Add GHA workflows for each device type

.github/workflows/generic-aarch64.yml

@@ -0,0 +1,57 @@
+name: Generic AARCH64
+
+on:
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
+  pull_request:
+    branches:
+      - main
+      - master
+      # ESR branches glob pattern
+      # - 20[0-9][0-9].[0-1]?[1470].x
+  pull_request_target:
+    branches:
+      - main
+      - master
+  push:
+    tags:
+      # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
+      - v[0-9]+.[0-9]+.[0-9]+\+?r?e?v?*
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+    inputs:
+      force-finalize:
+        description: Force finalize of the build (implicitly enables hostapp and S3 deployments)
+        required: false
+        type: boolean
+        default: false
+      deploy-environment:
+        description: Environment to use for build and deploy
+        required: false
+        type: string
+        default: balena-staging.com
+
+jobs:
+  yocto:
+    name: Yocto
+    uses: balena-os/balena-yocto-scripts/.github/workflows/[email protected]
+    # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
+    # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
+    # This condition will prevent the workflow from running twice for the same pull request while
+    # still allowing it to run for all other event types.
+    if: (github.event.pull_request.head.repo.full_name == github.repository) == (github.event_name == 'pull_request')
+    secrets: inherit
+    with:
+      machine: generic-aarch64
+      # Allow manual workflow runs to force finalize without checking previous test runs
+      force-finalize: ${{ inputs.force-finalize || false }}
+      # Default to balena-staging.com for workflow dispatch, but balena-cloud.com for other events
+      deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com' }}
+      # Use QEMU workers for testing and run cloud suite against balenaCloud production
+      test_matrix: >
+        {
+          "test_suite": ["os","cloud","hup"],
+          "environment": ["balena-cloud.com"],
+          "worker_type": ["qemu"],
+          "runs_on": [["self-hosted", "X64", "kvm"]]
+        }

.github/workflows/generic-amd64-fs.yml

@@ -0,0 +1,53 @@
+name: Generic x86_64 (GPT) fs
+
+on:
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
+  pull_request:
+    branches:
+      - main
+      - master
+      # ESR branches glob pattern
+      # - 20[0-9][0-9].[0-1]?[1470].x
+  pull_request_target:
+    branches:
+      - main
+      - master
+  push:
+    tags:
+      # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
+      - v[0-9]+.[0-9]+.[0-9]+\+?r?e?v?*
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+    inputs:
+      force-finalize:
+        description: Force finalize of the build (implicitly enables hostapp and S3 deployments)
+        required: false
+        type: boolean
+        default: false
+      deploy-environment:
+        description: Environment to use for build and deploy
+        required: false
+        type: string
+        default: balena-staging.com
+
+jobs:
+  yocto:
+    name: Yocto
+    uses: balena-os/balena-yocto-scripts/.github/workflows/[email protected]
+    # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
+    # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
+    # This condition will prevent the workflow from running twice for the same pull request while
+    # still allowing it to run for all other event types.
+    if: (github.event.pull_request.head.repo.full_name == github.repository) == (github.event_name == 'pull_request')
+    secrets: inherit
+    with:
+      machine: generic-amd64-fs
+      # Allow manual workflow runs to force finalize without checking previous test runs
+      force-finalize: ${{ inputs.force-finalize || false }}
+      # Default to balena-staging.com for workflow dispatch, but balena-cloud.com for other events
+      deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com+generic-amd64-fs-signing-key' }}
+      # Sign image for secure boot
+      sign-image: true
+      # FIXME: Disable finalize-on-push until we have a test to verify that SIGN_KMOD_KEY_APPEND is set
+      finalize-on-push-if-tests-passed: false

