| #!/bin/bash |
| |
| set -e |
| |
| if [ "$JENKINS_RELEASETYPE" != "stable" ]; then |
| RELEASE_DIR="$JENKINS_RELEASETYPE/" |
| LEAF_EXTRAVERSION="-$JENKINS_RELEASETYPE" |
| fi |
| |
| LEAF_FLAVORS=(VANILLA GMS microG) |
| TARGET_FILES_DIR="/var/lib/jenkins/leaf/target-files/$RELEASE_DIR$JENKINS_DEVICE" |
| MASTER_IP="$(echo $SSH_CLIENT | cut -f1 -d ' ')" |
| BUILDDATE=$(echo "$BUILDDATE" | head -n 1) |
| DL_DIR="/var/www/dl.leafos.org/$RELEASE_DIR$JENKINS_DEVICE/$BUILDDATE" |
| WWW_DIR="/var/www/leafos.org" |
| KEY_DIR="/var/lib/jenkins/.android-certs" |
| AVB_ALGORITHM="SHA256_RSA4096" |
| OTATOOLS="out/host/linux-x86/bin" |
| [[ $JENKINS_DEVICE == *_gsi_* ]] && TARGET_IS_GSI=true |
| export LEAF_BUILDTYPE="OFFICIAL" |
| export TARGET_RO_FILE_SYSTEM_TYPE="erofs" |
| export BOARD_EXT4_SHARE_DUP_BLOCKS=true |
| CCACHE_EXEC=$(which ccache) |
| export CCACHE_EXEC |
| [ "$CCACHE_EXEC" ] && export USE_CCACHE=true |
| |
| if [ "$JENKINS_REPOPICK" ]; then |
| TELEGRAM_MESSAGE="Build ${BUILD_DISPLAY_NAME//_/\\_}: [See progress](${BUILD_URL}console) |
| Repopick: $JENKINS_REPOPICK |
| Build status:" |
| else |
| TELEGRAM_MESSAGE="Build ${BUILD_DISPLAY_NAME//_/\\_}: [See progress](${BUILD_URL}console) |
| Build status:" |
| fi |
| |
| # Telegram Bot token |
| source /var/lib/jenkins/leaf/telegram.sh |
| |
| function telegram() { |
| if [ "$JENKINS_TELEGRAM" = true ]; then |
| RESULT=$(curl -s "https://api.telegram.org/bot$TELEGRAM_TOKEN/$1" \ |
| -d "chat_id=@leafos_ci" \ |
| -d "parse_mode=Markdown" \ |
| -d "message_id=$(cat .msgid 2>/dev/null)" \ |
| -d "text=$2") |
| MESSAGE_ID=$(jq '.result.message_id' <<<"$RESULT") |
| [[ $MESSAGE_ID =~ ^[0-9]+$ ]] && echo "$MESSAGE_ID" >.msgid |
| fi |
| } |
| |
| function init() { |
| telegram sendMessage "$TELEGRAM_MESSAGE" |
| OTA_INDEX=$(ssh jenkins@$MASTER_IP mktemp) |
| scp ./jenkins/build/jenkins/index-ota.sh jenkins@$MASTER_IP:"$OTA_INDEX" |
| ssh jenkins@$MASTER_IP chmod +x "$OTA_INDEX" |
| echo "$OTA_INDEX" > .ota_index_tmp |
| } |
| |
| function sync() { |
| THREADS=$(nproc) |
| telegram editMessageText "$TELEGRAM_MESSAGE Syncing" |
| repo init -u https://git.leafos.org/LeafOS-Project/android -b "leaf-$JENKINS_LEAF_VERSION" --depth=1 |
| repo forall -c 'git reset --hard; git clean -fdx' >/dev/null || true |
| repo sync -j"$THREADS" --jobs-network=$((THREADS < 16 ? THREADS : 16)) --force-sync --retry-fetches=25 |
| if [ "$JENKINS_REPOPICK" ] && [ "$JENKINS_RELEASETYPE" != stable ]; then |
| read -a JENKINS_REPOPICK <<<"$JENKINS_REPOPICK" |
| for change in "${JENKINS_REPOPICK[@]}"; do |
| if [[ $change =~ ^[0-9]+$ ]]; then |
| ./vendor/leaf/tools/repopick.py "$change" |
| else |
| ./vendor/leaf/tools/repopick.py -t "$change" |
| fi |
| done |
| fi |
| } |
| |
| function target-files() { |
| AOSP_RELEASE="$(ls -1 -I trunk -I root build/release/aconfig/)" |
| |
| telegram editMessageText "$TELEGRAM_MESSAGE Generating target files" |
| source build/envsetup.sh |
| fetch_device "$JENKINS_DEVICE" |
| if [ "$JENKINS_LUNCH" ]; then |
| lunch "${JENKINS_LUNCH}_$JENKINS_DEVICE-$AOSP_RELEASE-$JENKINS_BUILDTYPE" |
| else |
| lunch "$JENKINS_DEVICE-$AOSP_RELEASE-$JENKINS_BUILDTYPE" |
| fi |
| for JENKINS_FLAVOR in "${LEAF_FLAVORS[@]}"; do |
| unset WITH_GMS |
| unset WITH_MICROG |
| if [ "$JENKINS_FLAVOR" = "GMS" ]; then |
| export WITH_GMS=true |
