From afb957058df8f90a9393efda3fdde637f46288a2 Mon Sep 17 00:00:00 2001
From: Nagendra T P <ntp@marvell.com>
Date: Wed, 4 Sep 2024 12:51:13 +0530
Subject: [PATCH] ci: github workflow packaging for openssl engine

Added GitHub actions workflow for DPDK based OpenSSL engine

Signed-off-by: Nagendra T P <ntp@marvell.com>
Change-Id: I977675e23759435243cb0f4d6d43fac55889fbbe
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/dataplane/dpu-offload/+/134894
Tested-by: sa_ip-toolkits-Jenkins <sa_ip-toolkits-jenkins@marvell.com>
Reviewed-by: Jerin Jacob <jerinj@marvell.com>
---
 .github/workflows/build-openssl-engine.yml | 171 +++++++++++++++++++++
 1 file changed, 171 insertions(+)
 create mode 100644 .github/workflows/build-openssl-engine.yml

diff --git a/.github/workflows/build-openssl-engine.yml b/.github/workflows/build-openssl-engine.yml
new file mode 100644
index 0000000..e5894db
--- /dev/null
+++ b/.github/workflows/build-openssl-engine.yml
@@ -0,0 +1,171 @@
+name: build-cn10k-openssl-engine
+
+on:
+  push:
+  schedule:
+    - cron: "0 0 * * 1"
+  pull_request:
+
+permissions:
+  contents: write
+  pages: write
+  id-token: write
+  packages: write
+
+jobs:
+  ubuntu-cn10k-build:
+    name: ubuntu-cn10k-arm64
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+          - arch: aarch64
+            distro: ubuntu22.04
+            compiler: gcc
+            library: static
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+      - name: Generate cache keys
+        id: get_ref_keys
+        run: |
+          echo 'ccache=ccache-${{ matrix.distro }}-${{ matrix.compiler }}-${{ matrix.arch }}-'$(date -u +%Y-w%W) >> $GITHUB_OUTPUT
+      - name: Retrieve ccache cache
+        uses: actions/cache@v4
+        with:
+          path: ~/.ccache
+          key: ${{ steps.get_ref_keys.outputs.ccache }}-${{ github.ref }}
+          restore-keys: |
+            ${{ steps.get_ref_keys.outputs.ccache }}-refs/heads/main
+      - name: Extract version details
+        id: version
+        run: |
+          mkdir -p "${PWD}/artifacts"
+          git tag --points-at HEAD > /tmp/tags
+          [ -s /tmp/tags ] && PKG_POSTFIX= || PKG_POSTFIX=-devel
+          echo "PKG_VERSION_NAME=`cat VERSION`" >> "${PWD}/artifacts/env"
+          echo "PKG_POSTFIX=${PKG_POSTFIX}" >> "${PWD}/artifacts/env"
+          echo "DPDK_BASE_PKG_VERSION=`cat DPDK_VERSION | grep BASE_VERSION | awk -F'=' '{print $2}' | awk -F'.' '{print $1"."$2}'`" >> "${PWD}/artifacts/env"
+          echo "DPDK_PKG_VERSION=`cat DPDK_VERSION | grep RELEASE_VERSION | awk -F'=' '{print $2}'`" >> "${PWD}/artifacts/env"
+          source "${PWD}/artifacts/env"
+      - uses: uraimo/run-on-arch-action@v2.7.2
+        name: Build Engine and generate package
+        id: build
+        with:
+          arch: ${{ matrix.arch }}
+          distro: ${{ matrix.distro }}
+          githubToken: ${{ github.token }}
+          setup: |
+            mkdir -p ~/.ccache
+          dockerRunArgs: |
+            --volume "${PWD}/artifacts:/artifacts"
+            --volume "${HOME}/.ccache:/root/.ccache"
+          shell: /bin/bash
+          install: |
