tag/4e691bf/docs/Process_CI.md

# Automatic or Manual Firmware Compilation

[![Build train](https://github.com/armbian/build/actions/workflows/build-train.yml/badge.svg)](https://github.com/armbian/build/actions/workflows/build-train.yml)

Generates kernels at code push if the code, patches or config were changed in any way. It is also triggered via cron in the middle of Central European Time (CET) night.

![Build](images/build-train.png)

The build train is executed only if there are changed kernels. When this happens, it also generates armbian-firmware, desktop and u-boot packages. If the build succeeds it pushes packages to the package repository and increments trunk build version.

- generates all changed kernels,
- generate all boot loaders for all supported hardware,
- generate desktop pacakages,
- generates armbian-firmware, armbian-zsh, armbian-config.

You can change source repository and you can change destination package repository to https://beta.armbian.com (default) or https://apt.armbian.com

Manual Executing rights: [Armbian project member](https://github.com/orgs/armbian/people)

# Official Images Compilation

[![Build Official Images](https://github.com/armbian/os/actions/workflows/build-images.yml/badge.svg)](https://github.com/armbian/os/actions/workflows/build-images.yml)


![Build](images/build-images-ci.png)

Regenerate predefined stable images with incrementing patch version for selected board.

Manual executing rights: [Armbian release manager](https://forum.armbian.com/staffapplications/application/11-release-manager/)

# Smoke tests on hardware devices

Smoke testing is preliminary testing to reveal simple failures severe enough to, for example, reject a prospective software release. Our test case is constructed of three steps:

![Smoke](images/smoke-tests.png)

- powering test equipment, consistent from several network switches, power supplies and dozens of hardware platforms
- running upgrade, reboot, repository switch, reboot, ... tests in parallel
- uploading a test report as build artefact following by powering the devices off.

Manual Executing rights: [Armbian project member](https://github.com/orgs/armbian/people)

# Automatic Pull Requests Labeler

[![Automatic Labeler](https://github.com/armbian/build/actions/workflows/labeler.yml/badge.svg)](https://github.com/armbian/build/actions/workflows/labeler.yml)

Automatically label new pull request based on the paths of files which are being changed. Configuration file can be found in:

        .github/labeler.yml

# Manual Pull Requests rebase

[![Automatic Rebase](https://github.com/armbian/build/actions/workflows/rebase.yml/badge.svg)](https://github.com/armbian/build/actions/workflows/rebase.yml)

Pull most recent code from master branch and put your work on top of your pull request.

How to use it? Simply comment 

       /rebase

to trigger the action.

- [Advantages of Git Rebase](https://itnext.io/advantages-of-git-rebase-af3b5f5448c6),
- [Automatic Rebase Action origin](https://github.com/marketplace/actions/automatic-rebase).

# Automatic or Manual Desktops Test Builds

[![Build All Desktops](https://github.com/armbian/build/actions/workflows/build-all-desktops.yml/badge.svg)](https://github.com/armbian/build/actions/workflows/build-all-desktops.yml)

Generates all desktops for arm64 and x86 arhitecture to verify if they build correctly. Build is triggered every day, manually (by [any member of Armbian project](https://github.com/orgs/armbian/people)) or in pull requests if label "Desktop" is set. Aim of this test case is to find out if there are troubles in packages relations.

- releases: bullseye, bookworm, jammy,
- desktop environments: xfce, gnome, mate, cinnamon, budgie, kde-plasma,
- builds are not using cached rootfs to force packages assembly,
- included applications paths are "3dsupport browsers",
- builds are done with [Docker image](https://github.com/orgs/armbian/packages?repo_name=build) on public runners.

# Automatic Kernel Build at Pull Requests

Generates kernels at Pull Requests if their code, patches or config was changed. Build starts when label of Pull Request is set to "Ready to review"

# Integrity testings

This action tests package integrity from all stable images at download section.

Manual Executing rights: [Armbian project member](https://github.com/orgs/armbian/people)

# Forked Helper

- Run repository dispatch to default fork branch
- Dispatch event on forked repostitory

# Lint On Scripts

![Lint](images/linterror.png)

Run [ShellCheck](https://github.com/koalaman/shellcheck) on changed shell scripts and report problems within. Since our scripts are full of shellcheck problems we don't block merging on those errors. Not yet.

Linting is run automatically on pull requests change.