| elif [ "$JENKINS_FLAVOR" = "microG" ]; then |
| export WITH_MICROG=true |
| fi |
| rm -rf "$OUT" |
| m -j"$(nproc)" target-files-package otatools |
| mv "$OUT/obj/PACKAGING/target_files_intermediates/$TARGET_PRODUCT-target_files.zip" \ |
| "out/$JENKINS_DEVICE-target_files-$JENKINS_FLAVOR-$BUILD_ID.zip" |
| done |
| } |
| |
| function sign() { |
| telegram editMessageText "$TELEGRAM_MESSAGE Signing build" |
| [ "$TARGET_IS_GSI" ] && ALLOW_GSI_DEBUG_SEPOLICY="--allow_gsi_debug_sepolicy" |
| mkdir -p "/var/lib/jenkins/leaf/target-files/$RELEASE_DIR$JENKINS_DEVICE" |
| for JENKINS_FLAVOR in "${LEAF_FLAVORS[@]}"; do |
| zip -d "out/$JENKINS_DEVICE-target_files-$JENKINS_FLAVOR-$BUILD_ID.zip" "BOOTABLE_IMAGES/*" "IMAGES/*boot.img" "IMAGES/recovery.img" |
| "$OTATOOLS/sign_target_files_apks" -o -d "$KEY_DIR" \ |
| $ALLOW_GSI_DEBUG_SEPOLICY \ |
| --avb_vbmeta_key "$KEY_DIR/avb.pem" \ |
| --avb_vbmeta_algorithm "$AVB_ALGORITHM" \ |
| --extra_apks AdServicesApk.apk="$KEY_DIR/releasekey" \ |
| --extra_apks Bluetooth.apk="$KEY_DIR/bluetooth" \ |
| --extra_apks HalfSheetUX.apk="$KEY_DIR/releasekey" \ |
| --extra_apks OsuLogin.apk="$KEY_DIR/releasekey" \ |
| --extra_apks PdfViewer.apk="$KEY_DIR/releasekey" \ |
| --extra_apks SafetyCenterResources.apk="$KEY_DIR/releasekey" \ |
| --extra_apks ServiceConnectivityResources.apk="$KEY_DIR/releasekey" \ |
| --extra_apks ServiceUwbResources.apk="$KEY_DIR/releasekey" \ |
| --extra_apks ServiceWifiResources.apk="$KEY_DIR/releasekey" \ |
| --extra_apks WifiDialog.apk="$KEY_DIR/releasekey" \ |
| --extra_apks com.android.adbd.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.adbd.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.adservices.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.adservices.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.apex.cts.shim.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.apex.cts.shim.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.appsearch.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.appsearch.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.art.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.art.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.art.debug.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.art.debug.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.btservices.apex="$KEY_DIR/bluetooth" \ |
| --extra_apex_payload_key com.android.btservices.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.cellbroadcast.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.cellbroadcast.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.compos.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.compos.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.configinfrastructure.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.configinfrastructure.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.conscrypt.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.conscrypt.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.devicelock.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.devicelock.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.extservices.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.extservices.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.hardware.biometrics.fingerprint.virtual.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.hardware.biometrics.fingerprint.virtual.