Skip to content

Upload universal deb packages to S3 #9136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 76 commits into from
Closed

Upload universal deb packages to S3 #9136

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
76 commits
Select commit Hold shift + click to select a range
9948053
Set up version number for deb and rpm
Atry Jul 14, 2022
98699e5
Upload deb and rpm packages as artifacts
Atry Jul 14, 2022
d803a22
Add steps to retrieve passwords
Atry Jul 14, 2022
e7cf1d1
set -o pipefail
Atry Jul 14, 2022
26ec6a0
Add gpg-key.kms-ciphertext
Atry Jul 14, 2022
5b799b9
Add names to steps
Atry Jul 14, 2022
78780b2
Create separate GitHub Action job upload-deb
Atry Jul 14, 2022
7349967
Add configure-aws-credentials step
Atry Jul 14, 2022
d681f3b
Upload deb packages to the nightly distribution
Atry Jul 15, 2022
41e19d4
Determine suite to upload according to tag name
Atry Jul 15, 2022
e2bbfd6
Replace tabs with spaces
Atry Jul 15, 2022
c406784
Don't break line
Atry Jul 15, 2022
cf810a5
Escapt newline
Atry Jul 15, 2022
21458f1
Test s3fs
Atry Jul 21, 2022
033a20b
Add sudo
Atry Jul 21, 2022
7fbedd5
Add sudo
Atry Jul 21, 2022
08bbcc7
Add flags
Atry Jul 22, 2022
0c410cf
export environment variables for s3fs
Atry Jul 22, 2022
ba4e49d
Remove -o use_session_token
Atry Jul 22, 2022
6aa5f84
Don't export AWSACCESSKEYID
Atry Jul 22, 2022
2cb38a6
Use passwd file
Atry Jul 22, 2022
3f2479b
Specify region
Atry Jul 22, 2022
364d941
Add a test file
Atry Jul 22, 2022
ae2f6fc
Set UID
Atry Jul 22, 2022
2ffedb6
Change owner
Atry Jul 22, 2022
f63f5f6
Add use_session_token
Atry Jul 22, 2022
cdd2856
Set UID
Atry Jul 22, 2022
c8a7fb2
Change option order
Atry Jul 22, 2022
1855796
Remove unknown option `use_session_token'
Atry Jul 22, 2022
aa40b6c
Add -o allow_other
Atry Jul 22, 2022
c7e2e33
Run in job in a container
Atry Jul 22, 2022
cfabede
Add use_session_token
Atry Jul 22, 2022
5f8b9e6
Use s3fs from nixpkgs because the one in unbuntu-latest is too old to…
Atry Jul 22, 2022
91d32a1
Don't use container
Atry Jul 22, 2022
4f63d15
Fix nix profile install
Atry Jul 22, 2022
b783e0b
Install s3fs for root
Atry Jul 22, 2022
93cbe10
Add sudo -i
Atry Jul 22, 2022
ab87e2a
Add sudo -i
Atry Jul 22, 2022
5088ca9
Set iam_role
Atry Jul 22, 2022
5f4d37c
set role=arn:aws:iam::223121549624:role/hhvm-github-actions
Atry Jul 22, 2022
7c0c9a7
Use goofys instead of s3fs
Atry Jul 22, 2022
162fefe
Mount for the current user
Atry Jul 22, 2022
6d4063a
Install fuse
Atry Jul 22, 2022
b46761e
Add chmod
Atry Jul 22, 2022
7a8d78a
Add sudo
Atry Jul 22, 2022
1ae1066
Mount root dir
Atry Jul 22, 2022
4c378f4
Install reprepro
Atry Jul 22, 2022
330b92c
Switch to s3fs
Atry Jul 22, 2022
1883ec6
Set AWS credentials
Atry Jul 22, 2022
83bdc8d
Import gpg key
Atry Jul 22, 2022
beacff6
Remove duplicated quote
Atry Jul 22, 2022
b13335c
Add -f
Atry Jul 22, 2022
a9a2315
Don't install fuse
Atry Jul 22, 2022
833a840
Mount hhvm-download to a temporary directory
Atry Jul 22, 2022
910db56
Don't chown
Atry Jul 22, 2022
372c350
Add --directory
Atry Jul 22, 2022
b17bb0a
Add ls for debugging
Atry Jul 22, 2022
cf262e5