.github/workflows/generic-amd64.yml

@@ -0,0 +1,60 @@
+name: Generic x86_64 (GPT)
+
+on:
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
+  pull_request:
+    branches:
+      - main
+      - master
+      # ESR branches glob pattern
+      - 20[0-9][0-9].[0-1]?[1470].x
+  pull_request_target:
+    branches:
+      - main
+      - master
+  push:
+    tags:
+      # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
+      - v[0-9]+.[0-9]+.[0-9]+\+?r?e?v?*
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+    inputs:
+      force-finalize:
+        description: Force finalize of the build (implicitly enables hostapp and S3 deployments)
+        required: false
+        type: boolean
+        default: false
+      deploy-environment:
+        description: Environment to use for build and deploy
+        required: false
+        type: string
+        default: balena-staging.com
+
+jobs:
+  yocto:
+    name: Yocto
+    uses: balena-os/balena-yocto-scripts/.github/workflows/[email protected]
+    # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
+    # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
+    # This condition will prevent the workflow from running twice for the same pull request while
+    # still allowing it to run for all other event types.
+    if: (github.event.pull_request.head.repo.full_name == github.repository) == (github.event_name == 'pull_request')
+    secrets: inherit
+    with:
+      machine: generic-amd64
+      # Allow manual workflow runs to force finalize without checking previous test runs
+      force-finalize: ${{ inputs.force-finalize || false }}
+      # Default to balena-staging.com for workflow dispatch, but balena-cloud.com for other events
+      deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com+sign-api-key' }}
+      # Sign image for secure boot
+      sign-image: true
+      # Use QEMU workers for testing and run cloud suite against balenaCloud production
+      test_matrix: >
+        {
+          "test_suite": ["os","cloud","hup"],
+          "environment": ["balena-cloud.com"],
+          "worker_type": ["qemu"],
+          "runs_on": [["self-hosted", "X64", "kvm"]],
+          "secure_boot": ["sb",""]
+        }

.github/workflows/kontron-come-xelx.yml

@@ -0,0 +1,49 @@
+name: Kontron COMe xELx
+
+on:
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
+  pull_request:
+    branches:
+      - main
+      - master
+      # ESR branches glob pattern
+      # - 20[0-9][0-9].[0-1]?[1470].x
+  pull_request_target:
+    branches:
+      - main
+      - master
+  push:
+    tags:
+      # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
+      - v[0-9]+.[0-9]+.[0-9]+\+?r?e?v?*
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+    inputs:
+      force-finalize:
+        description: Force finalize of the build (implicitly enables hostapp and S3 deployments)
+        required: false
+        type: boolean
+        default: false
+      deploy-environment:
+        description: Environment to use for build and deploy
+        required: false
+        type: string
+        default: balena-staging.com
+
+jobs:
+  yocto:
+    name: Yocto
+    uses: balena-os/balena-yocto-scripts/.github/workflows/[email protected]
+    # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
+    # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
+    # This condition will prevent the workflow from running twice for the same pull request while
+    # still allowing it to run for all other event types.
+    if: (github.event.pull_request.head.repo.full_name == github.repository) == (github.event_name == 'pull_request')
+    secrets: inherit
+    with:
+      machine: kontron-come-xelx
+      # Allow manual workflow runs to force finalize without checking previous test runs
+      force-finalize: ${{ inputs.force-finalize || false }}
+      # Default to balena-staging.com for workflow dispatch, but balena-cloud.com for other events
+      deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com' }}

.github/workflows/studio-automatedx86-sb.yml

@@ -0,0 +1,53 @@
+name: Studio Automated X86 SB
+
+on:
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore
+  # https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
+  pull_request:
+    branches:
+      - main
+      - master
+      # ESR branches glob pattern
+      # - 20[0-9][0-9].[0-1]?[1470].x
+  pull_request_target:
+    branches:
+      - main
+      - master
+  push:
+    tags:
+      # Semver tags glob pattern (includes ESR in format v20YY.MM.PATCH)
+      - v[0-9]+.[0-9]+.[0-9]+\+?r?e?v?*
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+    inputs:
+      force-finalize:
+        description: Force finalize of the build (implicitly enables hostapp and S3 deployments)
+        required: false
+        type: boolean
+        default: false
+      deploy-environment:
+        description: Environment to use for build and deploy
+        required: false
+        type: string
+        default: balena-staging.com
+
+jobs:
+  yocto:
+    name: Yocto
+    uses: balena-os/balena-yocto-scripts/.github/workflows/[email protected]
+    # Prevent duplicate workflow executions for pull_request (PR) and pull_request_target (PRT) events.
+    # Both PR and PRT will be triggered for the same pull request, whether it is internal or from a fork.
+    # This condition will prevent the workflow from running twice for the same pull request while
+    # still allowing it to run for all other event types.
+    if: (github.event.pull_request.head.repo.full_name == github.repository) == (github.event_name == 'pull_request')
+    secrets: inherit
+    with:
+      machine: studio-automatedx86-sb
+      # Allow manual workflow runs to force finalize without checking previous test runs
+      force-finalize: ${{ inputs.force-finalize || false }}
+      # Default to balena-staging.com for workflow dispatch, but balena-cloud.com for other events
+      deploy-environment: ${{ inputs.deploy-environment || 'balena-cloud.com+studio-automatedx86-sb-signing-key' }}
+      # Sign image for secure boot
+      sign-image: true
+      # FIXME: Disable finalize-on-push until we have a test to verify that SIGN_KMOD_KEY_APPEND is set
+      finalize-on-push-if-tests-passed: false