFiles('config') }}
+
+    - name: Inject ccache into builder
+      uses: reproducible-containers/[email protected]
+      with:
+        cache-source: ccache
+        cache-target: /root/.ccache
+
+    - name: Build
+      uses: docker/build-push-action@v5
+      with:
+        target: vmlinux
+        platforms: linux/arm64
+        build-args: |
+          KERNEL_VERSION=${{ env.latest_version }}
+
+  results:
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    name: Final Results
+    needs:
+    - build-and-push
+    - build-arm64
+    steps:
+    - run: exit 1
+      if: >-
+        ${{
+              contains(needs.*.result, 'failure')
+          || contains(needs.*.result, 'cancelled')
+        }}

Dockerfile

@@ -1,53 +1,59 @@
-FROM debian:bookworm
-
-LABEL org.opencontainers.image.source https://github.com/cilium/ci-kernels
-
-# Preserve the APT cache between runs
-RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
-
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
-    --mount=type=cache,target=/var/lib/apt,sharing=locked \
-    apt-get update && \
-    apt-get install -y --no-install-recommends \
-        ca-certificates
-
-COPY llvm-snapshot.gpg /usr/share/keyrings
-COPY llvm.list /etc/apt/sources.list.d
-COPY llvm.pref /etc/apt/preferences.d
-
-# Bake the appropriate clang version into the container
-ARG CLANG_VERSION=16
-ENV CLANG=clang-${CLANG_VERSION}
-ENV LLVM_STRIP=llvm-strip-${CLANG_VERSION}
-
-# Update and install dependencies
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
-    --mount=type=cache,target=/var/lib/apt,sharing=locked \
-    apt-get update && \
-    apt-get install -y --no-install-recommends \
-        curl \
-        tar \
-        build-essential \
-        crossbuild-essential-amd64 \
-        crossbuild-essential-arm64 \
-        libncurses5-dev \
-        bison \
-        flex \
-        libssl-dev \
-        bc \
-        xz-utils \
-        ccache \
-        libelf-dev \
-        python3-docutils \
-        python3-pip \
-        pahole \
-        libcap-dev \
-        ${CLANG} \
-        llvm-${CLANG_VERSION} \
-        lld \
-        kmod \
-        rsync \
-        libc6-dev-i386
-
-# Install virtme-configkernel
-RUN pip3 install --break-system-packages https://github.com/amluto/virtme/archive/refs/heads/master.zip
+FROM --platform=$BUILDPLATFORM ghcr.io/cilium/ci-kernels-builder:1696243950 AS configure-vmlinux
+
+ARG KERNEL_VERSION
+
+# Download and cache kernel
+COPY download.sh .
+
+RUN --mount=type=cache,target=/tmp/kernel ./download.sh
+
+WORKDIR /usr/src/linux-${KERNEL_VERSION}
+
+COPY configure-vmlinux.sh env.sh config .
+
+ARG KBUILD_BUILD_TIMESTAMP="Thu  6 Jul 01:00:00 UTC 2023"
+ARG KBUILD_BUILD_HOST="ci-kernels-builder"
+ARG TARGETPLATFORM
+
+RUN ./configure-vmlinux.sh
+
+FROM configure-vmlinux AS build-vmlinux
+
+COPY build-vmlinux.sh .
+
+RUN --mount=type=cache,target=/root/.ccache \
+    echo 'max_size = 5.0G' > /root/.ccache/ccache.conf; \
+    ./build-vmlinux.sh && \
+    ccache -s
+
+# Install compiled artifacts
+RUN mkdir -p /tmp/output/boot && \
+    find ./ -type f -name '*Image' -exec cp -v {} /tmp/output/boot/vmlinuz \; && \
+    if [ -d tools/testing/selftests/bpf/bpf_testmod ]; then \
+        make M=tools/testing/selftests/bpf/bpf_testmod INSTALL_MOD_PATH=/tmp/output modules_install; \
+    fi
+
+# Build selftests
+FROM build-vmlinux as build-selftests
+
+ARG BUILDPLATFORM
+
+RUN if [ "$BUILDPLATFORM" != "$TARGETPLATFORM" ]; then \
+        echo "Can't cross compile selftests"; exit 1; \
+    fi
+
+COPY build-selftests.sh .
+RUN ./build-selftests.sh
+
+COPY copy-selftests.sh .
+RUN mkdir /tmp/selftests && ./copy-selftests.sh /tmp/selftests
+
+# Prepare the final kernel image
+FROM scratch as vmlinux
+
+COPY --from=build-vmlinux /tmp/output /
+
+# Prepare the selftests image
+FROM scratch as selftests-bpf
+
+COPY --from=build-selftests /tmp/selftests /

Dockerfile.builder

@@ -0,0 +1,53 @@
+FROM debian:bookworm
+
+LABEL org.opencontainers.image.source https://github.com/cilium/ci-kernels
+
+# Preserve the APT cache between runs
+RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
+
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get update && \
+    apt-get install -y --no-install-recommends \
+        ca-certificates
+
+COPY llvm-snapshot.gpg /usr/share/keyrings
+COPY llvm.list /etc/apt/sources.list.d
+COPY llvm.pref /etc/apt/preferences.d
+
+# Bake the appropriate clang version into the container
+ARG CLANG_VERSION=16
+ENV CLANG=clang-${CLANG_VERSION}
+ENV LLVM_STRIP=llvm-strip-${CLANG_VERSION}
+
+# Update and install dependencies
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get update && \
+    apt-get install -y --no-install-recommends \
+        curl \
+        tar \
+        build-essential \
+        crossbuild-essential-amd64 \
+        crossbuild-essential-arm64 \
+        libncurses5-dev \
+        bison \
+        flex \
+        libssl-dev \
+        bc \
+        xz-utils \
+        ccache \
+        libelf-dev \
+        python3-docutils \
+        python3-pip \
+        pahole \
+        libcap-dev \
+        ${CLANG} \
+        llvm-${CLANG_VERSION} \
+        lld \
+        kmod \
+        rsync \
+        libc6-dev-i386
+
+# Install virtme-configkernel
+RUN pip3 install --break-system-packages https://github.com/amluto/virtme/archive/refs/heads/master.zip