# Scorecards Security Scan

Scorecards is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project. You can also assess the risks that dependencies introduce, and make informed decisions about accepting these risks, evaluating alternative solutions, or working with the maintainers to make improvements.

https://github.com/ossf/scorecard#what-is-scorecards

# Kernel hardening analysis

This analysis checks kernel config if changed.

There are plenty of security hardening options for the Linux kernel. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more secure.

https://github.com/a13xp0p0v/kconfig-hardened-check/blob/master/README.md
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`# Automatic or Manual Firmware Compilation`
Add auto rebase description 2021-10-13 13:12:02 +02:00
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`[![Build train](https://github.com/armbian/build/actions/workflows/build-train.yml/badge.svg)](https://github.com/armbian/build/actions/workflows/build-train.yml)`
Add auto rebase description 2021-10-13 13:12:02 +02:00
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`Generates kernels at code push if the code, patches or config were changed in any way. It is also triggered via cron in the middle of Central European Time (CET) night.`
Add auto rebase description 2021-10-13 13:12:02 +02:00
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`![Build](images/build-train.png)`
Add auto rebase description 2021-10-13 13:12:02 +02:00
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`The build train is executed only if there are changed kernels. When this happens, it also generates armbian-firmware, desktop and u-boot packages. If the build succeeds it pushes packages to the package repository and increments trunk build version.`

			`- generates all changed kernels,`
			`- generate all boot loaders for all supported hardware,`
			`- generate desktop pacakages,`
			`- generates armbian-firmware, armbian-zsh, armbian-config.`

			`You can change source repository and you can change destination package repository to https://beta.armbian.com (default) or https://apt.armbian.com`

			`Manual Executing rights: [Armbian project member](https://github.com/orgs/armbian/people)`

Changes on official images re-compilation (#329) * Add files via upload * Update Process_CI.md 2023-05-05 12:30:07 +02:00			`# Official Images Compilation`
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00
Changes on official images re-compilation (#329) * Add files via upload * Update Process_CI.md 2023-05-05 12:30:07 +02:00			`[![Build Official Images](https://github.com/armbian/os/actions/workflows/build-images.yml/badge.svg)](https://github.com/armbian/os/actions/workflows/build-images.yml)`
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00

Changes on official images re-compilation (#329) * Add files via upload * Update Process_CI.md 2023-05-05 12:30:07 +02:00			`![Build](images/build-images-ci.png)`
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00
Changes on official images re-compilation (#329) * Add files via upload * Update Process_CI.md 2023-05-05 12:30:07 +02:00			`Regenerate predefined stable images with incrementing patch version for selected board.`
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00
			`Manual executing rights: [Armbian release manager](https://forum.armbian.com/staffapplications/application/11-release-manager/)`

			`# Smoke tests on hardware devices`

			`Smoke testing is preliminary testing to reveal simple failures severe enough to, for example, reject a prospective software release. Our test case is constructed of three steps:`

			`![Smoke](images/smoke-tests.png)`

			`- powering test equipment, consistent from several network switches, power supplies and dozens of hardware platforms`
			`- running upgrade, reboot, repository switch, reboot, ... tests in parallel`
			`- uploading a test report as build artefact following by powering the devices off.`

			`Manual Executing rights: [Armbian project member](https://github.com/orgs/armbian/people)`

			`# Automatic Pull Requests Labeler`

			`[![Automatic Labeler](https://github.com/armbian/build/actions/workflows/labeler.yml/badge.svg)](https://github.com/armbian/build/actions/workflows/labeler.yml)`

			`Automatically label new pull request based on the paths of files which are being changed. Configuration file can be found in:`

			`.github/labeler.yml`

			`# Manual Pull Requests rebase`

			`[![Automatic Rebase](https://github.com/armbian/build/actions/workflows/rebase.yml/badge.svg)](https://github.com/armbian/build/actions/workflows/rebase.yml)`

			`Pull most recent code from master branch and put your work on top of your pull request.`

			`How to use it? Simply comment`

			`/rebase`

			`to trigger the action.`
Add auto rebase description 2021-10-13 13:12:02 +02:00
			`- [Advantages of Git Rebase](https://itnext.io/advantages-of-git-rebase-af3b5f5448c6),`
			`- [Automatic Rebase Action origin](https://github.com/marketplace/actions/automatic-rebase).`

Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`# Automatic or Manual Desktops Test Builds`

