Permalink
Browse files

Travis signature checking, deployment to github and firehol.org

Allows us to eliminate a large number of scripts from the firehol
infrastructure.

Netdata does multiple compiler tests. We pick one (CC = gcc) for
deploying; it doesn't really matter which, since binaries are not
part of the deployment.
  • Loading branch information...
1 parent 7e1e77d commit db05ad1b423745cb4695bbbbb6c9e2c7280702e7 @philwhineray philwhineray committed Nov 24, 2016
Showing with 131 additions and 3 deletions.
  1. +47 −3 .travis.yml
  2. BIN .travis/travis_rsa.enc
  3. +3 −0 packaging/README.md
  4. +2 −0 packaging/check-files
  5. +14 −0 packaging/git-build
  6. +65 −0 packaging/gpg.keys
View
@@ -1,13 +1,57 @@
+dist: precise
+#
+# C includes autotools and make by default
language: c
compiler:
- gcc
- clang
+#
+# Extra packages
+addons:
+ apt:
+ packages:
+ - gnupg
+ - libcap2-bin
+ - zlib1g-dev
+ - uuid-dev
+#
+# Setup environment
before_install:
- - sudo apt-get update -qq
- - sudo apt-get install -qq automake make libcap2-bin zlib1g-dev uuid-dev
+ # Decrypt our private files for CI use only
+ - openssl aes-256-cbc -K $encrypted_decb6f6387c4_key -iv $encrypted_decb6f6387c4_iv -in .travis/travis_rsa.enc -out .travis/travis_rsa -d
+ - eval "$(ssh-agent -s)" # start the ssh agent
+ - chmod 600 .travis/travis_rsa # add our key
+ - ssh-add .travis/travis_rsa # add our key
+ - rm -f .travis/travis_rsa # remove to prevent leaks
+ # WARNING: Any changes to the above 5 lines should be monitored closely
+ - ssh-keyscan -H firehol.org >> ~/.ssh/known_hosts
+#
+# Run
+before_script:
+ - gpg --import packaging/gpg.keys
+ # Run the commit hooks in case the developer didn't
+ - git diff 4b825dc642cb6eb9a060e54bf8d69288fbee4904 | ./packaging/check-files -
script:
+ # make release packages
+ - fakeroot ./packaging/git-build
# default build
- ./autogen.sh && ./configure && make -j4
-
# test installer
- fakeroot ./netdata-installer.sh --install $HOME --dont-wait --dont-start-it
+#
+# Deploy as required
+after_success:
+ - for i in *.tar.*; do md5sum -b $i > $i.md5; sha512sum -b $i > $i.sha; done