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.healthfitness.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.healthfitness.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.i18n.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.i18n.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.ipsec.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.ipsec.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.media.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.media.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.media.swcodec.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.media.swcodec.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.mediaprovider.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.mediaprovider.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.neuralnetworks.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.neuralnetworks.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.ondevicepersonalization.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.ondevicepersonalization.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.os.statsd.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.os.statsd.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.permission.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.permission.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.resolv.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.resolv.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.rkpd.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.rkpd.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.runtime.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.runtime.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.scheduling.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.scheduling.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.sdkext.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.sdkext.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.tethering.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.tethering.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.tzdata.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.tzdata.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.uwb.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.uwb.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.virt.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.virt.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.vndk.current.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.vndk.current.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.vndk.current.on_vendor.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.vndk.current.on_vendor.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.android.wifi.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.android.wifi.apex="$KEY_DIR/avb.pem" \ |
| --extra_apks com.google.pixel.camera.hal.apex="$KEY_DIR/releasekey" \ |
| --extra_apex_payload_key com.google.pixel.camera.hal.apex="$KEY_DIR/avb.pem" \ |
| "out/$JENKINS_DEVICE-target_files-$JENKINS_FLAVOR-$BUILD_ID.zip" \ |
| "$TARGET_FILES_DIR/$JENKINS_DEVICE-target_files-$JENKINS_FLAVOR-$BUILD_ID-signed.zip" |
| done |
| } |
| |
| function ota-package-name() { |
| OLD_BUILD_ID=$(unzip -p "$TARGET_FILES_DIR/$(cat "$TARGET_FILES_DIR/latest_$JENKINS_FLAVOR" 2>/dev/null)" \ |
