Merge pull request #538 from flatcar/kai/local-patch

ci-automation: Support local patches
2025-09-23 22:51:03 +02:00 · 2022-10-27 13:01:31 +02:00 · 2022-10-27 13:01:31 +02:00 · 038a449398
commit 038a449398
parent 3730bc644a 25dbccc14d
7 changed files with 72 additions and 0 deletions
--- a/ci-automation/README.md
+++ b/ci-automation/README.md
@ -112,6 +112,10 @@ image_build amd64
                                              `- vendor OS images ---->|
 ```

+## Local Patches
+
+For embargoed relases the build system looks for patch files `../scripts.patch`, `../overlay.patch`, `../portage.patch` (i.e., in the folder that contains the `scripts` repo) and applies them locally before building.
+
 ## Testing

 Testing follows the same design principles build automation adheres to - it's self-contained and context-aware, reducing required parameters to a minimum.
--- a/ci-automation/ci_automation_common.sh
+++ b/ci-automation/ci_automation_common.sh
@ -475,3 +475,35 @@ function list_files() {
    done
 }
 # --
+
+# Looks for ../scripts.patch, ../overlay.patch, ../portage.patch and
+# applies them to the current repo or the respective sub-module checkout.
+function apply_local_patches() {
+  local patch_files=(../scripts.patch ../overlay.patch ../portage.patch)
+  local patch_file
+  local patch_id
+  local dirarg
+  echo "Looking for local patches ${patch_files[*]}"
+  for patch_file in "${patch_files[@]}"; do
+    if [ "${patch_file}" = "../scripts.patch" ]; then
+      dirarg=()
+    elif [ "${patch_file}" = "../overlay.patch" ]; then
+      dirarg=("-C" "sdk_container/src/third_party/coreos-overlay/")
+    elif [ "${patch_file}" = "../portage.patch" ]; then
+      dirarg=("-C" "sdk_container/src/third_party/portage-stable/")
+    else
+      echo "wrong case: unexpected ${patch_file}"
+      exit 1
+    fi
+    patch_id=$(test -e "${patch_file}" && { cat "${patch_file}" | git patch-id | cut -d ' ' -f 1 ; } || true)
+    if [ "${patch_id}" != "" ]; then
+      if git "${dirarg[@]}" log --no-merges -p HEAD | git patch-id | cut -d ' ' -f 1 | grep -q "${patch_id}"; then
+        echo "Skipping already applied ${patch_file}"
+      else
+        echo "Applying ${patch_file}"
+        GIT_COMMITTER_NAME="Flatcar Buildbot" GIT_COMMITTER_EMAIL="buildbot@flatcar-linux.org" git "${dirarg[@]}" am -3 "$PWD/${patch_file}"
+      fi
+    fi
+  done
+}
+# --
--- a/ci-automation/image.sh
+++ b/ci-automation/image.sh
@ -33,6 +33,12 @@
 #        Defaults to nothing if not set - in such case, artifacts will not be signed.
 #        If provided, SIGNER environment variable should also be provided, otherwise this environment variable will be ignored.
 #
+#   3. A file ../scripts.patch to apply with "git am -3" for the scripts repo.
+#
+#   4. A file ../overlay.patch to apply with "git am -3" for the coreos-overlay sub-module.
+#
+#   5. A file ../portage.patch to apply with "git am -3" for the portage-stable sub-module.
+#
 # OUTPUT:
 #
 #   1. OS image, dev container, related artifacts, and torcx packages pushed to buildcache.
@ -83,6 +89,7 @@ function _image_build_impl() {
            official_arg="--noofficial"
    fi

+    apply_local_patches
    # build image and related artifacts
    ./run_sdk_container -x ./ci-cleanup.sh -n "${image_container}" -C "${packages_image}" \
            -v "${vernum}" \
--- a/ci-automation/packages-tag.sh
+++ b/ci-automation/packages-tag.sh
@ -42,6 +42,12 @@
 #       This version will be checked out / pulled from remote in the portage-stable git submodule.
 #       The submodule config will be updated to point to this version before the TARGET SDK tag is created and pushed.
 #
+#   4. A file ../scripts.patch to apply with "git am -3" for the scripts repo.