+ - "case \"$TRAVIS_BRANCH\" in master|stable-*) if [ $TRAVIS_PULL_REQUEST = false -a \"$TRAVIS_TAG\" = \"\" -a \"$CC\" = \"gcc\" ]; then ssh travis@firehol.org mkdir -p uploads/netdata/$TRAVIS_BRANCH/ && scp -p *.tar.* travis@firehol.org:uploads/netdata/$TRAVIS_BRANCH/ && ssh travis@firehol.org touch uploads/netdata/$TRAVIS_BRANCH/complete.txt; fi;; esac"
+deploy:
+ # Upload results to GitHub (tag only)
+ - provider: releases
+ api_key:
+ secure: invJ0ZdNOPi9x8JJmFkqSIQMxljkLROwgRFCbmXMausJ0rA4E/PgLtM7ddWrHlu6lu8N9e5Pus4bG8DWATHbY0blMUhL5C82S5KK4mxAANLCLgTV8Qr7dMWnMqRV/OJBMGM1ZWpC2AA5GVhPLF7Z++54iqK+LM8P0EuOTAKbebIWCIkGybbSpXj+jJqaQXY0tLGSn5fXPFfyV3Tw0URJPcO3Uz5iukELngkLVSve2d0XYwy8M5tpLKHJi5bzc9CwcJZ/JK1WvklqmV3fNdSSzZunaAfDwWosV3hO7QcGnAVEbNl0HBKZJ8JkriV2fDbH4fttoSvLO2tW9HauP7Yf5XqLDudqUj4gPTuGzd31vRb9kx9cAulfE9onMAmDbjbne8Cp2Bq9/yBEqaofqEIaRcLgnlZSNc+PWbH4FQJ6fIOs5nfqLJo0G+3isgRWrqxp/rjILOvbIGbfLkbPl9aV09IvzShyW2lK7E+QOP0TZIwyXGT0NW0Rr/eyzuMXooy8wi9NehKfrxIcUr7784nU2E+EtItrhtTkJpK8XBBh16swn7s2sQ89qx9PYd/wE5qnKfG0yy3SSc2ycKzEpH7Cy3E6lC4Jytw0AM1Mc179WASBhlR2tyElkRcuhlqOFlJ/6iXjp3kqSgW4kvWbwHwT6VsyiDRhf+Ir4XILFBJ26Z8=
+ skip_cleanup: true
+ file_glob: true
+ file: "netdata*.tar.*"
+ on:
+ condition: $CC = gcc
+ repo: firehol/netdata
+ tags: true
View
Binary file not shown.
View
@@ -18,6 +18,9 @@ and post-release update.
Programs and packages with specific needs should create extra
`whatever.functions` and supporting scripts in a subdirectory.
+The `gpg.keys` file is a list of keys that can be expected to sign
+tags and packages.
+
Making a release
----------------
`
@@ -36,6 +36,8 @@ then
echo "check-files [--debug] -|filenames"
echo "e.g."
echo " git diff | ./packaging/check-files -"
+ echo "for a complete check (v.s. empty repo):"
+ echo " git diff 4b825dc642cb6eb9a060e54bf8d69288fbee4904 | ./packaging/check-files -"
echo "or in .git/hooks/pre-commit:"
echo " exec git diff --cached | ./packaging/check-files -"
exit 1
View
@@ -13,6 +13,20 @@ fi
# just make the assumption
if [ -d .git ]
then
+ if [ -n "$TRAVIS_TAG" ]
+ then
+ echo "Checking we have a good signature during CI build..."
