-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
16 changed files
with
405 additions
and
250 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,155 @@ | ||
| #!/bin/bash | ||
|
|
||
| # Run package build within a virgin Ubuntu/Debian container. | ||
|
|
||
| set -o errexit | ||
| set -o pipefail | ||
| set -o nounset | ||
|
|
||
| # there is no VERSION_ID in sid/bullseye | ||
| VERSION_ID="11" | ||
| VERSION="11 (bullseye)" | ||
| source /etc/os-release | ||
|
|
||
| SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | ||
| SECRETSDIR="/data/secrets" | ||
|
|
||
| cd "${SCRIPTDIR}/../.." | ||
|
|
||
| export DEBIAN_FRONTEND=noninteractive | ||
| apt-get update > /dev/null | ||
| apt-get --no-install-recommends -y install sudo > /dev/null | ||
|
|
||
| TESTUSER=ediuser | ||
| TESTUSERHOME=/home/${TESTUSER} | ||
| adduser --disabled-password --gecos "" ${TESTUSER} | ||
| addgroup ${TESTUSER} adm | ||
|
|
||
| apt-get --no-install-recommends -y install git > /dev/null | ||
|
|
||
| git config --system user.email "lueschem@gmail.com" | ||
| git config --system user.name "Matthias Luescher" | ||
|
|
||
| if [[ $EUID -ne 0 ]] | ||
| then | ||
| >&2 echo "Error: This script must be run as root." | ||
| exit 1 | ||
| fi | ||
|
|
||
| if ! git diff --exit-code --quiet | ||
| then | ||
| >&2 echo "Error: there are unstaged changes!" | ||
| exit 1 | ||
| fi | ||
|
|
||
| if ! git diff --cached --exit-code --quiet | ||
| then | ||
| >&2 echo "Error: there are uncommitted changes!" | ||
| exit 1 | ||
| fi | ||
|
|
||
| sudo -H -u ${TESTUSER} git clone .git ${TESTUSERHOME}/edi | ||
|
|
||
| apt-get -y --no-install-recommends install git-buildpackage dh-make equivs lintian > /dev/null | ||
|
|
||
| CONTAINER_WORK="${TESTUSERHOME}/edi" | ||
| cd ${CONTAINER_WORK} | ||
|
|
||
| RAW_VERSION="$(dpkg-parsechangelog --show-field Version | cut -d'+' -f1)" | ||
|
|
||
| if [ "${ID}" == "ubuntu" ] | ||
| then | ||
| NEW_VERSION="${RAW_VERSION}+u${VERSION_ID//./}" | ||
| elif [ "${ID}" == "debian" ] | ||
| then | ||
| NEW_VERSION="${RAW_VERSION}+deb${VERSION_ID//./}" | ||
| VERSION_CODENAME=$(echo "${VERSION}" | awk -F"[)(]+" '{print $2}') | ||
| else | ||
| >&2 echo "Error: unhandled operating system id (${ID})!" | ||
| exit 1 | ||
| fi | ||
|
|
||
| GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD) | ||
| if [ "${GIT_BRANCH}" != "master" ] | ||
| then | ||
| NEW_VERSION="${NEW_VERSION}$(git describe --always --tags 2>/dev/null | sed -r s/^v//g | sed -r 's/[0-9]+.[0-9]+.[0-9]+-([0-9]+)-(.*)/r\1\2/g')" | ||
| fi | ||
|
|
||
| SETUP_PY="setup.py" | ||
| sed -i "s/^ version=.*/ version='${NEW_VERSION}',/g" ${SETUP_PY} | ||
| sudo -H -u ${TESTUSER} git add ${SETUP_PY} | ||
|
|
||
| SPHINX_CONFIG="docs/conf.py" | ||
| sed -i "s/^version =.*/version = '${NEW_VERSION}'/g" ${SPHINX_CONFIG} | ||
| sed -i "s/^release =.*/release = '${NEW_VERSION}'/g" ${SPHINX_CONFIG} | ||
| sudo -H -u ${TESTUSER} git add ${SPHINX_CONFIG} | ||
|
|
||
| VERSION_HELPERS="edi/lib/versionhelpers.py" | ||
| sed -i "s/^edi_fallback_version =.*/edi_fallback_version = '${NEW_VERSION}'/g" ${VERSION_HELPERS} | ||
| sudo -H -u ${TESTUSER} git add ${VERSION_HELPERS} | ||
|
|
||
| dch -b --newversion "${NEW_VERSION}" --distribution "${VERSION_CODENAME}" -m "Automatic ${VERSION_CODENAME} build." | ||
|
|
||
| sudo -H -u ${TESTUSER} git add debian/changelog | ||
| sudo -H -u ${TESTUSER} git commit -m "New version ${NEW_VERSION}." | ||
