openwrt / gh-action-sdk

GitHub CI action to build packages via SDK
30 stars 48 forks source link

Allow to sign packages with random keypair #16

Closed brvphoenix closed 1 year ago

brvphoenix commented 1 year ago

Allow to sign packages with random keypair. The generated public key will be stored at /artifacts/pubkey/ with the name of its fingerprint. By adding local feeds, other CI using this action can install the packages with its dependencies without opkg update. It avoids local build packages being incompatible with remote dependencies.

Refs: https://github.com/openwrt/packages/actions/runs/3470664086/jobs/5799147200

Side topic: This action used in https://github.com/openwrt/packages/blob/master/.github/workflows/multi-arch-test-build.yml has been broken because of the obsolete rootfs docker. The kernel mods of the test docker has kernel version 5.10.147-1-6ff1f802e677585471e0ec9bdffb624f, but the local build packages require the kernel mods with verison of 5.15.82-1-95b208ba4178f06f4e9c19b4a217463b. This pr won't fix this issue. It need to update the openwrtorg/rootfs. We should keep sdk version consistent with rootfs.

Refs: https://github.com/openwrt/packages/actions/runs/3692046677/jobs/6250567274 https://github.com/openwrt/packages/actions/runs/3684361462/jobs/6234006872