+ echo "Checking tag: $TRAVIS_TAG"
+ git tag -v "$TRAVIS_TAG" 2>&1 | tee /tmp/tagcheck
+ grep -iq "gpg. good signature" /tmp/tagcheck
+ status=$?
+ rm -f /tmp/tagcheck
+ if [ $status -ne 0 ]
+ then
+ exit $status
+ fi
+ fi
+
clean=$(git status -s | grep "^?")
if [ "$clean" ]
View
@@ -0,0 +1,65 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBE/SZE8BCAC2tGkIFG2jYmtO7X/SFzqAlgWd4iW3ZSpjAki5Z9PGMIkaOFgL
+fnNrQV/il4mMUzmvetgV9ShA288JT6KLT4lnL/lHCgxY9dJgzXfOrHxxlXQNU7i4
+XWRO+96aNysFjVJPsjRv+51836OV+w+TvE495zG7YNUUcWVAqsc49WPyt1Bm4Bsw
+X8fG7NggsV7wA+bMV/CzRAbiXSkJYKVn+GQk1wRYwR6YlpsZ22EKR2rEUxCc4CwN
+75mo9nY3cUKJfFvR7xg1rG6tLwLgv4/SSXbtHPfdKce6dmNWJjwTv8iAZxJUGM1D
+lhAWCl/ZnGIRBf7KDsxk6NCODenDEZvOoxKTABEBAAG0IVBoaWwgV2hpbmVyYXkg
+PHBoaWxAc2FuZXdhbGwub3JnPokBOAQTAQIAIgUCT9JkTwIbAwYLCQgHAwIGFQgC
+CQoLBBYCAwECHgECF4AACgkQY98eRNgpeX4//QgAtCvArmgn/Mt6IJmx8mowPpJz
+Rv6ErwYgBkVRxd87yFHZDV2DX+BjhuD5k8e3/z+1GqwrUCR/+svLsb5e6s9ISSES
+A68xlBNLG8sfZHm4CMEN63lqZsoiMposNUTOa2NY53qYNy8oDmNkjrfIkeKdTeUB
+w8atfFGWe8PZMhaxFox/acQfleyTKPIjfzHGoFvgs7nmYdfFHiFBh5hc+mEI+S+z
+Ao9CVoT3MzyANhJJLINGcQVdexRfvv4210euHQIH2NClRv3qo5cZmeo9DyLdGU9T
+wkAosRNflxciap5hyQvK/Z9pRAPzOR5SnpJj+Daa+Xslq5j61uUdEeMsI2dTv7Qg
+UGhpbCBXaGluZXJheSA8cGhpbEBmaXJlaG9sLm9yZz6JATgEEwECACIFAlZIrFYC
+GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGPfHkTYKXl+Hh4H/RkLQui0
+mKwLAq4+aLEJu3yCgFdpQPYFZFYw7fGKcrw92g8pnoY5V43yNaJMiJFkYrHv/UqN
+k0A2v/JIOKBXfe1YWakSIirrNMBMFwBUup4X7losPcAxF8K3Vtuo8PR/c2QF8UZB
+xkB3oPr/4DCBUKKYnk1g+yozfnqut7UNFKPZLWcNCcfy+ueLTmfzGg2CDGvsuY7m
+uXARkY7/h3YptJrRXkmBM8A1g3+Pia90RaJASR9W1LRiPVVb8M0pqVPeeccw1FNq
+yxrZzJl967T5gIWzRZ8ASvhJc/RMxeA6BCfqGp6ehGUgGVb2dlOHQkU9fu6l+4NG
+9sNAzAEkFe2Gdfq5AQ0ET9JkTwEIAOfdWdtPzHRgRLw0uEegoocn47exFoacgEGP
+xi5OFSnDY1IxckvpNap1bshvPQGPtA/p/K33NvX8hZzhk6YGgPzHh0b04GRFQFRC
+TspjjDk8poSuX8JiWnL1jzluFpriV8X7j1pos9fdIS0gQMBAHFTeGJooAfopZAoy
+8GycXUNBOiuLG4Eihbqq3E1BnDVdr5HIJKrMV2RisyukL5GYNbSp0l1DIAurYEbN
+AoUMK/9qe/6iSiX0VMgpXJpVZyFJhI6Z+/7Na0WPN4jjLgva+6g/eo8HPzKZOTak
+lhInBr9+5rl9uA8P1LqYwg0oshK/2LYF+STqfrzcRGldXajd6G0AEQEAAYkBHwQY
+AQIACQUCT9JkTwIbDAAKCRBj3x5E2Cl5frptB/4z7KzQV9X0vR6NdRVHWFnaAuFW