Set endpoint
Atry Jul 22, 2022
6fe21ba
Write hello2
Atry Jul 22, 2022
02a24df
Add -o nonempty
Atry Jul 22, 2022
d4c0d46
Remove -o nonempty
Atry Jul 22, 2022
7b91f3f
Remove -f
Atry Jul 22, 2022
2d0cda9
Test symlink
Atry Jul 22, 2022
04d5d38
Separate s3fs to a separate step
Atry Jul 22, 2022
a06f649
Create hhvm-downloads:universal directory
Atry Jul 22, 2022
3e0bd2a
Upload to nightly suite
Atry Jul 22, 2022
ca6fecc
Add comment
Atry Jul 22, 2022
0e4f05e
Use "Do not" instead of Don't
Atry Jul 22, 2022
3836b11
Install reprepro
Atry Jul 22, 2022
f729e60
Don't show content of bundle.deb
Atry Jul 23, 2022
e683338
Fix bash script
Atry Jul 23, 2022
eba0d52
Upload to release suites
Atry Jul 23, 2022
d93dd4d
Merge commit '71696ada19c2bdd8ed603f09b67a74da30e97479' into upload-d…
Atry Jul 23, 2022
86b0bdf
Update nix.yml
Atry Jul 25, 2022
ab41105
Update nix.yml
Atry Jul 26, 2022
2a540f3
s3fs uses environment variable names without underscores, unlike aws-cli
Atry Aug 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
128 changes: 128 additions & 0 deletions .github/workflows/nix.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,12 @@ jobs:
- name: Show the deb package's content
if: runner.os == 'Linux'
run: dpkg-deb --contents bundle.deb
- name: Save the deb package as build artifact
if: runner.os == 'Linux'
uses: actions/upload-artifact@v2
with:
name: bundle.deb
path: bundle.deb
- name: Build the rpm package
if: runner.os == 'Linux'
run: nix bundle --print-build-logs --bundler "git+file://$(pwd)?submodules=1&shallow=1#rpm" "git+file://$(pwd)?submodules=1&shallow=1"
Expand All @@ -52,6 +58,12 @@ jobs:
- name: Show the rpm package's content
if: runner.os == 'Linux'
run: rpm --query --list --package bundle.rpm
- name: Save the rpm package as build artifact
if: runner.os == 'Linux'
uses: actions/upload-artifact@v2
with:
name: bundle.rpm
path: bundle.rpm
- name: Assume the AWS role
continue-on-error: true
id: configure-aws-credentials
Expand All @@ -66,3 +78,119 @@ jobs:
- name: Upload Nix binaries to the binary cache server on S3
if: steps.configure-aws-credentials.outcome == 'success'
run: nix copy --to 's3://hhvm-nix-cache?region=us-west-2&endpoint=hhvm-nix-cache.s3-accelerate.amazonaws.com' --print-build-logs --no-sandbox "git+file://$(pwd)?submodules=1&shallow=1"
upload-deb:
if: github.event_name == 'push' && github.ref_type == 'tag'
runs-on: ubuntu-latest
needs: build-and-test
steps:
- uses: actions/checkout@v3
- name: Assume the AWS role
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::223121549624:role/hhvm-github-actions
aws-region: us-west-2
- name: Download the bundle.deb from build-and-test job
uses: actions/download-artifact@v2
with:
name: bundle.deb
- uses: cachix/install-nix-action@v15
with:
extra_nix_config: |
extra-access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
extra-experimental-features = nix-command flakes
extra-substituters = s3://hhvm-nix-cache?region=us-west-2&endpoint=hhvm-nix-cache.s3-accelerate.amazonaws.com
extra-trusted-substituters = s3://hhvm-nix-cache?region=us-west-2&endpoint=hhvm-nix-cache.s3-accelerate.amazonaws.com