+            apt-get update -q -y
+            apt-get install -y build-essential gcc meson ccache git doxygen apt-utils
+            apt-get install -y build-essential ccache git software-properties-common
+            add-apt-repository -y ppa:ubuntu-toolchain-r/test
+            apt-get update -q -y
+            apt-get install -y libnl-3-dev libnl-route-3-dev libnl-xfrm-3-dev
+            apt-get install -y sphinx-common python3-sphinx-rtd-theme pkg-config
+            apt-get install -y libarchive-dev libbsd-dev libbpf-dev
+            apt-get install -y libfdt-dev libjansson-dev autoconf dh-autoreconf
+            apt-get install -y libssl-dev ninja-build python3-pip
+            apt-get install -y python3-pyelftools python3-setuptools python3-wheel zlib1g-dev
+            apt-get install -y gcc-13 bzip2-doc icu-devtools libacl1-dev libattr1-dev
+            apt-get install -y libbz2-dev libgmp-dev libgmpxx4ldbl libicu-dev liblz4-dev
+            apt-get install -y liblzma-dev libxml2-dev libzstd-dev nettle-dev wget lsb-release
+          run: |
+            source /artifacts/env
+            git config --global --add safe.directory "${PWD}"
+            DISTRO=ubuntu-`lsb_release -rs`
+            echo "DISTRO=${DISTRO}" >> /artifacts/env
+            export CC='ccache gcc-13 -mcpu=neoverse-n2+sve2+crypto'
+            echo "cache_dir = /root/.ccache" > /root/.ccache/ccache.conf
+            ccache -p
+            pkg-config --list-all
+            BASE_DIR=${PWD}
+            OPENSSL_PATCH_VERSION=$(ls patches/nginx/deps/openssl/ | head -n 1)
+            OPENSSL_VERSION=${OPENSSL_PATCH_VERSION#v}
+            echo "OPENSSL_VERSION=${OPENSSL_VERSION}" >> /artifacts/env
+            wget "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz"
+            tar -xzf openssl-${OPENSSL_VERSION}.tar.gz
+            cd "${PWD}/openssl-${OPENSSL_VERSION}"
+            for patch in ${BASE_DIR}/patches/nginx/deps/openssl/${OPENSSL_PATCH_VERSION}/*.patch; do
+                patch -p1 < "$patch"
+            done
+            ./Configure linux-aarch64
+            until make; do echo "Building OpenSSL failed, retrying"; done
+            cd ..
+            export OPENSSL_INSTALL=$BASE_DIR/openssl-${OPENSSL_VERSION}
+            wget "https://github.com/MarvellEmbeddedProcessors/marvell-dpdk/releases/download/dpdk-${DPDK_BASE_PKG_VERSION}_${DPDK_PKG_VERSION}-${DISTRO}-${DPDK_PKG_VERSION}/dpdk-${DPDK_BASE_PKG_VERSION}-cn10k_${DPDK_PKG_VERSION}_arm64.deb"
+            apt-get install -y ./"dpdk-${DPDK_BASE_PKG_VERSION}-cn10k_${DPDK_PKG_VERSION}_arm64.deb"
+            git clone "https://github.com/MarvellEmbeddedProcessors/marvell-openssl-engine.git"
+            cd "${PWD}/marvell-openssl-engine"
+            echo "ENGINE_VERSION=`cat localversion`" >> "${BASE_DIR}/artifacts/env"
+            source /artifacts/env
+            export DPDK_INSTALL=/
+            make OTX2=y OSSL_CONF=y DPDK_PC=$DPDK_INSTALL/usr/lib/aarch64-linux-gnu/pkgconfig/
+            mkdir -p "${PWD}/install/usr/local/lib/engines-1.1/"
+            cp -r "${PWD}/dpdk_engine.so" "${PWD}/install/usr/local/lib/engines-1.1/."
