From c9c66a008b111c0343ba42661b2feee875acbe31 Mon Sep 17 00:00:00 2001 From: Daniel Rossier Date: Tue, 30 Jun 2026 10:29:25 +0200 Subject: [PATCH 1/3] ci: deploy the SD-card image in the Build workflow The Build workflow only compiled the kernel and the user space, so the deploy path (FIT assembly + loop-mounting and populating the rootfs + writing the SD-card image) was never exercised in CI. Add a second step that runs `build.sh bsp-so3` then `deploy.sh bsp-so3` for both virt32 and virt64. Deploy needs a privileged container (losetup/mkfs/mount via sudo -n), so the step runs with --privileged and -v /dev:/dev; the existing build step stays non-privileged. --- .github/workflows/build.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b20408c4a1..cf7d365bc4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,6 +11,11 @@ on: # kernel (build.sh -x so3) and the user space (build.sh -x usr-so3, which also # builds the MUSL toolchain via meta-toolchain) are non-privileged, so a plain # `docker run` (no --privileged) is enough. The repo is mounted at /so3. +# +# A second step then exercises the deploy path (build.sh bsp-so3 + deploy.sh +# bsp-so3): assembling the FIT image and writing the SD-card image needs a +# privileged container — the rootfs is populated through a loop-mount +# (losetup/mkfs/mount via sudo -n), hence --privileged and -v /dev:/dev. jobs: build: runs-on: ubuntu-latest @@ -40,3 +45,15 @@ jobs: exit $rc } ' + + - name: Assemble + deploy the SD-card image (privileged) + run: | + docker run --rm --privileged -v /dev:/dev -v "${PWD}:/so3" \ + ghcr.io/smartobjectoriented/so3-env:latest bash -c ' + set -e + cd /so3 + echo "IB_PLATFORM = \"${{ matrix.PLATFORM }}\"" >> build/conf/local.conf + . ./env.sh + build.sh bsp-so3 + deploy.sh bsp-so3 + ' From 6192b09017d5968d4caef51da241f3dda099c84a Mon Sep 17 00:00:00 2001 From: Daniel Rossier Date: Tue, 30 Jun 2026 10:47:54 +0200 Subject: [PATCH 2/3] ci: build the deploy step with the bare U-Boot chain The default local.conf uses IB_BOOT_CHAIN="full" (ATF + OP-TEE + AVZ), and the AVZ recipe fetches from a local dev path, so `build.sh bsp-so3` pulls avz:do_fetch and fails on any machine other than the maintainer's (including CI). Override IB_BOOT_CHAIN="uboot" in the deploy step so it still exercises FIT assembly + the privileged rootfs loop-mount + SD-card write, without requiring ATF/OP-TEE/AVZ. --- .github/workflows/build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cf7d365bc4..03bdd63cb8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -53,6 +53,10 @@ jobs: set -e cd /so3 echo "IB_PLATFORM = \"${{ matrix.PLATFORM }}\"" >> build/conf/local.conf + # Exercise the deploy path with the bare U-Boot chain. The default + # local.conf uses IB_BOOT_CHAIN="full" (ATF + OP-TEE + AVZ); AVZ is + # fetched from a local dev path, so "full" cannot build in CI. + echo "IB_BOOT_CHAIN = \"uboot\"" >> build/conf/local.conf . ./env.sh build.sh bsp-so3 deploy.sh bsp-so3 From d805893ab90d0f7813b2bbfd2b595159fdaa446d Mon Sep 17 00:00:00 2001 From: Daniel Rossier Date: Tue, 30 Jun 2026 11:03:33 +0200 Subject: [PATCH 3/3] ci: build the filesystem (SD-card) image before deploying bsp-so3:do_deploy writes into filesystem/work/sdcard.img., which is created by the privileged `filesystem` recipe (losetup/mkfs/parted), not by `build.sh bsp-so3`. Run `build.sh -x filesystem` before `deploy.sh bsp-so3`, matching the canonical deploy sequence used by the lv_perf image. --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 03bdd63cb8..8abb14c93e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -59,5 +59,8 @@ jobs: echo "IB_BOOT_CHAIN = \"uboot\"" >> build/conf/local.conf . ./env.sh build.sh bsp-so3 + # Create the (empty) SD-card image — privileged losetup/mkfs/parted — + # which bsp-so3:do_deploy then populates and writes. + build.sh -x filesystem deploy.sh bsp-so3 '