Github Action Support for Centos RPM executable (twilio#296)

changes for CentOS rpm Github action
sr010 · Oct 4, 2021 · dafeef6 · dafeef6
1 parent 18d3d68
commit dafeef6
Show file tree

Hide file tree

Showing 13 changed files with 24,465 additions and 3,638 deletions.
diff --git a/.github/actions/build-rpm/Dockerfile b/.github/actions/build-rpm/Dockerfile
@@ -0,0 +1,16 @@
+#Dockerfile to setup environment for centos rpm package 
+FROM node:14-alpine as builder
+WORKDIR /app
+COPY ./ /app
+RUN npm install && \
+    npm run build && \
+    npm run package
+
+FROM centos:latest
+# library need to generate rpm package
+RUN yum install -y rpm-build rpmdevtools gcc rpm-sign pinentry && \
+    curl -sL https://rpm.nodesource.com/setup_14.x | bash - && \
+    yum install -y nodejs  
+# add package need to build rpm
+COPY --from=builder /app/dist /app/dist
+ENTRYPOINT ["node", "/app/dist/index.js"]
diff --git a/.github/actions/build-rpm/action.yml b/.github/actions/build-rpm/action.yml
@@ -0,0 +1,32 @@
+name: 'Build RPM Centos'
+description: 'Build RPM package for Centos. Supports RPM macros with --define.'
+inputs:
+  sources:
+    required: true
+    description: 'list of files to be used as RPM sources, delimited by new lines'
+  spec_file:
+    required: true
+    description: 'path to your rpm spec file'
+  variables:
+    required: false
+    description: 'variables to be consumed in the spec file as rpmbuild macros, delimited by new lines'
+  gpg_signing_key:
+    description: "ASCII-armored content of the GPG signing key's secret/private key"
+    required: true
+  gpg_signing_key_id:
+    description: "GPG signing key's GPG ID (name)"
+    required: true
+  gpg_signing_key_passphrase:
+    description: 'Passphrase to use the GPG signing key'
+    required: true
+  gpg_pub_key:
+    description: 'path to your gpg pub key'
+    required: true
+outputs:
+  rpm_package_name:
+    description: 'name of the RPM package'
+  rpm_package_path:
+    description: 'path to the built RPM package'
+runs:
+  using: 'docker'
+  image: "Dockerfile"
diff --git a/.github/actions/build-rpm/package-lock.json b/.github/actions/build-rpm/package-lock.json
diff --git a/.github/actions/build-rpm/package.json b/.github/actions/build-rpm/package.json
@@ -0,0 +1,27 @@
+{
+  "name": "build-rpm",
+  "version": "0.1.0",
+  "private": true,
+  "description": "Github action for building RPM packages",
+  "main": "lib/main.js",
+  "scripts": {
+    "build": "tsc",
+    "package": "ncc build --source-map "
+  },
+  "keywords": [
+    "actions",
+    "node",
+    "setup"
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "@actions/core": "^1.2.6",
+    "@actions/exec": "^1.0.4",
+    "openpgp": "^5.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^16.4.10",
+    "@vercel/ncc": "^0.25.1",
+    "typescript": "^4.0.5"
+  }
+}
diff --git a/.github/actions/build-rpm/src/gpg.ts b/.github/actions/build-rpm/src/gpg.ts
@@ -0,0 +1,71 @@
+import * as openpgp from 'openpgp';
+import * as fs from 'fs';
+import * as exec from '@actions/exec';
+import * as path from 'path';
+
+
+// implementation sourced from https://github.com/crazy-max/ghaction-import-gpg/blob/8c43807e82148a7bafc633cc9584d04bf54be8d0/src/gpg.ts
+export interface PrivateKey {
+    fingerprint: string;
+    keyID: string;
+}
+
+// config settings to cache the passphrase for private key
+export const agentConfig = `default-cache-ttl 7200
+max-cache-ttl 31536000
+allow-preset-passphrase`;
+
+export const readPrivateKey = async (key: string): Promise<PrivateKey> => {
+    const privateKey = await openpgp.readKey({
+        armoredKey: key
+    });
+
+    return {
+        fingerprint: privateKey.getFingerprint().toUpperCase(),
+        keyID: await privateKey.getEncryptionKey().then(encKey => {
+        // @ts-ignore
+        return encKey?.getKeyID().toHex().toUpperCase();
+        })
+    }
+}
+
+  export const importKey = async(key: string): Promise<void> => {
+    const keyPath: string = `key.pgp`;
+    fs.writeFileSync(keyPath, key);
+
+    await exec.exec('gpg', ['--import', '--batch', '--yes', keyPath], {
+      ignoreReturnCode: true,
+      silent: true
+    }).then(res => {
+        if (res != 0) {
+          throw new Error('importing key failed');
+        }
+      })
+  }
+
+  const gpgConnectAgent = async (command: string): Promise<string> => {
+    return await exec
+      .getExecOutput(`gpg-connect-agent "${command}" /bye`, [], {
+        ignoreReturnCode: true,
+        silent: true
+      })
+      .then(res => {
+        if (res.stderr.length > 0 && res.exitCode != 0) {
+          throw new Error(res.stderr);
+        }
+        for (let line of res.stdout.replace(/\r/g, '').trim().split(/\n/g)) {
+          if (line.startsWith('ERR')) {
+            throw new Error(line);
+          }
+        }
+        return res.stdout.trim();
+      });
+  };
+
+  export const configureAgent = async (config: string): Promise<void> => {
+    const gpgAgentConf = path.join(`${process.env.HOME}`, '.gnupg', 'gpg-agent.conf') ;
+    await fs.writeFile(gpgAgentConf, config, function (err){
+      if (err) throw err;
+    });
+    await gpgConnectAgent('RELOADAGENT');
+  };