+            mkdir -p "${PWD}/install/usr/share/openssl-engine-dpdk/"
+            cp -r "${PWD}/scripts/"* "${PWD}/install/usr/share/openssl-engine-dpdk/"
+            mkdir -p "${PWD}/install/usr/local/lib/engines-1.1/doc/"
+            cp -r "${PWD}/doc/"* "${PWD}/install/usr/local/lib/engines-1.1/doc/."
+            mkdir -p "${PWD}/install/DEBIAN"
+            cd "${PWD}/install"
+            echo 'Package: openssl-engine-'${ENGINE_VERSION}'-cnxk'${PKG_POSTFIX} >> DEBIAN/control
+            echo 'Version: '${PKG_VERSION_NAME} >> DEBIAN/control
+            echo "Maintainer: Jerin Jacob (jerinj@marvell.com)" >> DEBIAN/control
+            echo "Architecture: arm64" >> DEBIAN/control
+            echo "Description: DPDK based OpenSSL Engine for Marvell Octeon 10" >> DEBIAN/control
+            cd ..
+            mv "${PWD}/install" "${PWD}/openssl-engine-${ENGINE_VERSION}-cnxk${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64"
+            dpkg --build "openssl-engine-${ENGINE_VERSION}-cnxk${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64"
+            cp -r "openssl-engine-${ENGINE_VERSION}-cnxk${PKG_POSTFIX}_${PKG_VERSION_NAME}_arm64.deb" /artifacts/.
+      - name: Export version name
+        id: artifacts
+        run: |
+          source "${PWD}/artifacts/env"
+          echo $PKG_VERSION_NAME
+          echo "PKG_VERSION_NAME=${PKG_VERSION_NAME}" >> "$GITHUB_OUTPUT"
+          echo $ENGINE_VERSION
+          echo "ENGINE_VERSION=${ENGINE_VERSION}" >> "$GITHUB_OUTPUT"
+          echo $DISTRO
+          echo "DISTRO=${DISTRO}" >> "$GITHUB_OUTPUT"
+          [[ "$PKG_POSTFIX" == "-devel" ]] && TAG=devel || TAG=${PKG_VERSION_NAME}
+          echo "PKG_POSTFIX=${PKG_POSTFIX}" >> "$GITHUB_OUTPUT"
+          echo "TAG=${TAG}" >> "$GITHUB_OUTPUT"
+      - name: Delete existing release
+        if: ${{ github.event_name == 'push' }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          if gh release view openssl-engine-${{ steps.artifacts.outputs.ENGINE_VERSION }}-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}; then
+            gh release delete openssl-engine-${{ steps.artifacts.outputs.ENGINE_VERSION }}-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }} --cleanup-tag -y
+          else
+            echo "Release not found"
+          fi
+      - name: Release Engine cnxk package
+        uses: softprops/action-gh-release@v2.0.4
+        if: ${{ github.event_name == 'push' }}
+        with:
+          tag_name: openssl-engine-${{ steps.artifacts.outputs.ENGINE_VERSION }}-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}
+          files: |
+            ${{ github.workspace }}/artifacts/openssl-engine-${{ steps.artifacts.outputs.ENGINE_VERSION }}-cnxk${{ steps.artifacts.outputs.PKG_POSTFIX }}_${{ steps.artifacts.outputs.PKG_VERSION_NAME }}_arm64.deb
+      - name: Dispatch package update event
+        if: ${{ github.event_name == 'push' }}
+        run: |
+          curl -L \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -H "Authorization: Bearer ${{ secrets.PPA_REPO_SECRET }}" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/marvellembeddedprocessors/packages/dispatches \
+            -d '{"event_type":"dispatch-event", "client_payload": {"package" : "engine",
+            "tag": "openssl-engine-${{ steps.artifacts.outputs.ENGINE_VERSION }}-${{ steps.artifacts.outputs.PKG_VERSION_NAME }}-${{ steps.artifacts.outputs.DISTRO }}-${{ steps.artifacts.outputs.TAG }}",
+            "distro" : "${{ steps.artifacts.outputs.DISTRO }}"}}'
\ No newline at end of file