| sudo -H -u ${TESTUSER} git tag -a "v${NEW_VERSION}" -m "New version ${NEW_VERSION}." | ||
|
|
||
| mk-build-deps -i debian/control -t "apt-get -y" > /dev/null | ||
|
|
||
| sudo -H -u ${TESTUSER} py.test-3 | ||
|
|
||
| sudo -H -u ${TESTUSER} git clean -dxf | ||
|
|
||
| sudo -H -u ${TESTUSER} debuild -us -uc > /dev/null | ||
|
|
||
| dpkg -i ../edi_*_all.deb || true | ||
| apt-get -y --no-install-recommends install -f | ||
|
|
||
| EDIVERSION=$(edi version) | ||
| CHANGELOGVERSION=$(dpkg-parsechangelog --show-field Version) | ||
|
|
||
| if [ "${EDIVERSION}" != "${CHANGELOGVERSION}" ] | ||
| then | ||
| >&2 echo -e "\nError: edi version does not match changelog version (${EDIVERSION} != ${CHANGELOGVERSION})." | ||
| exit 1 | ||
| fi | ||
|
|
||
| if [ "${ID}" == "ubuntu" ] | ||
| then | ||
| if [ ! -d "${SECRETSDIR}" ] | ||
| then | ||
| >&2 echo "Error: Missing secrets for launchpad signature - cowardly refusing to do anything!" | ||
| exit 1 | ||
| fi | ||
|
|
||
| sudo -H -u ${TESTUSER} git clean -dxf | ||
|
|
||
| GPG_KEY="${SECRETSDIR}/launchpad-key.asc" | ||
| GPG_KEY_PASSPHRASE="${SECRETSDIR}/launchpad-key.passphrase" | ||
|
|
||
| if [[ ! -f "${GPG_KEY}" ]] || [[ ! -f "${GPG_KEY_PASSPHRASE}" ]] | ||
| then | ||
| >&2 echo -e "\nError: Missing gpg key ${GPG_KEY} or passphrase ${GPG_KEY_PASSPHRASE}." | ||
| exit 1 | ||
| fi | ||
|
|
||
| gpg --pinentry-mode loopback --passphrase-file "${GPG_KEY_PASSPHRASE}" --import "${GPG_KEY}" | ||
|
|
||
| sudo -H -u ${TESTUSER} debuild -S -us -uc > /dev/null | ||
|
|
||
| RESULT="${CONTAINER_WORK}/../edi_${NEW_VERSION}_source.changes" | ||
| debsign -p"gpg --pinentry-mode loopback --passphrase-file ${GPG_KEY_PASSPHRASE}" -S -kB6D5610F601C6B6E4A880C93AA6945FE5AAFB25D "${RESULT}" | ||
| fi | ||
|
|
||
| BUILD_OUTPUT="${SCRIPTDIR}/../../build-output" | ||
| mkdir -p "${BUILD_OUTPUT}" | ||
| cp -f ../edi_"${NEW_VERSION}"* "${BUILD_OUTPUT}" | ||
|
|
||
| cat << EOF > "${BUILD_OUTPUT}/build-info" | ||
| PACKAGE_NAME=edi | ||
| PACKAGE_VERSION=${NEW_VERSION} | ||
| EOF | ||
|
|
||
| echo "========" | ||
| echo "Success!" | ||
| echo "========" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| #!/bin/bash | ||
|
|
||
| set -o nounset | ||
| set -o errexit | ||
| set -o pipefail | ||
|
|
||
| SECRETSDIR="${HOME}/.launchpad-secrets" | ||
| mkdir -p "${SECRETSDIR}" | ||
| cd "${SECRETSDIR}" | ||
| echo "${LAUNCHPAD_ID_RSA_BASE64}" | base64 -d > id_rsa | ||
| echo "${LAUNCHPAD_SIGNING_KEY_BASE64}" | base64 -d > launchpad-key.asc | ||
| echo "${LAUNCHPAD_SIGNING_KEY_PASSPHRASE_BASE64}" | base64 -d > launchpad-key.passphrase |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| [ppa] | ||
| fqdn = ppa.launchpad.net | ||
| method = sftp | ||
| incoming = ~%(ppa)s | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| #!/bin/bash | ||
|
|
||
| # Upload a Debian package to Lauchchpad | ||
|
|
||
| # Usage: upload-package-launchpad GIT_BRANCH REPOSITORY_USER REPOSITORY_NAME | ||
| # Example: upload-package-launchpad develop m-luescher edi-snapshots | ||
|
|
||
| set -o nounset | ||
| set -o errexit | ||
| set -o pipefail | ||
|
|
||
| GIT_BRANCH=$1 | ||
| REPOSITORY_USER=$2 | ||
| REPOSITORY_NAME=$3 | ||
|
|
||
| SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | ||
| SECRETSDIR="/data/secrets" | ||
| WORKDIR="${SCRIPTDIR}/../.." | ||
| SSHDIR="/root/.ssh" | ||
|
|
||
| if [[ $EUID -ne 0 ]] | ||
| then | ||