extra-trusted-public-keys = hhvm-nix-cache-1:MvKxscw16fAq6835oG8sbRgTGITb+1xGfYNhs+ee4yo=
# Install s3fs from nix instead of apt because the s3fs version in
# ubuntu-latest is too old to support AWS role
- run: nix profile install nixpkgs#s3fs
- run: sudo apt-get install reprepro
- name: Decrypt the GPG key
run: |
set -o pipefail
aws kms decrypt \
--ciphertext-blob "fileb://$PWD/gpg-key.kms-ciphertext" \
--query Plaintext \
--output text |
base64 --decode |
gpg --import
- name: Mount Apt Repository
env:
# s3fs uses environment variable names without underscores, unlike aws-cli
AWSACCESSKEYID: ${{ env.AWS_ACCESS_KEY_ID }}
AWSSECRETACCESSKEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
AWSSESSIONTOKEN: ${{ env.AWS_SESSION_TOKEN }}
run: |
HHVM_DOWNLOAD="$(mktemp --directory)" &&
s3fs -o "endpoint=$AWS_REGION" -o use_session_token hhvm-downloads "$HHVM_DOWNLOAD" &&
echo "REPREPRO_BASE_DIR=$HHVM_DOWNLOAD/universal" >> $GITHUB_ENV
- name: Initiate Apt Repository
run: |
set -e
mkdir -p "$REPREPRO_BASE_DIR/conf"
touch "$REPREPRO_BASE_DIR/conf/distributions"
- name: Create nightly suite
if: startsWith(github.ref_name, 'nightly-')
run: |
if [[ ! -d "$REPREPRO_BASE_DIR/dists/nightly" ]]
then
(
echo ''
echo 'Origin: HHVM'
echo 'Label: HHVM'
echo 'Codename: nightly'
echo 'Suite: nightly'
echo 'Architectures: amd64'
echo 'Components: main'
echo 'Description: Apt suite for HHVM nightly'
echo 'SignWith: D386EB94'
) >> "$REPREPRO_BASE_DIR/conf/distributions" &&
reprepro export nightly
fi
- if: startsWith(github.ref_name, 'nightly-')
run: reprepro includedeb nightly bundle.deb
- name: Create release suite
if: startsWith(github.ref_name, 'HHVM-')
run: |
if [[ ! -d "$REPREPRO_BASE_DIR/dists/release" ]]
then
(
echo ''
echo 'Origin: HHVM'
echo 'Label: HHVM'
echo 'Codename: release'
echo 'Suite: release'
echo 'Architectures: amd64'
echo 'Components: main'
echo 'Description: Apt suite for HHVM release versions'
echo 'SignWith: D386EB94'
) >> "$REPREPRO_BASE_DIR/conf/distributions" &&
reprepro export release
fi
- if: startsWith(github.ref_name, 'HHVM-')
run: reprepro includedeb release bundle.deb
- name: Determine HHVM version
if: startsWith(github.ref_name, 'HHVM-')
run: |
[[ "$GITHUB_REF_NAME" =~ HHVM-([0-9]+\.[0-9]+)\.[0-9]+ ]] &&
echo "HHVM_VERSION_MAJAR_MINOR=${BASH_REMATCH[1]}" >> $GITHUB_ENV
- name: Create version specific release suite
if: startsWith(github.ref_name, 'HHVM-')
run: |
if [[ ! -d "$REPREPRO_BASE_DIR/dists/release-$HHVM_VERSION_MAJAR_MINOR" ]]
then
(
echo ''
echo 'Origin: HHVM'
echo 'Label: HHVM'
echo "Codename: release-$HHVM_VERSION_MAJAR_MINOR"
echo "Suite: release-$HHVM_VERSION_MAJAR_MINOR"
echo 'Architectures: amd64'
echo 'Components: main'
echo "Description: Apt suite for $HHVM_VERSION_MAJAR_MINOR.* release versions"
echo 'SignWith: D386EB94'
) >> "$REPREPRO_BASE_DIR/conf/distributions" &&
reprepro export "release-$HHVM_VERSION_MAJAR_MINOR"
fi
- if: startsWith(github.ref_name, 'HHVM-')
run: reprepro includedeb "release-$HHVM_VERSION_MAJAR_MINOR" bundle.deb
Binary file added gpg-key.kms-ciphertext
View file
Open in desktop
Binary file not shown.