tiny-computer
diff --git a/‎.github/actions/zram/action.yml‎
Lines changed: 85 additions & 0 deletions b/‎.github/actions/zram/action.yml‎
Lines changed: 85 additions & 0 deletions
diff --git a/‎.github/workflows/bootstrap_archives.yml‎
Lines changed: 6 additions & 6 deletions b/‎.github/workflows/bootstrap_archives.yml‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎.github/workflows/check_repository_health.yml‎
Lines changed: 18 additions & 2 deletions b/‎.github/workflows/check_repository_health.yml‎
Lines changed: 18 additions & 2 deletions
diff --git a/‎.github/workflows/codeql.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/codeql.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/command_not_found.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/command_not_found.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/docker_image.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/docker_image.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/golang_validation.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/golang_validation.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/packages.yml‎
Lines changed: 22 additions & 5 deletions b/‎.github/workflows/packages.yml‎
Lines changed: 22 additions & 5 deletions
diff --git a/‎.github/workflows/vagrant.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/vagrant.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
@@ -0,0 +1,85 @@
+name: zram
+description: Enable zram module on GitHub hosted runner
+inputs:
+  algorithm:
+    description: The compression algorithm to use with zram
+    default: zstd
+  size:
+    description: Maximum amount of memory to store in compressed form
+    default: 16G
+  priority:
+    description: Priority of swap device (0-32767)
+    default: '100'
+  device_name:
+    description: Name of swap device
+    default: '/dev/zram0'
+runs:
+  using: composite
+  steps:
+    - name: Extract VM kernel version for module compilation
+      id: kernel-info
+      shell: bash
+      run: |
+        set -euo pipefail
+        KERNEL_VERSION="$(uname -r | grep -o "^[0-9\\.]*")"
+        TAR_KERNEL_VERSION="${KERNEL_VERSION%\.0}"
+
+        echo "kernel_version=${KERNEL_VERSION}" >> "$GITHUB_OUTPUT"
+        echo "tar_version=${TAR_KERNEL_VERSION}" >> "$GITHUB_OUTPUT"
+        echo "modules_dir=/lib/modules/$(uname -r)" >> "$GITHUB_OUTPUT"
+
+    - name: Restore cached zram kernel module
+      id: cache-zram
+      uses: actions/cache/restore@v5
+      with:
+        path: scripts/zram.ko.zst
+        key: ${{ steps.kernel-info.outputs.kernel_version }}-${{ hashFiles('scripts/linux-kernel-signing-keys.gpg') }}-${{ hashFiles('.github/actions/zram/action.yml') }}
+
+    - name: Build zram kernel module
+      if: steps.cache-zram.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        set -euo pipefail
+        KERNEL_VERSION=${{ steps.kernel-info.outputs.kernel_version }}
+        TAR_KERNEL_VERSION=${{ steps.kernel-info.outputs.tar_version }}
+        MODULES_DIR=${{ steps.kernel-info.outputs.modules_dir }}
+
+        LINUX_CHECKOUT_DIR=$(mktemp -d)
+        cd "$LINUX_CHECKOUT_DIR"
+        curl -OL "https://cdn.kernel.org/pub/linux/kernel/v${KERNEL_VERSION%%\.*}.x/linux-${TAR_KERNEL_VERSION}.tar.xz"
+        curl -OL "https://cdn.kernel.org/pub/linux/kernel/v${KERNEL_VERSION%%\.*}.x/linux-${TAR_KERNEL_VERSION}.tar.sign"
+
+        gpg --import ${{ github.workspace }}/scripts/linux-kernel-signing-keys.gpg
+        unxz "linux-${TAR_KERNEL_VERSION}.tar.xz"
+        gpg --verify "linux-${TAR_KERNEL_VERSION}.tar.sign"
+        tar --extract -f "linux-${TAR_KERNEL_VERSION}.tar"
+        cd "linux-${TAR_KERNEL_VERSION}/"
+
+        # We are basically doing a out-of-tree build for a module which is in-tree
+        # See docs: https://www.kernel.org/doc/html/latest/kbuild/modules.html
+        cd drivers/block/zram/
+        make -C "${MODULES_DIR}/build/" M="$PWD" -j$(nproc)
+        zstd zram.ko
+        # Copy back compiled module into scripts/ as actions/cache doesn't support absolute paths:
+        # See https://github.com/actions/cache/issues/1540
+        # Additionally restoring cache in /lib/modules/ would require running actions/cache/restore as root
+        cp zram.ko.zst ${{ github.workspace }}/scripts/
+        rm -r "$LINUX_CHECKOUT_DIR"
+
+    - name: Enable zram kernel module
+      shell: bash
+      run: |
+        set -euo pipefail
+        sudo cp scripts/zram.ko.zst ${{ steps.kernel-info.outputs.modules_dir }}/kernel/
+        sudo depmod
+        sudo modprobe zram
+        sudo zramctl ${{ inputs.device_name }} --algorithm ${{ inputs.algorithm }} --size ${{ inputs.size }}
+        sudo mkswap -U clear ${{ inputs.device_name }}
+        sudo swapon --discard --priority ${{ inputs.priority }} ${{ inputs.device_name }}
+
+    - name: Save built zram kernel module
+      if: steps.cache-zram.outputs.cache-hit != 'true'
+      uses: actions/cache/save@v5
+      with:
+        path: scripts/zram.ko.zst
+        key: ${{ steps.cache-zram.outputs.cache-primary-key }}
@@ -15,7 +15,7 @@ jobs:
   build:
     permissions:
       contents: read # actions/upload-artifact doesn't need contents: write
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     strategy:
       matrix:
         arch:
@@ -25,26 +25,26 @@ jobs:
     if: github.repository == 'termux-play-store/termux-packages'
     steps:
       - name: Git clone
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Create bootstrap archive
         run: ./scripts/generate-bootstraps.sh --architectures ${{ matrix.arch }}
       - name: Store artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: bootstrap-archives-${{ matrix.arch }}-${{ github.sha }}
           path: "*.zip"
   publish:
     permissions:
       contents: write # for git push
     needs: build
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Git clone
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - name: Fetch bootstrap archives
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v7
         with:
           merge-multiple: true
           path: ./
 