+#
+#   5. A file ../overlay.patch to apply with "git am -3" for the coreos-overlay sub-module.
+#
+#   6. A file ../portage.patch to apply with "git am -3" for the portage-stable sub-module.
+#
 # OUTPUT:
 #
 #   1. Updated scripts repository
@ -120,5 +126,6 @@ function _packages_tag_impl() {
      create_versionfile "$sdk_version" "$version"
    )
    update_and_push_version "${version}" "${push_branch}"
+    apply_local_patches
 }
 # --
--- a/ci-automation/packages.sh
+++ b/ci-automation/packages.sh
@ -36,6 +36,12 @@
 #        Defaults to nothing if not set - in such case, artifacts will not be signed.
 #        If provided, SIGNER environment variable should also be provided, otherwise this environment variable will be ignored.
 #
+#   4. A file ../scripts.patch to apply with "git am -3" for the scripts repo.
+#
+#   5. A file ../overlay.patch to apply with "git am -3" for the coreos-overlay sub-module.
+#
+#   6. A file ../portage.patch to apply with "git am -3" for the portage-stable sub-module.
+#
 # OUTPUT:
 #
 #   1. Exported container image "flatcar-packages-[ARCH]-[VERSION].tar.gz" with binary packages
@ -93,6 +99,7 @@ function _packages_build_impl() {
        torcx_pkg_url="https://$(get_git_channel).release.flatcar-linux.net/${arch}-usr/${vernum}/torcx"
    fi

+    apply_local_patches
    # Build packages; store packages and torcx output in container
    ./run_sdk_container -x ./ci-cleanup.sh -n "${packages_container}" -v "${vernum}" \
        -C "${sdk_image}" \
--- a/ci-automation/sdk_bootstrap.sh
+++ b/ci-automation/sdk_bootstrap.sh
@ -47,6 +47,12 @@
 #        Defaults to nothing if not set - in such case, artifacts will not be signed.
 #        If provided, SIGNER environment variable should also be provided, otherwise this environment variable will be ignored.
 #
+#   8. A file ../scripts.patch to apply with "git am -3" for the scripts repo.
+#
+#   9. A file ../overlay.patch to apply with "git am -3" for the coreos-overlay sub-module.
+#
+#   10. A file ../portage.patch to apply with "git am -3" for the portage-stable sub-module.
+#
 # OUTPUT:
 #
 #   1. SDK tarball (gentoo catalyst output) of the new SDK, pushed to buildcache.
@ -143,6 +149,7 @@ function _sdk_bootstrap_impl() {
      create_versionfile "${vernum}"
    )
    update_and_push_version "${version}" "${push_branch}"
+    apply_local_patches

    ./bootstrap_sdk_container -x ./ci-cleanup.sh "${seed_version}" "${vernum}"

--- a/ci-automation/vms.sh
+++ b/ci-automation/vms.sh
@ -36,6 +36,12 @@
 #        Defaults to nothing if not set - in such case, artifacts will not be signed.
 #        If provided, SIGNER environment variable should also be provided, otherwise this environment variable will be ignored.
 #
+#   3. A file ../scripts.patch to apply with "git am -3" for the scripts repo.
+#
+#   4. A file ../overlay.patch to apply with "git am -3" for the coreos-overlay sub-module.
+#
+#   5. A file ../portage.patch to apply with "git am -3" for the portage-stable sub-module.
+#
 # OUTPUT:
 #
 #   1. Exported VM image(s), pushed to buildcache ( images/[ARCH]/[FLATCAR_VERSION]/ )
@ -76,6 +82,8 @@ function _vm_build_impl() {
    local vms="flatcar-vms-${arch}"
    local vms_container="${vms}-${docker_vernum}"

+    apply_local_patches
+
    # automatically add PXE to formats if we build for Equinix Metal (packet).
    local has_packet=0
    local has_pxe=0