			`[![Build All Desktops](https://github.com/armbian/build/actions/workflows/build-all-desktops.yml/badge.svg)](https://github.com/armbian/build/actions/workflows/build-all-desktops.yml)`

			`Generates all desktops for arm64 and x86 arhitecture to verify if they build correctly. Build is triggered every day, manually (by [any member of Armbian project](https://github.com/orgs/armbian/people)) or in pull requests if label "Desktop" is set. Aim of this test case is to find out if there are troubles in packages relations.`

Supported releases (#333) * consolidate PINE64 documentation * update supported releases 2023-05-05 12:29:34 +02:00			`- releases: bullseye, bookworm, jammy,`
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`- desktop environments: xfce, gnome, mate, cinnamon, budgie, kde-plasma,`
			`- builds are not using cached rootfs to force packages assembly,`
			`- included applications paths are "3dsupport browsers",`
			`- builds are done with [Docker image](https://github.com/orgs/armbian/packages?repo_name=build) on public runners.`

			`# Automatic Kernel Build at Pull Requests`

Update Process_CI.md (#291) 2022-12-13 18:16:55 +01:00			`Generates kernels at Pull Requests if their code, patches or config was changed. Build starts when label of Pull Request is set to "Ready to review"`
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00
Update Process_CI.md (#227) 2022-06-19 18:41:10 +02:00			`# Integrity testings`

Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`This action tests package integrity from all stable images at download section.`
Update Process_CI.md (#227) 2022-06-19 18:41:10 +02:00
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`Manual Executing rights: [Armbian project member](https://github.com/orgs/armbian/people)`
Add info about pull request CI changes (#156) * update * Update hashes * update * Update Process_CI.md * Update Process_CI.md * Update Process_CI.md 2021-10-10 22:15:23 +02:00
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`# Forked Helper`
Add info about pull request CI changes (#156) * update * Update hashes * update * Update Process_CI.md * Update Process_CI.md * Update Process_CI.md 2021-10-10 22:15:23 +02:00
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`- Run repository dispatch to default fork branch`
			`- Dispatch event on forked repostitory`
Add info about pull request CI changes (#156) * update * Update hashes * update * Update Process_CI.md * Update Process_CI.md * Update Process_CI.md 2021-10-10 22:15:23 +02:00
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`# Lint On Scripts`
Add info about pull request CI changes (#156) * update * Update hashes * update * Update Process_CI.md * Update Process_CI.md * Update Process_CI.md 2021-10-10 22:15:23 +02:00
Add changed information of script linting (#281) * Update Process_CI.md * Add files via upload * Update Process_CI.md 2022-11-15 10:52:50 +01:00			`![Lint](images/linterror.png)`
Add info about pull request CI changes (#156) * update * Update hashes * update * Update Process_CI.md * Update Process_CI.md * Update Process_CI.md 2021-10-10 22:15:23 +02:00
Add changed information of script linting (#281) * Update Process_CI.md * Add files via upload * Update Process_CI.md 2022-11-15 10:52:50 +01:00			`Run [ShellCheck](https://github.com/koalaman/shellcheck) on changed shell scripts and report problems within. Since our scripts are full of shellcheck problems we don't block merging on those errors. Not yet.`

			`Linting is run automatically on pull requests change.`
Add info about pull request CI changes (#156) * update * Update hashes * update * Update Process_CI.md * Update Process_CI.md * Update Process_CI.md 2021-10-10 22:15:23 +02:00
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`# Scorecards Security Scan`
Add description of Github Actions (#138) * Create Process_CI.md 2021-06-17 03:14:12 +02:00
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`Scorecards is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project. You can also assess the risks that dependencies introduce, and make informed decisions about accepting these risks, evaluating alternative solutions, or working with the maintainers to make improvements.`
Add description of Github Actions (#138) * Create Process_CI.md 2021-06-17 03:14:12 +02:00
Improving documentation on CI process (#256) 2022-08-23 20:16:38 +02:00			`https://github.com/ossf/scorecard#what-is-scorecards`
Update Process_CI.md (#305) 2023-01-25 11:07:41 +01:00
			`# Kernel hardening analysis`

			`This analysis checks kernel config if changed.`

			`There are plenty of security hardening options for the Linux kernel. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more secure.`

			`https://github.com/a13xp0p0v/kconfig-hardened-check/blob/master/README.md`