@@ -10,10 +10,10 @@ permissions: {} # none
 jobs:
   check-repository-health:
     if: github.repository == 'termux/termux-packages'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Clone repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 1
       - id: generate-apt-packages-list
@@ -25,6 +25,8 @@ jobs:
       - name: Check repository health
         run: |
           set -euo pipefail
+          # This should not be needed when GitHub runners update to node v25.2.0+
+          # Ref: https://github.com/nodejs/node/commit/506b79e888
           export NODE_OPTIONS="--network-family-autoselection-attempt-timeout=500"
           ./scripts/check-repository-health.js "${{ steps.generate-apt-packages-list.outputs.OUTPUT_DIR }}" | tee repository-health.txt
       - name: Create issue if health check fails
@@ -34,4 +36,18 @@ jobs:
         run: |
           ISSUE_TITLE="Repository Health Check Failed"
           ISSUE_BODY=$(cat repository-health.txt)
+          # if any previous Repository Health Check Failed issues are open, close them first
+          while read -r number; do
+            echo "INFO: Closing issue number: $number"
+            sleep 5
+            gh issue close "$number" --reason completed
+            sleep 5
+          done < <(
+            gh issue list \
+              --limit 99999 \
+              --label "health-check" \
+              --state open \
+              --search "$ISSUE_TITLE in:title type:issue" \
+              --json number | jq -r '.[] | .number'
+          )
           gh issue create --title "$ISSUE_TITLE" --body "$ISSUE_BODY" --label "health-check" --assignee "thunder-coding"
@@ -48,7 +48,7 @@ jobs:
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
 
     # Add any setup steps before running the `github/codeql-action/init` action.
     # This includes steps like installing compilers or runtimes (`actions/setup-node`
@@ -58,7 +58,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -70,6 +70,6 @@ jobs:
         # queries: security-extended,security-and-quality
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:${{matrix.language}}"
@@ -13,10 +13,10 @@ jobs:
       issues: write
       contents: write
     if: github.repository == 'termux/termux-packages'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
       - name: Clone repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 1
           token: ${{ secrets.TERMUXBOT2_TOKEN }}
 