| >&2 echo "Error: This script must be run as root." | ||
| exit 1 | ||
| fi | ||
|
|
||
| if [ ! -d "${SECRETSDIR}" ] | ||
| then | ||
| >&2 echo "Error: Missing secrets for launchpad upload - cowardly refusing to do anything!" | ||
| exit 1 | ||
| fi | ||
|
|
||
| if [ ! -f "${WORKDIR}/build-output/build-info" ] | ||
| then | ||
| >&2 echo "Error: Missing artifacts from previous build step." | ||
| exit 1 | ||
| fi | ||
|
|
||
| if [ -d "${SSHDIR}" ] | ||
| then | ||
| >&2 echo "Error: ${SSHDIR} already exists - you might want to run this script in a docker container." | ||
| exit 1 | ||
| fi | ||
|
|
||
| cd "${WORKDIR}" | ||
| source build-output/build-info | ||
|
|
||
| apt-get update > /dev/null | ||
| apt-get --no-install-recommends -y install openssh-client dput locales python3-paramiko > /dev/null | ||
| locale-gen en_US.UTF-8 > /dev/null | ||
| export LANG=en_US.UTF-8 | ||
|
|
||
| if [ "${GIT_BRANCH}" != "master" ] | ||
| then | ||
| REPOSITORY_SUFFIX="-develop" | ||
| else | ||
| REPOSITORY_SUFFIX="" | ||
| fi | ||
|
|
||
| mkdir ${SSHDIR} | ||
| chmod 0700 ${SSHDIR} | ||
|
|
||
| cp "${SECRETSDIR}/id_rsa" "${SSHDIR}/" | ||
| touch "${SSHDIR}/known_hosts" | ||
| chmod -R 0600 "${SSHDIR}"/* | ||
| ssh-keyscan ppa.launchpad.net >> "${SSHDIR}/known_hosts" | ||
|
|
||
| DPUTCONF="${SSHDIR}/dput.cf" | ||
| cp "${SCRIPTDIR}/dput.cf" "${DPUTCONF}" | ||
| echo "login = ${REPOSITORY_USER}" >> "${DPUTCONF}" | ||
|
|
||
| dput --unchecked --config "${DPUTCONF}" "ppa:${REPOSITORY_USER}/${REPOSITORY_NAME}${REPOSITORY_SUFFIX}" "build-output/${PACKAGE_NAME}_${PACKAGE_VERSION}_source.changes" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| #!/bin/bash | ||
|
|
||
| # Upload a Debian package to PackageCloud | ||
|
|
||
| # Usage: upload-package-packagecloud GIT_BRANCH REPOSITORY_USER REPOSITORY_NAME DISTRIBUTION DISTRIBUTION_RELEASE | ||
| # Example: upload-package-packagecloud develop get-edi debian debian buster | ||
|
|
||
| set -o nounset | ||
| set -o errexit | ||
| set -o pipefail | ||
|
|
||
| GIT_BRANCH=$1 | ||
| REPOSITORY_USER=$2 | ||
| REPOSITORY_NAME=$3 | ||
| DISTRIBUTION=$4 | ||
| DISTRIBUTION_RELEASE=$5 | ||
|
|
||
| SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | ||
| WORKDIR="${SCRIPTDIR}/../../build-output" | ||
|
|
||
| if [[ $EUID -eq 0 ]] | ||
| then | ||
| >&2 echo "Error: This script must not be run as root." | ||
| exit 1 | ||
| fi | ||
|
|
||
| if [ ! -f "${WORKDIR}/build-info" ] | ||
| then | ||
| >&2 echo "Error: Missing artifacts from previous build step." | ||
| exit 1 | ||
| fi | ||
|
|
||
| cd "${WORKDIR}" | ||
|
|
||
| source build-info | ||
|
|
||
| sudo gem install package_cloud | ||
|
|
||
| if [ "${GIT_BRANCH}" != "master" ] | ||
| then | ||
| REPOSITORY_SUFFIX="-develop" | ||
| else | ||
| REPOSITORY_SUFFIX="" | ||
| fi | ||
|
|
||
| PACKAGE="${PACKAGE_NAME}_${PACKAGE_VERSION}_all.deb" | ||
| PACKAGE_DSC="${PACKAGE_NAME}_${PACKAGE_VERSION}.dsc" | ||
|
|
||
| push_package() | ||
| { | ||
| UPLOAD_PATH="${REPOSITORY_USER}/${REPOSITORY_NAME}${REPOSITORY_SUFFIX}/${DISTRIBUTION}/${DISTRIBUTION_RELEASE}" | ||
| echo "Deploying package ${PACKAGE} and ${PACKAGE_DSC} to ${UPLOAD_PATH}." | ||
| package_cloud push "${UPLOAD_PATH}" "${PACKAGE}" | ||
| package_cloud push "${UPLOAD_PATH}" "${PACKAGE_DSC}" | ||
| } | ||
|
|
||
| push_package | ||
|
|
||
| if [ "${DISTRIBUTION}" == "debian" ] | ||
| then | ||
| DISTRIBUTION="raspbian" | ||
| push_package | ||