+gzIefG+XZR9xS4Wgc9pEMRs5ZR1bRbHWd2yNiBckajHOOSYdRD2ECMlCYrBhmH0M
+ep3vS9ly2rJRlgeFeNUdXtu0+XVdZGFsULlW2Kcb2Pv/UvOnmEppL1caAfEAMMjw
+Nc2QIKPYEyMLVQ/x7x61/RRqIuwSZL4xVAjrMic9m/gpsnwB+pxwmT2h3+BDF/gY
+jOz4YFWYV1HDYu1EFRmtpsnpuSC7xiMN92RNkBsdXLeXSkNqxLbqEISx37NFxcCy
+5pz0AytWpZNyYql2RWfiWWQa8TDjPeufxxd0+87OpJ6eHrRtpTRMsbdnC21s
+=fY8a
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFbxoXsBCADm7C+gJkjU10vpMkmB9LP2HuJrzzvCuOLeaFKB0wM0y3seNvKJ
+VSeNg76Db4gCZ0Fw8eBk3V49cnjPqtHqB6fBlx3zyu9jcN6RQLO+sLZy7xrqwZkx
+Lox+D/iBU97wXDudVE3Li4J04goBH8NsQ/bf41H6ZEhLWO3xM4mrwb1BNhyC7+Hm
+O0wkCNHe2P+Vf7Vss3FZ6ZPAynLOvFHHE2W0mAV0fA79Pe/nbA7kP6CueyxKLsFR
+xGavRir+19WSFq19xzMg1S4pDGOqm4PBnJvwlwjFz/4yIn0uSoaFtuJIfDvYTgFh
+XZJFR8sV/0AbZLybKsCv9pEgYlm1oeiQSk77ABEBAAG0IkNvc3RhIFRzYW91c2lz
+IDxjb3N0YUB0c2FvdXNpcy5ncj6JATkEEwEIACMFAlbxoXsCGwMHCwkIBwMCAQYV
+CAIJCgsEFgIDAQIeAQIXgAAKCRApyjNYibmoY1RPB/9o8azh6siD7VsHWjaMStBU
+alSa9nyGIinZzmb2u94VzdPUF0ZW08HI++I37HoAIQmXEa1oUtNK4D6pUYhrJpL6
+NnOVVhfFbJH1Siwl1v0dqpNqKmcJ0oUvHEHsKfGWBGqqQCFE4bnDmyayedunzoUV
+aXnUt+3dTD8hwOcicKQ1CID2rT8QvEoSv4jIGqks8t+Dnvp0Gx8bKvxF2CYfEQlr
+LxZbXrjloXQR4IaAjv/Wxpghl0RXslXIx6yRiHYu4QavBDYvL9iZ2168eIUiRiUD
+xkT38N6Itj/YfhBjW+ZXHF73UeGwFlYjagJM7YG3dKrB31OsUdch9leBcw2satmA
+uQENBFbxoXsBCADC+y/ZuxxKn742DYoXX6BvedjNwdrs5swEWrg4JnzdXRAW8g5D
+6YkPlfQ56ov7yXuOAjTgU4vMA0OjI0JN1DrR9ZmsyvmOtQq9+mZMZLFeFSPYXDRa
+0EuBFs6m2V0kq5sfFqcsItC6RSQu0mTu+1HmOmrat2o4XZXhT5Jr/QXQ6ShHkWmm
+823y4XBOxHzDRD6NfZKJbiWfLkmS5Ojza2pOp6otxlLmsknQrEe8V2mHNjiJntMv
+cSv9tJO6EnN613eo/IDejz9mrGJURbu/hTWHX00ONYmwfOmCtF4nPMyh85B3NSTF
+JhORjziEGt4lnOPV6G0vK1hlD2kwmZ48tLy3ABEBAAGJAR8EGAEIAAkFAlbxoXsC
+GwwACgkQKcozWIm5qGPD7Af+Pg398YBVnYW/ze5pGDd/IEPhmUp/mSRu2nU9pZXa
+k30eItf3Cd5JfYIKBFgeOlEx8hb0bXU2OReb1bUpT9aAW7h7YW2F9tjm1gBPdtD4
+iO9jBiNbI6wvUwPsW95f7BMKlh9tO71MmFpghKD5Dougl9X8LmXUa35PDrJxcXAi
+BaLXcrdqjxB/6r+0RFHYzr/JgMCgenu7DQMHUi0P7P+uMbhZwMuVvAtUIgbb8Vw3
+WQ6cJBbrwiAWwVjF1JauFdB8Oy/fm7k1TTein9nWXF1tZ/OTdUDriqktHbkSVjvN
+SKW3nD2RpZ4F5Pa3uNcK9lcbBfM126HCzybjZHZntcyvSA==
+=7nny
+-----END PGP PUBLIC KEY BLOCK-----

0 comments on commit db05ad1

Please sign in to comment.