@@ -22,7 +22,7 @@ jobs:
     if: github.repository == 'termux-play-store/termux-packages'
     steps:
     - name: Clone repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
     - name: Build
       run: |
         cd ./scripts
 
@@ -20,7 +20,7 @@ jobs:
       fail-fast: false
     steps:
     - name: Clone repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
       with:
         fetch-depth: 0
     - name: Set process id limit for 32-bit builds depending on aosp-libs
@@ -35,7 +35,7 @@ jobs:
       run: ./scripts/bin/golang-validation "${{ matrix.target_arch }}" || exit 1
     - name: Upload report artifact
       if: always()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: report-${{ matrix.target_arch }}
         path: /tmp/golang-validation-report.txt
@@ -40,11 +40,12 @@ jobs:
       fail-fast: false
     steps:
     - name: Clone repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
       with:
         fetch-depth: 1000
     - name: Set process id limit for 32-bit builds depending on aosp-libs
       run: echo 65535 | sudo tee /proc/sys/kernel/pid_max
+
     - name: Gather build summary
       id: build-info
       env:
@@ -225,10 +226,21 @@ jobs:
           ./scripts/lint-packages.sh "${package_recipes[@]}"
         fi
 
+    - name: Enable zram
+      if: ${{ steps.build-info.outputs.skip-building != 'true' }}
+      uses: ./.github/actions/zram
+      with:
+        algorithm: zstd
+        size: 16G
+        priority: 100
+        device_name: /dev/zram0
+
     - name: Free additional disk space (if needed)
       if: ${{ steps.build-info.outputs.docker-build == 'false' && steps.build-info.outputs.skip-building != 'true' }}
       run: |
         ./scripts/setup-ubuntu.sh
+        # need to unset these for setup-android-sdk.sh.
+        unset NDK ANDROID_HOME
         ./scripts/setup-android-sdk.sh
         rm -f ${HOME}/lib/ndk-*.zip ${HOME}/lib/sdk-*.zip
         sudo apt install ninja-build
@@ -252,6 +264,11 @@ jobs:
 
         if [[ "${#packages[@]}" -gt 0 ]]; then
           if [ "$DOCKER_BUILD" == 'false' ]; then
+            # these need to be unset a second time again for ./build-package.sh
+            # when it is run outside of Docker, because GitHub Actions does not
+            # support permanently unsetting variables at time of writing.
+            # https://github.com/actions/runner/issues/1126
+            unset NDK ANDROID_HOME
             ./build-package.sh -I -C -a "${{ matrix.target_arch }}" "${packages[@]}"
           else
             ./scripts/run-docker.sh ./build-package.sh -I -C -a "${{ matrix.target_arch }}" "${packages[@]}"
@@ -290,24 +307,24 @@ jobs:
         find debs -type f -name "*.deb" -exec sha256sum "{}" \; | sort -k2 | tee checksum-${{ matrix.target_arch }}-${{ github.sha }}.txt
     - name: Store checksums for built *.deb files
       if: always()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: checksum-${{ matrix.target_arch }}-${{ github.sha }}
         path: checksum-${{ matrix.target_arch }}-${{ github.sha }}.txt
     - name: Store *.deb files
       if: always()
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: debs-${{ matrix.target_arch }}-${{ github.sha }}
         path: ./artifacts
 
   test-buildorder-random:
     permissions:
       contents: read
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     steps:
     - name: Clone repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
     - name: Randomise buildorder.py test
       run: ./scripts/bin/test-buildorder-random
     - name: Randomise buildorder.py test (aarch64)
 
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Clone repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
     - name: Set up Vagrant repo
       run: |
         # https://developer.hashicorp.com/vagrant/downloads#linux
@@ -61,7 +61,7 @@ jobs:
         # Archiving *.deb files in a tarball to avoid issues with uploading.
         tar cf artifacts/debs-${{ github.sha }}.tar debs
     - name: Store *.deb files
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v6
       with:
         name: debs-${{ github.sha }}
         path: ./artifacts
@@ -43,3 +43,6 @@ checksum*
 
 # Generated by scripts/check-repository-health.sh
 scripts/apt-packages-list-*.txt
+
+# Generated on GitHub Actions CI when building kernel modules
+/scripts/*.ko.zst