| SYSTEM/build.prop 2>/dev/null | grep ro.build.version.incr | cut -d'=' -f2) |
| LEAF_PACKAGE="leaf-$JENKINS_LEAF_VERSION$LEAF_EXTRAVERSION-$BUILD_ID-$JENKINS_FLAVOR-$JENKINS_DEVICE" |
| LEAF_INCR_PACKAGE="leaf-$JENKINS_LEAF_VERSION$LEAF_EXTRAVERSION-$OLD_BUILD_ID-incr-$BUILD_ID-$JENKINS_FLAVOR-$JENKINS_DEVICE" |
| } |
| |
| function ota-package() { |
| telegram editMessageText "$TELEGRAM_MESSAGE Generating OTA package" |
| for JENKINS_FLAVOR in "${LEAF_FLAVORS[@]}"; do |
| ota-package-name |
| if [ "$TARGET_IS_GSI" ]; then |
| # Full image package for GSI |
| "$OTATOOLS/img_from_target_files" \ |
| "$TARGET_FILES_DIR/$JENKINS_DEVICE-target_files-$JENKINS_FLAVOR-$BUILD_ID-signed.zip" \ |
| "$LEAF_PACKAGE-img.zip" |
| |
| # Cleanup since there are no incremental packages for GSI |
| rm "$TARGET_FILES_DIR/$JENKINS_DEVICE-target_files-$JENKINS_FLAVOR-$BUILD_ID-signed.zip" |
| rmdir "$TARGET_FILES_DIR" 2>/dev/null || true |
| else |
| "$OTATOOLS/ota_from_target_files" -k "$KEY_DIR/releasekey" \ |
| "$TARGET_FILES_DIR/$JENKINS_DEVICE-target_files-$JENKINS_FLAVOR-$BUILD_ID-signed.zip" \ |
| "$LEAF_PACKAGE.zip" |
| # Incremental OTA |
| if [ -f "$TARGET_FILES_DIR/$(cat "$TARGET_FILES_DIR/latest_$JENKINS_FLAVOR" 2>/dev/null)" ]; then |
| "$OTATOOLS/ota_from_target_files" -k "$KEY_DIR/releasekey" \ |
| -i "$TARGET_FILES_DIR/$(cat "$TARGET_FILES_DIR/latest_$JENKINS_FLAVOR")" \ |
| "$TARGET_FILES_DIR/$JENKINS_DEVICE-target_files-$JENKINS_FLAVOR-$BUILD_ID-signed.zip" \ |
| "$LEAF_INCR_PACKAGE.zip" |
| fi |
| fi |
| done |
| } |
| |
| function upload() { |
| telegram editMessageText "$TELEGRAM_MESSAGE Uploading" |
| retry_uploading() { |
| for ((n = 0; n < 3; n++)); do |
| rsync -avP "$1" "jenkins@$MASTER_IP:$DL_DIR" && break |
| sleep 30 |
| done |
| } |
| ssh jenkins@$MASTER_IP mkdir -p "$DL_DIR" |
| for JENKINS_FLAVOR in "${LEAF_FLAVORS[@]}"; do |
| ota-package-name |
| if [ "$TARGET_IS_GSI" ]; then |
| # Full image package for GSI |
| retry_uploading "$LEAF_PACKAGE-img.zip" |
| else |
| retry_uploading "$LEAF_PACKAGE.zip" |
| if [ -f "$LEAF_INCR_PACKAGE.zip" ]; then |
| retry_uploading "$LEAF_INCR_PACKAGE.zip" |
| rm -f "$TARGET_FILES_DIR/$(cat "$TARGET_FILES_DIR/latest_$JENKINS_FLAVOR")" |
| fi |
| unzip -p "$TARGET_FILES_DIR/$JENKINS_DEVICE-target_files-$JENKINS_FLAVOR-$BUILD_ID-signed.zip" \ |
| IMAGES/recovery.img >"$LEAF_PACKAGE-recovery.img" |
| retry_uploading "$LEAF_PACKAGE-recovery.img" |
| echo "$JENKINS_DEVICE-target_files-$JENKINS_FLAVOR-$BUILD_ID-signed.zip" >"$TARGET_FILES_DIR/latest_$JENKINS_FLAVOR" |
| fi |
| done |
| |
| OTA_INDEX=$(cat .ota_index_tmp) |
| ssh jenkins@$MASTER_IP "$OTA_INDEX \"$DL_DIR\" \"$WWW_DIR\" \"https://${DL_DIR/\/var\/www\//}\" \"$JENKINS_DEVICE\"" |
| } |
| |
| function cleanup() { |
| if [ "$BUILD_STATUS" = "SUCCESS" ]; then |
| telegram editMessageText "$TELEGRAM_MESSAGE [Completed](https://${DL_DIR/\/var\/www\//})" |
| else |
| telegram editMessageText "$TELEGRAM_MESSAGE Failed at $STAGE" |
| fi |
| |
| if [ "$JENKINS_CLEAN" = true ]; then |
| rm -rf out |
| fi |
| rm -f .msgid |
| rm -f leaf*.zip |
| rm -f leaf*.img |
| rm -rf .repo/local_manifests |
| |
| OTA_INDEX=$(cat .ota_index_tmp 2>/dev/null) |
| rm -f .ota_index_tmp |
| if [ ! -z "$OTA_INDEX" ]; then |
| ssh jenkins@$MASTER_IP rm -f "$OTA_INDEX" |
| fi |
| } |