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| name: edi package build | ||
| on: | ||
| push: | ||
| branches: | ||
| - master | ||
| - develop | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-20.04 | ||
| strategy: | ||
| matrix: | ||
| include: | ||
| - distribution: debian | ||
| distribution_release: stretch | ||
| repository_type: packagecloud | ||
| - distribution: debian | ||
| distribution_release: buster | ||
| repository_type: packagecloud | ||
| - distribution: debian | ||
| distribution_release: bullseye | ||
| repository_type: packagecloud | ||
| - distribution: ubuntu | ||
| distribution_release: "18.04" | ||
| repository_type: launchpad | ||
| - distribution: ubuntu | ||
| distribution_release: "20.04" | ||
| repository_type: launchpad | ||
| - distribution: ubuntu | ||
| distribution_release: "21.10" | ||
| repository_type: launchpad | ||
| steps: | ||
| - name: Check out the source code | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| fetch-depth: '0' | ||
| - name: Create secrets folder. | ||
| run: mkdir -p "${HOME}/.launchpad-secrets" | ||
| - name: Decode launchpad secrets | ||
| run: ./.github/scripts/decode-secrets | ||
| env: | ||
| LAUNCHPAD_ID_RSA_BASE64: ${{ secrets.LAUNCHPAD_ID_RSA_BASE64 }} | ||
| LAUNCHPAD_SIGNING_KEY_BASE64: ${{ secrets.LAUNCHPAD_SIGNING_KEY_BASE64 }} | ||
| LAUNCHPAD_SIGNING_KEY_PASSPHRASE_BASE64: ${{ secrets.LAUNCHPAD_SIGNING_KEY_PASSPHRASE_BASE64 }} | ||
| if: matrix.repository_type == 'launchpad' | ||
| - name: Login to Docker Hub | ||
| uses: docker/login-action@v1 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
| - name: Pull docker container | ||
| run: docker pull "${DISTRIBUTION}":"${DISTRIBUTION_RELEASE}" | ||
| env: | ||
| DISTRIBUTION: ${{ matrix.distribution }} | ||
| DISTRIBUTION_RELEASE: ${{ matrix.distribution_release }} | ||
| - name: Run build job within docker container | ||
| run: docker run -v $(pwd):/data/runner -v ${HOME}/.launchpad-secrets:/data/secrets "${DISTRIBUTION}":"${DISTRIBUTION_RELEASE}" bash -c "/data/runner/.github/scripts/build-package" | ||
| env: | ||
| DISTRIBUTION: ${{ matrix.distribution }} | ||
| DISTRIBUTION_RELEASE: ${{ matrix.distribution_release }} | ||
| - name: Upload package to launchpad repository | ||
| run: docker run -v $(pwd):/data/runner -v ${HOME}/.launchpad-secrets:/data/secrets "${DISTRIBUTION}":"${DISTRIBUTION_RELEASE}" bash -c "/data/runner/.github/scripts/upload-package-launchpad ${GITHUB_REF##*/} ${LAUNCHPAD_USER} ${LAUNCHPAD_REPOSITORY}" | ||
| env: | ||
| DISTRIBUTION: ${{ matrix.distribution }} | ||
| DISTRIBUTION_RELEASE: ${{ matrix.distribution_release }} | ||
| LAUNCHPAD_USER: ${{ secrets.LAUNCHPAD_USER }} | ||
| LAUNCHPAD_REPOSITORY: ${{ secrets.LAUNCHPAD_REPOSITORY }} | ||
| if: matrix.repository_type == 'launchpad' | ||
| - name: Upload package to packagecloud repository | ||
| run: ./.github/scripts/upload-package-packagecloud "${GITHUB_REF##*/}" "${PACKAGECLOUD_USER}" "${PACKAGECLOUD_REPOSITORY}" "${DISTRIBUTION}" "${DISTRIBUTION_RELEASE}" | ||
| env: | ||
| DISTRIBUTION: ${{ matrix.distribution }} | ||
| DISTRIBUTION_RELEASE: ${{ matrix.distribution_release }} | ||
| PACKAGECLOUD_USER: ${{ secrets.PACKAGECLOUD_USER }} | ||
| PACKAGECLOUD_REPOSITORY: ${{ secrets.PACKAGECLOUD_REPOSITORY }} | ||
| PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} | ||
| if: matrix.repository_type == 'packagecloud' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.